pon., 13 gru 2021 o 23:14 Andrew Rowley <[email protected]> napisaĆ(a):
> On 13/12/2021 10:52 pm, Filip Palian wrote: > > @Andrew Rowley, you may want to check this outstanding work from Adam > > Gowdiak (search for "ibm java" or "oracle java" or simply check it all): > > https://packetstormsecurity.com/files/author/3682/ > You might have to spell it out for me because I can't figure it out. > Again these look to me like various forms of sandbox escape. > > Which of these makes Java less secure than the same program written in > e.g. COBOL? > My intention was to share information about the vulnerabilities affecting Java language. (Without performing a proper comparison) I'd prefer not to get into discussion about one language being less secure than another. Sure, I'll take the occasion and spell it out ... the first example from the list which isn't strictly a sandbox bypass - https://packetstormsecurity.com/files/127117/Oracle-Database-Java-VM-20-Weaknesses.html : "Among a total of 20 weaknesses discovered, there are issues that allow to create a specific Java security bypass condition or that facilitate the execution of arbitrary Java code on Oracle Database server without proper privileges". I hope that helps in some way. Cheers, s1m0n ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
