Over 30 vulnerabilities found in Google App Engine

Serious vulnerabilities exist in Google App Engine (GAE), a cloud service for developing and hosting Web applications, a team of security researchers has found.

The vulnerabilities could allow an attacker to escape from the Java Virtual Machine security sandbox and execute code on the underlying system, according to researchers from Security Explorations, a Polish security firm that found many vulnerabilities in Java over the past few years.

“There are more issues pending verification—we estimate them to be in the range of 30+ in total,” wrote Adam Gowdiak, the CEO and founder of Security Explorations, in a post on the Full Disclosure security mailing list that describes his company’s GAE findings. The Security Explorations researchers couldn’t fully investigate all of the issues because their test account on GAE was suspended, likely due to their aggressive probing, he said.

To read this article in full or to leave a comment, please click here

Read more: Over 30 vulnerabilities found in Google App Engine

Story added 9. December 2014, content source with full text you can find at link above.