Status Tracking Note JVNTR-2011-02

Java Double.parseDouble denial of service (Aka. "2.2250738585072011e-308" issue ) (CVE-2010-4476)

Overview

Sun Java is vulnerable to a denial of service, caused by an error in the Double.parseDouble when converting a string into binary floating-point number such as "2.2250738585072012e-308".
Event Information
Date (UTC)Description
2011-02-15 Oracle
Oracle Java SE and Java for Business Critical Patch Update Advisory - February 2011
2011-02-10 Apache
Improve HTTP specification compliance in support of Accept-Language header.
Tomcat 5.5.33 Released
2011-02-08 Oracle
Oracle Security Alert for CVE-2010-4476
2011-02-05 Apache
Improve HTTP specification compliance in support of Accept-Language header.
Tomcat 7.0.8 Released
2011-02-04 Apache
Improve HTTP specification compliance in support of Accept-Language header.
Tomcat 6.0.32 Released
2011-01-31 18:28
Java Hangs When Converting 2.2250738585072012e-308
Vulnerability related information disclosed.
Reference
Date first published (UTC): 2011-03-13T11:43+00:00
Date last updated (UTC): 2011-03-13T11:43+00:00
Valid HTML 4.01!