Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2009-1190

Good to know:

icon

Date: April 27, 2009

Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540.

Language: Java

Severity Score

Related Resources (8)

https://nvd.nist.gov/vuln/detail/CVE-2009-1190
https://bugzilla.redhat.com/show_bug.cgi?id=497161
http://www.securityfocus.com/archive/1/502926/100/0/threaded
http://www.packetstormsecurity.org/hitb06/DAY_1_-_Marc_Schoenefeld_-_Pentesting_Java_J2EE.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50083
http://secunia.com/advisories/34892
http://www.springsource.com/securityadvisory
https://www.mend.io/vulnerability-database/CVE-2009-1190

Severity Score

Weakness Type (CWE)

Resource Management Errors

CWE-399

Inefficient Regular Expression Complexity

CWE-1333

Top Fix

icon

Upgrade Version

Upgrade to version 1.6

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us