Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2009-1190

Опубликовано: 22 апр. 2009
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540.

Отчет

This flaw affected JBoss Enterprise BRMS Platform 5.1.0 when run on Sun JDK 1.5.x. It was resolved in JBoss Enterprise BRMS Platform 5.2.0, both by updating spring and by dropping support for Sun JDK 1.5.x.

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=497161Spring Framework Remote Denial of Service vulnerability

EPSS

Процентиль: 79%
0.01381
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu
больше 16 лет назад

Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540.

nvd
больше 16 лет назад

Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540.

debian
больше 16 лет назад

Algorithmic complexity vulnerability in the java.util.regex.Pattern.co ...

github
больше 3 лет назад

Spring Framework Inefficient Regular Expression Complexity

EPSS

Процентиль: 79%
0.01381
Низкий

4.3 Medium

CVSS2