Oracle Java SE CVE-2013-1489 Unsigned Java Code Security Bypass Vulnerability

Oracle Java SE is prone to a remote security-bypass vulnerability.

The vulnerability can be exploited over multiple protocols. This issue affects the 'Deployment' sub-component.

Attackers can exploit this issue to execute unsigned Java code even if the Java Control Panel is set to disallow execution of unsigned code.

This vulnerability affects the following supported versions:
7 Update 11 and 7 Update 10

Note 1: This issue was previously discussed in BID 57670 (Oracle Java Runtime Environment Multiple Security Vulnerabilities) but has been given its own record to better document it.

Note 2: This issue was previously titled 'Oracle Java SE CVE-2013-1489 Remote Java Runtime Environment Vulnerability'. The title and technical details have been changed to better document it.


Privacy Statement
Copyright 2010, SecurityFocus