CVE-2009-1190
First published: Wed Apr 22 2009(Updated: )
Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sun JDK | <=1.5.0 | |
| Sun JDK | =1.1.0 | |
| Sun JDK | =1.1.6 | |
| Sun JDK | =1.1.6-update7 | |
| Sun JDK | =1.1.7b | |
| Sun JDK | =1.1.7b-update5 | |
| Sun JDK | =1.1.8-update10 | |
| Sun JDK | =1.1.8-update13 | |
| Sun JDK | =1.1.8-update14 | |
| Sun JDK | =1.1.8-update2 | |
| Sun JDK | =1.1.8-update7 | |
| Sun JDK | =1.1.8-update8 | |
| Sun JDK | =1.2.0 | |
| Sun JDK | =1.2.1 | |
| Sun JDK | =1.2.1-update3 | |
| Sun JDK | =1.2.2-update4 | |
| Sun JDK | =1.2.2-update5 | |
| Sun JDK | =1.3.0 | |
| Sun JDK | =1.3.0_01 | |
| Sun JDK | =1.3.0_02 | |
| Sun JDK | =1.3.0_03 | |
| Sun JDK | =1.3.0_04 | |
| Sun JDK | =1.3.0_05 | |
| Sun JDK | =1.3.1 | |
| Sun JDK | =1.3.1-update19 | |
| Sun JDK | =1.3.1-update20 | |
| Sun JDK | =1.3.1_01 | |
| Sun JDK | =1.3.1_01a | |
| Sun JDK | =1.3.1_02 | |
| Sun JDK | =1.3.1_03 | |
| Sun JDK | =1.3.1_04 | |
| Sun JDK | =1.3.1_05 | |
| Sun JDK | =1.3.1_06 | |
| Sun JDK | =1.3.1_07 | |
| Sun JDK | =1.3.1_08 | |
| Sun JDK | =1.3.1_09 | |
| Sun JDK | =1.3.1_10 | |
| Sun JDK | =1.3.1_11 | |
| Sun JDK | =1.3.1_12 | |
| Sun JDK | =1.3.1_13 | |
| Sun JDK | =1.3.1_14 | |
| Sun JDK | =1.3.1_15 | |
| Sun JDK | =1.3.1_16 | |
| Sun JDK | =1.3.1_17 | |
| Sun JDK | =1.3.1_18 | |
| Sun JDK | =1.3.1_19 | |
| Sun JDK | =1.3.1_20 | |
| Sun JDK | =1.3.1_21 | |
| Sun JDK | =1.3.1_22 | |
| Sun JDK | =1.3.1_23 | |
| Sun JDK | =1.3.1_24 | |
| Sun JDK | =1.3.1_25 | |
| Sun JDK | =1.3.1_26 | |
| Sun JDK | =1.3.1_27 | |
| Sun JDK | =1.3.1_28 | |
| Sun JDK | =1.4.0 | |
| Sun JDK | =1.4.0_01 | |
| Sun JDK | =1.4.0_02 | |
| Sun JDK | =1.4.0_03 | |
| Sun JDK | =1.4.0_04 | |
| Sun JDK | =1.4.1 | |
| Sun JDK | =1.4.1_01 | |
| Sun JDK | =1.4.1_02 | |
| Sun JDK | =1.4.1_03 | |
| Sun JDK | =1.4.1_04 | |
| Sun JDK | =1.4.1_05 | |
| Sun JDK | =1.4.1_06 | |
| Sun JDK | =1.4.1_07 | |
| Sun JDK | =1.4.2 | |
| Sun JDK | =1.4.2_1 | |
| Sun JDK | =1.4.2_2 | |
| Sun JDK | =1.4.2_3 | |
| Sun JDK | =1.4.2_4 | |
| Sun JDK | =1.4.2_5 | |
| Sun JDK | =1.4.2_6 | |
| Sun JDK | =1.4.2_7 | |
| Sun JDK | =1.4.2_8 | |
| Sun JDK | =1.4.2_9 | |
| Sun JDK | =1.4.2_10 | |
| Sun JDK | =1.4.2_11 | |
| Sun JDK | =1.4.2_12 | |
| Sun JDK | =1.4.2_13 | |
| Sun JDK | =1.4.2_14 | |
| Sun JDK | =1.4.2_15 | |
| Sun JDK | =1.4.2_16 | |
| Sun JDK | =1.4.2_17 | |
| Sun JDK | =1.4.2_18 | |
| Sun JDK | =1.4.2_19 | |
| Sun JDK | =1.5.0 | |
| Sun JDK | =1.5.0-update_1 | |
| Sun JDK | =1.5.0-update_10 | |
| Sun JDK | =1.5.0-update_11 | |
| Sun JDK | =1.5.0-update_12 | |
| Sun JDK | =1.5.0-update_13 | |
| Sun JDK | =1.5.0-update_14 | |
| Sun JDK | =1.5.0-update_15 | |
| Sun JDK | =1.5.0-update_16 | |
| Sun JDK | =1.5.0-update_17 | |
| Sun JDK | =1.5.0-update_18 | |
| Sun JDK | =1.5.0-update_19 | |
| Sun JDK | =1.5.0-update_2 | |
| Sun JDK | =1.5.0-update_20 | |
| Sun JDK | =1.5.0-update_21 | |
| Sun JDK | =1.5.0-update_3 | |
| Sun JDK | =1.5.0-update_4 | |
| Sun JDK | =1.5.0-update_5 | |
| Sun JDK | =1.5.0-update_6 | |
| Sun JDK | =1.5.0-update_7 | |
| Sun JDK | =1.5.0-update_8 | |
| Sun JDK | =1.5.0-update_9 | |
| Sun JDK | =1.5.0-update1 | |
| Sun JDK | =1.5.0-update10 | |
| Sun JDK | =1.5.0-update11 | |
| Sun JDK | =1.5.0-update11_b03 | |
| Sun JDK | =1.5.0-update12 | |
| Sun JDK | =1.5.0-update13 | |
| Sun JDK | =1.5.0-update14 | |
| Sun JDK | =1.5.0-update15 | |
| Sun JDK | =1.5.0-update16 | |
| Sun JDK | =1.5.0-update17 | |
| Sun JDK | =1.5.0-update18 | |
| Sun JDK | =1.5.0-update19 | |
| Sun JDK | =1.5.0-update2 | |
| Sun JDK | =1.5.0-update20 | |
| Sun JDK | =1.5.0-update21 | |
| Sun JDK | =1.5.0-update22 | |
| Sun JDK | =1.5.0-update23 | |
| Sun JDK | =1.5.0-update24 | |
| Sun JDK | =1.5.0-update25 | |
| Sun JDK | =1.5.0-update3 | |
| Sun JDK | =1.5.0-update4 | |
| Sun JDK | =1.5.0-update5 | |
| Sun JDK | =1.5.0-update6 | |
| Sun JDK | =1.5.0-update7 | |
| Sun JDK | =1.5.0-update7_b03 | |
| Sun JDK | =1.5.0-update8 | |
| Sun JDK | =1.5.0-update9 | |
| Sun JDK | =1.5.0_03 | |
| Sun JDK | =1.5.0_03 | |
| Springsource Dm Server | =1.0.0 | |
| Springsource Dm Server | =1.0.1 | |
| Springsource Dm Server | =1.0.2 | |
| SpringSource Spring Framework | =1.1.0 | |
| SpringSource Spring Framework | =2.0 | |
| SpringSource Spring Framework | =2.0-m1 | |
| SpringSource Spring Framework | =2.0-m2 | |
| SpringSource Spring Framework | =2.0-m3 | |
| SpringSource Spring Framework | =2.0-m4 | |
| SpringSource Spring Framework | =2.0-m5 | |
| SpringSource Spring Framework | =2.0-rc1 | |
| SpringSource Spring Framework | =2.0-rc2 | |
| SpringSource Spring Framework | =2.0-rc3 | |
| SpringSource Spring Framework | =2.0-rc4 | |
| SpringSource Spring Framework | =2.0.1 | |
| SpringSource Spring Framework | =2.0.2 | |
| SpringSource Spring Framework | =2.0.3 | |
| SpringSource Spring Framework | =2.0.4 | |
| SpringSource Spring Framework | =2.0.5 | |
| SpringSource Spring Framework | =2.1-m1 | |
| SpringSource Spring Framework | =2.1-m2 | |
| SpringSource Spring Framework | =2.1-m3 | |
| SpringSource Spring Framework | =2.1-m4 | |
| SpringSource Spring Framework | =2.5.0 | |
| SpringSource Spring Framework | =2.5.0-rc1 | |
| SpringSource Spring Framework | =2.5.0-rc2 | |
| SpringSource Spring Framework | =2.5.1 | |
| SpringSource Spring Framework | =2.5.2 | |
| SpringSource Spring Framework | =2.5.3 | |
| SpringSource Spring Framework | =2.5.4 | |
| SpringSource Spring Framework | =2.5.5 | |
| SpringSource Spring Framework | =2.5.6 | |
| SpringSource Spring Framework | =3.0.0-m1 | |
| SpringSource Spring Framework | =3.0.0-m2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=497161
- http://secunia.com/advisories/34892
- http://www.springsource.com/securityadvisory
- http://www.packetstormsecurity.org/hitb06/DAY_1_-_Marc_Schoenefeld_-_Pentesting_Java_J2EE.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50083
- http://www.securityfocus.com/archive/1/502926/100/0/threaded
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2540
- http://archive.cert.uni-stuttgart.de/uniras/2005/01/msg00035.html
- https://access.redhat.com/security/cve/CVE-2009-1190
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1190
- http://www.securityfocus.com/archive/1/archive/1/502926/100/0/threaded
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=497161
- http://xforce.iss.net/xforce/xfdb/50083
- https://access.redhat.com/security/cve/CVE-2004-2540
- https://www.cve.org/CVERecord?id=CVE-2009-1190 https://nvd.nist.gov/vuln/detail/CVE-2009-1190
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1190.json
- collector/nvd-historical
- collector/nvd-index
- agent/author
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-1190
- collector/redhat-cve
- agent/severity
- agent/references
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/sun
- canonical/sun jdk
- version/sun jdk/1.5.0
- version/sun jdk/1.1.0
- version/sun jdk/1.1.6
- version/sun jdk/1.1.6-update7
- version/sun jdk/1.1.7b
- version/sun jdk/1.1.7b-update5
- version/sun jdk/1.1.8-update10
- version/sun jdk/1.1.8-update13
- version/sun jdk/1.1.8-update14
- version/sun jdk/1.1.8-update2
- version/sun jdk/1.1.8-update7
- version/sun jdk/1.1.8-update8
- version/sun jdk/1.2.0
- version/sun jdk/1.2.1
- version/sun jdk/1.2.1-update3
- version/sun jdk/1.2.2-update4
- version/sun jdk/1.2.2-update5
- version/sun jdk/1.3.0
- version/sun jdk/1.3.0_01
- version/sun jdk/1.3.0_02
- version/sun jdk/1.3.0_03
- version/sun jdk/1.3.0_04
- version/sun jdk/1.3.0_05
- version/sun jdk/1.3.1
- version/sun jdk/1.3.1-update19
- version/sun jdk/1.3.1-update20
- version/sun jdk/1.3.1_01
- version/sun jdk/1.3.1_01a
- version/sun jdk/1.3.1_02
- version/sun jdk/1.3.1_03
- version/sun jdk/1.3.1_04
- version/sun jdk/1.3.1_05
- version/sun jdk/1.3.1_06
- version/sun jdk/1.3.1_07
- version/sun jdk/1.3.1_08
- version/sun jdk/1.3.1_09
- version/sun jdk/1.3.1_10
- version/sun jdk/1.3.1_11
- version/sun jdk/1.3.1_12
- version/sun jdk/1.3.1_13
- version/sun jdk/1.3.1_14
- version/sun jdk/1.3.1_15
- version/sun jdk/1.3.1_16
- version/sun jdk/1.3.1_17
- version/sun jdk/1.3.1_18
- version/sun jdk/1.3.1_19
- version/sun jdk/1.3.1_20
- version/sun jdk/1.3.1_21
- version/sun jdk/1.3.1_22
- version/sun jdk/1.3.1_23
- version/sun jdk/1.3.1_24
- version/sun jdk/1.3.1_25
- version/sun jdk/1.3.1_26
- version/sun jdk/1.3.1_27
- version/sun jdk/1.3.1_28
- version/sun jdk/1.4.0
- version/sun jdk/1.4.0_01
- version/sun jdk/1.4.0_02
- version/sun jdk/1.4.0_03
- version/sun jdk/1.4.0_04
- version/sun jdk/1.4.1
- version/sun jdk/1.4.1_01
- version/sun jdk/1.4.1_02
- version/sun jdk/1.4.1_03
- version/sun jdk/1.4.1_04
- version/sun jdk/1.4.1_05
- version/sun jdk/1.4.1_06
- version/sun jdk/1.4.1_07
- version/sun jdk/1.4.2
- version/sun jdk/1.4.2_1
- version/sun jdk/1.4.2_2
- version/sun jdk/1.4.2_3
- version/sun jdk/1.4.2_4
- version/sun jdk/1.4.2_5
- version/sun jdk/1.4.2_6
- version/sun jdk/1.4.2_7
- version/sun jdk/1.4.2_8
- version/sun jdk/1.4.2_9
- version/sun jdk/1.4.2_10
- version/sun jdk/1.4.2_11
- version/sun jdk/1.4.2_12
- version/sun jdk/1.4.2_13
- version/sun jdk/1.4.2_14
- version/sun jdk/1.4.2_15
- version/sun jdk/1.4.2_16
- version/sun jdk/1.4.2_17
- version/sun jdk/1.4.2_18
- version/sun jdk/1.4.2_19
- version/sun jdk/1.5.0-update_1
- version/sun jdk/1.5.0-update_10
- version/sun jdk/1.5.0-update_11
- version/sun jdk/1.5.0-update_12
- version/sun jdk/1.5.0-update_13
- version/sun jdk/1.5.0-update_14
- version/sun jdk/1.5.0-update_15
- version/sun jdk/1.5.0-update_16
- version/sun jdk/1.5.0-update_17
- version/sun jdk/1.5.0-update_18
- version/sun jdk/1.5.0-update_19
- version/sun jdk/1.5.0-update_2
- version/sun jdk/1.5.0-update_20
- version/sun jdk/1.5.0-update_21
- version/sun jdk/1.5.0-update_3
- version/sun jdk/1.5.0-update_4
- version/sun jdk/1.5.0-update_5
- version/sun jdk/1.5.0-update_6
- version/sun jdk/1.5.0-update_7
- version/sun jdk/1.5.0-update_8
- version/sun jdk/1.5.0-update_9
- version/sun jdk/1.5.0-update1
- version/sun jdk/1.5.0-update10
- version/sun jdk/1.5.0-update11
- version/sun jdk/1.5.0-update11_b03
- version/sun jdk/1.5.0-update12
- version/sun jdk/1.5.0-update13
- version/sun jdk/1.5.0-update14
- version/sun jdk/1.5.0-update15
- version/sun jdk/1.5.0-update16
- version/sun jdk/1.5.0-update17
- version/sun jdk/1.5.0-update18
- version/sun jdk/1.5.0-update19
- version/sun jdk/1.5.0-update2
- version/sun jdk/1.5.0-update20
- version/sun jdk/1.5.0-update21
- version/sun jdk/1.5.0-update22
- version/sun jdk/1.5.0-update23
- version/sun jdk/1.5.0-update24
- version/sun jdk/1.5.0-update25
- version/sun jdk/1.5.0-update3
- version/sun jdk/1.5.0-update4
- version/sun jdk/1.5.0-update5
- version/sun jdk/1.5.0-update6
- version/sun jdk/1.5.0-update7
- version/sun jdk/1.5.0-update7_b03
- version/sun jdk/1.5.0-update8
- version/sun jdk/1.5.0-update9
- version/sun jdk/1.5.0_03
- vendor/springsource
- canonical/springsource dm server
- version/springsource dm server/1.0.0
- version/springsource dm server/1.0.1
- version/springsource dm server/1.0.2
- canonical/springsource spring framework
- version/springsource spring framework/1.1.0
- version/springsource spring framework/2.0
- version/springsource spring framework/2.0-m1
- version/springsource spring framework/2.0-m2
- version/springsource spring framework/2.0-m3
- version/springsource spring framework/2.0-m4
- version/springsource spring framework/2.0-m5
- version/springsource spring framework/2.0-rc1
- version/springsource spring framework/2.0-rc2
- version/springsource spring framework/2.0-rc3
- version/springsource spring framework/2.0-rc4
- version/springsource spring framework/2.0.1
- version/springsource spring framework/2.0.2
- version/springsource spring framework/2.0.3
- version/springsource spring framework/2.0.4
- version/springsource spring framework/2.0.5
- version/springsource spring framework/2.1-m1
- version/springsource spring framework/2.1-m2
- version/springsource spring framework/2.1-m3
- version/springsource spring framework/2.1-m4
- version/springsource spring framework/2.5.0
- version/springsource spring framework/2.5.0-rc1
- version/springsource spring framework/2.5.0-rc2
- version/springsource spring framework/2.5.1
- version/springsource spring framework/2.5.2
- version/springsource spring framework/2.5.3
- version/springsource spring framework/2.5.4
- version/springsource spring framework/2.5.5
- version/springsource spring framework/2.5.6
- version/springsource spring framework/3.0.0-m1
- version/springsource spring framework/3.0.0-m2