This page presents details of security vulnerabilities and attack techniques discovered as a result of our Oracle Java Cloud Service security research project. These details are provided in a form of original vulnerability reports, accompanying Proof of Concept Codes and tools.
Additionally, the slides for a keynote talk given at JavaLand conference in 2016 are also provided. This talk referred to SE-2013-01 and our other research projects while discussing key problems related to Java platform security, its ecosystem and vendors.
Proof of Concept Codesand tools below are provided purely for educational purposes only. It is expressly forbidden to use them for any purposes that would violate any domestic or international laws. If you do not agree with this policy, please leave this page.