-> curl -vH "Accept-Language: en-us;q=2.2250738585072012e-308" http://lnxauth02d.shsu.edu:8080/sghe-cas/login * About to connect() to lnxauth02d.shsu.edu port 8080 * Trying 158.135.5.21... connected * Connected to lnxauth02d.shsu.edu (158.135.5.21) port 8080 > GET /sghe-cas/login HTTP/1.1 > User-Agent: curl/7.15.5 (i386-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b > zlib/1.2.3 libidn/0.6.5 > Host: lnxauth02d.shsu.edu:8080 > Accept: */* > Accept-Language: en-us;q=2.2250738585072012e-308 >
It just hangs that curl until I ctrl-C - the JVM still works fine (I can log in to the box without any problems) using 1.6.0_22. Rob Marti > -----Original Message----- > From: Robert Oschwald [mailto:[email protected]] > Sent: Wednesday, February 09, 2011 7:45 AM > To: [email protected] > Cc: [email protected] > Subject: [cas-user] Important! Critical bug in all Java versions > > This is off topic but important to all CAS users. > > There exists a remotely exploitable critical bug in Java which can lead to a > complete crash of the JVM. > Every admin is urged to immediately patch all Sun/Bea/Oracle Java Versions > on their servers. > > Main cause of the problem is a flaw in the AMD/Intel floating point unit. > > JVM Patcher: > https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer- > Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=fpupdater-oth- > JPR@CDS-CDS_Developer > > > As noted above, every script kiddie can crash your remotely available java > app by simply sending the magic string in the HTTP-HEADER (e.g. by using > curl). > > > Hope it helps. > > Robert > -- > You are currently subscribed to [email protected] as: [email protected] To > unsubscribe, change settings or access archives, see http://www.ja- > sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
