CVE-2013-1489
First published: Thu Jan 31 2013(Updated: )
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle JDK | =1.7.0-update10 | |
| Oracle JDK | =1.7.0-update11 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update10 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update11 | |
| Google Chrome (Trace Event) | ||
| Internet Explorer | ||
| Firefox | ||
| Opera |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53
- http://marc.info/?l=bugtraq&m=136439120408139&w=2
- http://marc.info/?l=bugtraq&m=136733161405818&w=2
- http://rhn.redhat.com/errata/RHSA-2013-0237.html
- http://seclists.org/fulldisclosure/2013/Jan/241
- http://thenextweb.com/insider/2013/01/28/new-vulnerability-bypasses-oracles-attempt-to-stop-malware-drive-by-downloads-via-java-applets/
- http://www.informationweek.com/security/application-security/java-security-work-remains-bug-hunter-sa/240147150
- http://www.kb.cert.org/vuls/id/858729
- http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
- http://www.scmagazine.com.au/News/330453,java-still-unsafe-new-flaws-discovered.aspx
- http://www.us-cert.gov/cas/techalerts/TA13-032A.html
- http://www.zdnet.com/java-update-doesnt-prevent-silent-exploits-at-all-7000010422/
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15906
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19171
Frequently Asked Questions
What is the severity of CVE-2013-1489?
CVE-2013-1489 is considered high severity due to its potential to allow attackers to bypass security controls.
How do I fix CVE-2013-1489?
To fix CVE-2013-1489, update your Oracle Java SE to a version later than Update 11.
Which versions of Oracle Java are affected by CVE-2013-1489?
CVE-2013-1489 affects Oracle Java SE 7 Update 10 and Update 11.
What types of attacks can exploit CVE-2013-1489?
CVE-2013-1489 can be exploited via remote attacks that execute untrusted Java applications.
Is CVE-2013-1489 applicable to web browsers?
Yes, CVE-2013-1489 can affect web browsers such as Internet Explorer, Firefox, Opera, and Google Chrome when running JRE.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/severity
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/oracle jdk
- version/oracle jdk/1.7.0-update10
- version/oracle jdk/1.7.0-update11
- canonical/oracle java runtime environment (jre)
- version/oracle java runtime environment (jre)/1.7.0-update10
- version/oracle java runtime environment (jre)/1.7.0-update11
- vendor/google
- canonical/google chrome (trace event)
- vendor/microsoft
- canonical/internet explorer
- vendor/mozilla
- canonical/firefox
- vendor/opera
- canonical/opera