View Single Post
  #1   (View Single Post)  
Old 8th February 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,503
Default 'Mark-of-the-Beast' bug topples Java apps

From http://www.theregister.co.uk/2011/02...f_service_bug/

Quote:
A bug in Oracle's Java programming framework causes computers to freeze when they encounter certain numerical values with large numbers of decimal places, a flaw that makes websites susceptible to highly efficient denial-of-service attacks.

The vulnerability in the latest version of Java is similar to a flaw discovered last month that plagued the PHP language. It is trigged when applications attempt to process values such as 2.2250738585072011e-308. Systems running both Windows- and Linux-based apps that try to assign the value to a “double” variable succumb to an infinite loop that consumes 100 percent of their CPU's resources.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote