Security researchers released technical details and proof-of-concept code for 30 security issues affecting Oracle’s Java Cloud Service, some of which could allow attackers to compromise business-critical Java applications deployed on it.
Researchers from Polish security firm Security Explorations, who found many Java vulnerabilities in the past, decided to publicly disclose the Java Cloud Service security weaknesses because they weren’t satisfied with how Oracle handled their private report.
“Two months after the initial report, Oracle has not provided information regarding successful resolution of the reported vulnerabilities in their commercial cloud data centers (US1 and EMEA1 respectively),” Adam Gowdiak, the CEO and founder of Security Explorations, said Wednesday via email.
“Instead, a year and a half after the commercial availability of the service, Oracle communicates that it is still working on cloud vulnerability handling policies,” he said. “Additionally, the company openly admits that it cannot promise whether it will be communicating resolution of security vulnerabilities affecting their cloud data centers in the future.”
See the link here for a proof of concept