This page presents details of security vulnerabilities and attack techniques discovered as a result of our Java SE security research project. These details are provided in a form of a technical report and presentation slides for the talk that was given by Adam Gowdiak on 14 Nov 2012 at Devoxx Java Community Conference in Antwerp.
- "Security Vulnerabilities in Java SE", technical report, PDF file, 1.7MB (download)
- "Security Vulnerabilities in Java SE", Devoxx presentation, PDF file, 2.3MB (download)
- SE-2012-01-ORACLE-4, Issues #27-31, PDF file, 214KB (download)
- SE-2012-01-ORACLE-5, Issue #32, PDF file, 196KB (download)
- SE-2012-01-ORACLE-6, Issue #50, PDF file, 198KB (download)
- SE-2012-01-ORACLE-7, Issue #50 (Vulnerability Fix Experiment), PDF file, 237KB (download)
- SE-2012-01-ORACLE-8, Issues #51-52, PDF file, 204KB (download)
- SE-2012-01-ORACLE-9, Issue #53, PDF file, 215KB (download)
- SE-2012-01-ORACLE-10, Issue #54-55, PDF file, 262KB (download)
- SE-2012-01-ORACLE-11, Issue #56-60, PDF file, 239KB (download)
- Apple's "security hardening" issue, PDF file, 266KB (download)
- Oracle's "allowed behavior" issue, PDF file, 300KB (download)
- "Security Vulnerabilities in Java SE", Proof of Concept codes, ZIP file, 309KB (download)
- "Security Vulnerabilities in Java SE", Proof of Concept code for Issues 27-29, ZIP file, 23KB (download)
- "Security Vulnerabilities in Java SE", Proof of Concept code for server side RMI attack, ZIP file, 23KB (download)
- "Security Vulnerabilities in Java SE", Proof of Concept codes for Issues 50-60, ZIP file, 147KB (download)
Selected Oracle Vulnerability Reports
Issues evaluated by a vendor as no security vulnerabilities
Proof of Concept Codes below are provided purely for educational purposes only. It is expressly forbidden to use them for any purposes that would violate any domestic or international laws. If you do not agree with this policy, please leave this page.
Copyright 2008-2012 Security Explorations. All Rights Reserved.