4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
67.8%
Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE 1.7.0_11-b21)
allows user-assisted remote attackers to bypass the Java security sandbox
via unspecified vectors, aka “Issue 51,” a different vulnerability than
CVE-2013-0431. NOTE: as of 20130130, this vulnerability does not contain
any independently-verifiable details, and there is no vendor
acknowledgement. A CVE identifier is being assigned because this
vulnerability has received significant public attention, and the original
researcher has an established history of releasing vulnerability reports
that have been fixed by vendors. NOTE: this issue also exists in SE 6, but
it cannot be exploited without a separate vulnerability.
Author | Note |
---|---|
mdeslaur | in lucid+, NetX and the plugin moved to the icedtea-web package |
jdstrand | openjdk-6b18 FTBFS on 11.04 (LP: #1043003) does not affect icedtea 2.3 as of 2013-05-07, icedtea 1.12.5 does not seem affected. Will update pending new data |
arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/
blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53
seclists.org/fulldisclosure/2013/Jan/142
seclists.org/fulldisclosure/2013/Jan/195
www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717
launchpad.net/bugs/cve/CVE-2013-1490
nvd.nist.gov/vuln/detail/CVE-2013-1490
security-tracker.debian.org/tracker/CVE-2013-1490
www.cve.org/CVERecord?id=CVE-2013-1490