Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Java Floating point issue (CVE-2010-4476)

Published: 2011-02-09
Last Updated: 2011-02-09 21:48:26 UTC
by Mark Hofman (Version: 1)
2 comment(s)

 Oracle release a security bulletin yesterday relating to the binary floating point issue when converting 2.2250738585072012e-308" to a binary floating-point number.  (http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html)

The problem affects both JRE and JDK 6 update 23 and earlier. 4.0 Update 27 and earlier, as well as,  yes people still use it, SDK & JRE 1.4.2_29.

Applications utilising these versions will be vulnerable to denial of service attacks.  Servlet managers such as tomcat and others are likely affected as these often run older versions of java.  

No patch available just yet. 

- Mark - 

 

Keywords: java oracle
2 comment(s)

Adobe Patches (shockwave, Flash, Reader & Coldfusion)

Published: 2011-02-09
Last Updated: 2011-02-09 21:36:02 UTC
by Mark Hofman (Version: 1)
3 comment(s)

Just to add to the list of patches released: (thanks Frank, Ric, Jack):


Make sure you update these products as well please. 

Mark

 

 

3 comment(s)
Diary Archives