ITM 5.1.2 affected by Java parseDouble vulnerability

Flash (Alert)


Abstract

The serious critical issue CVE-2010-4476 can impact ITM 5.1.2 Java Runtime Environment with a potential Denial of Service Security exposure

Content

This Flash addresses a serious critical issue CVE-2010-4476 (Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number). This vulnerability can cause the JRE to go into an hang or crash resulting in a denial of service exposure.

Even if ITM 5.1.2 does not directly use the double numbers mentioned in the Java security alert, there is no way to prevent users or malware applications to use them and have the security vulnerability exposure.

This vulnerability affects the following JREs shipped with the product:
JRE 1.4.2 SR9
JRE 1.4.2 SR13 FP3 for Linux s-390 platform
JRE 1.5.0 SR11


Fixes for the Java Runtime Environment (JRE)
To remediate this vulnerability, you will need to perform an update of the Java Runtime Environment (JRE). The Java Runtime Environment provides the libraries, the Java Virtual Machine, and other components to run applets and applications.
The following link provides detailed instructions on how to obtain the JRE fix and apply it:
IBM Security Alert for CVE-2010-4476


Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Tivoli Monitoring

Software version:

5.1.2

Operating system(s):

All Platforms

Reference #:

1470700

Modified date:

2011-03-15

Translate my page

Machine Translation

Content navigation