Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-4476

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2010-4476
Last Modified 02 Mar 2015 09:59:20
Published 17 Feb 2011 02:00:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2010-4476

Summary

The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.

Vulnerable Systems

Application

  • Sun Jdk 1.5.0

  • Sun Jdk 1.6.0

  • Sun Jre 1.4.2

  • Sun Jre 1.4.2 1

  • Sun Jre 1.4.2 10

  • Sun Jre 1.4.2 11

  • Sun Jre 1.4.2 12

  • Sun Jre 1.4.2 13

  • Sun Jre 1.4.2 14

  • Sun Jre 1.4.2 15

  • Sun Jre 1.4.2 16

  • Sun Jre 1.4.2 17

  • Sun Jre 1.4.2 18

  • Sun Jre 1.4.2 19

  • Sun Jre 1.4.2 20

  • Sun Jre 1.4.2 21

  • Sun Jre 1.4.2 22

  • Sun Jre 1.4.2 23

  • Sun Jre 1.4.2 24

  • Sun Jre 1.4.2 25

  • Sun Jre 1.4.2 26

  • Sun Jre 1.4.2 27

  • Sun Jre 1.4.2 28

  • Sun Jre 1.4.2 29

  • Sun Jre 1.5.0

  • Sun Jre 1.6.0

  • Sun Sdk 1.4.2

  • Sun Sdk 1.4.2 02

  • Sun Sdk 1.4.2 1

  • Sun Sdk 1.4.2 10

  • Sun Sdk 1.4.2 11

  • Sun Sdk 1.4.2 12

  • Sun Sdk 1.4.2 13

  • Sun Sdk 1.4.2 14

  • Sun Sdk 1.4.2 15

  • Sun Sdk 1.4.2 16

  • Sun Sdk 1.4.2 17

  • Sun Sdk 1.4.2 18

  • Sun Sdk 1.4.2 19

  • Sun Sdk 1.4.2 20

  • Sun Sdk 1.4.2 21

  • Sun Sdk 1.4.2 22

  • Sun Sdk 1.4.2 23

  • Sun Sdk 1.4.2 24

  • Sun Sdk 1.4.2 25

  • Sun Sdk 1.4.2 26

  • Sun Sdk 1.4.2 27

  • Sun Sdk 1.4.2 28

  • Sun Sdk 1.4.2 29

  • Sun Sdk 1.4.2 3

  • Sun Sdk 1.4.2 4

  • Sun Sdk 1.4.2 5

  • Sun Sdk 1.4.2 6

  • Sun Sdk 1.4.2 7

  • Sun Sdk 1.4.2 8

  • Sun Sdk 1.4.2 9


References

CONFIRM - http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

CONFIRM - http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html

HP - HPSBNS02633

VUPEN - ADV-2011-0605

VUPEN - ADV-2011-0434

VUPEN - ADV-2011-0422

VUPEN - ADV-2011-0379

VUPEN - ADV-2011-0377

VUPEN - ADV-2011-0365

SECTRACK - 1025062

REDHAT - RHSA-2011:0880

REDHAT - RHSA-2011:0334

REDHAT - RHSA-2011:0333

REDHAT - RHSA-2011:0282

REDHAT - RHSA-2011:0214

REDHAT - RHSA-2011:0213

REDHAT - RHSA-2011:0212

REDHAT - RHSA-2011:0211

REDHAT - RHSA-2011:0210

MANDRIVA - MDVSA-2011:054

CONFIRM - http://www.ibm.com/support/docview.wss?uid=swg24029498

CONFIRM - http://www.ibm.com/support/docview.wss?uid=swg24029497

MISC - http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/

DEBIAN - DSA-2161

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21468358

AIXAPAR - PM31983

AIXAPAR - IZ94423

CONFIRM - http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html

SECUNIA - 45555

SECUNIA - 45022

SECUNIA - 44954

SECUNIA - 43659

SECUNIA - 43400

SECUNIA - 43378

SECUNIA - 43333

SECUNIA - 43304

SECUNIA - 43295

SECUNIA - 43280

SECUNIA - 43048

HP - HPSBMU02690

HP - SSRT100569

HP - HPSBMA02642

HP - SSRT100415

HP - SSRT100412

HP - HPSBUX02641

SUSE - SUSE-SU-2011:0823

SUSE - SUSE-SA:2011:024

FEDORA - FEDORA-2011-1263

FEDORA - FEDORA-2011-1231

CONFIRM - http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html

MISC - http://blog.fortify.com/blog/2011/02/08/Double-Trouble

HP - HPSBUX02725

SECUNIA - 49198

HP - SSRT100627

HP - SSRT100390

HP - SSRT101146

HP - HPSBUX02860

GENTOO - GLSA-201406-32

CONFIRM - http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html

Related Patches

Apple 2011-03-08 Java for Mac OS X 10.5 Update 9

Apple 2011-03-08 Java for Mac OS X 10.6 Update 4

Sun Java JRE 1.6.0_24 for Windows (Update) (All Languages) (See Notes)


Last Updated: 27 May 2016 10:58:03