Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2009-1190
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 5/10
- Exploit Score
- 10/10
- Access Vector
- Network
- Access Complexity
- Low
- Authentication Required
- None
- Impact Score
- 2.9/10
- Confidentiality Impact
- None
- Availability Impact
- Partial
- Integrity Impact
- None
Products Affected
| CPE | Affected | Vulnerable | Excluding | Edit |
|---|---|---|---|---|
| cpe:2.3:a:sun:jdk:*:update_22:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.1.0:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.1.6:update7:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.1.6:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.1.7b:update5:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.1.7b:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.1.8:update14:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.1.8:update8:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.1.8:update10:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.1.8:update13:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.1.8:update7:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.1.8:update2:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.2.0:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.2.1:update3:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.2.1:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.2.2:update4:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.2.2:update5:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.0:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.0_01:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.0_02:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.0_03:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.0_04:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.0_05:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1:update20:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1:update19:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_01:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_01a:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_02:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_03:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_04:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_05:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_06:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_07:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_08:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_09:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_10:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_11:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_12:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_13:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_14:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_15:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_16:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_17:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_18:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_19:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_20:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_21:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_22:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_23:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_24:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_25:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_26:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_27:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.3.1_28:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.0:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.0_01:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.0_02:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.0_03:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.0_04:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.1:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.1_01:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.1_02:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.1_03:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.1_04:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.1_05:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.1_06:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.1_07:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.2:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.2_1:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.2_2:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.2_3:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.2_4:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.2_5:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.2_6:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.2_7:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.2_8:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.2_9:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.2_10:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.2_11:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.2_12:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.2_13:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.2_14:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.2_15:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.2_16:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.2_17:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.2_18:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.4.2_19:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update_18:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update_9:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update_15:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update_19:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update_6:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update_17:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update_10:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update_5:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update_1:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update_13:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update_20:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update_2:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update_14:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update_8:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update_11:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update_16:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update_4:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update_21:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update_7:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update_12:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0:update_3:*:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0_03:*:solaris:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:sun:jdk:1.5.0_03:*:windows:*:*:*:*:* |
Yes
|
- | ||
| cpe:2.3:a:springsource:dm_server:1.0.0:*:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:dm_server:1.0.1:*:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:dm_server:1.0.2:*:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:1.1.0:*:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.0:rc4:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.0:m1:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.0:*:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.0:rc1:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.0:m3:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.0:m2:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.0:m4:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.0:rc2:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.0:m5:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.0:rc3:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.0.1:*:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.0.2:*:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.0.3:*:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.0.4:*:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.0.5:*:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.1:m4:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.1:m2:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.1:m3:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.1:m1:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.5.0:*:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.5.0:rc1:*:*:*:*:*: |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.5.0:rc2:*:*:*:*:*: |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.5.1:*:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.5.2:*:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.5.3:*:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.5.4:*:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.5.5:*:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:2.5.6:*:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:3.0.0:m1:*:*:*:*:*:* |
No
|
- | ||
| cpe:2.3:a:springsource:spring_framework:3.0.0:m2:*:*:*:*:*:* |
No
|
- |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=497161
- http://secunia.com/advisories/34892
- http://www.springsource.com/securityadvisory
- http://www.packetstormsecurity.org/hitb06/DAY_1_-_Marc_Schoenefeld_-_Pentesting_Java_J2E
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50083
- http://www.securityfocus.com/archive/1/502926/100/0/threaded