Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] jvm/tomcat security issue

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] jvm/tomcat security issue

Chronological Thread 
  • From: Chris Hyzer <>
  • To: Tom Barton <>, "" <>
  • Subject: RE: [grouper-users] jvm/tomcat security issue
  • Date: Thu, 24 Feb 2011 14:44:29 -0500
  • Accept-language: en-US
  • Acceptlanguage: en-US

Just curious, has anyone been able to reproduce this against a Java webapp?
I can reproduce in a command line java program. In a webapp, I am trying
with Firefox and the tamper data plugin, and I cant get anything to lock up.
Im sure if I changed the server side code I could get it to work, but if
anyone can make Grouper (UI or WS) freeze up, I would be interested. Feel
free to contact me off list if people don't want to discuss this publicly.


-----Original Message-----

On Behalf Of Tom Barton
Sent: Monday, February 21, 2011 9:44 AM

Subject: [grouper-users] jvm/tomcat security issue

Many grouper installations rely on tomcat, and many tomcat installations
rely on Oracle's JVM (formerly Sun's java). Many versions of the JVM
have a "complete DoS" vulnerability, meaning a remote attacker can keep
it down all the time.

Just thought you'd want to know, if you haven't heard already by some
other means. Best to patch or upgrade.


Archive powered by MHonArc 2.6.16.

Top of Page