Security Explorations decided to release technical details of Issue 54 that was reported to Oracle on Feb 25, 2013 and that was evaluated by the company as the "allowed behavior" [1].
As of Mar 18, 2013 no information was received from Oracle that would indicate that Issue 54 is treated by the company as a security vulnerability.
Security Explorations believes that 3 weeks (from Feb 25 to Mar 18) constitutes enough time for a major software vendor to deliver a final confirmation or denial of a reported issue. This especially concerns a vendor that has been a subject of a considerable criticism regarding competent and prompt handling of security vulnerabilities in its software.
Security Explorations is publishing the following material in a hope that a wider public could conduct an independent evaluation of Issue 54 and deliver an unbiased judgment of both companies claims: