Hey Brian,
I think it's critical that we discuss these issues with prescriptive
remediation advice.
1) Update your JVM, often easier said then done
2) Build a blacklist filter looking for this specific numerical attack
range. I already patched this in the ESAPI for Java security library
which you
There's a very interesting vulnerability in Java kicking around. I wrote about
it here:
http://blog.fortify.com/blog/2011/02/08/Double-Trouble
In brief, you can send Java (and some versions of PHP) into an infinite loop if
you can provide some malicious input that will be parsed as a double-p
