National Vulnerability Database (NVD) National Vulnerability Database (CVE-2010-4476)

National Cyber Awareness System

Vulnerability Summary for CVE-2010-4476

Original release date:02/17/2011

Last revised:06/05/2013

Source: US-CERT/NIST

Overview

The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Allows disruption of serviceUnknown

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html

Type: Advisory; Patch Information

Hyperlink:http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html

External Source: CONFIRM

Name: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

Type: Advisory; Patch Information

Hyperlink:http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

External Source: CONFIRM

Name: http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html

Type: Advisory; Patch Information

Hyperlink:http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html

External Source: HP

Name: HPSBNS02633

Hyperlink:http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02720715&admit=109447627+1298159618320+28353475

External Source: HP

Name: HPSBNS02633

Hyperlink:http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02720715&admit=109447627+1298159618320+28353475

External Source: VUPEN

Name: ADV-2011-0605

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2011/0605

External Source: VUPEN

Name: ADV-2011-0434

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2011/0434

External Source: VUPEN

Name: ADV-2011-0422

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2011/0422

External Source: VUPEN

Name: ADV-2011-0379

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2011/0379

External Source: VUPEN

Name: ADV-2011-0377

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2011/0377

External Source: VUPEN

Name: ADV-2011-0365

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2011/0365

External Source: SECTRACK

Name: 1025062

Hyperlink:http://www.securitytracker.com/id?1025062

External Source: REDHAT

Name: RHSA-2011:0880

Type: Advisory

Hyperlink:http://www.redhat.com/support/errata/RHSA-2011-0880.html

External Source: REDHAT

Name: RHSA-2011:0334

Type: Advisory

Hyperlink:http://www.redhat.com/support/errata/RHSA-2011-0334.html

External Source: REDHAT

Name: RHSA-2011:0333

Type: Advisory

Hyperlink:http://www.redhat.com/support/errata/RHSA-2011-0333.html

External Source: REDHAT

Name: RHSA-2011:0282

Type: Advisory

Hyperlink:http://www.redhat.com/support/errata/RHSA-2011-0282.html

External Source: REDHAT

Name: RHSA-2011:0214

Type: Advisory

Hyperlink:http://www.redhat.com/support/errata/RHSA-2011-0214.html

External Source: REDHAT

Name: RHSA-2011:0213

Type: Advisory

Hyperlink:http://www.redhat.com/support/errata/RHSA-2011-0213.html

External Source: REDHAT

Name: RHSA-2011:0212

Type: Advisory

Hyperlink:http://www.redhat.com/support/errata/RHSA-2011-0212.html

External Source: REDHAT

Name: RHSA-2011:0211

Type: Advisory

Hyperlink:http://www.redhat.com/support/errata/RHSA-2011-0211.html

External Source: REDHAT

Name: RHSA-2011:0210

Type: Advisory

Hyperlink:http://www.redhat.com/support/errata/RHSA-2011-0210.html

External Source: MANDRIVA

Name: MDVSA-2011:054

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2011:054

External Source: CONFIRM

Name: http://www.ibm.com/support/docview.wss?uid=swg24029498

Hyperlink:http://www.ibm.com/support/docview.wss?uid=swg24029498

External Source: CONFIRM

Name: http://www.ibm.com/support/docview.wss?uid=swg24029497

Hyperlink:http://www.ibm.com/support/docview.wss?uid=swg24029497

External Source: MISC

Name: http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/

Hyperlink:http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/

External Source: DEBIAN

Name: DSA-2161

Hyperlink:http://www.debian.org/security/2011/dsa-2161

External Source: CONFIRM

Name: http://www-01.ibm.com/support/docview.wss?uid=swg21468358

Hyperlink:http://www-01.ibm.com/support/docview.wss?uid=swg21468358

External Source: AIXAPAR

Name: PM31983

Hyperlink:http://www-01.ibm.com/support/docview.wss?uid=swg1PM31983

External Source: AIXAPAR

Name: IZ94423

Hyperlink:http://www-01.ibm.com/support/docview.wss?uid=swg1IZ94423

External Source: CONFIRM

Name: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html

Hyperlink:http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html

External Source: SECUNIA

Name: 49198

Hyperlink:http://secunia.com/advisories/49198

External Source: SECUNIA

Name: 45555

Type: Advisory

Hyperlink:http://secunia.com/advisories/45555

External Source: SECUNIA

Name: 45022

Hyperlink:http://secunia.com/advisories/45022

External Source: SECUNIA

Name: 44954

Hyperlink:http://secunia.com/advisories/44954

External Source: SECUNIA

Name: 43659

Type: Advisory

Hyperlink:http://secunia.com/advisories/43659

External Source: SECUNIA

Name: 43400

Type: Advisory

Hyperlink:http://secunia.com/advisories/43400

External Source: SECUNIA

Name: 43378

Type: Advisory

Hyperlink:http://secunia.com/advisories/43378

External Source: SECUNIA

Name: 43333

Type: Advisory

Hyperlink:http://secunia.com/advisories/43333

External Source: SECUNIA

Name: 43304

Type: Advisory

Hyperlink:http://secunia.com/advisories/43304

External Source: SECUNIA

Name: 43295

Type: Advisory

Hyperlink:http://secunia.com/advisories/43295

External Source: SECUNIA

Name: 43280

Type: Advisory

Hyperlink:http://secunia.com/advisories/43280

External Source: SECUNIA

Name: 43048

Type: Advisory

Hyperlink:http://secunia.com/advisories/43048

External Source: OVAL

Name: oval:org.mitre.oval:def:14589

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14589

External Source: OVAL

Name: oval:org.mitre.oval:def:14328

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14328

External Source: OVAL

Name: oval:org.mitre.oval:def:12745

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12745

External Source: OVAL

Name: oval:org.mitre.oval:def:12662

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12662

External Source: HP

Name: SSRT101146

Hyperlink:http://marc.info/?l=bugtraq&m=136485229118404&w=2

External Source: HP

Name: HPSBUX02860

Hyperlink:http://marc.info/?l=bugtraq&m=136485229118404&w=2

External Source: HP

Name: SSRT100627

Hyperlink:http://marc.info/?l=bugtraq&m=132215163318824&w=2

External Source: HP

Name: HPSBUX02725

Hyperlink:http://marc.info/?l=bugtraq&m=132215163318824&w=2

External Source: HP

Name: HPSBMU02690

Hyperlink:http://marc.info/?l=bugtraq&m=131041767210772&w=2

External Source: HP

Name: SSRT100569

Hyperlink:http://marc.info/?l=bugtraq&m=131041767210772&w=2

External Source: HP

Name: HPSBMA02642

Hyperlink:http://marc.info/?l=bugtraq&m=130514352726432&w=2

External Source: HP

Name: SSRT100415

Hyperlink:http://marc.info/?l=bugtraq&m=130514352726432&w=2

External Source: HP

Name: SSRT100412

Hyperlink:http://marc.info/?l=bugtraq&m=129960314701922&w=2

External Source: HP

Name: HPSBUX02641

Hyperlink:http://marc.info/?l=bugtraq&m=129960314701922&w=2

External Source: SUSE

Name: SUSE-SU-2011:0823

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html

External Source: SUSE

Name: SUSE-SA:2011:024

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html

External Source: FEDORA

Name: FEDORA-2011-1263

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053934.html

External Source: FEDORA

Name: FEDORA-2011-1231

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053926.html

External Source: CONFIRM

Name: http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html

Hyperlink:http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html

External Source: MISC

Name: http://blog.fortify.com/blog/2011/02/08/Double-Trouble

Hyperlink:http://blog.fortify.com/blog/2011/02/08/Double-Trouble

References to Check Content

Identifier:oval:org.mitre.oval:def:12745

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12745

Identifier:oval:org.mitre.oval:def:14328

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:14328

Identifier:oval:org.mitre.oval:def:12662

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12662

Vulnerable software and versions

Configuration 1

* cpe:/a:sun:jre:1.6.0:update_17

* cpe:/a:sun:jre:1.6.0:update_16

* cpe:/a:sun:jre:1.6.0:update_15

* cpe:/a:sun:jre:1.6.0:update_14

* cpe:/a:sun:jre:1.6.0:update_13

* cpe:/a:sun:jre:1.6.0:update_12

* cpe:/a:sun:jre:1.6.0:update_11

* cpe:/a:sun:jre:1.6.0:update_10

* cpe:/a:sun:jre:1.6.0:update_7

* cpe:/a:sun:jre:1.6.0:update_6

* cpe:/a:sun:jre:1.6.0:update_5

* cpe:/a:sun:jre:1.6.0:update_4

* cpe:/a:sun:jre:1.6.0:update_3

* cpe:/a:sun:jre:1.6.0:update_2

* cpe:/a:sun:jre:1.6.0

* cpe:/a:sun:jre:1.6.0:update_18

* cpe:/a:sun:jre:1.6.0:update_19

* cpe:/a:sun:jre:1.6.0:update_20

* cpe:/a:sun:jre:1.6.0:update_21

* cpe:/a:sun:jre:1.6.0:update_22

* cpe:/a:sun:jre:1.6.0:update_23 and previous versions

* cpe:/a:sun:jre:1.6.0:update_1

Configuration 2

* cpe:/a:sun:jdk:1.6.0

* cpe:/a:sun:jdk:1.6.0:update_17

* cpe:/a:sun:jdk:1.6.0:update_16

* cpe:/a:sun:jdk:1.6.0:update_15

* cpe:/a:sun:jdk:1.6.0:update_14

* cpe:/a:sun:jdk:1.6.0:update_13

* cpe:/a:sun:jdk:1.6.0:update_12

* cpe:/a:sun:jdk:1.6.0:update_11

* cpe:/a:sun:jdk:1.6.0:update_10

* cpe:/a:sun:jdk:1.6.0:update_7

* cpe:/a:sun:jdk:1.6.0:update_6

* cpe:/a:sun:jdk:1.6.0:update_5

* cpe:/a:sun:jdk:1.6.0:update_4

* cpe:/a:sun:jdk:1.6.0:update_3

* cpe:/a:sun:jdk:1.6.0:update2

* cpe:/a:sun:jdk:1.6.0:update1

* cpe:/a:sun:jdk:1.6.0:update1_b06

* cpe:/a:sun:jdk:1.6.0:update_18

* cpe:/a:sun:jdk:1.6.0:update_19

* cpe:/a:sun:jdk:1.6.0:update_20

* cpe:/a:sun:jdk:1.6.0:update_21

* cpe:/a:sun:jdk:1.6.0:update_22

* cpe:/a:sun:jdk:1.6.0:update_23 and previous versions

Configuration 3

* cpe:/a:sun:jdk:1.5.0

* cpe:/a:sun:jdk:1.5.0:update1

* cpe:/a:sun:jdk:1.5.0:update2

* cpe:/a:sun:jdk:1.5.0:update3

* cpe:/a:sun:jdk:1.5.0:update4

* cpe:/a:sun:jdk:1.5.0:update5

* cpe:/a:sun:jdk:1.5.0:update6

* cpe:/a:sun:jdk:1.5.0:update7

* cpe:/a:sun:jdk:1.5.0:update8

* cpe:/a:sun:jdk:1.5.0:update9

* cpe:/a:sun:jdk:1.5.0:update10

* cpe:/a:sun:jdk:1.5.0:update11

* cpe:/a:sun:jdk:1.5.0:update12

* cpe:/a:sun:jdk:1.5.0:update13

* cpe:/a:sun:jdk:1.5.0:update14

* cpe:/a:sun:jdk:1.5.0:update15

* cpe:/a:sun:jdk:1.5.0:update16

* cpe:/a:sun:jdk:1.5.0:update17

* cpe:/a:sun:jdk:1.5.0:update18

* cpe:/a:sun:jdk:1.5.0:update19

* cpe:/a:sun:jdk:1.5.0:update20

* cpe:/a:sun:jdk:1.5.0:update21

* cpe:/a:sun:jdk:1.5.0:update22

* cpe:/a:sun:jdk:1.5.0:update23

* cpe:/a:sun:jdk:1.5.0:update24

* cpe:/a:sun:jdk:1.5.0:update25

* cpe:/a:sun:jdk:1.5.0:update26

* cpe:/a:sun:jdk:1.5.0:update27 and previous versions

Configuration 4

* cpe:/a:sun:sdk:1.4.2

* cpe:/a:sun:sdk:1.4.2_02

* cpe:/a:sun:sdk:1.4.2_1

* cpe:/a:sun:sdk:1.4.2_10

* cpe:/a:sun:sdk:1.4.2_11

* cpe:/a:sun:sdk:1.4.2_12

* cpe:/a:sun:sdk:1.4.2_13

* cpe:/a:sun:sdk:1.4.2_14

* cpe:/a:sun:sdk:1.4.2_15

* cpe:/a:sun:sdk:1.4.2_16

* cpe:/a:sun:sdk:1.4.2_17

* cpe:/a:sun:sdk:1.4.2_18

* cpe:/a:sun:sdk:1.4.2_19

* cpe:/a:sun:sdk:1.4.2_3

* cpe:/a:sun:sdk:1.4.2_4

* cpe:/a:sun:sdk:1.4.2_5

* cpe:/a:sun:sdk:1.4.2_6

* cpe:/a:sun:sdk:1.4.2_7

* cpe:/a:sun:sdk:1.4.2_8

* cpe:/a:sun:sdk:1.4.2_9

* cpe:/a:sun:sdk:1.4.2_20

* cpe:/a:sun:sdk:1.4.2_21

* cpe:/a:sun:sdk:1.4.2_22

* cpe:/a:sun:sdk:1.4.2_23

* cpe:/a:sun:sdk:1.4.2_24

* cpe:/a:sun:sdk:1.4.2_25

* cpe:/a:sun:sdk:1.4.2_26

* cpe:/a:sun:sdk:1.4.2_27

* cpe:/a:sun:sdk:1.4.2_28

* cpe:/a:sun:sdk:1.4.2_29 and previous versions

Configuration 5

* cpe:/a:sun:jre:1.5.0

* cpe:/a:sun:jre:1.5.0:update1

* cpe:/a:sun:jre:1.5.0:update2

* cpe:/a:sun:jre:1.5.0:update3

* cpe:/a:sun:jre:1.5.0:update4

* cpe:/a:sun:jre:1.5.0:update5

* cpe:/a:sun:jre:1.5.0:update6

* cpe:/a:sun:jre:1.5.0:update7

* cpe:/a:sun:jre:1.5.0:update8

* cpe:/a:sun:jre:1.5.0:update9

* cpe:/a:sun:jre:1.5.0:update10

* cpe:/a:sun:jre:1.5.0:update11

* cpe:/a:sun:jre:1.5.0:update12

* cpe:/a:sun:jre:1.5.0:update13

* cpe:/a:sun:jre:1.5.0:update14

* cpe:/a:sun:jre:1.5.0:update15

* cpe:/a:sun:jre:1.5.0:update16

* cpe:/a:sun:jre:1.5.0:update17

* cpe:/a:sun:jre:1.5.0:update18

* cpe:/a:sun:jre:1.5.0:update19

* cpe:/a:sun:jre:1.5.0:update20

* cpe:/a:sun:jre:1.5.0:update21

* cpe:/a:sun:jre:1.5.0:update22

* cpe:/a:sun:jre:1.5.0:update23

* cpe:/a:sun:jre:1.5.0:update24

* cpe:/a:sun:jre:1.5.0:update25

* cpe:/a:sun:jre:1.5.0:update26

* cpe:/a:sun:jre:1.5.0:update27 and previous versions

Configuration 6

* cpe:/a:sun:jre:1.4.2

* cpe:/a:sun:jre:1.4.2:update1

* cpe:/a:sun:jre:1.4.2:update2

* cpe:/a:sun:jre:1.4.2:update3

* cpe:/a:sun:jre:1.4.2:update4

* cpe:/a:sun:jre:1.4.2:update5

* cpe:/a:sun:jre:1.4.2:update6

* cpe:/a:sun:jre:1.4.2:update7

* cpe:/a:sun:jre:1.4.2:update8

* cpe:/a:sun:jre:1.4.2:update9

* cpe:/a:sun:jre:1.4.2_1

* cpe:/a:sun:jre:1.4.2_10

* cpe:/a:sun:jre:1.4.2_11

* cpe:/a:sun:jre:1.4.2_12

* cpe:/a:sun:jre:1.4.2_13

* cpe:/a:sun:jre:1.4.2_14

* cpe:/a:sun:jre:1.4.2_15

* cpe:/a:sun:jre:1.4.2_16

* cpe:/a:sun:jre:1.4.2_17

* cpe:/a:sun:jre:1.4.2_18

* cpe:/a:sun:jre:1.4.2_19

* cpe:/a:sun:jre:1.4.2_20

* cpe:/a:sun:jre:1.4.2_21

* cpe:/a:sun:jre:1.4.2_22

* cpe:/a:sun:jre:1.4.2_23

* cpe:/a:sun:jre:1.4.2_24

* cpe:/a:sun:jre:1.4.2_25

* cpe:/a:sun:jre:1.4.2_26

* cpe:/a:sun:jre:1.4.2_27

* cpe:/a:sun:jre:1.4.2_28

* cpe:/a:sun:jre:1.4.2_29 and previous versions

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Design Error (NVD-CWE-DesignError)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476