Signature Detail
Short Name |
HTTP:STC:JAVA:SEC-SLIDER-BYPASS |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Oracle Java Security Slider Feature Bypass |
Release Date |
2013/02/28 |
Update Number |
2237 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Oracle Java Security Slider Feature Bypass
This signature detects attempts to exploit a known vulnerability against Oracle Java Security. A successful attack can allow attackers to perform security restriction bypass.
Extended Description
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.
Affected Products
- oracle jdk 1.7.0 (update10:~~~windows~~)
- oracle jdk 1.7.0 (update11:~~~windows~~)
- oracle jre 1.7.0 (update10:~~~windows~~)
- oracle jre 1.7.0 (update11:~~~windows~~)
References
- CVE: CVE-2013-1489