Detalji

Otkrivena je sigurnosna ranjivost vezana uz IBM Tivoli Monitoring. Spomenuti paket namijenjen je optimizaciji performansi i dostupnosti različitih komponenti IT sustava. Ranjivost je posljedica pogreške u komponenti Java Runtime Environment (JRE), konkretnije u metodi "Double.parseDouble". Udaljeni napadač može iskoristiti nepravilnost kako bi podmetanjem posebno oblikovanih znakovnih nizova uzrokovao DoS (eng. Denial of Service) napad. Svim se korisnicima ranjivog paketa savjetuje instalacija ispravljenih programskih rješenja.

IBM Tivoli Monitoring Java Numerical Conversion Remote Denial of Service

VUPEN ID 	VUPEN/ADV-2011-0470
CVE ID 	CVE-2010-4476
 
CWE ID 	Available in VUPEN VNS Customer Area
CVSS V2 	Available in VUPEN VNS Customer Area
Rated as 	Low Risk 
Impact 	Available in VUPEN VNS Customer Area
Authentication Level 	Available in VUPEN VNS Customer Area
Access Vector 	Available in VUPEN VNS Customer Area
Release Date 	2011-02-23
Share 	Twitter LinkedIn Facebook Delicious Digg Slashdot

Technical Description

A vulnerability has been identified in IBM Tivoli Monitoring (ITM), which could be exploited by attackers to cause a denial of service. This issue is caused by an error in Java. For additional information, see : VUPEN/ADV-2011-0339

Affected Products

IBM Tivoli Monitoring versions 6.x

Solution 

Upgrade Java :
http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html

References

http://www.vupen.com/english/advisories/2011/0470
http://www-01.ibm.com/support/docview.wss?uid=swg21468884

Changelog 

2011-02-23 : Initial release

Idi na vrh