{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-04-24T00:00:00", "descriptions": [{"lang": "en", "value": "Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "20090424 CVE-2009-1190: Spring Framework Remote Denial of Service Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/502926/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.packetstormsecurity.org/hitb06/DAY_1_-_Marc_Schoenefeld_-_Pentesting_Java_J2EE.pdf"}, {"name": "springframework-data-dos(50083)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50083"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=497161"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.springsource.com/securityadvisory"}, {"name": "34892", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34892"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:04:49.369Z"}, "title": "CVE Program Container", "references": [{"name": "20090424 CVE-2009-1190: Spring Framework Remote Denial of Service Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/502926/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.packetstormsecurity.org/hitb06/DAY_1_-_Marc_Schoenefeld_-_Pentesting_Java_J2EE.pdf"}, {"name": "springframework-data-dos(50083)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50083"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=497161"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.springsource.com/securityadvisory"}, {"name": "34892", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34892"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-1190", "datePublished": "2009-04-27T22:00:00", "dateReserved": "2009-03-31T00:00:00", "dateUpdated": "2024-08-07T05:04:49.369Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sun:jdk:*:update_22:*:*:*:*:*:*", "matchCriteriaId": "B2BAB703-E024-42CE-B6DF-605A54BF4749", "versionEndIncluding": "1.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C4C1D605-1FE9-4F1A-A374-CC342CD7310C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "AEBE2903-9C4E-4BBD-AC12-2408BAF42ED8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.1.6:update7:*:*:*:*:*:*", "matchCriteriaId": "8722DCD3-C7CB-4D79-808E-FBC1E27A0ED7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.1.7b:*:*:*:*:*:*:*", "matchCriteriaId": "4E48A0E7-9956-4187-952D-4D4DD2F28099", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.1.7b:update5:*:*:*:*:*:*", "matchCriteriaId": "8A64F606-A1A8-4ABE-9249-0F3D3D02A182", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.1.8:update10:*:*:*:*:*:*", "matchCriteriaId": "F16BAE28-B7F1-496F-98AC-43DCA387FA45", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.1.8:update13:*:*:*:*:*:*", "matchCriteriaId": "2F99B49A-5A04-4EC8-ABD7-1BEAF620C0DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.1.8:update14:*:*:*:*:*:*", "matchCriteriaId": "E58C529E-0D46-46A2-A6F3-894ECB215A65", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.1.8:update2:*:*:*:*:*:*", "matchCriteriaId": "C5D8520B-8B24-444F-A47B-ED0733859954", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.1.8:update7:*:*:*:*:*:*", "matchCriteriaId": "D6A18370-9054-48F5-8766-D4A15F3A67C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.1.8:update8:*:*:*:*:*:*", "matchCriteriaId": "4053D51D-57A9-495F-9B8D-0076661283EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "FF39BD92-7733-4408-A907-D292D973D9CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "07425A23-5BF3-441E-B47A-395BE402B2C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.2.1:update3:*:*:*:*:*:*", "matchCriteriaId": "38A647E6-2BC2-4E71-96FB-7CA457484CB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.2.2:update4:*:*:*:*:*:*", "matchCriteriaId": "5B791B1F-D6AA-451D-A415-C2C9BE44865A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.2.2:update5:*:*:*:*:*:*", "matchCriteriaId": "A4D34197-1500-47C7-848D-676F7592BCD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "1AA4DE59-4CF5-49F4-8625-0F3DA2DB7020", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.0_01:*:*:*:*:*:*:*", "matchCriteriaId": "4BC733B9-1694-44E3-BF58-34BABBA4E08B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.0_02:*:*:*:*:*:*:*", "matchCriteriaId": "991AEC76-0494-4085-9427-52D8BDD75753", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.0_03:*:*:*:*:*:*:*", "matchCriteriaId": "12763342-3D3A-4744-941D-4DFD33F79515", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.0_04:*:*:*:*:*:*:*", "matchCriteriaId": "D3E28D80-D908-4F17-BF3D-62C970A4D54B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.0_05:*:*:*:*:*:*:*", "matchCriteriaId": "F0D8BC0C-13B8-472D-A077-F2039A637326", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "15AAA894-90A8-4B08-A392-5CB36ABE6F54", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1:update19:*:*:*:*:*:*", "matchCriteriaId": "910AF14C-1993-4740-AE6D-77B55B52AC48", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1:update20:*:*:*:*:*:*", "matchCriteriaId": "8C924560-0EF5-4BC0-8614-2DD5616E076A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_01:*:*:*:*:*:*:*", "matchCriteriaId": "C09F9315-CE9E-4F20-9E8A-597896057A1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_01a:*:*:*:*:*:*:*", "matchCriteriaId": "88DB55B2-7D7F-4EB8-8E29-7D15F735A286", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_02:*:*:*:*:*:*:*", "matchCriteriaId": "38CDFAD5-389F-4F08-AF24-5D8782E86225", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_03:*:*:*:*:*:*:*", "matchCriteriaId": "EE962961-9E1D-4164-A11A-0CA6DC4FFBAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_04:*:*:*:*:*:*:*", "matchCriteriaId": "6E8244F8-C212-420B-BB12-F58B84B64335", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_05:*:*:*:*:*:*:*", "matchCriteriaId": "1E7BB67D-0D40-4C92-8005-C1F876629304", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_06:*:*:*:*:*:*:*", "matchCriteriaId": "926B3423-5AB8-4A7C-A83E-5C363A783AF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_07:*:*:*:*:*:*:*", "matchCriteriaId": "8F623253-2FF5-4398-AF23-A56F06008301", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_08:*:*:*:*:*:*:*", "matchCriteriaId": "A4EE7212-2AF1-4D10-826B-3B6EDDDA6DDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_09:*:*:*:*:*:*:*", "matchCriteriaId": "9B5A02FE-614B-4B8C-AB9A-57F5C32B36A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_10:*:*:*:*:*:*:*", "matchCriteriaId": "4E781B3C-EA57-4CA6-9F03-117C52552AEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_11:*:*:*:*:*:*:*", "matchCriteriaId": "1227F19E-5A69-422F-A2E1-5280B1836C94", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_12:*:*:*:*:*:*:*", "matchCriteriaId": "18FE8DE3-A93A-4884-9131-84715C776545", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_13:*:*:*:*:*:*:*", "matchCriteriaId": "BA3D41B2-05C4-4EB5-9124-FFC887A010F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_14:*:*:*:*:*:*:*", "matchCriteriaId": "95E09BF6-A2E4-49F3-9E8C-3C7EB5FE782B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_15:*:*:*:*:*:*:*", "matchCriteriaId": "BB23A52B-0F6E-4570-9B72-0D07CF26D536", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_16:*:*:*:*:*:*:*", "matchCriteriaId": "B0E1566F-1257-428F-8DA9-29DB0DF5D647", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_17:*:*:*:*:*:*:*", "matchCriteriaId": "A84080AF-E076-40FD-BDEB-727AAE986AA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_18:*:*:*:*:*:*:*", "matchCriteriaId": "6FD02135-C3C2-4FCC-A85C-353CD321B97A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_19:*:*:*:*:*:*:*", "matchCriteriaId": "10ACCA84-F469-401B-A68F-0281E5C2D46E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_20:*:*:*:*:*:*:*", "matchCriteriaId": "03B1DA4B-CE36-4828-B10F-8A854CCB368E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_21:*:*:*:*:*:*:*", "matchCriteriaId": "55B201EA-49A8-407A-9893-B3988C936D13", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_22:*:*:*:*:*:*:*", "matchCriteriaId": "DD65ECF9-5495-4F69-B566-C1657473F08B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_23:*:*:*:*:*:*:*", "matchCriteriaId": "671EF738-7846-40A0-B070-649F637782F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_24:*:*:*:*:*:*:*", "matchCriteriaId": "7714D90D-1BF0-4388-B086-17C6D1BC9D66", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_25:*:*:*:*:*:*:*", "matchCriteriaId": "D54C9BE0-9009-41F6-B07F-855358EE5141", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_26:*:*:*:*:*:*:*", "matchCriteriaId": "9C144EF3-5228-4338-921E-547902CC6F1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_27:*:*:*:*:*:*:*", "matchCriteriaId": "4F9F5541-983B-42E3-AA7A-988028303B0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.3.1_28:*:*:*:*:*:*:*", "matchCriteriaId": "0B63DC45-DDDB-4D93-81BC-16893FFF558C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "20C9C594-3DBC-4706-BA88-A662CD28C830", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.0_01:*:*:*:*:*:*:*", "matchCriteriaId": "01E34550-4CA8-4AF1-81CA-BBD5AC53BFB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.0_02:*:*:*:*:*:*:*", "matchCriteriaId": "A5AE3D20-565C-4438-A6B6-8FD87511BD8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.0_03:*:*:*:*:*:*:*", "matchCriteriaId": "73966143-616D-4CB7-80A9-3CB3F1F455D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.0_04:*:*:*:*:*:*:*", "matchCriteriaId": "BF742B38-8C5E-4F17-8C75-23A8C61BDB42", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "811DEBE9-356B-4D60-8BE8-AE55CE484D10", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.1_01:*:*:*:*:*:*:*", "matchCriteriaId": "02F2D988-DFAE-420E-B7BB-440746F4AB76", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.1_02:*:*:*:*:*:*:*", "matchCriteriaId": "5CEF4A09-4520-422F-8766-AD0D00832BFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.1_03:*:*:*:*:*:*:*", "matchCriteriaId": "6E06A6F0-9F90-4BCD-A736-0A521E565C97", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.1_04:*:*:*:*:*:*:*", "matchCriteriaId": "C1032FEB-9948-4501-AB70-94DFBEFD204D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.1_05:*:*:*:*:*:*:*", "matchCriteriaId": "5BA27821-FAB3-40E2-8D94-F3B5DFB0714B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.1_06:*:*:*:*:*:*:*", "matchCriteriaId": "0F27CFAE-F807-4643-BAC3-1A6486DE3D33", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.1_07:*:*:*:*:*:*:*", "matchCriteriaId": "4EBF7DA4-B357-4507-8BBE-7AE21CB6CE96", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "F9E5ACCC-F82F-42F8-860A-92765D0F0B28", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.2_1:*:*:*:*:*:*:*", "matchCriteriaId": "FA9CA652-9B8C-4175-9ED8-71F441ADF962", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.2_2:*:*:*:*:*:*:*", "matchCriteriaId": "93B973CB-25CE-4CA4-A4F8-577ED9ACEFEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.2_3:*:*:*:*:*:*:*", "matchCriteriaId": "00F66ED4-F74A-4F61-B01C-122DC98D5324", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.2_4:*:*:*:*:*:*:*", "matchCriteriaId": "7321A75D-AC6E-486E-8911-AF66A992C8A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.2_5:*:*:*:*:*:*:*", "matchCriteriaId": "D70B8B14-B4A2-4D05-B999-E2840A2365E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.2_6:*:*:*:*:*:*:*", "matchCriteriaId": "C3EDC5EB-2E48-462E-BA0B-217BC470DFC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.2_7:*:*:*:*:*:*:*", "matchCriteriaId": "FA1D44C4-E43A-4D63-A5C9-76E885D3B436", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.2_8:*:*:*:*:*:*:*", "matchCriteriaId": "52E30E1D-2766-4E79-B9C7-7B998E23A49F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.2_9:*:*:*:*:*:*:*", "matchCriteriaId": "1E9872BC-5A24-4855-8D01-4C43BBF5C265", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.2_10:*:*:*:*:*:*:*", "matchCriteriaId": "E94D13A6-E832-4BDF-8AF2-A4E0EF7DCBA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.2_11:*:*:*:*:*:*:*", "matchCriteriaId": "9E5EFE8C-B098-460C-AFE5-C5A938599F7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.2_12:*:*:*:*:*:*:*", "matchCriteriaId": "040AD56D-A0B7-4AF7-AF3D-4B4BD802516D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.2_13:*:*:*:*:*:*:*", "matchCriteriaId": "3F0F7DF1-E117-4FD4-9A63-D05747727D01", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.2_14:*:*:*:*:*:*:*", "matchCriteriaId": "D63DF43C-4781-4E0F-89C4-0BFC841A0488", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.2_15:*:*:*:*:*:*:*", "matchCriteriaId": "6D29842F-2185-46C5-8091-23ECB06CB680", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.2_16:*:*:*:*:*:*:*", "matchCriteriaId": "1FF285D8-6E75-4932-A28B-639DA07F1124", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.2_17:*:*:*:*:*:*:*", "matchCriteriaId": "817C3737-F625-4EE9-BB5C-D4B624EF0DAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.2_18:*:*:*:*:*:*:*", "matchCriteriaId": "3A152C0A-65CE-438D-8B53-32D1EFC019F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.4.2_19:*:*:*:*:*:*:*", "matchCriteriaId": "BA8DEFA1-AAA4-4AA2-859F-257B9B4D2B05", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "A02CF738-1B4F-44D0-A618-3D3E4EF1C9B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_1:*:*:*:*:*:*", "matchCriteriaId": "8198F493-0447-4A87-9F16-5B6CB3572E38", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_10:*:*:*:*:*:*", "matchCriteriaId": "645BBE6D-BA5E-4D93-9152-759A2355013E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_11:*:*:*:*:*:*", "matchCriteriaId": "0EE694C9-940A-4899-844C-AC63412FA295", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_12:*:*:*:*:*:*", "matchCriteriaId": "BC9476DD-9B56-4811-A248-711C25181F29", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_13:*:*:*:*:*:*", "matchCriteriaId": "68D34082-2948-4D95-B43F-FBD59E2F3D28", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_14:*:*:*:*:*:*", "matchCriteriaId": "F2E01C07-4921-47CC-9AFC-D3B461D0B78D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_15:*:*:*:*:*:*", "matchCriteriaId": "7532E7D4-2F62-4DA0-B905-F95A0A735CE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_16:*:*:*:*:*:*", "matchCriteriaId": "0AF93193-889E-4F44-ADEB-E89E56DE6C7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_17:*:*:*:*:*:*", "matchCriteriaId": "68C19440-4172-4539-8E38-09DBCB1752E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_18:*:*:*:*:*:*", "matchCriteriaId": "3CC000EC-9717-47DA-B182-6C8CD3970F27", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_19:*:*:*:*:*:*", "matchCriteriaId": "115083C5-811F-47BA-8549-3BDFF9CA0740", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_2:*:*:*:*:*:*", "matchCriteriaId": "51337B8C-78F2-4207-998E-A3FC591F538B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_20:*:*:*:*:*:*", "matchCriteriaId": "48193108-CD9F-476E-A7D2-E0796F659BA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_21:*:*:*:*:*:*", "matchCriteriaId": "A0A80299-783A-4FBA-9EBF-5913942949A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_3:*:*:*:*:*:*", "matchCriteriaId": "76A4F852-0240-44D6-9BD5-FE79DEF16438", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_4:*:*:*:*:*:*", "matchCriteriaId": "F57E5943-5CC3-4736-85E8-FE7CC4F38735", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_5:*:*:*:*:*:*", "matchCriteriaId": "3C228E00-0F5C-41D2-8BD0-46AF682AE842", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_6:*:*:*:*:*:*", "matchCriteriaId": "0329E813-B2C8-4C84-BCAF-2D54C4AE0472", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_7:*:*:*:*:*:*", "matchCriteriaId": "7E3C40E1-7005-4F83-B347-177BEC9EE339", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_8:*:*:*:*:*:*", "matchCriteriaId": "6855E3F5-6F8E-44FA-A913-0D0F6A803DFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_9:*:*:*:*:*:*", "matchCriteriaId": "C79BDB6E-442B-41F1-A025-C17648A81FD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "matchCriteriaId": "EE8E883F-E13D-4FB0-8C6F-B7628600E8D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "matchCriteriaId": "2AADA633-EB11-49A0-8E40-66589034F03E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "matchCriteriaId": "19DC29C5-1B9F-46DF-ACF6-3FF93E45777D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:*", "matchCriteriaId": "646DDCA6-AAC4-4FA8-B9B5-51F88D4C001D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "matchCriteriaId": "B120F7D9-7C1E-4716-B2FA-2990D449F754", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "matchCriteriaId": "CD61E49F-2A46-4107-BB3F-527079983306", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "matchCriteriaId": "D900AAE0-6032-4096-AFC2-3D43C55C6C83", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "matchCriteriaId": "88B0958C-744C-4946-908C-09D2A5FAB120", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "matchCriteriaId": "C3E7F3CA-FFB3-42B3-A64F-0E38FAF252FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "matchCriteriaId": "9A2D8D09-3F18-4E73-81CF-BB589BB8AEC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "matchCriteriaId": "3FD24779-988F-4EC1-AC19-77186B68229E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "matchCriteriaId": "4F1E860E-98F2-48FF-B8B3-54D4B58BF81F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "matchCriteriaId": "28BE548B-DD0C-4C58-98CA-5B803F04F9EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*", "matchCriteriaId": "505A8F40-7758-412F-8895-FA1B00BE6B7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "matchCriteriaId": "212F4A5F-87E3-4C62-BA21-46CBBCD8D26A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*", "matchCriteriaId": "5C4DFCD2-00A3-4BC7-8842-836CE22C7B39", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*", "matchCriteriaId": "EB3A0C49-3FF9-4CB7-9E01-F771D4925103", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*", "matchCriteriaId": "F7D1BBD4-2F88-4372-B863-BB70753D841B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*", "matchCriteriaId": "9A75A4C0-6B49-424B-BEC0-0E0AAEF877B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "matchCriteriaId": "5F8E9AA0-8907-4B1A-86A1-08568195217D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "matchCriteriaId": "A337AD31-4566-4A4E-AFF3-7EAECD5C90F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "matchCriteriaId": "0754AFDC-2F1C-4C06-AB46-457B5E610029", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "matchCriteriaId": "532CF9DD-0EBB-4B3B-BB9C-A8D78947A790", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "matchCriteriaId": "DC0ABF7A-107B-4B97-9BD7-7B0CEDAAF359", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*", "matchCriteriaId": "59ED507D-AEF8-4631-A298-8BDA6D6E8CB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "matchCriteriaId": "A5DA4242-30D9-44C8-9D0D-877348FFA22B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "matchCriteriaId": "C61C6043-99D0-4F36-AF84-1A5F90B895EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0_03:*:solaris:*:*:*:*:*", "matchCriteriaId": "0DF9EC3A-E40C-415B-8BF3-40D3C474AF70", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0_03:*:windows:*:*:*:*:*", "matchCriteriaId": "937EEE89-443C-4435-9064-EE228B3CEBD9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:springsource:dm_server:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D95E4679-D525-4E6A-921F-9CE1C7E1EE09", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:dm_server:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2A8C3A93-F837-4595-8A4D-F53CA97AC7E4", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:dm_server:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "27410ECF-4E3D-40B2-86A6-6A4BAA9E9C82", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "12B16A98-BB2E-4F5B-AE14-F84B6A879097", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1274AB42-FE68-4EF5-B11F-6343685A7747", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.0:m1:*:*:*:*:*:*", "matchCriteriaId": "E88635C7-2305-41F6-9BD9-8E945F524C12", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.0:m2:*:*:*:*:*:*", "matchCriteriaId": "2DD492C8-A0EF-44E8-AC9F-56F8F64C99A4", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.0:m3:*:*:*:*:*:*", "matchCriteriaId": "C419AC44-21A5-456C-B537-B8BAF475BCF3", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.0:m4:*:*:*:*:*:*", "matchCriteriaId": "EFAAE3B9-C62E-47F6-A23D-1024E5870B7E", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.0:m5:*:*:*:*:*:*", "matchCriteriaId": "DA630C68-21E8-4F2A-8044-5DAF3CA3CC37", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "012985DE-5D39-470C-8E51-5AFCED594FB9", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "94639F24-EEF4-4AA3-83F4-6C86A3286E5B", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "6649C191-78C3-403F-BEAF-741AF9FF2893", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "6A4E6F8A-44B0-4982-9D52-96E8C85D9CFF", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "56CC4457-E99A-4AAF-B9FA-E4852E4E1967", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C0474C87-8CC6-4E71-B350-3A4AA7CF452D", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "5049E640-145C-4338-B25C-7AA82A67FA0C", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "CCDB933A-AED3-4A0B-9911-CBBF0B9E91B6", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "58F22748-6F62-495A-96F5-694E5E1EBCB8", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.1:m1:*:*:*:*:*:*", "matchCriteriaId": "030CC42C-8582-4B71-B93E-9D7AE5D2EBF9", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.1:m2:*:*:*:*:*:*", "matchCriteriaId": "629C79A0-0233-4750-9A43-F98C97BBA47D", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.1:m3:*:*:*:*:*:*", "matchCriteriaId": "AB6958CD-61D4-41ED-A16A-2B74E17AD501", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.1:m4:*:*:*:*:*:*", "matchCriteriaId": "AC4E5B16-5012-44CD-9719-ADDAACF4FBAE", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "5ECA0EF4-6BEA-4464-B098-37C0342AEDDF", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.5.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F45DF1E8-2BB9-45A6-96C4-406C81827E68", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.5.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "FFE1B570-A480-46AD-A8AE-E984824CF6BE", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B4DDA5A7-62A4-471A-9B01-D54CF560BF56", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "B977B334-EC1A-45BD-976D-3DF3332ADA90", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "6DC37B55-E7DF-4426-B1E2-2644078EDD19", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "A939B963-7C6C-4617-A695-A9CC4FC774EE", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "BB2D44CB-BBBF-45DE-B3C9-2BD2625BC8E7", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:2.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "F709DAAC-AA32-4D37-9E0C-A014FB519697", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:3.0.0:m1:*:*:*:*:*:*", "matchCriteriaId": "13E1344C-CB41-48FC-BB98-7FEBEBF190E9", "vulnerable": false}, {"criteria": "cpe:2.3:a:springsource:spring_framework:3.0.0:m2:*:*:*:*:*:*", "matchCriteriaId": "AD66E687-C387-486D-AC34-279961311A8F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540."}, {"lang": "es", "value": "Una vulnerabilidad de complejidad algor\u00edtmica  en el m\u00e9todo java.util.regex.Pattern.compile en Sun Java Development Kit (JDK) antes de la versi\u00f3n 1.6, cuando se utiliza con spring.jar en la plataforma SpringSource Spring Framework v1.1.0 a la v2.5.6 y v3.0.0.M1 a y v3.0.0.M2 y dm Server v1.0.0 a v1.0.2, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (mediante un excesivo consumo de CPU) a trav\u00e9s de datos serializables con una cadena regex demasiado larga que almacene multiples grupos opcionales. Vulnerabilidad relacionada con la CVE-2004-2540."}], "id": "CVE-2009-1190", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-04-27T22:30:00.267", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/34892"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://www.packetstormsecurity.org/hitb06/DAY_1_-_Marc_Schoenefeld_-_Pentesting_Java_J2EE.pdf"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/502926/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.springsource.com/securityadvisory"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=497161"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50083"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/34892"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.packetstormsecurity.org/hitb06/DAY_1_-_Marc_Schoenefeld_-_Pentesting_Java_J2EE.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/502926/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.springsource.com/securityadvisory"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=497161"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50083"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "Spring Framework Remote Denial of Service vulnerability", "id": "497161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=497161"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "draft"}, "details": ["Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540."], "name": "CVE-2009-1190", "public_date": "2009-04-22T00:00:00Z", "references": [""], "statement": "This flaw affected JBoss Enterprise BRMS Platform 5.1.0 when run on Sun JDK 1.5.x. It was resolved in JBoss Enterprise BRMS Platform 5.2.0, both by updating spring and by dropping support for Sun JDK 1.5.x.", "threat_severity": "Moderate"}