CommonStore for SAP V8.4 JRE affected by security alert for CVE-2010-4476

Technote (troubleshooting)


Problem(Abstract)

The clients and the server of IBM CommonStore for SAP V8.4 contain JREs that are affected by the following security alert:

http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html

Symptom

Java runtime environment (JRE) hangs when it tries to convert "2.2250738585072012e-308" to a binary floating-point number or if the number is written without scientific notation (324 decimal places). As a result, JRE might not respond, might loop infinitely, or might crash, and thus cause a denial-of-service attack (DoS).


Diagnosing the problem

Follow the instructions in section "Verification" at:

http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html


Resolving the problem

Follow the steps that are described in section "Patch availability" at:

http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html


Related information

Critical security vulnerability alert - Security Alert
ECM Alert - Denial of Service Security Exposure

Product Alias/Synonym

CSSAP

Rate this page:

(0 users)Average rating

Document information


More support for:

CommonStore for SAP

Software version:

8.4

Operating system(s):

AIX, HP-UX, Linux Red Hat - xSeries, Linux SuSE - xSeries, Solaris, Windows, Windows 2000 Server, Windows 2008 server, Windows Server 2003, Windows Vista, Windows XP, iSeries

Reference #:

1503149

Modified date:

2013-05-21

Translate my page

Machine Translation

Content navigation