CVE-2013-1490 — Protection Mechanism Failure in Oracle JDK

CWE-693 — Protection Mechanism Failure9 documents4 sources

Severity

5.3MEDIUMNVD

NVD4.3

EPSS

0.5%

top 32.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle JDK Oracle JRE Oracle Openjdk

Timeline

PublishedJan 31

Latest updateMay 17

Description

Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE 1.7.0_11-b21) allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors, aka "Issue 51," a different vulnerability than CVE-2013-0431. NOTE: as of 20130130, this vulnerability does not contain any independently-verifiable details, and there is no vendor acknowledgement. A CVE identifier is being assigned because this vulnerability has received significant public attention, and the original resear…

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDoracle/jdk1.7.0

▶NVDoracle/jre1.7.0

▶NVDoracle/openjdk7

🔴Vulnerability Details

GHSA

GHSA-hxjj-qvrq-6x75: Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE 1↗2022-05-17

▶

GHSA

GHSA-h3cw-j9j9-5pc4: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted r↗2022-05-05

▶

📋Vendor Advisories

Red Hat

JDK: complete Java security sandbox bypass (Issue 51)↗2013-01-27

▶

Red Hat

OpenJDK: JMX Introspector missing package access check (JMX, 8000539, SE-2012-01 Issue 52)↗2013-01-27

▶

💬Community

Bugzilla

CVE-2013-4348 kernel: net: deadloop path in skb_flow_dissect()↗2013-09-13

▶

Bugzilla

CVE-2013-1490 JDK: complete Java security sandbox bypass (Issue 51)↗2013-01-31

▶

Bugzilla

CVE-2013-0431 OpenJDK: JMX Introspector missing package access check (JMX, 8000539, SE-2012-01 Issue 52)↗2013-01-31

▶