DEVELOPMENT

Researchers Reveal Flaws In Oracle's Java Cloud Service

21:44 Monday Apr 7, 2014

Larry Ellison - Oracle CEO

Frustrated researchers from Security Explorations decided to publicly disclose the Java Cloud Service security weaknesses.

Security researchers have released technical details and attack code for 30 security issues affecting Oracle's Java Cloud Service. Some of the issues make it possible for attackers to read or modify users' sensitive data or to execute malicious code, the researchers warned.

Researchers from Polish security firm Security Explorations, who found many Java vulnerabilities in the past, decided to publicly disclose the Java Cloud Service security weaknesses because they weren't satisfied with how Oracle handled their private report.

The Oracle Java Cloud Service supposedly allows customers to run Java applications on WebLogic server clusters in data centers operated by Oracle. The service provides "enterprise security, high availability, and performance for business-critical applications," Oracle says.

According to a disclosure timeline published by Security Explorations, the company notified Oracle of 28 security issues on Jan. 31 and another two issues on Feb. 2.

The company openly admits it cannot promise whether it will be communicating resolution of security vulnerabilities affecting their cloud data centers in the future," Adam Gowdiak, CEO of Security Explorations said.

The nature of the issues identified indicates that the service was not subjected to a thorough security review and penetration test prior to being publicly launched, Gowdiak said. The vulnerabilities also expose a weak understanding of the Java security model and attack techniques by Oracle engineers, he said.

 

< Back

    Add your comment

    We aim to have healthy debate. But we won't publish comments that abuse others

    1200 characters left

     

     

    LATEST NEWS

     
      

    © copyright 2013 Website News. All rights reserved.

     

    SECTIONS

    ABOUT

    SUBSCRIBE
     

    Website News is for and about the website design, development, marketing industry. We will endeavor to bring you up-to-date news and information to help you in your work as well as give you useful information and tips for your clients and their businesses.

    We are always keen for you to submit any information you find from elsewhere, or about your business, that you feel will be relevant.

     

     

     

     

    Contact Us:

    For advertising enquiries or to submit a story, please email us at: editor@websitenews.co

     
    Login

    Website News

    Sign-up to Website News and create your universal Woogloo ID

    Your details

    Your login details

    Your address


    Is your address not being found?

    Company

    Company address

    Yes No


    To register on the Website News website you either need to use your
    exisitng Woogloo ID or create a new one (see below).

    Sign Up

    Why sign up?

    • Get access to Registered User's priviledges, which may include hidden pages, special features and special pricing, if they exist, on this website.
    • Get access to all sites powered by Woogloo V3 without having to enter your details everytime.

    Login Error

    Forgot your password?

    Enter your email address below and click 'Reset Password' Button




    What is a Woogloo ID

    Logging in...