CVE-2010-4476

Impact:
Moderate
Public Date:
2011-02-01
IAVA:
2011-A-0160, 2011-A-0173
Bugzilla:
674336: CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service

The MITRE CVE dictionary describes this issue as:

The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.

Find out more about CVE-2010-4476 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 5
Base Metrics AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat JBoss SOA Platform 5.0 RHSA-2011:0333 2011-03-09
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-sun) RHSA-2011:0282 2011-02-17
Red Hat JBoss Web Platform 5 for RHEL 4 AS (jbossweb) RHSA-2011:0211 2011-02-10
Red Hat Enterprise Linux Supplementary 5 (java-1.5.0-ibm) RHSA-2011:0291 2011-02-22
Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server (jbossweb) RHSA-2011:0210 2011-02-10
Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS (jbossweb) RHSA-2011:0210 2011-02-10
Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server (jbossweb) RHSA-2011:0210 2011-02-10
Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS (jbossweb) RHSA-2011:0210 2011-02-10
Red Hat JBoss Portal 5 RHSA-2011:0334 2011-03-09
Red Hat JBoss Web Server 1.0 RHSA-2011:0350 2011-03-11
Red Hat JBoss SOA Platform 4.3 RHSA-2011:0333 2011-03-09
Red Hat Enterprise Linux 6 (tomcat6) RHSA-2011:0335 2011-03-09
Red Hat JBoss Enterprise Application Platform 5.1 RHSA-2011:0212 2011-02-10
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-sun) RHSA-2011:0282 2011-02-17
Red Hat Enterprise Linux Supplementary 5 (java-1.4.2-ibm) RHSA-2011:0292 2011-02-22
RHEL 4 AS for SAP (java-1.4.2-ibm-sap) RHSA-2011:0299 2011-02-23
Red Hat JBoss Enterprise Application Platform 4.2 RHSA-2011:0212 2011-02-10
Red Hat Enterprise Linux AS version 4 Extras (java-1.4.2-ibm) RHSA-2011:0292 2011-02-22
Red Hat Enterprise Linux AS version 4 Extras (java-1.5.0-ibm) RHSA-2011:0291 2011-02-22
Red Hat Enterprise Linux AS version 4 Extras (java-1.6.0-ibm) RHSA-2011:0290 2011-02-22
Red Hat JBoss Web Server 1.0 for RHEL 4 AS (tomcat5) RHSA-2011:0349 2011-03-11
Red Hat JBoss Web Server 1.0 for RHEL 4 AS (tomcat6) RHSA-2011:0348 2011-03-11
RHEL 5 Server for SAP (java-1.4.2-ibm-sap) RHSA-2011:0299 2011-02-23
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-ibm) RHSA-2011:0290 2011-02-22
Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server (jbossweb) RHSA-2011:0210 2011-02-10
Red Hat Enterprise Linux 6 (java-1.6.0-openjdk) RHSA-2011:0214 2011-02-11
Red Hat Enterprise Linux AS version 4 Extras (java-1.6.0-sun) RHSA-2011:0282 2011-02-17
Red Hat Enterprise Linux for SAP 6 (java-1.4.2-ibm-sap) RHSA-2011:0299 2011-02-23
Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS (jbossweb) RHSA-2011:0210 2011-02-10
Red Hat JBoss Web Platform 5 for RHEL 5 Server (jbossweb) RHSA-2011:0211 2011-02-10
Red Hat JBoss Enterprise Application Platform 4.3 RHSA-2011:0212 2011-02-10
Red Hat JBoss Web Platform 5.1 RHSA-2011:0213 2011-02-10
Red Hat Enterprise Linux 5 (tomcat5) RHSA-2011:0336 2011-03-09
Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server (tomcat6) RHSA-2011:0348 2011-03-11
Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server (tomcat5) RHSA-2011:0349 2011-03-11
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.5.0-ibm) RHSA-2011:0291 2011-02-22
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-ibm) RHSA-2011:0290 2011-02-22
Red Hat Enterprise Linux 5 (java-1.6.0-openjdk) RHSA-2011:0214 2011-02-11
Red Hat Satellite 5.4 (RHEL v.5) (java-1.6.0-ibm) RHSA-2011:0880 2011-06-16
Red Hat JBoss Portal 4.3 RHSA-2011:0334 2011-03-09

Affected Packages State

Platform Package State
Red Hat Enterprise Linux for SAP 6 java-1.4.2-ibm-sap 1.4.2.13.8.sap-1jpp.1.el6 Fixed

Mitigation

Last Modified

CVE description copyright © 2017, The MITRE Corporation