It’s Baaaack! A Java Security Flaw Waratek Solves

A java security flaw that was supposedly fixed in 2013 is still vulnerable, according to a report by Security Explorations.

Waratek, which provides a Runtime Application Security Protection (RASP) containers said it protects the full application stack using a pioneering virtual container technology that operates in the runtime.

The flaw, known to friends as CVE-2013-5838, can be exploited without authentication, to completely compromise a system’s confidentiality, integrity and availability.

Using Waratek’s RASP containers with a default security policy, CVE-2013-5838 is automatically mitigated and no specific security rule for this CVE is required, Waratek said. “Default security policies work in one of two ways: either reducing the severity of a given vulnerability, or eliminating the vulnerability altogether. In the case of CVE-2013-5838, a default security policy immediately reduces the severity of this vulnerability to partial and eliminates the complete compromise of the host computer system and its data. This benefit is achieved with no foreknowledge of this CVE or the nature of its exploit.”

I have written about it here and here where I wrote that “Waratek, which improves virtualization on servers running Java to permit much higher density (see story), faced a surprising outcome when a major global bank tested its software security. The bank found Waratek software provides a significant leap in security against hackers, including previously unknown threats, called zero day attacks. The global head of application security at the bank told Waratek this was a major breakthrough in cybersecurity that can’t be addressed with existing systems.”

About Tom Groenfeldt

I write - mostly about finance and technology, sometimes about art, occasionally about politics and the intersection of politics and economics. My work appears on and International Finance Magazine. The Financial Brand ranked me 20 on a list of the top 25 global influencers in financial services and Jay Palter included me in his list of 250 fintech influencers to follow in 2016
This entry was posted in Uncategorized. Bookmark the permalink.