This post originated from an RSS feed registered with Java Buzz by News Manager. Original Post: Over 30 vulnerabilities found in Google App Engine Feed Title: JavaWorld Feed URL: http://www.javaworld.com/index.rss Feed Description: JavaWorld.com: Fueling Innovation Latest Java Buzz Posts Latest Java Buzz Posts by News Manager Latest Posts From JavaWorld

Serious vulnerabilities exist in Google App Engine (GAE), a cloud service for developing and hosting Web applications, a team of security researchers has found.

The vulnerabilities could allow an attacker to escape from the Java Virtual Machine security sandbox and execute code on the underlying system, according to researchers from Security Explorations, a Polish security firm that found many vulnerabilities in Java over the past few years.

"There are more issues pending verification -- we estimate them to be in the range of 30+ in total," wrote Adam Gowdiak, the CEO and founder of Security Explorations, in a post on the Full Disclosure security mailing list that describes his company's GAE findings. The Security Explorations researchers couldn't fully investigate all of the issues because their test account on GAE was suspended, likely due to their aggressive probing, he said.

To read this article in full or to leave a comment, please click here