Flash (Alert)
Abstract
This Java vulnerability is of concern when binary to floating-point numeric format for 2.2250738585072012e-308.
Content
Recently the following Java vulnerability was found: The Java Runtime Environment hangs when it converts "2.2250738585072012e-308" to a binary floating-point number.
IBM reference: http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html
The following TSOM components are exposed under certain conditions:
- TSOM CMS if it is connected to a geo-server and if the geo-server sends coordinate data that leads to the described problem.
- TSOM Reports.
- TSOM GUI (Only if maps are used)
To prevent TSOM from being exposed to this vulnerability, the JRE must be updated to JDK 5 SR12-FP3 which removes mentioned vulnerability.
When upgrading TSOM CMS and TSOM reports (it is shared) to the above mentioned JRE, create a separate directory for this java (jre32 or jre64) and redirect tsom_server.sh and tsom_tomcat.sh to it. This is to avoid the situation where the JRE directory is overwritten by a default TSOM java after a fix pack installation.
For further information or assistance in upgrading the JRE please contact TSOM support.
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.