Oracle Security At Risk: Java.net Pwn3d By a White Hat Hacker
An Information Security Researcher, Christian Galeone - Italy, demonstrated how a Single BIG Security Vulnerability. May represent a Severe Threat to Big Companies and even to their Employees!.
What he has found was a Path Traversal / LFI - Local File Inclusion Vulnerability into Java JDK7 Website!.
After his Exploitation, he noticed that Important Sensible Server-Side Data(s) were contained in it.
[adsense size='1']
The Vulnerability nor only allowed him to display the Web Server Credentials including the R00T Access but into his Vulnerable Source Code they have (wrongly) disclosed more than 460+ Private Email Addresses of their Employees! - is a BIG Issue if you're worried about BlackHat Hackers 😉
After his finding, he Fastly reported it to their Security Team which fixed it in 1 Single Day and decided to Acknowledge Christian for his Ethical Behaviour by adding him into their Next CPU (Critical Patch Update) for the next roll of 14 April 2015!.
Gloss