2011-02-11

Sun JAVA, IBM Java, IBM WebSphere Application Server

ソフト名:Sun JAVA JDK 5.0 Update 27以下/JDK 6 Update 23以下/JRE 6 Update 23以下, Sun JAVA SDK 1.4.2_29以下, IBM Java 5.0.0 SR12 Fix Pack 4未満, IBM WebSphere Application Server 6.1.0.35以下
回避策:あり, APAR IZ94331, APAR PM32177にて対応
脆弱性:DoS攻撃, 無限ループ
ソース:
http://www.oracle.com/technetwork/java/javase/overview/index.html
http://www.oracle.com/technetwork/java/javase/index-jsp-138567.html
http://java.sun.com/j2se/1.5/
https://www.ibm.com/developerworks/java/
http://www-01.ibm.com/software/webservers/appserv/was/
http://www.oracle.com/technetwork/java/javase/overview/index-jsp-136246.html
http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
http://www.ibm.com/support/docview.wss?uid=swg1IZ94331
http://www.ibm.com/support/docview.wss?uid=swg24029090
http://www.exploringbinary.com/why-volatile-fixes-the-2-2250738585072011e-308-bug/comment-page-1/#comment-4645
http://secunia.com/advisories/43262/
http://secunia.com/advisories/43295/
http://secunia.com/advisories/43296/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476
CVE:CVE-2010-4476
危険性:Medium Risk

0 件のコメント:

コメントを投稿