WebSphere Business Events ships on the following WAS platforms, WBE V7: WAS 220.127.116.11
WBE V6.2.1: WAS 18.104.22.168 and WBE V6.1: WAS 22.214.171.124 and it has come to our attention that there is a security vulnerability with the WAS JRE shipped. Subscribe to the link on the IBM Java Information Hub below to see if a patch exists for that possibility and it applies to your installation.
Calling Double.parseDouble("2.2250738585072012e-308") leads to an infinite loop.
This can be used as a denial of service attack against app servers.
This vulnerability affects all versions and releases of Java (1.4.2, 5.0 and 6.0) on all platforms. Web servers and web services are particularly at risk.