grouper-users - RE: [grouper-users] jvm/tomcat security issue
Subject: Grouper Users - Open Discussion List
List archive
- From: Chris Hyzer <>
- To: Tom Barton <>, "" <>
- Subject: RE: [grouper-users] jvm/tomcat security issue
- Date: Thu, 24 Feb 2011 14:44:29 -0500
- Accept-language: en-US
- Acceptlanguage: en-US
Just curious, has anyone been able to reproduce this against a Java webapp?
I can reproduce in a command line java program. In a webapp, I am trying
with Firefox and the tamper data plugin, and I cant get anything to lock up.
Im sure if I changed the server side code I could get it to work, but if
anyone can make Grouper (UI or WS) freeze up, I would be interested. Feel
free to contact me off list if people don't want to discuss this publicly.
Thanks,
Chris
-----Original Message-----
From:
[mailto:]
On Behalf Of Tom Barton
Sent: Monday, February 21, 2011 9:44 AM
To:
Subject: [grouper-users] jvm/tomcat security issue
Many grouper installations rely on tomcat, and many tomcat installations
rely on Oracle's JVM (formerly Sun's java). Many versions of the JVM
have a "complete DoS" vulnerability, meaning a remote attacker can keep
it down all the time.
http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
Just thought you'd want to know, if you haven't heard already by some
other means. Best to patch or upgrade.
Tom
- [grouper-users] jvm/tomcat security issue, Tom Barton, 02/21/2011
- RE: [grouper-users] jvm/tomcat security issue, Chris Hyzer, 02/24/2011
- Re: [grouper-users] jvm/tomcat security issue, Andrew Petro, 02/24/2011
- RE: [grouper-users] jvm/tomcat security issue, Chris Hyzer, 02/24/2011
- Re: [grouper-users] jvm/tomcat security issue, Andrew Petro, 02/24/2011
- RE: [grouper-users] jvm/tomcat security issue, Chris Hyzer, 02/24/2011
Archive powered by MHonArc 2.6.16.