Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number

Document ID:7009197
Creation Date:17-Aug-2011
Modified Date:26-Apr-2012
- Micro Focus Products:
  Identity Manager

Environment

Novell Identity Manager 3.5.1

Novell Identity Manager 3.6

Novell Identity Manager 3.6.1

Novell Identity Manager 4.0

Situation

There is a security problem with IDMs' JRE that is described below.

Oracle Security Alert for CVE-2010-4476

Description

This Security Alert addresses security issue CVE-2010-4476 (Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number), which is a vulnerability in the Java Runtime Environment component of the Oracle Java SE and Java for Business products and Oracle JRockit. This vulnerability allows unauthenticated network attacks ( i.e. it may be exploited over a network without the need for a username and password). Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete Denial of Service) of the Java Runtime Environment. Java based application and web servers are especially at risk from this vulnerability.

Resolution

Apply the patch provided at the following location:

http://www.oracle.com/technetwork/java/javase/fpupdater-tool-readme-305936.html

This only effects this particular problem. It does not update the JRE version.