exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

CVE-2010-4476

Status Candidate

Overview

The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.

Related Files

HP Security Bulletin HPSBUX02860 SSRT101146
Posted Apr 1, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02860 SSRT101146 - Potential security vulnerabilities have been identified with HP-UX Apache running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to perform an access restriction bypass, unauthorized modification, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783, CVE-2009-2693, CVE-2009-2902, CVE-2009-3548, CVE-2010-1157, CVE-2010-2227, CVE-2010-3718, CVE-2010-4476, CVE-2011-0013, CVE-2011-1184, CVE-2011-2204, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, CVE-2011-4858, CVE-2012-0022, CVE-2012-5885
SHA-256 | 3a2ec4c66b8a63342dc058e636fe5628f6ab4c3fd27f829156c41caf8a44c2d1
HP Security Bulletin HPSBMU02797 SSRT100867
Posted Jul 17, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02797 SSRT100867 - Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) running JDK for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, windows, solaris, hpux
advisories | CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474, CVE-2010-4475, CVE-2010-4476, CVE-2011-0786, CVE-2011-0788, CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0817, CVE-2011-0862
SHA-256 | 4338efff43deea01d68a1d0c996a4d7dbb4faa1342e817584e487f06b359d673
HP Security Bulletin HPSBUX02777 SSRT100854
Posted May 17, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02777 SSRT100854 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities may allow remote Denial of Service (DoS), unauthorized modification and disclosure of information. Revision 1 of this advisory.

tags | advisory, java, remote, denial of service, vulnerability
systems | hpux
advisories | CVE-2010-4447, CVE-2010-4448, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476, CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0862, CVE-2011-0864, CVE-2011-0865, CVE-2011-0867, CVE-2011-0871, CVE-2011-3389, CVE-2011-3545, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3552, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560, CVE-2011-3563, CVE-2012-0499
SHA-256 | 2cc74a2a5e99e58215f13d95e8b49783618308eb6d3e4abfe71dd4568d72d61e
HP Security Bulletin HPSBOV02762 SSRT100825
Posted Apr 17, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02762 SSRT100825 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, privilege escalation, unauthorized disclosure of information, or unauthorized modifications. Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability
advisories | CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548, CVE-2009-3555, CVE-2010-1157, CVE-2010-4476, CVE-2011-1184, CVE-2011-2204, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190
SHA-256 | 7aea36aed5246255765866fa3709a5b96e6e0350e5b8bf65bfd2aaf3d2eddf7e
HP Security Bulletin HPSBUX02725 SSRT100627
Posted Nov 24, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02725 SSRT100627 - Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to disclose information, allow authentication bypass, allow cross-site scripting (XSS), gain unauthorized access, or create a Denial of Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability, xss
systems | hpux
advisories | CVE-2010-3718, CVE-2010-4476, CVE-2011-0013, CVE-2011-2204, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190
SHA-256 | da0edbfa949de2b7034ad0a1fe927c5c9205a87431abdda03737962e90086071
HP Security Bulletin HPSBMU02690 SSRT100569
Posted Jul 12, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02690 SSRT100569 - A potential security vulnerability has been identified with HP Business Availability Center (BAC) running on Solaris and Windows. The vulnerability can be remotely exploited to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
systems | windows, solaris
advisories | CVE-2010-4476
SHA-256 | f6431ebdfa1e97fbc798ffaff3bddb405085d262f01d197b4919165a2597dc23
HP Security Bulletin HPSBMA02642 SSRT100415 2
Posted May 12, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMA02642 SSRT100415 2 - A potential vulnerability has been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java. The vulnerability could be remotely exploited to create a Denial of Service (DoS). Revision 2 of this advisory.

tags | advisory, java, denial of service
systems | linux, windows, solaris, hpux
advisories | CVE-2010-4476
SHA-256 | 3e7e370bf7cbcbfc08ac37208ee4d41c4e86d812f7385fa264d4a42391539271
HP Security Bulletin HPSBTU02684 SSRT100390
Posted May 9, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBTU02684 SSRT100390 - A potential vulnerability has been identified with HP Tru64 UNIX running Java. The vulnerability could be remotely exploited to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, java, denial of service
systems | unix
advisories | CVE-2010-4476
SHA-256 | aebdbd5943edbed6f159028af47f66fa472e98bb6050c7a673b5cea40d33de86
HP Security Bulletin HPSBOV02634 SSRT100390
Posted May 9, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02634 SSRT100390 - A potential vulnerability has been identified with HP OpenVMS running Java. The vulnerability could be remotely exploited to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, java, denial of service
advisories | CVE-2010-4476
SHA-256 | dd3eda6f3c1f44c6304dc1182012d147c1d3c05d72154924bef68f24ec389573
HP Security Bulletin HPSBUX02642 SSRT100415
Posted Apr 14, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02642 SSRT100415 - A potential vulnerability has been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java. The vulnerability could be remotely exploited to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, java, denial of service
systems | linux, windows, solaris, hpux
advisories | CVE-2010-4476
SHA-256 | c0680af27c9227db9da778bd256e51adbfc9635796e940324823d9a8c1b9b4cb
Mandriva Linux Security Advisory 2011-054
Posted Mar 28, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-054 - Multiple vulnerabilities has been identified and fixed in java-1.6.0-openjdk. The JNLP SecurityManager in IcedTea 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader. Unspecified vulnerability in the Java Runtime Environment in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. Various other issues have also been identified and addressed.

tags | advisory, java, remote, web, vulnerability
systems | linux, mandriva
advisories | CVE-2010-4351, CVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4476, CVE-2011-0025, CVE-2011-0706
SHA-256 | 904fc941643717491978f0d993636fcedc72d278bb781afe4417e8ff6ceae8fd
Ubuntu Security Notice USN-1079-3
Posted Mar 18, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1079-3 - USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM) architectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes vulnerabilities in OpenJDK 6 for armel (ARM) architectures for Ubuntu 10.10. It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. It was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. It was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. It was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. It was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. Konstantin PreiBer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor.

tags | advisory, java, remote, denial of service, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4476, CVE-2011-0706
SHA-256 | c33a79c9cbb271d022cc60d25b2598bc554e7e817f3e003bca02dabf306d9ac9
Ubuntu Security Notice USN-1079-2
Posted Mar 15, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1079-2 - USN-1079-1 fixed vulnerabilities in OpenJDK 6 for non-armel (ARM) architectures. This update provides the corresponding updates for OpenJDK 6 for use with the armel (ARM) architectures. Multiple openjdk-6 vulnerabilities have been addressed. It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. Konstantin PreiBer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor. Various other issues were also addressed.

tags | advisory, java, remote, denial of service, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4476, CVE-2011-0706
SHA-256 | c5c18368e20b050d150d2c53891f0010937af3d0d826c64263852fc25e700d30
HP Security Bulletin HPSBUX02641 SSRT100412
Posted Mar 8, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02641 SSRT100412 - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM) for HP-UX, Linux, Solaris, and Windows running Java. The vulnerability could be remotely exploited to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, java, denial of service
systems | linux, windows, solaris, hpux
advisories | CVE-2010-4476
SHA-256 | 7de2ad982e2727b8e870feaa182fe6e5d5fdfb85e360494687337c5c582a1bdd
HP Security Bulletin HPSBUX02633 SSRT100387
Posted Mar 1, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02633 SSRT100387 - A potential vulnerability has been identified with HP-UX running Java. The vulnerability could be remotely exploited to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, java, denial of service
systems | hpux
advisories | CVE-2010-4476
SHA-256 | 5372933645f9dbd222ca1a21d57d8a811d3b89aff405419530d097d670761adb
Ubuntu Security Notice USN-1079-1
Posted Mar 1, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1079-1 - Multiple openjdk-6 vulnerabilities have been addressed. It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. Konstantin PreiBer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor. Various other issues were also addressed.

tags | advisory, java, remote, denial of service, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4476, CVE-2011-0706
SHA-256 | 675d0308ed338b1cf506b437119680a9688b4b8b8a44d555acc084f28eb3fcd5
Debian Security Advisory 2161-2
Posted Feb 14, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2161-2 - It was discovered that the floating point parser in OpenJDK, an implementation of the Java platform, can enter an infinite loop when processing certain input strings. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack.

tags | advisory, java
systems | linux, debian
advisories | CVE-2010-4476, CVE-2009-3555
SHA-256 | a0ded925baff43a07590b4642526803be3c5f43236df53cf34ee4a2b37a08de7
Debian Security Advisory 2161-1
Posted Feb 14, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2161-1 - It was discovered that the floating point parser in OpenJDK, an implementation of the Java platform, can enter an infinite loop when processing certain input strings. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack.

tags | advisory, java
systems | linux, debian
advisories | CVE-2010-4476
SHA-256 | f7a54b756633f9ade15bc8c34eca924676f0a37a207ea3bcf2a91205739bcc4a
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    32 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close