d8888 888 888      88888888888 888      d8b                                 888       888          888       .d8888b.           888                               
      d88888 888 888          888     888      Y8P                                 888   o   888          888      d88P  Y88b          888                               
     d88P888 888 888          888     888                                          888  d8b  888          888      Y88b.               888                               
    d88P 888 888 888          888     88888b.  888 88888b.   .d88b.  .d8888b       888 d888b 888  .d88b.  88888b.   "Y888b.   88888b.  88888b.   .d88b.  888d888 .d88b.  
   d88P  888 888 888          888     888 "88b 888 888 "88b d88P"88b 88K           888d88888b888 d8P  Y8b 888 "88b     "Y88b. 888 "88b 888 "88b d8P  Y8b 888P"  d8P  Y8b 
  d88P   888 888 888          888     888  888 888 888  888 888  888 "Y8888b.      88888P Y88888 88888888 888  888       "888 888  888 888  888 88888888 888    88888888 
 d8888888888 888 888          888     888  888 888 888  888 Y88b 888      X88      8888P   Y8888 Y8b.     888 d88P Y88b  d88P 888 d88P 888  888 Y8b.     888    Y8b.     
d88P     888 888 888          888     888  888 888 888  888  "Y88888  88888P'      888P     Y888  "Y8888  88888P"   "Y8888P"  88888P"  888  888  "Y8888  888     "Y8888  
                                                                 888                                                          888                                        
                                                            Y8b d88P                                                          888                                        
                                                             "Y88P"                                                           888   

All Things WebSphere

Concerns and issues relating to all versions of WebSphere Application Server

Wednesday, February 16, 2011

 

WebSphere Critical Security Vulnerability - Denial of Service Security Exposure with Java JRE/JDK


Dear WebSphere Administrators,

Please patch your WAS deployments ASAP to fix a Denial of Service Security Exposure with Java JRE/JDK hanging when converting 2.2250738585072012e-308 number (CVE-2010-4476) (PM32387)
See http://www-01.ibm.com/support/docview.wss?uid=swg21462019#solution_dist

This vulnerability can cause the Java Runtime Environment to go into a hang, infinite loop, and/or crash resulting in a denial of service exposure. This same hang will occur if the number is written without scientific notation (324 decimal places). In addition to the Application Server being exposed to this attack, any Java program using the Double.parseDouble method is also at risk of this exposure including any customer written application or 3rd party written application.

The security vulnerability is generic and specifically its a bug in sun.misc.FloatingDecimal.doubleValue
 See http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/

This can be used as a denial of service attack against app servers, by sending the server an HTTP request containing this value in a field - if the server parses the value with parseDouble(), the thread doing the parsing will go into an infinite loop.

A hacker looks up a website and submits the string value "2.2250738585072012e-308" for a form field that expects double and parses it on the server side.  Other instances could  include an web service hosted on WAS  that take a string input from a form or a URL, and tries to convert said string to a floating point variable  Any code on the server side that does parseDouble is now compromised if hacker figures out how to trigger the parsing.

And remember ...
 ** JDK fixes are NOT dependent on the version/release of WSAS **

Oracle recently released a fix for the same
http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html
http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html


Reference:
http://www.reddit.com/r/programming/comments/fczjc/next_language_java_hangs_when_converting/
http://news.ycombinator.com/item?id=2164863

Comments:

Post a Comment

Subscribe to Post Comments [Atom]



Links to this post:

Create a Link



<< Home

Archives

December 2006   September 2008   January 2009   February 2009   March 2009   September 2009   October 2009   November 2009   December 2009   January 2010   February 2010   March 2010   April 2010   October 2010   January 2011   February 2011   April 2011   May 2011   June 2011   July 2011   August 2011   September 2011   October 2011   November 2011   December 2011   January 2012   February 2012   March 2012   April 2012   May 2012   June 2012   July 2012   August 2012   September 2012   October 2012   November 2012   January 2013   May 2013   June 2013   July 2013   September 2013   October 2013   June 2014   August 2014  

This page is powered by Blogger. Isn't yours?

Subscribe to Posts [Atom]