JVM Security Anomaly Discovered on Some Versions of the WAS JRE.

Flash (Alert)


Abstract

WebSphere Business Events ships on the following WAS platforms, WBE V7: WAS 7.0.0.7
WBE V6.2.1: WAS 6.1.0.21 and WBE V6.1: WAS 6.1.0.13 and it has come to our attention that there is a security vulnerability with the WAS JRE shipped. Subscribe to the link on the IBM Java Information Hub below to see if a patch exists for that possibility and it applies to your installation.

Issue:
Calling Double.parseDouble("2.2250738585072012e-308") leads to an infinite loop.

Impact:
This can be used as a denial of service attack against app servers.

Who's Affected:
This vulnerability affects all versions and releases of Java (1.4.2, 5.0 and 6.0) on all platforms. Web servers and web services are particularly at risk.

Content

Related information

Denial of Service Security Exposure

Rate this page:

(0 users)Average rating

Document information


More support for:

WebSphere Business Events
Usability

Software version:

6.1, 6.2, 6.2.1, 7.0, 7.0.1, 7.0.1.1

Operating system(s):

AIX, HP-UX, Linux, Solaris, Windows, z/OS

Software edition:

All Editions

Reference #:

1468279

Modified date:

2011-02-15

Translate my page

Machine Translation

Content navigation