In early 2011 a critical Java Class Library security vulnerability was blogged on the Internet and is now in the public domain. (an IBM customer has already checked this issue with IBM Java and raised a PMR).
Calling Double.parseDouble("2.2250738585072012e-308") leads to an infinite loop.
This can be used as a denial of service attack against app servers. If an app server receives a HTTP request and parses the value with parseDouble() the thread doing the parsing will go into an infinite loop
Who's Affected -
This vulnerability affects all versions and releases of Java (1.4.2, 5.0 and 6.0) on all platforms. Web servers and Web services are particularly at risk.
Log in to post a comment.