Vulnerabilities > CVE-2009-1190 - Resource Management Errors vulnerability in SUN JDK

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

sun

springsource

CWE-399

NVD

Published: 2009-04-27

Updated: 2018-10-30

Summary

Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540.

Vulnerable Configurations

Part	Description	Count
Application	Sun SUN JDK 1.1.0 SUN JDK 1.1.6 SUN JDK 1.1.7B SUN JDK 1.1.8 SUN JDK 1.2.0 SUN JDK 1.2.1 SUN JDK 1.2.2 SUN JDK 1.3.0 SUN JDK 1.3.0_01 SUN JDK 1.3.0_02 SUN JDK 1.3.0_03 SUN JDK 1.3.0_04 SUN JDK 1.3.0_05 SUN JDK 1.3.1 SUN JDK 1.3.1_01 SUN JDK 1.3.1_01A SUN JDK 1.3.1_02 SUN JDK 1.3.1_03 SUN JDK 1.3.1_04 SUN JDK 1.3.1_05 SUN JDK 1.3.1_06 SUN JDK 1.3.1_07 SUN JDK 1.3.1_08 SUN JDK 1.3.1_09 SUN JDK 1.3.1_10 SUN JDK 1.3.1_11 SUN JDK 1.3.1_12 SUN JDK 1.3.1_13 SUN JDK 1.3.1_14 SUN JDK 1.3.1_15 SUN JDK 1.3.1_16 SUN JDK 1.3.1_17 SUN JDK 1.3.1_18 SUN JDK 1.3.1_19 SUN JDK 1.3.1_20 SUN JDK 1.3.1_21 SUN JDK 1.3.1_22 SUN JDK 1.3.1_23 SUN JDK 1.3.1_24 SUN JDK 1.3.1_25 SUN JDK 1.3.1_26 SUN JDK 1.3.1_27 SUN JDK 1.3.1_28 SUN JDK 1.4.0 SUN JDK 1.4.0_01 SUN JDK 1.4.0_02 SUN JDK 1.4.0_03 SUN JDK 1.4.0_04 SUN JDK 1.4.1 SUN JDK 1.4.1_01 SUN JDK 1.4.1_02 SUN JDK 1.4.1_03 SUN JDK 1.4.1_04 SUN JDK 1.4.1_05 SUN JDK 1.4.1_06 SUN JDK 1.4.1_07 SUN JDK 1.4.2 SUN JDK 1.4.2_1 SUN JDK 1.4.2_2 SUN JDK 1.4.2_3 SUN JDK 1.4.2_4 SUN JDK 1.4.2_5 SUN JDK 1.4.2_6 SUN JDK 1.4.2_7 SUN JDK 1.4.2_8 SUN JDK 1.4.2_9 SUN JDK 1.4.2_10 SUN JDK 1.4.2_11 SUN JDK 1.4.2_12 SUN JDK 1.4.2_13 SUN JDK 1.4.2_14 SUN JDK 1.4.2_15 SUN JDK 1.4.2_16 SUN JDK 1.4.2_17 SUN JDK 1.4.2_18 SUN JDK 1.4.2_19 SUN JDK 1.5.0 SUN JDK * SUN JDK 1.5.0_03	139
Application	Springsource Springsource DM Server 1.0.0 Springsource DM Server 1.0.1 Springsource DM Server 1.0.2 Springsource Spring Framework 1.1.0 Springsource Spring Framework 2.0 Springsource Spring Framework 2.0.1 Springsource Spring Framework 2.0.2 Springsource Spring Framework 2.0.3 Springsource Spring Framework 2.0.4 Springsource Spring Framework 2.0.5 Springsource Spring Framework 2.1 Springsource Spring Framework 2.5.0 Springsource Spring Framework 2.5.1 Springsource Spring Framework 2.5.2 Springsource Spring Framework 2.5.3 Springsource Spring Framework 2.5.4 Springsource Spring Framework 2.5.5 Springsource Spring Framework 2.5.6 Springsource Spring Framework 3.0.0	34

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References