[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-4476Date: (C)2011-02-17   (M)2024-04-19


The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECTRACK-1025062
SECUNIA-43048
SECUNIA-43280
SECUNIA-43295
SECUNIA-43304
SECUNIA-43333
SECUNIA-43378
SECUNIA-43400
SECUNIA-43659
SECUNIA-44954
SECUNIA-45022
SECUNIA-45555
SECUNIA-49198
ADV-2011-0365
ADV-2011-0377
ADV-2011-0379
ADV-2011-0422
ADV-2011-0434
ADV-2011-0605
DSA-2161
FEDORA-2011-1231
FEDORA-2011-1263
GLSA-201406-32
HPSBMA02642
HPSBMU02690
HPSBMU02799
HPSBNS02633
HPSBOV02634
HPSBOV02762
HPSBTU02684
HPSBUX02642
HPSBUX02645
HPSBUX02777
HPSBUX02860
IZ94423
MDVSA-2011:054
PM31983
RHSA-2011:0210
RHSA-2011:0211
RHSA-2011:0212
RHSA-2011:0213
RHSA-2011:0214
RHSA-2011:0282
RHSA-2011:0333
RHSA-2011:0334
RHSA-2011:0880
SSRT100387
SSRT100412
SSRT100627
SSRT100867
SUSE-SA:2011:024
SUSE-SU-2011:0823
http://blog.fortify.com/blog/2011/02/08/Double-Trouble
http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
http://www-01.ibm.com/support/docview.wss?uid=swg21468358
http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html
http://www.ibm.com/support/docview.wss?uid=swg24029497
http://www.ibm.com/support/docview.wss?uid=swg24029498
http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html
oval:org.mitre.oval:def:12662
oval:org.mitre.oval:def:12745
oval:org.mitre.oval:def:14328
oval:org.mitre.oval:def:14589
oval:org.mitre.oval:def:19493

CPE    154
cpe:/a:sun:jdk:1.5.0:update17
cpe:/a:sun:jdk:1.5.0:update18
cpe:/a:sun:jdk:1.5.0:update19
cpe:/a:sun:jre
...
OVAL    31
oval:org.secpod.oval:def:400013
oval:org.secpod.oval:def:505811
oval:org.secpod.oval:def:3051
oval:org.secpod.oval:def:2741
...

© SecPod Technologies