// For flags

CVE-2013-1489

7: bypass of the security level setting in browser plugin (Deployment, SE-2012-01 Issue 53)

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.

Una Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Java SE versión 7 Update 10 y Update 11 de Oracle, cuando se ejecuta en Windows con Internet Explorer, Firefox, Opera y Google Chrome, permite a los atacantes remotos omitir el nivel de seguridad "Very High" del Panel de Control de Java y ejecutar código Java no firmado sin consultar al usuario por medio de vectores desconocidos, también se conoce como "Issue 53" y la vulnerabilidad "Java Security Slider".

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-01-30 CVE Reserved
  • 2013-01-31 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (16)
URL Tag Source
http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53 X_refsource_misc
http://seclists.org/fulldisclosure/2013/Jan/241 Mailing List
http://thenextweb.com/insider/2013/01/28/new-vulnerability-bypasses-oracles-attempt-to-stop-malware-drive-by-downloads-via-java-applets X_refsource_misc
http://www.informationweek.com/security/application-security/java-security-work-remains-bug-hunter-sa/240147150 X_refsource_misc
http://www.kb.cert.org/vuls/id/858729 Third Party Advisory
http://www.scmagazine.com.au/News/330453%2Cjava-still-unsafe-new-flaws-discovered.aspx X_refsource_misc
http://www.us-cert.gov/cas/techalerts/TA13-032A.html Third Party Advisory
http://www.zdnet.com/java-update-doesnt-prevent-silent-exploits-at-all-7000010422 X_refsource_misc
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15906 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19171 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://marc.info/?l=bugtraq&m=136439120408139&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=136733161405818&w=2 2023-11-07
http://rhn.redhat.com/errata/RHSA-2013-0237.html 2023-11-07
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html 2023-11-07
https://access.redhat.com/security/cve/CVE-2013-1489 2013-02-04
https://bugzilla.redhat.com/show_bug.cgi?id=906449 2013-02-04
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Oracle
Search vendor "Oracle"
 Jdk
Search vendor "Oracle" for product "Jdk"
 1.7.0
Search vendor "Oracle" for product "Jdk" and version "1.7.0"
update10, windows
Affected
in Google
Search vendor "Google"
 Chrome
Search vendor "Google" for product "Chrome"
--
Safe
Oracle
Search vendor "Oracle"
 Jdk
Search vendor "Oracle" for product "Jdk"
 1.7.0
Search vendor "Oracle" for product "Jdk" and version "1.7.0"
update10, windows
Affected
in Microsoft
Search vendor "Microsoft"
 Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
--
Safe
Oracle
Search vendor "Oracle"
 Jdk
Search vendor "Oracle" for product "Jdk"
 1.7.0
Search vendor "Oracle" for product "Jdk" and version "1.7.0"
update10, windows
Affected
in Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
*-
Safe
Oracle
Search vendor "Oracle"
 Jdk
Search vendor "Oracle" for product "Jdk"
 1.7.0
Search vendor "Oracle" for product "Jdk" and version "1.7.0"
update10, windows
Affected
in Opera
Search vendor "Opera"
 Opera Browser
Search vendor "Opera" for product "Opera Browser"
--
Safe
Oracle
Search vendor "Oracle"
 Jdk
Search vendor "Oracle" for product "Jdk"
 1.7.0
Search vendor "Oracle" for product "Jdk" and version "1.7.0"
update11, windows
Affected
in Google
Search vendor "Google"
 Chrome
Search vendor "Google" for product "Chrome"
--
Safe
Oracle
Search vendor "Oracle"
 Jdk
Search vendor "Oracle" for product "Jdk"
 1.7.0
Search vendor "Oracle" for product "Jdk" and version "1.7.0"
update11, windows
Affected
in Microsoft
Search vendor "Microsoft"
 Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
--
Safe
Oracle
Search vendor "Oracle"
 Jdk
Search vendor "Oracle" for product "Jdk"
 1.7.0
Search vendor "Oracle" for product "Jdk" and version "1.7.0"
update11, windows
Affected
in Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
*-
Safe
Oracle
Search vendor "Oracle"
 Jdk
Search vendor "Oracle" for product "Jdk"
 1.7.0
Search vendor "Oracle" for product "Jdk" and version "1.7.0"
update11, windows
Affected
in Opera
Search vendor "Opera"
 Opera Browser
Search vendor "Opera" for product "Opera Browser"
--
Safe
Oracle
Search vendor "Oracle"
 Jre
Search vendor "Oracle" for product "Jre"
 1.7.0
Search vendor "Oracle" for product "Jre" and version "1.7.0"
update10, windows
Affected
in Google
Search vendor "Google"
 Chrome
Search vendor "Google" for product "Chrome"
--
Safe
Oracle
Search vendor "Oracle"
 Jre
Search vendor "Oracle" for product "Jre"
 1.7.0
Search vendor "Oracle" for product "Jre" and version "1.7.0"
update10, windows
Affected
in Microsoft
Search vendor "Microsoft"
 Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
--
Safe
Oracle
Search vendor "Oracle"
 Jre
Search vendor "Oracle" for product "Jre"
 1.7.0
Search vendor "Oracle" for product "Jre" and version "1.7.0"
update10, windows
Affected
in Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
*-
Safe
Oracle
Search vendor "Oracle"
 Jre
Search vendor "Oracle" for product "Jre"
 1.7.0
Search vendor "Oracle" for product "Jre" and version "1.7.0"
update10, windows
Affected
in Opera
Search vendor "Opera"
 Opera Browser
Search vendor "Opera" for product "Opera Browser"
--
Safe
Oracle
Search vendor "Oracle"
 Jre
Search vendor "Oracle" for product "Jre"
 1.7.0
Search vendor "Oracle" for product "Jre" and version "1.7.0"
update11, windows
Affected
in Google
Search vendor "Google"
 Chrome
Search vendor "Google" for product "Chrome"
--
Safe
Oracle
Search vendor "Oracle"
 Jre
Search vendor "Oracle" for product "Jre"
 1.7.0
Search vendor "Oracle" for product "Jre" and version "1.7.0"
update11, windows
Affected
in Microsoft
Search vendor "Microsoft"
 Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
--
Safe
Oracle
Search vendor "Oracle"
 Jre
Search vendor "Oracle" for product "Jre"
 1.7.0
Search vendor "Oracle" for product "Jre" and version "1.7.0"
update11, windows
Affected
in Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
*-
Safe
Oracle
Search vendor "Oracle"
 Jre
Search vendor "Oracle" for product "Jre"
 1.7.0
Search vendor "Oracle" for product "Jre" and version "1.7.0"
update11, windows
Affected
in Opera
Search vendor "Opera"
 Opera Browser
Search vendor "Opera" for product "Opera Browser"
--
Safe