Java Denial Of Service Attack

Just read a post in the Portland Java User Group mailing list about a Denial Of Service (DOS) attack that is pretty scary.  You don’t need a swarm of computers to bring down a server.  Just pass in a certain value and the system will enter an infinite loop and come to a grinding halt.  It appears update 24 has a fix.  If you haven’t run update 24 try executing the following code on your system and watch your CPU spike.

class InfiniteLoop {
public static void main(String[] args){
 double d=Double.parseDouble("2.2250738585072012e-308");
}

It always makes me wonder how someone found this bug.  Thank goodness for open source.  For more details see the Common Vulnerabilities and Exposures website.