Описание
ELSA-2011-0336: tomcat5 security update (IMPORTANT)
[0:5.5.23-0jpp.17]
- Resolves: rhbz 674599 JDK Double.parseDouble DoS
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
tomcat5
5.5.23-0jpp.17.el5_6
tomcat5-admin-webapps
5.5.23-0jpp.17.el5_6
tomcat5-common-lib
5.5.23-0jpp.17.el5_6
tomcat5-jasper
5.5.23-0jpp.17.el5_6
tomcat5-jasper-javadoc
5.5.23-0jpp.17.el5_6
tomcat5-jsp-2.0-api
5.5.23-0jpp.17.el5_6
tomcat5-jsp-2.0-api-javadoc
5.5.23-0jpp.17.el5_6
tomcat5-server-lib
5.5.23-0jpp.17.el5_6
tomcat5-servlet-2.4-api
5.5.23-0jpp.17.el5_6
tomcat5-servlet-2.4-api-javadoc
5.5.23-0jpp.17.el5_6
tomcat5-webapps
5.5.23-0jpp.17.el5_6
Oracle Linux x86_64
tomcat5
5.5.23-0jpp.17.el5_6
tomcat5-admin-webapps
5.5.23-0jpp.17.el5_6
tomcat5-common-lib
5.5.23-0jpp.17.el5_6
tomcat5-jasper
5.5.23-0jpp.17.el5_6
tomcat5-jasper-javadoc
5.5.23-0jpp.17.el5_6
tomcat5-jsp-2.0-api
5.5.23-0jpp.17.el5_6
tomcat5-jsp-2.0-api-javadoc
5.5.23-0jpp.17.el5_6
tomcat5-server-lib
5.5.23-0jpp.17.el5_6
tomcat5-servlet-2.4-api
5.5.23-0jpp.17.el5_6
tomcat5-servlet-2.4-api-javadoc
5.5.23-0jpp.17.el5_6
tomcat5-webapps
5.5.23-0jpp.17.el5_6
Oracle Linux i386
tomcat5
5.5.23-0jpp.17.el5_6
tomcat5-admin-webapps
5.5.23-0jpp.17.el5_6
tomcat5-common-lib
5.5.23-0jpp.17.el5_6
tomcat5-jasper
5.5.23-0jpp.17.el5_6
tomcat5-jasper-javadoc
5.5.23-0jpp.17.el5_6
tomcat5-jsp-2.0-api
5.5.23-0jpp.17.el5_6
tomcat5-jsp-2.0-api-javadoc
5.5.23-0jpp.17.el5_6
tomcat5-server-lib
5.5.23-0jpp.17.el5_6
tomcat5-servlet-2.4-api
5.5.23-0jpp.17.el5_6
tomcat5-servlet-2.4-api-javadoc
5.5.23-0jpp.17.el5_6
tomcat5-webapps
5.5.23-0jpp.17.el5_6
Связанные CVE
Связанные уязвимости
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
The Double.parseDouble method in Java Runtime Environment (JRE) in Ora ...
Apache Tomcat affected by infinite loop in Double.parseDouble method in Java Runtime Environment