Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1190

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-1190
Last Modified 20 Jan 2011 12:00:00
Published 27 Apr 2009 06:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1190

Summary

Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540.

Vulnerable Systems

Application

  • Sun Jdk 1.1.0

  • Sun Jdk 1.1.6

  • Sun Jdk 1.1.7b

  • Sun Jdk 1.1.8

  • Sun Jdk 1.2.0

  • Sun Jdk 1.2.1

  • Sun Jdk 1.2.2

  • Sun Jdk 1.3.0

  • Sun Jdk 1.3.0 01

  • Sun Jdk 1.3.0 02

  • Sun Jdk 1.3.0 03

  • Sun Jdk 1.3.0 04

  • Sun Jdk 1.3.0 05

  • Sun Jdk 1.3.1

  • Sun Jdk 1.3.1 01

  • Sun Jdk 1.3.1 01a

  • Sun Jdk 1.3.1 02

  • Sun Jdk 1.3.1 03

  • Sun Jdk 1.3.1 04

  • Sun Jdk 1.3.1 05

  • Sun Jdk 1.3.1 06

  • Sun Jdk 1.3.1 07

  • Sun Jdk 1.3.1 08

  • Sun Jdk 1.3.1 09

  • Sun Jdk 1.3.1 10

  • Sun Jdk 1.3.1 11

  • Sun Jdk 1.3.1 12

  • Sun Jdk 1.3.1 13

  • Sun Jdk 1.3.1 14

  • Sun Jdk 1.3.1 15

  • Sun Jdk 1.3.1 16

  • Sun Jdk 1.3.1 17

  • Sun Jdk 1.3.1 18

  • Sun Jdk 1.3.1 19

  • Sun Jdk 1.3.1 20

  • Sun Jdk 1.3.1 21

  • Sun Jdk 1.3.1 22

  • Sun Jdk 1.3.1 23

  • Sun Jdk 1.3.1 24

  • Sun Jdk 1.3.1 25

  • Sun Jdk 1.3.1 26

  • Sun Jdk 1.3.1 27

  • Sun Jdk 1.3.1 28

  • Sun Jdk 1.4.0

  • Sun Jdk 1.4.0 01

  • Sun Jdk 1.4.0 02

  • Sun Jdk 1.4.0 03

  • Sun Jdk 1.4.0 04

  • Sun Jdk 1.4.1

  • Sun Jdk 1.4.1 01

  • Sun Jdk 1.4.1 02

  • Sun Jdk 1.4.1 03

  • Sun Jdk 1.4.1 04

  • Sun Jdk 1.4.1 05

  • Sun Jdk 1.4.1 06

  • Sun Jdk 1.4.1 07

  • Sun Jdk 1.4.2

  • Sun Jdk 1.4.2 1

  • Sun Jdk 1.4.2 10

  • Sun Jdk 1.4.2 11

  • Sun Jdk 1.4.2 12

  • Sun Jdk 1.4.2 13

  • Sun Jdk 1.4.2 14

  • Sun Jdk 1.4.2 15

  • Sun Jdk 1.4.2 16

  • Sun Jdk 1.4.2 17

  • Sun Jdk 1.4.2 18

  • Sun Jdk 1.4.2 19

  • Sun Jdk 1.4.2 2

  • Sun Jdk 1.4.2 3

  • Sun Jdk 1.4.2 4

  • Sun Jdk 1.4.2 5

  • Sun Jdk 1.4.2 6

  • Sun Jdk 1.4.2 7

  • Sun Jdk 1.4.2 8

  • Sun Jdk 1.4.2 9

  • Sun Jdk 1.5.0

  • Sun Jdk 1.5.0 03


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=497161

XF - springframework-data-dos(50083)

CONFIRM - http://www.springsource.com/securityadvisory

BUGTRAQ - 20090424 CVE-2009-1190: Spring Framework Remote Denial of Service Vulnerability

MISC - http://www.packetstormsecurity.org/hitb06/DAY_1_-_Marc_Schoenefeld_-_Pentesting_Java_J2EE.pdf

SECUNIA - 34892


Last Updated: 27 May 2016 10:50:29