db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DERBY-6619) After silently swallowing SecurityExceptions, Derby can leak class loaders
Date Tue, 17 Jun 2014 14:14:01 GMT
Rick Hillegas created DERBY-6619:
------------------------------------

             Summary: After silently swallowing SecurityExceptions, Derby can leak class loaders
                 Key: DERBY-6619
                 URL: https://issues.apache.org/jira/browse/DERBY-6619
             Project: Derby
          Issue Type: Bug
          Components: Services
            Reporter: Rick Hillegas


As part of the fix for DERBY-3745, Derby silently swallows security exceptions and leaks class
loaders. This can give rise to denial-of-service attacks. At a minimum, Derby should report
the swallowed exceptions so that the security policy can be corrected and the application
can be hardened against this attack. The swallowing occurs at these locations:

{noformat}
org.apache.derby.impl.services.timer.SingletonTimerFactory run Catch java.lang.SecurityException
0 line 175
org.apache.derby.impl.services.timer.SingletonTimerFactory run Catch java.lang.SecurityException
1 line 158
{noformat}




--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message