Flash (Alert)
Abstract
Information about the Java Double.parseDouble vulnerability .
Actions required to address the issue in IBM Tivoli Directory Integrator.
Content
A critical class library security vulnerability was blogged on the Internet and is now in the public domain.
Issue
| Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number. |
How do I know if my systems could be affected?
All TDI installations using Java ( 1.4.2, 5.0 and 6.0 ) on any platform are affected by this vulnerability.
This means TDI 6.1.1, TDI 7.0 and TDI 7.1 are affected.
What could happen if I do not update my systems?
In some scenarios this vulnerability could cause the JDBC Connector to hang.
What do I need to do to protect my Tivoli Directory Integrator?
One must upgrade the Java Runtime Environment ( JRE ) in order to make sure that this vulnerability is not exploited. Fixes for the JRE can be obtained from the link mentioned in the section below.
In order to find which JRE is bundled with your installation of TDI execute the following command.
<TDI_Install_dir>\jvm\jre\bin\java -version.
Fixes for the JAVA Runtime Environment (JRE):
Detailed instructions on how to obtain the JRE fix and apply it are given at the link below.
http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.