Java parseDouble vulnerability

Flash (Alert)


Abstract

Tivoli Configuration Manager Java parseDouble vulnerability

Content

The Tivoli Configuration Manager Software Package Editor component is impacted by the "Denial of Service Security Exposure with Java JRE/JDK hanging when converting 2.2250738585072012e-308 number (CVE-2010-4476) (PM32387)".

The Tivoli Configuration Manager versions affected are:

  • Version 4.2.3 with JVM 1.3.1
  • Version 4.3.1 with JVM 1.4.2

For more details about this issue, see the following technotes:

1) WebSphere Application Server technote:

http://www-01.ibm.com/support/docview.wss?uid=swg21462019#solution_dist

2) Java technote:

http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html

The Support Team changed the Software Package Editor code in order to no longer invoke the affected Java API ParseDouble().

The fix will be available in :
- 4.3.1-TIV-TCM-FP0003 (GA date 2Q 2011)
- 4.2.3-TIV-TCM-FP0012 (GA date 3Q 2011)

In case you need fixes before the GA dates, please contact the Support Team that will provide Interim Fixes or LAs on top of your Tivoli Configuration Manager level.

Rate this page:

(0 users)Average rating

Document information


More support for:

Tivoli Configuration Manager
IBM Tivoli Configuration Manager

Software version:

4.2.3, 4.3.1

Operating system(s):

All Platforms

Reference #:

1469229

Modified date:

2011-03-07

Translate my page

Machine Translation

Content navigation