CVE-2013-1490
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
31/01/2013
Last modified:
04/02/2013
Description
Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE 1.7.0_11-b21) allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors, aka "Issue 51," a different vulnerability than CVE-2013-0431. NOTE: as of 20130130, this vulnerability does not contain any independently-verifiable details, and there is no vendor acknowledgement. A CVE identifier is being assigned because this vulnerability has received significant public attention, and the original researcher has an established history of releasing vulnerability reports that have been fixed by vendors. NOTE: this issue also exists in SE 6, but it cannot be exploited without a separate vulnerability.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:* | ||
cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/
- http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53
- http://seclists.org/fulldisclosure/2013/Jan/142
- http://seclists.org/fulldisclosure/2013/Jan/195
- http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717
- http://www.securityfocus.com/archive/1/525387/30/0/threaded