http://www.computerworld.com/s/article/9247391/Researchers_publicly_disclose_vulnerabilities_in_Oracle_Java_Cloud_Service
By Lucian Constantin
IDG News Service
April 2, 2014
Security researchers released technical details and proof-of-concept code
for 30 security issues affecting Oracle's Java Cloud Service, some of
which could allow attackers to compromise business-critical Java
applications deployed on it.
Researchers from Polish security firm Security Explorations, who found
many Java vulnerabilities in the past, decided to publicly disclose the
Java Cloud Service security weaknesses because they weren't satisfied with
how Oracle handled their private report.
"Two months after the initial report, Oracle has not provided information
regarding successful resolution of the reported vulnerabilities in their
commercial cloud data centers (US1 and EMEA1 respectively)," Adam Gowdiak,
the CEO and founder of Security Explorations, said Wednesday via email.
"Instead, a year and a half after the commercial availability of the
service, Oracle communicates that it is still working on cloud
vulnerability handling policies," he said. "Additionally, the company
openly admits that it cannot promise whether it will be communicating
resolution of security vulnerabilities affecting their cloud data centers
in the future."
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
