CVE-2013-1490

2013-01-3100:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS

0.969

Percentile

99.7%

JSON

Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE 1.7.0_11-b21)
allows user-assisted remote attackers to bypass the Java security sandbox
via unspecified vectors, aka “Issue 51,” a different vulnerability than
CVE-2013-0431. NOTE: as of 20130130, this vulnerability does not contain
any independently-verifiable details, and there is no vendor
acknowledgement. A CVE identifier is being assigned because this
vulnerability has received significant public attention, and the original
researcher has an established history of releasing vulnerability reports
that have been fixed by vendors. NOTE: this issue also exists in SE 6, but
it cannot be exploited without a separate vulnerability.

Notes

Author	Note
mdeslaur	in lucid+, NetX and the plugin moved to the icedtea-web package
jdstrand	openjdk-6b18 FTBFS on 11.04 (LP: #1043003) does not affect icedtea 2.3 as of 2013-05-07, icedtea 1.12.5 does not seem affected. Will update pending new data

OSVersionArchitecturePackageVersionFilename
ubuntu12.10noarchopenjdk-6< 6b27-1.12.5-0ubuntu0.12.10.1UNKNOWN
ubuntu13.04noarchopenjdk-6< 6b27-1.12.5-1ubuntu1UNKNOWN