Security research firm finds 28 vulnerabilities in the Oracle Java Cloud Service


Oracle Java Cloud Service has only been around for about a year, but it is already getting some attention. No, not customer attention… Today I came across this article:

Security Explorations, a security and vulnerability research company from Poland discovered multiple vulnerabilities in the environment of Oracle Java Cloud Service. Among a total of 28 issues found, there are 16 weaknesses that make it possible to completely break Java security sandbox of a target WebLogic server environment. An attacker can further leverage this to gain access to application deployments of other users of Oracle Java Cloud service in the same regional data center. This means both the possibility to access users applications, their database schemas as well as execute arbitrary Java code on their systems. Security Explorations verified that a malicious Java code exploiting a combination of identified vulnerabilities could be executed on a WebLogic server instance of arbitrary users of Oracle Java Cloud Service. The nature of the weaknesses identified in Oracle’s service indicates that it was not a subject of a thorough security review and penetration testing prior to the public offering…

Source: http://www.security-explorations.com/en/SE-2013-01-faq.html



Categories: News

Tags: , , ,

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: