Syber Group
Toll Free : 855-568-TSTG(8784)
Subscribe To : Envelop Twitter Facebook Feed linkedin

Javascript Security Flaws Discovered

April 24, 2014 by  
Filed under Computing

Comments Off on Javascript Security Flaws Discovered

Polish researchers have released technical details and attack code for 30 security issues affecting Oracle’s Java Cloud Service. Some of the flaws make it possible for attackers to read or modify users’ sensitive data or to execute malicious code.

Security Explorations said it would normally withhold public airings until after any vulnerability has been fixed. But apparently Oracle representatives failed to resolve some of the more crucial issues including bypasses of the Java security sandbox, bypasses of Java whitelisting rules, the use of shared WebLogic server administrator passwords, and the availability of plain-text use passwords stored in some systems.

Oracle apparently has admitted to the researchers that it cannot promise whether it will be communicating resolution of security vulnerabilities affecting their cloud data centres in the future.

Adam Gowdiak, CEO of Security Explorations said Oracle unveiled the Java Cloud Service in 2011 and held it up as a way to better compete against Salesforce.com.

Source