JVM Security Anomaly Discovered on Some Versions of the WAS JRE.
WebSphere Business Events ships on the following WAS platforms, WBE V7: WAS 220.127.116.11
WBE V6.2.1: WAS 18.104.22.168 and WBE V6.1: WAS 22.214.171.124 and it has come to our attention that there is a security vulnerability with the WAS JRE shipped. Subscribe to the link on the IBM Java Information Hub below to see if a patch exists for that possibility and it applies to your installation.
Calling Double.parseDouble("2.2250738585072012e-308") leads to an infinite loop.
This can be used as a denial of service attack against app servers.
This vulnerability affects all versions and releases of Java (1.4.2, 5.0 and 6.0) on all platforms. Web servers and web services are particularly at risk.
More support for:
WebSphere Business Events
Software version: 6.1, 6.2, 6.2.1, 7.0, 7.0.1, 126.96.36.199
Operating system(s): AIX, HP-UX, Linux, Solaris, Windows, z/OS
Software edition: All Editions
Reference #: 1468279
Modified date: 15 February 2011