Lucene search
GoogleOSV:GHSA-WJJR-H4WH-W6VVHistoryMay 02, 2022 - 3:22 a.m.
Spring Framework Inefficient Regular Expression Complexity
2022-05-0203:22:35
Google
osv.dev
16
spring framework
regular expression
vulnerability
java development kit
denial of service
cpu consumption
serializable data
cve-2004-2540
EPSS
0.278
Percentile
96.9%
Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540.
Related
cvelist
cvelist
CVE-2009-1190
2009-04-27 22:00:00
CVE-2004-2540
2005-11-16 07:37:00
ubuntucve
ubuntucve
CVE-2009-1190
2009-04-27 00:00:00
prion
prion
Design/Logic Flaw
2009-04-27 22:30:00
nvd
nvd
CVE-2009-1190
2009-04-27 22:30:00
CVE-2004-2540
2004-12-31 05:00:00
cve
cve
CVE-2009-1190
2009-04-27 22:30:00
CVE-2004-2540
2005-11-16 07:37:00
github
github
Spring Framework Inefficient Regular Expression Complexity
2022-05-02 03:22:35
ibm
ibm
Security Bulletin: Multiple CVEs affect IBM Integration Designer
2023-02-01 19:40:57