CVE-2009-1190
Spring Framework Inefficient Regular Expression Complexity
EPSS 1.4%
Description
Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540.
How to fix CVE-2009-1190
To remediate CVE-2009-1190, upgrade the affected package to a fixed version below.
- —upgrade to 3.0.0.RELEASE or later
Is CVE-2009-1190 being exploited?
Low — EPSS is 1.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 1.1.0, < 3.0.0.RELEASE