Advisory: Potential Denial of Service Attack with Java JDK/JRE hanging in IBM Lotus Notes and Domino 02/24/2011 08:13:12 PM
Location : Cleveland, OH
Abstract
A problem in the way that Java handles a specific numerical conversion may be exploited by a malicious user and cause an affected client or server to hang. Several IBM Lotus software products rely on the Java runtime engine or development kit provided by the IBM Lotus Domino server environment. Administrators must apply the appropriate fixes to prevent this exposure.
Content
This advisory addresses security issue CVE-2010-4476 (Java Runtime Environment hangs when converting to a binary floating-point number). This vulnerability will cause the Java Runtime Environment in Notes or Domino to go into a hang, infinite loop, and crash resulting in a denial of service. The same hang will occur if the number is written without scientific notation (324 decimal places).
Vulnerable Domino servers are those that run Java applications, servlets or agents and, importantly, perform numerical conversion to binary floating point. Notes clients that run such applications are similarly vulnerable.
Link: TechNote: Potential Denial of Service Attack with Java JDK/JRE hanging in IBM Lotus Notes and Domino
Powered By : Domino
BlogSphere V1.3.1
Join The WebLog Revolution at BlogSphere.net