CVE-2013-1490
Published: 31 January 2013
Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE 1.7.0_11-b21) allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors, aka "Issue 51," a different vulnerability than CVE-2013-0431. NOTE: as of 20130130, this vulnerability does not contain any independently-verifiable details, and there is no vendor acknowledgement. A CVE identifier is being assigned because this vulnerability has received significant public attention, and the original researcher has an established history of releasing vulnerability reports that have been fixed by vendors. NOTE: this issue also exists in SE 6, but it cannot be exploited without a separate vulnerability.
Notes
Author | Note |
---|---|
mdeslaur | in lucid+, NetX and the plugin moved to the icedtea-web package |
jdstrand | openjdk-6b18 FTBFS on 11.04 (LP: #1043003) does not affect icedtea 2.3 as of 2013-05-07, icedtea 1.12.5 does not seem affected. Will update pending new data |
Priority
Status
Package | Release | Status |
---|---|---|
openjdk-6 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
precise |
Not vulnerable
|
|
quantal |
Released
(6b27-1.12.5-0ubuntu0.12.10.1)
|
|
raring |
Released
(6b27-1.12.5-1ubuntu1)
|
|
upstream |
Needs triage
|
|
openjdk-6b18 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Needs triage
|
|
openjdk-7 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Not vulnerable
|
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
|
|
upstream |
Needs triage
|
|
sun-java5 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
sun-java6 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Does not exist
(removed from archive)
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Needs triage
|
References
- http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717
- http://seclists.org/fulldisclosure/2013/Jan/195
- http://seclists.org/fulldisclosure/2013/Jan/142
- http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53
- http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/
- https://www.cve.org/CVERecord?id=CVE-2013-1490
- NVD
- Launchpad
- Debian