CVE-2009-1190

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-1190
Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://secunia.com/advisories/34892 Vendor Advisory
http://www.packetstormsecurity.org/hitb06/DAY_1_-_Marc_Schoenefeld_-_Pentesting_Java_J2EE.pdf Exploit
http://www.securityfocus.com/archive/1/502926/100/0/threaded
http://www.springsource.com/securityadvisory Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=497161 Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/50083
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:sun:jdk:*:update_22:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.1.6:update7:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.1.7b:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.1.7b:update5:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.1.8:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.1.8:update13:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.1.8:update14:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.1.8:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.1.8:update7:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.1.8:update8:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.2.1:update3:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.2.2:update4:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.2.2:update5:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.0_01:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.0_02:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.0_03:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.0_04:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.0_05:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1:update19:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1:update20:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_01:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_01a:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_02:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_03:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_04:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_05:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_06:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_07:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_08:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_09:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_10:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_11:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_12:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_13:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_14:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_15:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_16:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_17:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_18:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_19:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_20:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_21:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_22:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_23:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_24:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_25:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_26:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_27:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_28:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.0_01:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.0_02:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.0_03:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.0_04:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.1_01:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.1_02:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.1_03:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.1_04:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.1_05:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.1_06:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.1_07:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_1:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_2:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_3:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_4:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_5:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_6:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_7:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_8:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_9:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_10:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_11:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_12:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_13:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_14:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_15:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_16:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_17:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_18:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_19:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update_18:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update_19:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update_20:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update_21:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update_8:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update_9:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0_03:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0_03:*:windows:*:*:*:*:*
OR cpe:2.3:a:springsource:dm_server:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:springsource:dm_server:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:springsource:dm_server:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.0:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.0:m1:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.0:m2:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.0:m3:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.0:m4:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.0:m5:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.0:rc4:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.1:m1:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.1:m2:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.1:m3:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.1:m4:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.5.5:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.5.6:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:3.0.0:m1:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:3.0.0:m2:*:*:*:*:*:*
History

No history.

Information

Published : 2009-04-27 22:30

Updated : 2018-10-30 16:26

NVD link : CVE-2009-1190

Mitre link : CVE-2009-1190

CVE.ORG link : CVE-2009-1190

JSON object : View

Products Affected

springsource

  • dm_server
  • spring_framework

sun

  • jdk
CWE
CWE-399

Resource Management Errors