Robert, thanks for the heads up.
The CAS project (as coordinated through the steering committee) is
responding by posting this announcement to the CAS website:
http://www.jasig.org/cas/news/cve-2010-4476
I'll also be posting this to the user email list.
Andrew
On 02/09/2011 08:45 AM, Robert Oschwald wrote:
This is off topic but important to all CAS users.
There exists a remotely exploitable critical bug in Java which can lead to a
complete crash of the JVM.
Every admin is urged to immediately patch all Sun/Bea/Oracle Java Versions on
their servers.
Main cause of the problem is a flaw in the AMD/Intel floating point unit.
JVM Patcher:
https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=fpupdater-oth-JPR@CDS-CDS_Developer
As noted above, every script kiddie can crash your remotely available java app
by simply sending the magic string in the HTTP-HEADER (e.g. by using curl).
Hope it helps.
Robert
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-dev
