10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.023 Low
EPSS
Percentile
89.7%
Unspecified vulnerability in the Java Runtime Environment (JRE) component
in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using
Internet Explorer, Firefox, Opera, and Google Chrome, allows remote
attackers to bypass the “Very High” security level of the Java Control
Panel and execute unsigned Java code without prompting the user via unknown
vectors, aka “Issue 53” and the “Java Security Slider” vulnerability.
Author | Note |
---|---|
mdeslaur | in lucid+, NetX and the plugin moved to the icedtea-web package |
jdstrand | openjdk-6b18 FTBFS on 11.04 (LP: #1043003) Windows-only |
blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53
seclists.org/fulldisclosure/2013/Jan/241
thenextweb.com/insider/2013/01/28/new-vulnerability-bypasses-oracles-attempt-to-stop-malware-drive-by-downloads-via-java-applets/
www.informationweek.com/security/application-security/java-security-work-remains-bug-hunter-sa/240147150
www.scmagazine.com.au/News/330453,java-still-unsafe-new-flaws-discovered.aspx
www.zdnet.com/java-update-doesnt-prevent-silent-exploits-at-all-7000010422/
launchpad.net/bugs/cve/CVE-2013-1489
nvd.nist.gov/vuln/detail/CVE-2013-1489
security-tracker.debian.org/tracker/CVE-2013-1489
www.cve.org/CVERecord?id=CVE-2013-1489