SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Java SE Vendors:   Oracle, Sun
Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
SecurityTracker Alert ID:  1025062
SecurityTracker URL:  http://securitytracker.com/id/1025062
CVE Reference:   CVE-2010-4476   (Links to External Site)
Updated:  Feb 15 2011
Original Entry Date:  Feb 10 2011
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.4.2_29, 5.0 Update 27, 6 Update 23; and prior
Description:   A vulnerability was reported in Java Runtime Environment (JRE). A remote user can cause denial of service conditions.

A remote user can trigger a flaw in the conversion of "2.2250738585072012e-308" to a double precision binary floating-point number to cause the target JRE engine to enter an infinite loop.

The following versions are affected:

JDK and JRE 6 Update 23 and prior
JDK and JRE 5.0 Update 27 and prior
SDK and JRE 1.4.2_29 and prior

Konstantin Preiber reported this vulnerability.

Impact:   A remote user can cause the target service to hang.
Solution:   The vendor has issued a fix as part of the February 2011 Oracle Java SE and Java for Business Critical Patch Update Advisory.

The vendor previously issued this fix on February 8, 2011 as part of the Java SE Floating Point Updater Tool, available at:

http://www.oracle.com/technetwork/java/javase/downloads/index.html#fpupdater

The vendor's advisories are available at:

http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html

Vendor URL:  www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Any), UNIX (Solaris - SunOS), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Feb 11 2011 (Red Hat Issues Fix) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 5 and 6.
Feb 11 2011 (Red Hat Issues Fix for JBoss) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
Red Hat has issued a fix for JBoss for Red Hat Enterprise Linux 4 and 5.
Feb 11 2011 (Red Hat Issues Fix for JBoss) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
Red Hat has issued a fix for JBoss for Red Hat Enterprise Linux 4 and 5.
Feb 11 2011 (Red Hat Issues Fix for JBoss) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
Red Hat has issued a fix for JBoss Enterprise Application Platform 4.2.0.CP09, 4.3.0.CP09, and 5.1.
Feb 11 2011 (Red Hat Issues Fix for JBoss) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
Red Hat has issued a fix for JBoss Enterprise Web Platform 5.
Feb 17 2011 (Red Hat Issues Fix) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
Red Hat has issued a fix for java-1.6.0-sun for Red Hat Enterprise Linux 4, 5, and 6.
Feb 18 2011 (HP Issues Fix for HP NonStop Servers) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
HP has issued a fix for NonStop Java on HP NonStop Servers.
Feb 20 2011 (IBM Issues Fix) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
IBM has issued a fix for AIX.
Feb 22 2011 (Red Hat Issues Fix) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
Red Hat has issued a fix for java-1.6.0-ibm on Red Hat Enterprise Linux 4, 5, and 6.
Feb 22 2011 (Red Hat Issues Fix) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
Red Hat has issued a fix for java-1.5.0-ibm for Red Hat Enterprise Linux 4, 5, and 6.
Feb 22 2011 (Red Hat Issues Fix) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
Red Hat has issued a fix for java-1.4.2-ibm for Red Hat Enterprise Linux 4 and 5.
Feb 24 2011 (Red Hat Issues Fix) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
Red Hat has issued a fix for java-1.4.2-ibm-sap for Red Hat Enterprise Linux 4, 5 and 6 for SAP.
Feb 24 2011 (IBM Issues Fix for Tivoli Common Reporting) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
IBM has issued a fix for IBM Tivoli Common Reporting.
Mar 8 2011 (HP Issues Fix for OpenView NNM) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
HP has issued a fix for OpenView Network Node Manager running Java.
Mar 8 2011 (Apple Issues Fix for Mac OS X) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
Apple has issued a fix for Mac OS X.
Mar 11 2011 (Red Hat Issues Fix for JBoss) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
Red Hat has issued a fix for JBoss Enterprise Web Server 1.0.
Mar 11 2011 (Red Hat Issues Fix for JBoss) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
Red Hat has issued a fix for JBoss Enterprise Web Server 1.0.
Mar 11 2011 (Red Hat Issues Fix for Tomcat) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
Red Hat has issued a fix for Tomcat for Red Hat Enterprise Linux 5.
Mar 11 2011 (Red Hat Issues Fix for JBoss) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
Red Hat has issued a fix for JBoss Enterprise Web Server 1.0.1.
Apr 13 2011 (HP Issues Fix for HP OpenView NNMi) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
HP has issued a fix for HP OpenView NNMi.
Apr 20 2011 (Oracle Issues Fix for Sun Java System Web Server) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
Oracle has issued a fix for Sun Java System Web Server.
Apr 21 2011 (IBM Issues Fix for IBM Tivoli Netview for z/OS) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
IBM has issued a fix for IBM Tivoli Netview for z/OS.
May 6 2011 (HP Issues Fix for Tru64) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
HP has issued a fix for Tru64 UNIX.
May 6 2011 (HP Issues Fix for OpenVMS) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
HP has issued a fix for OpenVMS.
Jun 3 2011 (HP Issues Fix for HP-UX) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
HP has issued a fix for HP-UX 11.11, 11.23, and 11.31.
Jun 10 2011 (Attachmate Issues Fix for Reflection PKI Services Manager) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
Attachmate has issued a fix for Reflection PKI Services Manager.
Jul 8 2011 (HP Issues Fix for HP Business Availability Center) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
HP has issued a fix for HP Business Availability Center.
Sep 6 2012 (IBM Issues Fix for Tivoli Federated Identity Manager) Oracle Java Runtime Environment (JRE) Double Precision Conversion Error Lets Remote Users Deny Service
IBM has issued a fix for IBM Tivoli Federated Identity Manager.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC