IBM Support

JVM Security Anomaly Discovered on Some Versions of the WAS JRE.

Flash (Alert)


WebSphere Business Events ships on the following WAS platforms, WBE V7: WAS
WBE V6.2.1: WAS and WBE V6.1: WAS and it has come to our attention that there is a security vulnerability with the WAS JRE shipped. Subscribe to the link on the IBM Java Information Hub below to see if a patch exists for that possibility and it applies to your installation.

Calling Double.parseDouble("2.2250738585072012e-308") leads to an infinite loop.

This can be used as a denial of service attack against app servers.

Who's Affected:
This vulnerability affects all versions and releases of Java (1.4.2, 5.0 and 6.0) on all platforms. Web servers and web services are particularly at risk.


Related information

Denial of Service Security Exposure

Document information

More support for: WebSphere Business Events

Software version: 6.1, 6.2, 6.2.1, 7.0, 7.0.1,

Operating system(s): AIX, HP-UX, Linux, Solaris, Windows, z/OS

Software edition: All Editions

Reference #: 1468279

Modified date: 15 February 2011