5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.974 High
EPSS
Percentile
99.9%
Unspecified vulnerability in the Java Runtime Environment (JRE) component
in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted
remote attackers to bypass the Java security sandbox via unspecified
vectors related to JMX, aka “Issue 52,” a different vulnerability than
CVE-2013-1490.
Author | Note |
---|---|
mdeslaur | in lucid+, NetX and the plugin moved to the icedtea-web package |
jdstrand | openjdk-6b18 FTBFS on 11.04 (LP: #1043003) no fix available as of 2013-02-14 |
arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/
blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53
seclists.org/fulldisclosure/2013/Jan/142
seclists.org/fulldisclosure/2013/Jan/195
www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717
www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
launchpad.net/bugs/cve/CVE-2013-0431
nvd.nist.gov/vuln/detail/CVE-2013-0431
security-tracker.debian.org/tracker/CVE-2013-0431
www.cve.org/CVERecord?id=CVE-2013-0431