Java SE - Press Info no. 4
MAR 2013

Java SE - Press Info no. 4

Security Explorations decided to release technical details of Issue 54 that was reported to Oracle on Feb 25, 2013 and that was evaluated by the company as the "allowed behavior" [1].

As of Mar 18, 2013 no information was received from Oracle that would indicate that Issue 54 is treated by the company as a security vulnerability.

Security Explorations believes that 3 weeks (from Feb 25 to Mar 18) constitutes enough time for a major software vendor to deliver a final confirmation or denial of a reported issue. This especially concerns a vendor that has been a subject of a considerable criticism regarding competent and prompt handling of security vulnerabilities in its software.

Security Explorations is publishing the following material in a hope that a wider public could conduct an independent evaluation of Issue 54 and deliver an unbiased judgment of both companies claims:

  • Short write-up presenting vulnerability details, its impact and a summary of vendor's response, PDF file, 300KB (download)
  • Proof of Concept code for Issue 54, ZIP file, 15KB (download)