Vulnerability Note VU#225657
Oracle Javadoc HTML frame injection vulnerability
Javadoc HTML pages that were created by Javadoc 7 Update 21 and before, 6 Update 45 and before, 5.0 Update 45 and before, JavaFX 2.2.21 and before contain a frame injection vulnerability that could allow an attacker to replace a Javadoc web page frame with a malicious page.
An attacker can cause one of the frames within a Javadoc-generated web page to be replaced with a malicious page. This vulnerability could be used for phishing or social engineering, or it could be used for browser exploitation if combined with another browser-related vulnerability.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|IBM Corporation||Affected||11 Jun 2013||26 Jun 2013|
|OpenOffice.org||Affected||-||24 Jun 2013|
|Oracle Corporation||Affected||-||20 Jun 2013|
|Red Hat, Inc.||Affected||11 Jun 2013||24 Jun 2013|
CVSS Metrics (Learn More)
Thanks to Oracle for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE-2013-1571
- Date Public: 18 Jun 2013
- Date First Published: 18 Jun 2013
- Date Last Updated: 26 Jun 2013
- Document Revision: 36
If you have feedback, comments, or additional information about this vulnerability, please send us email.