No results found

Your search did not match any results.

We suggest you try the following to help find what you’re looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try “application” instead of “software.”
  • Try one of the popular searches shown below.
  • Start a new search.
Trending Questions

Oracle Security Alert for CVE-2010-4476

Description

This Security Alert addresses security issue CVE-2010-4476 (Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number), which is a vulnerability in the Java Runtime Environment component of the Oracle Java SE and Java for Business products and Oracle JRockit. This vulnerability allows unauthenticated network attacks ( i.e. it may be exploited over a network without the need for a username and password). Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete Denial of Service) of the Java Runtime Environment. Java based application and web servers are especially at risk from this vulnerability.

Supported Products Affected

The security vulnerability addressed by this Security Alert affects the products listed in the categories below.  Please click on the link in the Patch Availability Table to access the documentation for those patches.

Affected product releases and versions:

Java SE
JDK and JRE 6 Update 23 and earlier for Windows, Solaris, and Linux
JDK 5.0 Update 27 and earlier for Solaris 9
SDK 1.4.2_29 and earlier for Solaris 8
Java for Business
JDK and JRE 6 Update 23 and earlier for Windows, Solaris and Linux
JDK and JRE 5.0 Update 27 and earlier for Windows, Solaris and Linux
SDK and JRE 1.4.2_29 and earlier for Windows, Solaris and Linux
JRockit
R27.6.8 and earlier (JDK/JRE 1.4.2, 5, 6)
R28.1.1 and earlier (JDK/JRE 5, 6)

Patch Availability Table

Product Group Risk Matrix Patch Availability and Installation Information
Oracle Java SE and Java for Business and Oracle JRockit Oracle Java SE and Java for Business and Oracle JRockit Risk Matrix Oracle Security Alert for CVE-2010-4476 My Oracle Support Note 1291950.1

Java SE Floating Point Updater Tool

References

Modification History

Date Comments
2011-March-22 Rev 2. Included Oracle JRockit
2011-February-08 Rev 1. Initial Release

Risk Matrix for Oracle Java SE and Java for Business and Oracle JRockit

My Oracle Support Note 360870.1 explains the impact of Java security vulnerabilities on Oracle products that include a JDK.

CVE# Component Protocol Sub-component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected Notes
Base Score Access Vector Access Complexity Authen­tication Confid­entiality Inte­grity Avail­ability
CVE-2010-4476 Java Runtime Environment Multiple Java Language Yes 5.0 Network Low None None None Partial+ 6 Update 23 and before, 5.0 Update 27 and before, 1.4.2_29 and before. R27.6.8 and before, R28.1.1 and before. -