You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Rick Hillegas (JIRA)" <ji...@apache.org> on 2014/06/17 16:14:01 UTC

[jira] [Created] (DERBY-6619) After silently swallowing SecurityExceptions, Derby can leak class loaders

Rick Hillegas created DERBY-6619:
------------------------------------

             Summary: After silently swallowing SecurityExceptions, Derby can leak class loaders
                 Key: DERBY-6619
                 URL: https://issues.apache.org/jira/browse/DERBY-6619
             Project: Derby
          Issue Type: Bug
          Components: Services
            Reporter: Rick Hillegas


As part of the fix for DERBY-3745, Derby silently swallows security exceptions and leaks class loaders. This can give rise to denial-of-service attacks. At a minimum, Derby should report the swallowed exceptions so that the security policy can be corrected and the application can be hardened against this attack. The swallowing occurs at these locations:

{noformat}
org.apache.derby.impl.services.timer.SingletonTimerFactory run Catch java.lang.SecurityException 0 line 175
org.apache.derby.impl.services.timer.SingletonTimerFactory run Catch java.lang.SecurityException 1 line 158
{noformat}




--
This message was sent by Atlassian JIRA
(v6.2#6252)