CVE-2013-1489
7: bypass of the security level setting in browser plugin (Deployment, SE-2012-01 Issue 53)
Severity Score
Exploit Likelihood
Affected Versions
16Public Exploits
0Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.
Una Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Java SE versión 7 Update 10 y Update 11 de Oracle, cuando se ejecuta en Windows con Internet Explorer, Firefox, Opera y Google Chrome, permite a los atacantes remotos omitir el nivel de seguridad "Very High" del Panel de Control de Java y ejecutar código Java no firmado sin consultar al usuario por medio de vectores desconocidos, también se conoce como "Issue 53" y la vulnerabilidad "Java Security Slider".
Potential security vulnerabilities have been identified with HP Service Manager and ServiceCenter for Windows, Linux, HP-UX, Solaris and AIX. The Java Runtime Environment (JRE) has been updated to correct these issues. Revision 3 of this advisory.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-01-30 CVE Reserved
- 2013-01-31 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (16)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://marc.info/?l=bugtraq&m=136439120408139&w=2 | 2023-11-07 | |
| http://marc.info/?l=bugtraq&m=136733161405818&w=2 | 2023-11-07 | |
| http://rhn.redhat.com/errata/RHSA-2013-0237.html | 2023-11-07 | |
| http://www.oracle.com/technetwork/topics/security/javacpufeb2... | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2013-1489 | 2013-02-04 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=906449 | 2013-02-04 |