Details
Description
Fetching the URL
http://localhost:8080/auctionMonitor/auctionMonitor.jspx
causes extremely hight CPU consumption, possibly until the maximum stack depth is reached.
This could be used as a denial of service attack. Other DOS attacks on ICEfaces are possible, but this one is particularly inexpensive for the attacker because a single HTTP request causes significant CPU load.
It looks like D2DViewHandler will delegate *.jspx pages to Sun RI handler which triggers a forward to the same page, thus going into an infinite loop.