Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Researchers publicly disclose vulnerabilities in Oracle Java Cloud Service

Lucian Constantin | April 3, 2014
Security researchers released technical details and proof-of-concept code for 30 security issues affecting Oracle's Java Cloud Service, some of which could allow attackers to compromise business-critical Java applications deployed on it.

Oracle confirmed the 30 vulnerabilities on Feb. 12, but failed to provide Security Explorations with a monthly report on their status in March, as it had been agreed, Gowdiak said.

The nature of the issues identified indicates that the service was not subjected to a thorough security review and penetration test prior to being publicly launched, Gowdiak said. The vulnerabilities also expose a weak understanding of the Java security model and attack techniques by Oracle engineers, he said.

In an email sent to the Full Disclosure security mailing list Tuesday, the Security Explorations researchers encouraged Oracle Java Cloud customers with accounts in the US1 or EMEA1 centers to request refunds based on unsatisfactory security levels.

Oracle did not immediately respond to a request for comment Wednesday.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.