Attack Code for Oracle's Java Cloud Service Released

Polish security and vulnerability research company Security Explorations claimed earlier this week that it found 30 flaws in Oracle's Java Cloud Service. What are these flaws, and how could they impact Oracle Java Cloud Service customers?

Dan Kobialka, Contributing writer

April 4, 2014

2 Min Read
Oracle CEO Larry Ellison
Oracle CEO Larry Ellison

Researchers claimed earlier this week that they found 30 security flaws in Oracle‘s cloud services. Security Explorations, a Polish security and vulnerability research company, published details about security defects it reportedly discovered in Oracle’s Java Cloud Service. In addition, Security Explorations released an attack code that it said would allow hackers to remotely attack apps hosted in Oracle’s US and EMEA data centers.

Security Explorations details its findings in two reports that are available for download here. A Security Explorations security issue disclosure timeline showed that Oracle was notified about 28 security issues on January 31, and another two issues on February 2.

Adam Gowdiak, the CEO and founder of Security Explorations, told PCWorld that he decided to publish his company’s findings because Oracle did not immediately respond to the security issues.

“Two months after the initial report, Oracle has not provided information regarding successful resolution of the reported vulnerabilities in their commercial cloud data centers,” Gowdiak added.

John Holt, CTO of Waratek and a Java Cloud Service expert, told Talkin’ Cloud that these vulnerabilities are similar to the security problems that are present in Java Cloud Service’s endpoint versions.

“[These problems] are based in how Oracle implements applet technology, and essentially move all the well-known Java security flaws to server deployments, which can expose critical business applications and data to attack,” Holt added.

In the second quarter of fiscal 2014, Oracle’s cloud computing bookings grew 35 percent. While the Security Explorations reports may raise questions about Oracle’s Java Cloud Service and its security, Oracle CEO Larry Ellison said during a December 2013 earnings call that his company has plans to further extend its cloud services.

“Already we have more enterprise SaaS applications than any other cloud services provider. We will continue to expand our footprint and use our size as an advantage,” Ellison said.

About the Author

Dan Kobialka

Contributing writer, Penton Technology

Dan Kobialka is a contributing writer for MSPmentor and Talkin' Cloud. In the past, he has produced content for numerous print and online publications, including the Boston Business Journal, Boston Herald and Patch.com. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State College (now Bridgewater State University). In his free time, Kobialka enjoys jogging, traveling, playing sports, touring breweries and watching football (Go Patriots!).  

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like