CVE-2013-1489

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://thenextweb.com/insider/2013/01/28/new-vulnerability-bypasses-oracles-attempt-to-stop-malware-drive-by-downloads-via-java-applets/", "name": "http://thenextweb.com/insider/2013/01/28/new-vulnerability-bypasses-oracles-attempt-to-stop-malware-drive-by-downloads-via-java-applets/", "tags": [], "refsource": "MISC"}, {"url": "http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53", "name": "http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53", "tags": [], "refsource": "MISC"}, {"url": "http://www.informationweek.com/security/application-security/java-security-work-remains-bug-hunter-sa/240147150", "name": "http://www.informationweek.com/security/application-security/java-security-work-remains-bug-hunter-sa/240147150", "tags": [], "refsource": "MISC"}, {"url": "http://www.scmagazine.com.au/News/330453,java-still-unsafe-new-flaws-discovered.aspx", "name": "http://www.scmagazine.com.au/News/330453,java-still-unsafe-new-flaws-discovered.aspx", "tags": [], "refsource": "MISC"}, {"url": "http://seclists.org/fulldisclosure/2013/Jan/241", "name": "20130127 [SE-2012-01] An issue with new Java SE 7 security features", "tags": [], "refsource": "FULLDISC"}, {"url": "http://www.zdnet.com/java-update-doesnt-prevent-silent-exploits-at-all-7000010422/", "name": "http://www.zdnet.com/java-update-doesnt-prevent-silent-exploits-at-all-7000010422/", "tags": [], "refsource": "MISC"}, {"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0237.html", "name": "RHSA-2013:0237", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html", "name": "TA13-032A", "tags": ["US Government Resource"], "refsource": "CERT"}, {"url": "http://www.kb.cert.org/vuls/id/858729", "name": "VU#858729", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2", "name": "HPSBMU02874", "tags": [], "refsource": "HP"}, {"url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2", "name": "HPSBUX02857", "tags": [], "refsource": "HP"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19171", "name": "oval:org.mitre.oval:def:19171", "tags": [], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15906", "name": "oval:org.mitre.oval:def:15906", "tags": [], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the \"Very High\" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka \"Issue 53\" and the \"Java Security Slider\" vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-1489", "ASSIGNER": "secalert_us@oracle.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-01-31T14:55Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:windows:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:windows:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:windows:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:windows:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-09-19T01:36Z"}