Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-6619

After silently swallowing SecurityExceptions, Derby can leak class loaders

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 10.11.1.3, 10.12.1.1
    • Component/s: Services
    • Labels:
      None
    • Urgency:
      Normal
    • Bug behavior facts:
      Security

      Description

      As part of the fix for DERBY-3745, Derby silently swallows security exceptions and leaks class loaders. This can give rise to denial-of-service attacks. At a minimum, Derby should report the swallowed exceptions so that the security policy can be corrected and the application can be hardened against this attack. The swallowing occurs at these locations:

      org.apache.derby.impl.services.timer.SingletonTimerFactory run Catch java.lang.SecurityException 0 line 175
      org.apache.derby.impl.services.timer.SingletonTimerFactory run Catch java.lang.SecurityException 1 line 158
      

        Attachments

        1. derby-6619.status
          1 kB
          Dag H. Wanvik
        2. derby-6619.diff
          8 kB
          Dag H. Wanvik
        3. derby.log
          15 kB
          Dag H. Wanvik
        4. derby-6619b.diff
          15 kB
          Dag H. Wanvik
        5. derby-6619c.diff
          19 kB
          Dag H. Wanvik
        6. system-loader.diff
          2 kB
          Knut Anders Hatlen
        7. derby-6619-2.diff
          43 kB
          Dag H. Wanvik
        8. derby-6619-2b.diff
          43 kB
          Dag H. Wanvik
        9. derby-6619-2-refinement.diff
          2 kB
          Dag H. Wanvik
        10. comments.diff
          3 kB
          Knut Anders Hatlen

          Issue Links

            Activity

              People

              • Assignee:
                dagw Dag H. Wanvik
                Reporter:
                rhillegas Richard N. Hillegas
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: