What is CVE-2010-4476?

CVE-2010-4476 is a vulnerability in Sun Jdk. Published 2011-02-17.

Is CVE-2010-4476 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Sun Jdk

CVE-2010-4476

The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products…

EPSS: 0.399 (97.4th percentile) — read the EPSS interpretation.

Affected products

Sun Jdk — versions 1.6.0, 1.5.0
Sun Jre — versions 1.6.0, 1.5.0, 1.4.2
Sun Sdk — versions 1.4.2, 1.4.2_1, 1.4.2_02
N/a — versions n/a

Public proof-of-concept exploits

References

43295 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
1025062 (vdb-entry, x_refsource_SECTRACK)
secalert_us@oracle.com (x_refsource_CONFIRM)
43280 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
RHSA-2011:0210 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert_us@oracle.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
GLSA-201406-32 (vendor-advisory, x_refsource_GENTOO)
oval:org.mitre.oval:def:14328 (x_refsource_OVAL, signature, vdb-entry)
HPSBMU02799 (x_refsource_HP, vendor-advisory)
FEDORA-2011-1231 (x_refsource_FEDORA, vendor-advisory)

Frequently asked questions

What is CVE-2010-4476?: CVE-2010-4476 is a vulnerability in Sun Jdk. Published 2011-02-17.
Is CVE-2010-4476 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.