Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2010-4476

Published: 17/02/2011 Updated: 30/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and previous versions, 5.0 Update 27 and previous versions, and 1.4.2_29 and previous versions, as used in OpenJDK, Apache, JBossweb, and other products, allows remote malicious users to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.

Vulnerable Product Search on Vulmon Subscribe to Product

sun jre 1.6.0

sun jre

sun jdk 1.6.0

sun jdk

sun jdk 1.5.0

sun sdk 1.4.2 19

sun sdk 1.4.2

sun sdk

sun sdk 1.4.2 26

sun sdk 1.4.2 10

sun sdk 1.4.2 12

sun sdk 1.4.2 17

sun sdk 1.4.2 14

sun sdk 1.4.2 21

sun sdk 1.4.2 13

sun sdk 1.4.2 6

sun sdk 1.4.2 23

sun sdk 1.4.2 5

sun sdk 1.4.2 1

sun sdk 1.4.2 18

sun sdk 1.4.2 4

sun sdk 1.4.2 22

sun sdk 1.4.2 28

sun sdk 1.4.2 7

sun sdk 1.4.2 8

sun sdk 1.4.2 25

sun sdk 1.4.2 27

sun sdk 1.4.2 02

sun sdk 1.4.2 16

sun sdk 1.4.2 11

sun sdk 1.4.2 9

sun sdk 1.4.2 20

sun sdk 1.4.2 3

sun sdk 1.4.2 24

sun sdk 1.4.2 15

sun jre 1.5.0

sun jre 1.4.2 26

sun jre 1.4.2 7

sun jre 1.4.2 27

sun jre 1.4.2 16

sun jre 1.4.2 24

sun jre 1.4.2 4

sun jre 1.4.2 2

sun jre 1.4.2 19

sun jre 1.4.2 25

sun jre 1.4.2 15

sun jre 1.4.2 13

sun jre 1.4.2 1

sun jre 1.4.2 8

sun jre 1.4.2 12

sun jre 1.4.2 18

sun jre 1.4.2 22

sun jre 1.4.2 28

sun jre 1.4.2 14

sun jre 1.4.2 10

sun jre 1.4.2 17

sun jre 1.4.2 9

sun jre 1.4.2

sun jre 1.4.2 21

sun jre 1.4.2 11

sun jre 1.4.2 23

sun jre 1.4.2 3

sun jre 1.4.2 20

sun jre 1.4.2 5

sun jre 1.4.2 6

Vendor Advisories

Debian Security Advisories: DSA-2161-1 openjdk-6 -- denial of service
It was discovered that the floating point parser in OpenJDK, an implementation of the Java platform, can enter an infinite loop when processing certain input strings Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack For the oldstable distribution ...
Ubuntu Security Notice: openjdk-6b18 vulnerabilities
OpenJDK 6 Vulnerabilities (armel packages only) ...
Ubuntu Security Notice: openjdk-6b18 vulnerabilities
OpenJDK 6 vulnerabilities in Ubuntu 1010 for armel (ARM) architecture ...
Ubuntu Security Notice: openjdk-6 vulnerabilities
It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM (CVE-2010-4448) ...

Exploits

Exploit DB: Oracle Java - Floating-Point Value Denial of Service
source: wwwsecurityfocuscom/bid/46091/info Oracle Java is prone to a remote denial-of-service vulnerability Successful attacks will cause applications written in Java to hang, creating a denial-of-service condition This issue affects both the Java compiler and Runtime Environment Send a Java Program Into An Infinite Loop Compile t ...

References

NVD-CWE-Otherhttp://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0214.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg1PM31983http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053926.htmlhttp://www.debian.org/security/2011/dsa-2161http://www.redhat.com/support/errata/RHSA-2011-0282.htmlhttp://secunia.com/advisories/43400http://www.vupen.com/english/advisories/2011/0422http://www.redhat.com/support/errata/RHSA-2011-0211.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg1IZ94423http://www.vupen.com/english/advisories/2011/0434http://www.redhat.com/support/errata/RHSA-2011-0213.htmlhttp://secunia.com/advisories/43280http://www-01.ibm.com/support/docview.wss?uid=swg21468358http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053934.htmlhttp://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02720715&admit=109447627+1298159618320+28353475http://www.vupen.com/english/advisories/2011/0365http://secunia.com/advisories/43378http://secunia.com/advisories/43304http://secunia.com/advisories/43295http://www.vupen.com/english/advisories/2011/0379http://www.redhat.com/support/errata/RHSA-2011-0212.htmlhttp://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.htmlhttp://www.securitytracker.com/id?1025062http://www.vupen.com/english/advisories/2011/0377http://www.redhat.com/support/errata/RHSA-2011-0210.htmlhttp://blog.fortify.com/blog/2011/02/08/Double-Troublehttp://secunia.com/advisories/43048http://secunia.com/advisories/43333http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.htmlhttp://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/http://www.redhat.com/support/errata/RHSA-2011-0334.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0333.htmlhttp://secunia.com/advisories/45555http://www.ibm.com/support/docview.wss?uid=swg24029498http://www.ibm.com/support/docview.wss?uid=swg24029497http://www.redhat.com/support/errata/RHSA-2011-0880.htmlhttp://marc.info/?l=bugtraq&m=130514352726432&w=2http://www.mandriva.com/security/advisories?name=MDVSA-2011:054http://marc.info/?l=bugtraq&m=131041767210772&w=2http://www.vupen.com/english/advisories/2011/0605http://marc.info/?l=bugtraq&m=129960314701922&w=2http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.htmlhttp://secunia.com/advisories/43659http://secunia.com/advisories/44954http://secunia.com/advisories/45022http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.htmlhttp://secunia.com/advisories/49198http://marc.info/?l=bugtraq&m=132215163318824&w=2http://marc.info/?l=bugtraq&m=136485229118404&w=2http://security.gentoo.org/glsa/glsa-201406-32.xmlhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.htmlhttp://marc.info/?l=bugtraq&m=134254957702612&w=2http://marc.info/?l=bugtraq&m=130270785502599&w=2http://marc.info/?l=bugtraq&m=130497185606818&w=2http://marc.info/?l=bugtraq&m=133469267822771&w=2http://marc.info/?l=bugtraq&m=130497132406206&w=2http://marc.info/?l=bugtraq&m=129899347607632&w=2http://marc.info/?l=bugtraq&m=133728004526190&w=2http://marc.info/?l=bugtraq&m=130168502603566&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19493https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14589https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14328https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12745https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12662http://marc.info/?l=bugtraq&m=134254866602253&w=2https://nvd.nist.govhttps://www.debian.org/security/./dsa-2161https://usn.ubuntu.com/1079-2/https://www.exploit-db.com/exploits/35304/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103CVE-2024-36279CVE-2024-38457elevation of privilegeCVE-2024-27801CVE-2024-30103NULL pointer dereferenceCVE-2024-6057XML injection
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook