Skip to content

XAware Community

Get the Flash Player to see this player.
Flash Image Rotator Module by Joomlashack.
XAware 5.6
Need Help
Webinars and Events
Advanced Tutorials
Webinars and Events

You are here: Home arrow Forums
XAware Community Forums
Welcome, Guest
Please Login or Register.    Lost Password?
Re:Java vulnerability: Double value "2.22507385850720 (1 viewing) (1) Guest
Go to bottom Post Reply Favoured: 0
TOPIC: Re:Java vulnerability: Double value "2.22507385850720
#6029
bmoore (User)
XAware user
Posts: 22
User Offline Click here to see the profile of this user
Java vulnerability: Double value "2.22507385850720 8 Years, 11 Months ago Karma: 1  
A Java vulnerability point has been advertised and fixed this week according to the Java Community. It concerns all versions of Java. The exact problem description is: Double value "2.2250738585072012e-308" crashes the JVM. There may be no reason for us to use this value, but by entering the value in an application form which in turn, in user or internal classes, transforms the value into Double, the application will crash. Note that the value may occur for many reasons, including for malicious purpose.

Is XAware aware of this? Is this a concern for apps using XAware V5.x?
 
Report to moderator   Logged Logged  
  The administrator has disabled public write access.
#6030
prichards (Admin)
Admin
Posts: 319
User Offline Click here to see the profile of this user
Re:Java vulnerability: Double value "2.22507385850720 8 Years, 11 Months ago Karma: 18  
I did a quick scan of the 5.5 code base, and double conversion from a String (parseDouble(), valueOf()) are only used in a few places (test helpers, a couple built-in functoids, and one SQLconversion helper) so it would require a very specific use-case to cause the XAware Engine to hang. I have not heard of this issue causing any problems with current XAware installations.

However, if you are concerned and wish to be completely thorough, Oracle has released a fix/patch for this issue which you can find at http://www.oracle.com/technetwork/java/javase/fpupdater-tool-readme-305936.html with instructions to apply the fix (applies to both 1.5 and Java 6).
 
Report to moderator   Logged Logged  
  The administrator has disabled public write access.
Go to top Post Reply
Powered by FireBoardget the latest posts directly to your desktop

Community Login

Get the Flash Player to see this player.
Flash Image Rotator Module by Joomlashack.
Commercial
Free Training
QuickStart Packages
Image 4 Title
Image 5 Title

Visit XAware.com