National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2010-4476 Detail

Current Description

The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.

Source:  MITRE      Last Modified:  02/17/2011      View Analysis Description

Quick Info

CVE Dictionary Entry:
CVE-2010-4476
Original release date:
02/17/2011
Last revised:
12/21/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
5.0 MEDIUM
Vector:
(AV:N/AC:L/Au:N/C:N/I:N/A:P) (legend)
Impact Subscore:
2.9
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://blog.fortify.com/blog/2011/02/08/Double-Trouble External Source MISC http://blog.fortify.com/blog/2011/02/08/Double-Trouble
http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html External Source CONFIRM http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053926.html External Source FEDORA FEDORA-2011-1231
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053934.html External Source FEDORA FEDORA-2011-1263
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html External Source SUSE SUSE-SA:2011:024
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html External Source SUSE SUSE-SU-2011:0823
http://marc.info/?l=bugtraq&m=129899347607632&w=2 External Source HP SSRT100387
http://marc.info/?l=bugtraq&m=129960314701922&w=2 External Source HP HPSBUX02641
http://marc.info/?l=bugtraq&m=130168502603566&w=2 External Source HP HPSBUX02645
http://marc.info/?l=bugtraq&m=130270785502599&w=2 External Source HP HPSBUX02642
http://marc.info/?l=bugtraq&m=130497132406206&w=2 External Source HP HPSBOV02634
http://marc.info/?l=bugtraq&m=130497185606818&w=2 External Source HP HPSBTU02684
http://marc.info/?l=bugtraq&m=130514352726432&w=2 External Source HP SSRT100415
http://marc.info/?l=bugtraq&m=131041767210772&w=2 External Source HP SSRT100569
http://marc.info/?l=bugtraq&m=132215163318824&w=2 External Source HP SSRT100627
http://marc.info/?l=bugtraq&m=133469267822771&w=2 External Source HP SSRT100825
http://marc.info/?l=bugtraq&m=133728004526190&w=2 External Source HP SSRT100854
http://marc.info/?l=bugtraq&m=134254866602253&w=2 External Source HP HPSBMU02799
http://marc.info/?l=bugtraq&m=134254957702612&w=2 External Source HP SSRT100867
http://marc.info/?l=bugtraq&m=136485229118404&w=2 External Source HP HPSBUX02860
http://security.gentoo.org/glsa/glsa-201406-32.xml External Source GENTOO GLSA-201406-32
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html External Source CONFIRM http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
http://www.debian.org/security/2011/dsa-2161 External Source DEBIAN DSA-2161
http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/ External Source MISC http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html External Source CONFIRM http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html
http://www.ibm.com/support/docview.wss?uid=swg24029497 External Source CONFIRM http://www.ibm.com/support/docview.wss?uid=swg24029497
http://www.ibm.com/support/docview.wss?uid=swg24029498 External Source CONFIRM http://www.ibm.com/support/docview.wss?uid=swg24029498
http://www.mandriva.com/security/advisories?name=MDVSA-2011:054 External Source MANDRIVA MDVSA-2011:054
http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html Patch; Vendor Advisory External Source CONFIRM http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html Patch; Vendor Advisory External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html Patch; Vendor Advisory External Source CONFIRM http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html
http://www.redhat.com/support/errata/RHSA-2011-0210.html Vendor Advisory External Source REDHAT RHSA-2011:0210
http://www.redhat.com/support/errata/RHSA-2011-0211.html Vendor Advisory External Source REDHAT RHSA-2011:0211
http://www.redhat.com/support/errata/RHSA-2011-0212.html Vendor Advisory External Source REDHAT RHSA-2011:0212
http://www.redhat.com/support/errata/RHSA-2011-0213.html Vendor Advisory External Source REDHAT RHSA-2011:0213
http://www.redhat.com/support/errata/RHSA-2011-0214.html Vendor Advisory External Source REDHAT RHSA-2011:0214
http://www.redhat.com/support/errata/RHSA-2011-0282.html Vendor Advisory External Source REDHAT RHSA-2011:0282
http://www.redhat.com/support/errata/RHSA-2011-0333.html Vendor Advisory External Source REDHAT RHSA-2011:0333
http://www.redhat.com/support/errata/RHSA-2011-0334.html Vendor Advisory External Source REDHAT RHSA-2011:0334
http://www.redhat.com/support/errata/RHSA-2011-0880.html Vendor Advisory External Source REDHAT RHSA-2011:0880
http://www.securitytracker.com/id?1025062 External Source SECTRACK 1025062
http://www.vupen.com/english/advisories/2011/0365 Vendor Advisory External Source VUPEN ADV-2011-0365
http://www.vupen.com/english/advisories/2011/0377 Vendor Advisory External Source VUPEN ADV-2011-0377
http://www.vupen.com/english/advisories/2011/0379 Vendor Advisory External Source VUPEN ADV-2011-0379
http://www.vupen.com/english/advisories/2011/0422 Vendor Advisory External Source VUPEN ADV-2011-0422
http://www.vupen.com/english/advisories/2011/0434 Vendor Advisory External Source VUPEN ADV-2011-0434
http://www.vupen.com/english/advisories/2011/0605 Vendor Advisory External Source VUPEN ADV-2011-0605
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ94423 External Source AIXAPAR IZ94423
http://www-01.ibm.com/support/docview.wss?uid=swg1PM31983 External Source AIXAPAR PM31983
http://www-01.ibm.com/support/docview.wss?uid=swg21468358 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21468358
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02720715&admit=109447627+1298159618320+28353475 External Source HP SSRT100390
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12662 External Source OVAL oval:org.mitre.oval:def:12662
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12745 External Source OVAL oval:org.mitre.oval:def:12745
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14328 External Source OVAL oval:org.mitre.oval:def:14328
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14589 External Source OVAL oval:org.mitre.oval:def:14589
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19493 External Source OVAL oval:org.mitre.oval:def:19493

References to Check Content

Identifier:
oval:org.mitre.oval:def:12662
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12662
Identifier:
oval:org.mitre.oval:def:12745
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12745
Identifier:
oval:org.mitre.oval:def:14328
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:14328
Identifier:
oval:org.mitre.oval:def:14589
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:14589

Technical Details

Vulnerability Type (View All)

Vulnerable software and versions Switch to CPE 2.2

Configuration 1
OR
cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*
cpe:2.3:a:sun:jre:*:update_23:*:*:*:*:*:*    versions up to (including) 1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
Configuration 2
OR
cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:*:update_23:*:*:*:*:*:*    versions up to (including) 1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
Configuration 3
OR
cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:*:update27:*:*:*:*:*:*    versions up to (including) 1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*
Configuration 4
OR
cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_24:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_26:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_27:*:*:*:*:*:*:*
Configuration 5
Configuration 6
Showing 100 of 162 CPEs, view all CPEs here.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History 7 change records found - show changes