SOURCE: NTT Com Security

NTT Com Security

November 10, 2015 09:46 ET

MEDIA ALERT - NTT Com Security Raises Attention on Java Vulnerability

Network Security Experts Available Now for Interviews

BLOOMFIELD, CT--(Marketwired - Nov 10, 2015) -  NTT Com Security, the global information security and risk management organization, is raising alarms and awareness of widespread internet vulnerability. A blog post reporting on the vulnerability written this past Friday November 6th by an NTT Com Security employee (http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/) has received over 100,000 visits.

This vulnerability, originating from a commonly used Java library and first discovered more than 9 months ago, is now built into a broad range of commercial and custom software across global networks and will be difficult to isolate and neutralize. Technically an "unserialized remote code execution hole", to date there is no catchy name for this vulnerability -- which could be part of the problem.

The continued lack of awareness belies the seriousness of the impact, which has been described as worse than the recent "Heartbleed" vulnerability and will be harder to fix. The NTT Com Security team has already identified and demonstrated exploits in major networking software packages including WebLogic, WebSphere, JBoss, Jenkins, and OpenNMS. As these are application servers that are used to deploy distributed enterprise applications, among other uses, this puts many Java-based applications at risk.

"It would be difficult to overstate the magnitude of this problem. The core issue arises from architectural decisions that are very common in the Java world. This leaves many web servers and custom Java applications vulnerable to attack," said Christopher Camejo, Director of Threat and Vulnerability Analysis, NTT Com Security. "And because the code is in a library, there is no efficient, centralized way to fix it, such as a patch or update. The community at large is still trying to figure out the best way to address this on a wide scale."

Highly qualified NTT Com Security staff is available now for interviews on this important topic.

Contact LRG Marketing at 845.358.1801 or email Emily Boucher (eboucher@lrgmarketing.com) to schedule an interview.

About NTT Com Security
NTT Com Security (formerly Integralis) is a global information security and risk management organization, which delivers a portfolio of managed security, business infrastructure, consulting and technology integration services through its WideAngle brand. NTT Com Security helps organizations lower their IT costs and increase the depth of IT security protection, risk management, compliance and service availability. NTT Com Security AG, is headquartered in Ismaning, Germany and part of the NTT Communications Group, owned by NTT (Nippon Telegraph and Telephone Corporation), one of the largest telecommunications companies in the world. For more information, visit http://www.nttcomsecurity.com

Contact Information