Polish security and vulnerability research company Security Explorations claimed earlier this week that it found 30 flaws in Oracle's Java Cloud Service. What are these flaws, and how could they impact Oracle Java Cloud Service customers?
Oracle CEO Larry Ellison
Researchers claimed earlier this week that they found 30 security flaws in Oracle's cloud services. Security Explorations, a Polish security and vulnerability research company, published details about security defects it reportedly discovered in Oracle's Java Cloud Service. In addition, Security Explorations released an attack code that it said would allow hackers to remotely attack apps hosted in Oracle's US and EMEA data centers.
Security Explorations details its findings in two reports that are available for download here. A Security Explorations security issue disclosure timeline showed that Oracle was notified about 28 security issues on January 31, and another two issues on February 2.
Adam Gowdiak, the CEO and founder of Security Explorations, told PCWorld that he decided to publish his company's findings because Oracle did not immediately respond to the security issues.
"Two months after the initial report, Oracle has not provided information regarding successful resolution of the reported vulnerabilities in their commercial cloud data centers,” Gowdiak added.
John Holt, CTO of Waratek and a Java Cloud Service expert, told Talkin' Cloud that these vulnerabilities are similar to the security problems that are present in Java Cloud Service's endpoint versions.
"[These problems] are based in how Oracle implements applet technology, and essentially move all the well-known Java security flaws to server deployments, which can expose critical business applications and data to attack," Holt added.
In the second quarter of fiscal 2014, Oracle's cloud computing bookings grew 35 percent. While the Security Explorations reports may raise questions about Oracle's Java Cloud Service and its security, Oracle CEO Larry Ellison said during a December 2013 earnings call that his company has plans to further extend its cloud services.
"Already we have more enterprise SaaS applications than any other cloud services provider. We will continue to expand our footprint and use our size as an advantage," Ellison said.