There is a Oracle Security Alert for CVE-2010-4476
quoting:
Description
This Security Alert addresses security issue CVE-2010-4476 (Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number), which is a vulnerability in the Java Runtime Environment component of the Oracle Java SE and Java for Business products. This vulnerability allows unauthenticated network attacks ( i.e. it may be exploited over a network without the need for a username and password). Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete Denial of Service) of the Java Runtime Environment. Java based application and web servers are especially at risk from this vulnerability.
which seems to occur also in JRockit. Check Java EE Support Patterns post to see how this problem is reproduced in JRockit.
Quoting the before mentioned post:
This post is about
informing you on a new critical Oracle security alert that was released
by Oracle on February 8, 2011. We will also demonstrate how it can
affect your Java EE environment using a negative test case againts one
of our Internet facing Webologic Portal 10.0 application using JRockit
R27.5 (JDK 1.5).
thanks
ReplyDelete