Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2010-4476

Published: 17/02/2011 Updated: 30/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Sun

Vulnerability Summary

The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and previous versions, 5.0 Update 27 and previous versions, and 1.4.2_29 and previous versions, as used in OpenJDK, Apache, JBossweb, and other products, allows remote malicious users to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.

Vulnerable Product Search on Vulmon Subscribe to Product

sun jre 1.6.0

sun jre

sun jdk 1.6.0

sun jdk

sun jdk 1.5.0

sun sdk 1.4.2_02

sun sdk 1.4.2_1

sun sdk 1.4.2_16

sun sdk 1.4.2_17

sun sdk 1.4.2_8

sun sdk 1.4.2_9

sun sdk 1.4.2_26

sun sdk 1.4.2_27

sun sdk 1.4.2

sun sdk 1.4.2_14

sun sdk 1.4.2_15

sun sdk 1.4.2_6

sun sdk 1.4.2_7

sun sdk 1.4.2_24

sun sdk 1.4.2_25

sun sdk 1.4.2_12

sun sdk 1.4.2_13

sun sdk 1.4.2_3

sun sdk 1.4.2_4

sun sdk 1.4.2_5

sun sdk 1.4.2_22

sun sdk 1.4.2_23

sun sdk 1.4.2_10

sun sdk 1.4.2_11

sun sdk 1.4.2_18

sun sdk 1.4.2_19

sun sdk 1.4.2_20

sun sdk 1.4.2_21

sun sdk 1.4.2_28

sun sdk

sun jre 1.5.0

sun jre 1.4.2

sun jre 1.4.2_8

sun jre 1.4.2_9

sun jre 1.4.2_15

sun jre 1.4.2_16

sun jre 1.4.2_6

sun jre 1.4.2_7

sun jre 1.4.2_13

sun jre 1.4.2_14

sun jre 1.4.2_21

sun jre 1.4.2_22

sun jre 1.4.2_4

sun jre 1.4.2_5

sun jre 1.4.2_11

sun jre 1.4.2_12

sun jre 1.4.2_19

sun jre 1.4.2_20

sun jre 1.4.2_28

sun jre 1.4.2_23

sun jre 1.4.2_24

sun jre 1.4.2_25

sun jre 1.4.2_1

sun jre 1.4.2_2

sun jre 1.4.2_3

sun jre 1.4.2_10

sun jre 1.4.2_17

sun jre 1.4.2_18

sun jre 1.4.2_26

sun jre 1.4.2_27

Vendor Advisories

Debian Security Advisories: DSA-2161-1 openjdk-6 -- denial of service
It was discovered that the floating point parser in OpenJDK, an implementation of the Java platform, can enter an infinite loop when processing certain input strings Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack For the oldstable distribution ...
Ubuntu Security Notice: openjdk-6b18 vulnerabilities
OpenJDK 6 Vulnerabilities (armel packages only) ...
Ubuntu Security Notice: openjdk-6b18 vulnerabilities
OpenJDK 6 vulnerabilities in Ubuntu 1010 for armel (ARM) architecture ...
Ubuntu Security Notice: openjdk-6 vulnerabilities
It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM (CVE-2010-4448) ...

Exploits

Exploit DB: Oracle Java - Floating-Point Value Denial of Service
source: wwwsecurityfocuscom/bid/46091/info Oracle Java is prone to a remote denial-of-service vulnerability Successful attacks will cause applications written in Java to hang, creating a denial-of-service condition This issue affects both the Java compiler and Runtime Environment Send a Java Program Into An Infinite Loop Compile t ...

References

NVD-CWE-Otherhttp://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0214.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg1PM31983http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053926.htmlhttp://www.debian.org/security/2011/dsa-2161http://www.redhat.com/support/errata/RHSA-2011-0282.htmlhttp://secunia.com/advisories/43400http://www.vupen.com/english/advisories/2011/0422http://www.redhat.com/support/errata/RHSA-2011-0211.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg1IZ94423http://www.vupen.com/english/advisories/2011/0434http://www.redhat.com/support/errata/RHSA-2011-0213.htmlhttp://secunia.com/advisories/43280http://www-01.ibm.com/support/docview.wss?uid=swg21468358http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053934.htmlhttp://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02720715&admit=109447627+1298159618320+28353475http://www.vupen.com/english/advisories/2011/0365http://secunia.com/advisories/43378http://secunia.com/advisories/43304http://secunia.com/advisories/43295http://www.vupen.com/english/advisories/2011/0379http://www.redhat.com/support/errata/RHSA-2011-0212.htmlhttp://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.htmlhttp://www.securitytracker.com/id?1025062http://www.vupen.com/english/advisories/2011/0377http://www.redhat.com/support/errata/RHSA-2011-0210.htmlhttp://blog.fortify.com/blog/2011/02/08/Double-Troublehttp://secunia.com/advisories/43048http://secunia.com/advisories/43333http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.htmlhttp://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/http://www.redhat.com/support/errata/RHSA-2011-0334.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0333.htmlhttp://secunia.com/advisories/45555http://www.ibm.com/support/docview.wss?uid=swg24029498http://www.ibm.com/support/docview.wss?uid=swg24029497http://www.redhat.com/support/errata/RHSA-2011-0880.htmlhttp://marc.info/?l=bugtraq&m=130514352726432&w=2http://www.mandriva.com/security/advisories?name=MDVSA-2011:054http://marc.info/?l=bugtraq&m=131041767210772&w=2http://www.vupen.com/english/advisories/2011/0605http://marc.info/?l=bugtraq&m=129960314701922&w=2http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.htmlhttp://secunia.com/advisories/43659http://secunia.com/advisories/44954http://secunia.com/advisories/45022http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.htmlhttp://secunia.com/advisories/49198http://marc.info/?l=bugtraq&m=132215163318824&w=2http://marc.info/?l=bugtraq&m=136485229118404&w=2http://security.gentoo.org/glsa/glsa-201406-32.xmlhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.htmlhttp://marc.info/?l=bugtraq&m=134254957702612&w=2http://marc.info/?l=bugtraq&m=130270785502599&w=2http://marc.info/?l=bugtraq&m=130497185606818&w=2http://marc.info/?l=bugtraq&m=133469267822771&w=2http://marc.info/?l=bugtraq&m=130497132406206&w=2http://marc.info/?l=bugtraq&m=129899347607632&w=2http://marc.info/?l=bugtraq&m=133728004526190&w=2http://marc.info/?l=bugtraq&m=130168502603566&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19493https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14589https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14328https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12745https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12662http://marc.info/?l=bugtraq&m=134254866602253&w=2https://nvd.nist.govhttps://www.debian.org/security/./dsa-2161https://usn.ubuntu.com/1079-2/https://www.exploit-db.com/exploits/35304/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook