Passionate Development From Journeyman to Master

Java Vulnerability - CVE-2010-4476

There was a critical Java patch released yesterday: FP-Updater Tool addressing this bug: CVE-2010-4476 Released.

The bug was around Java inability to parse the following double numbers : 2.2250738585072012e-308 or 2.2250738585072011e-308 - parsing these numbers will result in Java thread hanging indefinitely.

This bug unfortunately affects ColdFusion sites as well, below are two useful blog posts that I found:

Short term fix, would be to patch Java. Longer term would be to wait for Java upgrade, which should be 1.6.0_24.

coldfusion