5

CVE-2010-4476

The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SunJre Updateupdate_23 Version <= 1.6.0
SunJre Version1.6.0
SunJre Version1.6.0 Updateupdate_1
SunJre Version1.6.0 Updateupdate_10
SunJre Version1.6.0 Updateupdate_11
SunJre Version1.6.0 Updateupdate_12
SunJre Version1.6.0 Updateupdate_13
SunJre Version1.6.0 Updateupdate_14
SunJre Version1.6.0 Updateupdate_15
SunJre Version1.6.0 Updateupdate_16
SunJre Version1.6.0 Updateupdate_17
SunJre Version1.6.0 Updateupdate_18
SunJre Version1.6.0 Updateupdate_19
SunJre Version1.6.0 Updateupdate_2
SunJre Version1.6.0 Updateupdate_20
SunJre Version1.6.0 Updateupdate_21
SunJre Version1.6.0 Updateupdate_22
SunJre Version1.6.0 Updateupdate_3
SunJre Version1.6.0 Updateupdate_4
SunJre Version1.6.0 Updateupdate_5
SunJre Version1.6.0 Updateupdate_6
SunJre Version1.6.0 Updateupdate_7
SunJdk Updateupdate_23 Version <= 1.6.0
SunJdk Version1.6.0
SunJdk Version1.6.0 Updateupdate_10
SunJdk Version1.6.0 Updateupdate_11
SunJdk Version1.6.0 Updateupdate_12
SunJdk Version1.6.0 Updateupdate_13
SunJdk Version1.6.0 Updateupdate_14
SunJdk Version1.6.0 Updateupdate_15
SunJdk Version1.6.0 Updateupdate_16
SunJdk Version1.6.0 Updateupdate_17
SunJdk Version1.6.0 Updateupdate_18
SunJdk Version1.6.0 Updateupdate_19
SunJdk Version1.6.0 Updateupdate_20
SunJdk Version1.6.0 Updateupdate_21
SunJdk Version1.6.0 Updateupdate_22
SunJdk Version1.6.0 Updateupdate_3
SunJdk Version1.6.0 Updateupdate_4
SunJdk Version1.6.0 Updateupdate_5
SunJdk Version1.6.0 Updateupdate_6
SunJdk Version1.6.0 Updateupdate_7
SunJdk Version1.6.0 Updateupdate1
SunJdk Version1.6.0 Updateupdate1_b06
SunJdk Version1.6.0 Updateupdate2
SunJdk Updateupdate27 Version <= 1.5.0
SunJdk Version1.5.0
SunJdk Version1.5.0 Updateupdate1
SunJdk Version1.5.0 Updateupdate10
SunJdk Version1.5.0 Updateupdate11
SunJdk Version1.5.0 Updateupdate12
SunJdk Version1.5.0 Updateupdate13
SunJdk Version1.5.0 Updateupdate14
SunJdk Version1.5.0 Updateupdate15
SunJdk Version1.5.0 Updateupdate16
SunJdk Version1.5.0 Updateupdate17
SunJdk Version1.5.0 Updateupdate18
SunJdk Version1.5.0 Updateupdate19
SunJdk Version1.5.0 Updateupdate2
SunJdk Version1.5.0 Updateupdate20
SunJdk Version1.5.0 Updateupdate21
SunJdk Version1.5.0 Updateupdate22
SunJdk Version1.5.0 Updateupdate23
SunJdk Version1.5.0 Updateupdate24
SunJdk Version1.5.0 Updateupdate25
SunJdk Version1.5.0 Updateupdate26
SunJdk Version1.5.0 Updateupdate3
SunJdk Version1.5.0 Updateupdate4
SunJdk Version1.5.0 Updateupdate5
SunJdk Version1.5.0 Updateupdate6
SunJdk Version1.5.0 Updateupdate7
SunJdk Version1.5.0 Updateupdate8
SunJdk Version1.5.0 Updateupdate9
SunSdk Version <= 1.4.2_29
SunSdk Version1.4.2
SunSdk Version1.4.2_1
SunSdk Version1.4.2_02
SunSdk Version1.4.2_3
SunSdk Version1.4.2_4
SunSdk Version1.4.2_5
SunSdk Version1.4.2_6
SunSdk Version1.4.2_7
SunSdk Version1.4.2_8
SunSdk Version1.4.2_9
SunSdk Version1.4.2_10
SunSdk Version1.4.2_11
SunSdk Version1.4.2_12
SunSdk Version1.4.2_13
SunSdk Version1.4.2_14
SunSdk Version1.4.2_15
SunSdk Version1.4.2_16
SunSdk Version1.4.2_17
SunSdk Version1.4.2_18
SunSdk Version1.4.2_19
SunSdk Version1.4.2_20
SunSdk Version1.4.2_21
SunSdk Version1.4.2_22
SunSdk Version1.4.2_23
SunSdk Version1.4.2_24
SunSdk Version1.4.2_25
SunSdk Version1.4.2_26
SunSdk Version1.4.2_27
SunSdk Version1.4.2_28
SunJre Updateupdate27 Version <= 1.5.0
SunJre Version1.5.0
SunJre Version1.5.0 Updateupdate1
SunJre Version1.5.0 Updateupdate10
SunJre Version1.5.0 Updateupdate11
SunJre Version1.5.0 Updateupdate12
SunJre Version1.5.0 Updateupdate13
SunJre Version1.5.0 Updateupdate14
SunJre Version1.5.0 Updateupdate15
SunJre Version1.5.0 Updateupdate16
SunJre Version1.5.0 Updateupdate17
SunJre Version1.5.0 Updateupdate18
SunJre Version1.5.0 Updateupdate19
SunJre Version1.5.0 Updateupdate2
SunJre Version1.5.0 Updateupdate20
SunJre Version1.5.0 Updateupdate21
SunJre Version1.5.0 Updateupdate22
SunJre Version1.5.0 Updateupdate23
SunJre Version1.5.0 Updateupdate24
SunJre Version1.5.0 Updateupdate25
SunJre Version1.5.0 Updateupdate26
SunJre Version1.5.0 Updateupdate3
SunJre Version1.5.0 Updateupdate4
SunJre Version1.5.0 Updateupdate5
SunJre Version1.5.0 Updateupdate6
SunJre Version1.5.0 Updateupdate7
SunJre Version1.5.0 Updateupdate8
SunJre Version1.5.0 Updateupdate9
SunJre Version <= 1.4.2_29
SunJre Version1.4.2
SunJre Version1.4.2_1
SunJre Version1.4.2_2
SunJre Version1.4.2_3
SunJre Version1.4.2_4
SunJre Version1.4.2_5
SunJre Version1.4.2_6
SunJre Version1.4.2_7
SunJre Version1.4.2_8
SunJre Version1.4.2_9
SunJre Version1.4.2_10
SunJre Version1.4.2_11
SunJre Version1.4.2_12
SunJre Version1.4.2_13
SunJre Version1.4.2_14
SunJre Version1.4.2_15
SunJre Version1.4.2_16
SunJre Version1.4.2_17
SunJre Version1.4.2_18
SunJre Version1.4.2_19
SunJre Version1.4.2_20
SunJre Version1.4.2_21
SunJre Version1.4.2_22
SunJre Version1.4.2_23
SunJre Version1.4.2_24
SunJre Version1.4.2_25
SunJre Version1.4.2_26
SunJre Version1.4.2_27
SunJre Version1.4.2_28
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 23.49% 0.975
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://marc.info/?l=bugtraq&m=133469267822771&w=2
http://marc.info/?l=bugtraq&m=136485229118404&w=2
http://marc.info/?l=bugtraq&m=130168502603566&w=2
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://secunia.com/advisories/44954
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-0880.html
Vendor Advisory
http://secunia.com/advisories/45022
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:054
http://marc.info/?l=bugtraq&m=132215163318824&w=2
http://marc.info/?l=bugtraq&m=134254957702612&w=2
http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-0282.html
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html
http://marc.info/?l=bugtraq&m=133728004526190&w=2
http://secunia.com/advisories/49198
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html
http://blog.fortify.com/blog/2011/02/08/Double-Trouble
http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053926.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053934.html
http://marc.info/?l=bugtraq&m=129899347607632&w=2
http://marc.info/?l=bugtraq&m=129960314701922&w=2
http://marc.info/?l=bugtraq&m=130270785502599&w=2
http://marc.info/?l=bugtraq&m=130497132406206&w=2
http://marc.info/?l=bugtraq&m=130497185606818&w=2
http://marc.info/?l=bugtraq&m=130514352726432&w=2
http://marc.info/?l=bugtraq&m=131041767210772&w=2
http://secunia.com/advisories/43048
Vendor Advisory
http://secunia.com/advisories/43280
Vendor Advisory
http://secunia.com/advisories/43295
Vendor Advisory
http://secunia.com/advisories/43304
Vendor Advisory
http://secunia.com/advisories/43333
Vendor Advisory
http://secunia.com/advisories/43378
Vendor Advisory
http://secunia.com/advisories/43400
Vendor Advisory
http://secunia.com/advisories/43659
Vendor Advisory
http://secunia.com/advisories/45555
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ94423
http://www-01.ibm.com/support/docview.wss?uid=swg1PM31983
http://www-01.ibm.com/support/docview.wss?uid=swg21468358
http://www.debian.org/security/2011/dsa-2161
http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/
http://www.ibm.com/support/docview.wss?uid=swg24029497
http://www.ibm.com/support/docview.wss?uid=swg24029498
http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-0210.html
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-0211.html
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-0212.html
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-0213.html
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-0214.html
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-0333.html
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-0334.html
Vendor Advisory
http://www.securitytracker.com/id?1025062
http://www.vupen.com/english/advisories/2011/0365
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0377
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0379
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0422
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0434
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0605
Vendor Advisory
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02720715&admit=109447627+1298159618320+28353475
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12662
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12745
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14328
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14589
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19493