[Yanel-dev] FYI: Floating point bug in Java
Cedric Staub
cedric.staub at wyona.com
Wed Feb 9 15:51:38 CET 2011
Hello there
It looks like Java has a bug that can cause it to enter an endless loop
when one tries to convert a specific string literal to a double:
http://www.h-online.com/open/news/item/Oracle-warns-of-Java-vulnerability-1186135.html
This can actually be used to launch a denial of service attack against
Tomcat if the attacker sends an especially-crafted header, and the
servlet happens to use the getLocale() or getLocales() functions.
However, it looks like Yanel is safe because it doesn't rely on those
functions to parse the header and parses it itself instead. I checked
the code where this happens, and Yanel never tries to convert a string
into a double. So my attempts to crash my own host have been futile
so far, which is a good thing ;-).
However, you may still want to apply Oracle's fix for the issue:
http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
Cheers,
Cedric
More information about the Yanel-development
mailing list