FKIE_CVE-2009-1190

Vulnerability from fkie_nvd - Published: 2009-04-27 22:30 - Updated: 2026-04-23 00:35
Severity
Summary
Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540.
References
secalert@redhat.comhttp://secunia.com/advisories/34892Vendor Advisory
secalert@redhat.comhttp://www.packetstormsecurity.org/hitb06/DAY_1_-_Marc_Schoenefeld_-_Pentesting_Java_J2EE.pdfExploit
secalert@redhat.comhttp://www.securityfocus.com/archive/1/502926/100/0/threaded
secalert@redhat.comhttp://www.springsource.com/securityadvisoryVendor Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=497161Exploit
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/50083
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34892Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.packetstormsecurity.org/hitb06/DAY_1_-_Marc_Schoenefeld_-_Pentesting_Java_J2EE.pdfExploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/502926/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.springsource.com/securityadvisoryVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=497161Exploit
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/50083
Impacted products
Vendor Product Version
sun jdk *
sun jdk 1.1.0
sun jdk 1.1.6
sun jdk 1.1.6
sun jdk 1.1.7b
sun jdk 1.1.7b
sun jdk 1.1.8
sun jdk 1.1.8
sun jdk 1.1.8
sun jdk 1.1.8
sun jdk 1.1.8
sun jdk 1.1.8
sun jdk 1.2.0
sun jdk 1.2.1
sun jdk 1.2.1
sun jdk 1.2.2
sun jdk 1.2.2
sun jdk 1.3.0
sun jdk 1.3.0_01
sun jdk 1.3.0_02
sun jdk 1.3.0_03
sun jdk 1.3.0_04
sun jdk 1.3.0_05
sun jdk 1.3.1
sun jdk 1.3.1
sun jdk 1.3.1
sun jdk 1.3.1_01
sun jdk 1.3.1_01a
sun jdk 1.3.1_02
sun jdk 1.3.1_03
sun jdk 1.3.1_04
sun jdk 1.3.1_05
sun jdk 1.3.1_06
sun jdk 1.3.1_07
sun jdk 1.3.1_08
sun jdk 1.3.1_09
sun jdk 1.3.1_10
sun jdk 1.3.1_11
sun jdk 1.3.1_12
sun jdk 1.3.1_13
sun jdk 1.3.1_14
sun jdk 1.3.1_15
sun jdk 1.3.1_16
sun jdk 1.3.1_17
sun jdk 1.3.1_18
sun jdk 1.3.1_19
sun jdk 1.3.1_20
sun jdk 1.3.1_21
sun jdk 1.3.1_22
sun jdk 1.3.1_23
sun jdk 1.3.1_24
sun jdk 1.3.1_25
sun jdk 1.3.1_26
sun jdk 1.3.1_27
sun jdk 1.3.1_28
sun jdk 1.4.0
sun jdk 1.4.0_01
sun jdk 1.4.0_02
sun jdk 1.4.0_03
sun jdk 1.4.0_04
sun jdk 1.4.1
sun jdk 1.4.1_01
sun jdk 1.4.1_02
sun jdk 1.4.1_03
sun jdk 1.4.1_04
sun jdk 1.4.1_05
sun jdk 1.4.1_06
sun jdk 1.4.1_07
sun jdk 1.4.2
sun jdk 1.4.2_1
sun jdk 1.4.2_2
sun jdk 1.4.2_3
sun jdk 1.4.2_4
sun jdk 1.4.2_5
sun jdk 1.4.2_6
sun jdk 1.4.2_7
sun jdk 1.4.2_8
sun jdk 1.4.2_9
sun jdk 1.4.2_10
sun jdk 1.4.2_11
sun jdk 1.4.2_12
sun jdk 1.4.2_13
sun jdk 1.4.2_14
sun jdk 1.4.2_15
sun jdk 1.4.2_16
sun jdk 1.4.2_17
sun jdk 1.4.2_18
sun jdk 1.4.2_19
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0_03
sun jdk 1.5.0_03
springsource dm_server 1.0.0
springsource dm_server 1.0.1
springsource dm_server 1.0.2
springsource spring_framework 1.1.0
springsource spring_framework 2.0
springsource spring_framework 2.0
springsource spring_framework 2.0
springsource spring_framework 2.0
springsource spring_framework 2.0
springsource spring_framework 2.0
springsource spring_framework 2.0
springsource spring_framework 2.0
springsource spring_framework 2.0
springsource spring_framework 2.0
springsource spring_framework 2.0.1
springsource spring_framework 2.0.2
springsource spring_framework 2.0.3
springsource spring_framework 2.0.4
springsource spring_framework 2.0.5
springsource spring_framework 2.1
springsource spring_framework 2.1
springsource spring_framework 2.1
springsource spring_framework 2.1
springsource spring_framework 2.5.0
springsource spring_framework 2.5.0
springsource spring_framework 2.5.0
springsource spring_framework 2.5.1
springsource spring_framework 2.5.2
springsource spring_framework 2.5.3
springsource spring_framework 2.5.4
springsource spring_framework 2.5.5
springsource spring_framework 2.5.6
springsource spring_framework 3.0.0
springsource spring_framework 3.0.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sun:jdk:*:update_22:*:*:*:*:*:*",
              "matchCriteriaId": "B2BAB703-E024-42CE-B6DF-605A54BF4749",
              "versionEndIncluding": "1.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4C1D605-1FE9-4F1A-A374-CC342CD7310C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEBE2903-9C4E-4BBD-AC12-2408BAF42ED8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.1.6:update7:*:*:*:*:*:*",
              "matchCriteriaId": "8722DCD3-C7CB-4D79-808E-FBC1E27A0ED7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.1.7b:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E48A0E7-9956-4187-952D-4D4DD2F28099",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.1.7b:update5:*:*:*:*:*:*",
              "matchCriteriaId": "8A64F606-A1A8-4ABE-9249-0F3D3D02A182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.1.8:update10:*:*:*:*:*:*",
              "matchCriteriaId": "F16BAE28-B7F1-496F-98AC-43DCA387FA45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.1.8:update13:*:*:*:*:*:*",
              "matchCriteriaId": "2F99B49A-5A04-4EC8-ABD7-1BEAF620C0DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.1.8:update14:*:*:*:*:*:*",
              "matchCriteriaId": "E58C529E-0D46-46A2-A6F3-894ECB215A65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.1.8:update2:*:*:*:*:*:*",
              "matchCriteriaId": "C5D8520B-8B24-444F-A47B-ED0733859954",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.1.8:update7:*:*:*:*:*:*",
              "matchCriteriaId": "D6A18370-9054-48F5-8766-D4A15F3A67C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.1.8:update8:*:*:*:*:*:*",
              "matchCriteriaId": "4053D51D-57A9-495F-9B8D-0076661283EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF39BD92-7733-4408-A907-D292D973D9CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07425A23-5BF3-441E-B47A-395BE402B2C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.2.1:update3:*:*:*:*:*:*",
              "matchCriteriaId": "38A647E6-2BC2-4E71-96FB-7CA457484CB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.2.2:update4:*:*:*:*:*:*",
              "matchCriteriaId": "5B791B1F-D6AA-451D-A415-C2C9BE44865A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.2.2:update5:*:*:*:*:*:*",
              "matchCriteriaId": "A4D34197-1500-47C7-848D-676F7592BCD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AA4DE59-4CF5-49F4-8625-0F3DA2DB7020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.0_01:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BC733B9-1694-44E3-BF58-34BABBA4E08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.0_02:*:*:*:*:*:*:*",
              "matchCriteriaId": "991AEC76-0494-4085-9427-52D8BDD75753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.0_03:*:*:*:*:*:*:*",
              "matchCriteriaId": "12763342-3D3A-4744-941D-4DFD33F79515",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.0_04:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3E28D80-D908-4F17-BF3D-62C970A4D54B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.0_05:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0D8BC0C-13B8-472D-A077-F2039A637326",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "15AAA894-90A8-4B08-A392-5CB36ABE6F54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1:update19:*:*:*:*:*:*",
              "matchCriteriaId": "910AF14C-1993-4740-AE6D-77B55B52AC48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1:update20:*:*:*:*:*:*",
              "matchCriteriaId": "8C924560-0EF5-4BC0-8614-2DD5616E076A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_01:*:*:*:*:*:*:*",
              "matchCriteriaId": "C09F9315-CE9E-4F20-9E8A-597896057A1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_01a:*:*:*:*:*:*:*",
              "matchCriteriaId": "88DB55B2-7D7F-4EB8-8E29-7D15F735A286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_02:*:*:*:*:*:*:*",
              "matchCriteriaId": "38CDFAD5-389F-4F08-AF24-5D8782E86225",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_03:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE962961-9E1D-4164-A11A-0CA6DC4FFBAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_04:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E8244F8-C212-420B-BB12-F58B84B64335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_05:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E7BB67D-0D40-4C92-8005-C1F876629304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_06:*:*:*:*:*:*:*",
              "matchCriteriaId": "926B3423-5AB8-4A7C-A83E-5C363A783AF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_07:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F623253-2FF5-4398-AF23-A56F06008301",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_08:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4EE7212-2AF1-4D10-826B-3B6EDDDA6DDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_09:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B5A02FE-614B-4B8C-AB9A-57F5C32B36A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_10:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E781B3C-EA57-4CA6-9F03-117C52552AEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1227F19E-5A69-422F-A2E1-5280B1836C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_12:*:*:*:*:*:*:*",
              "matchCriteriaId": "18FE8DE3-A93A-4884-9131-84715C776545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_13:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA3D41B2-05C4-4EB5-9124-FFC887A010F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_14:*:*:*:*:*:*:*",
              "matchCriteriaId": "95E09BF6-A2E4-49F3-9E8C-3C7EB5FE782B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_15:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB23A52B-0F6E-4570-9B72-0D07CF26D536",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_16:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0E1566F-1257-428F-8DA9-29DB0DF5D647",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_17:*:*:*:*:*:*:*",
              "matchCriteriaId": "A84080AF-E076-40FD-BDEB-727AAE986AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FD02135-C3C2-4FCC-A85C-353CD321B97A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_19:*:*:*:*:*:*:*",
              "matchCriteriaId": "10ACCA84-F469-401B-A68F-0281E5C2D46E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_20:*:*:*:*:*:*:*",
              "matchCriteriaId": "03B1DA4B-CE36-4828-B10F-8A854CCB368E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_21:*:*:*:*:*:*:*",
              "matchCriteriaId": "55B201EA-49A8-407A-9893-B3988C936D13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_22:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD65ECF9-5495-4F69-B566-C1657473F08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_23:*:*:*:*:*:*:*",
              "matchCriteriaId": "671EF738-7846-40A0-B070-649F637782F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_24:*:*:*:*:*:*:*",
              "matchCriteriaId": "7714D90D-1BF0-4388-B086-17C6D1BC9D66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_25:*:*:*:*:*:*:*",
              "matchCriteriaId": "D54C9BE0-9009-41F6-B07F-855358EE5141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_26:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C144EF3-5228-4338-921E-547902CC6F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_27:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9F5541-983B-42E3-AA7A-988028303B0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.3.1_28:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B63DC45-DDDB-4D93-81BC-16893FFF558C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "20C9C594-3DBC-4706-BA88-A662CD28C830",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.0_01:*:*:*:*:*:*:*",
              "matchCriteriaId": "01E34550-4CA8-4AF1-81CA-BBD5AC53BFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.0_02:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5AE3D20-565C-4438-A6B6-8FD87511BD8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.0_03:*:*:*:*:*:*:*",
              "matchCriteriaId": "73966143-616D-4CB7-80A9-3CB3F1F455D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.0_04:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF742B38-8C5E-4F17-8C75-23A8C61BDB42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "811DEBE9-356B-4D60-8BE8-AE55CE484D10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.1_01:*:*:*:*:*:*:*",
              "matchCriteriaId": "02F2D988-DFAE-420E-B7BB-440746F4AB76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.1_02:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CEF4A09-4520-422F-8766-AD0D00832BFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.1_03:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E06A6F0-9F90-4BCD-A736-0A521E565C97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.1_04:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1032FEB-9948-4501-AB70-94DFBEFD204D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.1_05:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA27821-FAB3-40E2-8D94-F3B5DFB0714B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.1_06:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F27CFAE-F807-4643-BAC3-1A6486DE3D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.1_07:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EBF7DA4-B357-4507-8BBE-7AE21CB6CE96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9E5ACCC-F82F-42F8-860A-92765D0F0B28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.2_1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA9CA652-9B8C-4175-9ED8-71F441ADF962",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.2_2:*:*:*:*:*:*:*",
              "matchCriteriaId": "93B973CB-25CE-4CA4-A4F8-577ED9ACEFEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.2_3:*:*:*:*:*:*:*",
              "matchCriteriaId": "00F66ED4-F74A-4F61-B01C-122DC98D5324",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.2_4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7321A75D-AC6E-486E-8911-AF66A992C8A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.2_5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D70B8B14-B4A2-4D05-B999-E2840A2365E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.2_6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3EDC5EB-2E48-462E-BA0B-217BC470DFC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.2_7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA1D44C4-E43A-4D63-A5C9-76E885D3B436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.2_8:*:*:*:*:*:*:*",
              "matchCriteriaId": "52E30E1D-2766-4E79-B9C7-7B998E23A49F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.2_9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E9872BC-5A24-4855-8D01-4C43BBF5C265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.2_10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94D13A6-E832-4BDF-8AF2-A4E0EF7DCBA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.2_11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5EFE8C-B098-460C-AFE5-C5A938599F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.2_12:*:*:*:*:*:*:*",
              "matchCriteriaId": "040AD56D-A0B7-4AF7-AF3D-4B4BD802516D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.2_13:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F0F7DF1-E117-4FD4-9A63-D05747727D01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.2_14:*:*:*:*:*:*:*",
              "matchCriteriaId": "D63DF43C-4781-4E0F-89C4-0BFC841A0488",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.2_15:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D29842F-2185-46C5-8091-23ECB06CB680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.2_16:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FF285D8-6E75-4932-A28B-639DA07F1124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.2_17:*:*:*:*:*:*:*",
              "matchCriteriaId": "817C3737-F625-4EE9-BB5C-D4B624EF0DAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.2_18:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A152C0A-65CE-438D-8B53-32D1EFC019F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.4.2_19:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8DEFA1-AAA4-4AA2-859F-257B9B4D2B05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A02CF738-1B4F-44D0-A618-3D3E4EF1C9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "8198F493-0447-4A87-9F16-5B6CB3572E38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_10:*:*:*:*:*:*",
              "matchCriteriaId": "645BBE6D-BA5E-4D93-9152-759A2355013E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_11:*:*:*:*:*:*",
              "matchCriteriaId": "0EE694C9-940A-4899-844C-AC63412FA295",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_12:*:*:*:*:*:*",
              "matchCriteriaId": "BC9476DD-9B56-4811-A248-711C25181F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_13:*:*:*:*:*:*",
              "matchCriteriaId": "68D34082-2948-4D95-B43F-FBD59E2F3D28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_14:*:*:*:*:*:*",
              "matchCriteriaId": "F2E01C07-4921-47CC-9AFC-D3B461D0B78D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_15:*:*:*:*:*:*",
              "matchCriteriaId": "7532E7D4-2F62-4DA0-B905-F95A0A735CE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_16:*:*:*:*:*:*",
              "matchCriteriaId": "0AF93193-889E-4F44-ADEB-E89E56DE6C7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_17:*:*:*:*:*:*",
              "matchCriteriaId": "68C19440-4172-4539-8E38-09DBCB1752E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_18:*:*:*:*:*:*",
              "matchCriteriaId": "3CC000EC-9717-47DA-B182-6C8CD3970F27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_19:*:*:*:*:*:*",
              "matchCriteriaId": "115083C5-811F-47BA-8549-3BDFF9CA0740",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "51337B8C-78F2-4207-998E-A3FC591F538B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_20:*:*:*:*:*:*",
              "matchCriteriaId": "48193108-CD9F-476E-A7D2-E0796F659BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_21:*:*:*:*:*:*",
              "matchCriteriaId": "A0A80299-783A-4FBA-9EBF-5913942949A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "76A4F852-0240-44D6-9BD5-FE79DEF16438",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_4:*:*:*:*:*:*",
              "matchCriteriaId": "F57E5943-5CC3-4736-85E8-FE7CC4F38735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "3C228E00-0F5C-41D2-8BD0-46AF682AE842",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_6:*:*:*:*:*:*",
              "matchCriteriaId": "0329E813-B2C8-4C84-BCAF-2D54C4AE0472",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_7:*:*:*:*:*:*",
              "matchCriteriaId": "7E3C40E1-7005-4F83-B347-177BEC9EE339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_8:*:*:*:*:*:*",
              "matchCriteriaId": "6855E3F5-6F8E-44FA-A913-0D0F6A803DFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update_9:*:*:*:*:*:*",
              "matchCriteriaId": "C79BDB6E-442B-41F1-A025-C17648A81FD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*",
              "matchCriteriaId": "EE8E883F-E13D-4FB0-8C6F-B7628600E8D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*",
              "matchCriteriaId": "2AADA633-EB11-49A0-8E40-66589034F03E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*",
              "matchCriteriaId": "19DC29C5-1B9F-46DF-ACF6-3FF93E45777D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:*",
              "matchCriteriaId": "646DDCA6-AAC4-4FA8-B9B5-51F88D4C001D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*",
              "matchCriteriaId": "B120F7D9-7C1E-4716-B2FA-2990D449F754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*",
              "matchCriteriaId": "CD61E49F-2A46-4107-BB3F-527079983306",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*",
              "matchCriteriaId": "D900AAE0-6032-4096-AFC2-3D43C55C6C83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*",
              "matchCriteriaId": "88B0958C-744C-4946-908C-09D2A5FAB120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*",
              "matchCriteriaId": "C3E7F3CA-FFB3-42B3-A64F-0E38FAF252FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*",
              "matchCriteriaId": "9A2D8D09-3F18-4E73-81CF-BB589BB8AEC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*",
              "matchCriteriaId": "3FD24779-988F-4EC1-AC19-77186B68229E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*",
              "matchCriteriaId": "4F1E860E-98F2-48FF-B8B3-54D4B58BF81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*",
              "matchCriteriaId": "28BE548B-DD0C-4C58-98CA-5B803F04F9EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*",
              "matchCriteriaId": "505A8F40-7758-412F-8895-FA1B00BE6B7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*",
              "matchCriteriaId": "212F4A5F-87E3-4C62-BA21-46CBBCD8D26A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*",
              "matchCriteriaId": "5C4DFCD2-00A3-4BC7-8842-836CE22C7B39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*",
              "matchCriteriaId": "EB3A0C49-3FF9-4CB7-9E01-F771D4925103",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*",
              "matchCriteriaId": "F7D1BBD4-2F88-4372-B863-BB70753D841B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*",
              "matchCriteriaId": "9A75A4C0-6B49-424B-BEC0-0E0AAEF877B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*",
              "matchCriteriaId": "5F8E9AA0-8907-4B1A-86A1-08568195217D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*",
              "matchCriteriaId": "A337AD31-4566-4A4E-AFF3-7EAECD5C90F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*",
              "matchCriteriaId": "0754AFDC-2F1C-4C06-AB46-457B5E610029",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*",
              "matchCriteriaId": "532CF9DD-0EBB-4B3B-BB9C-A8D78947A790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*",
              "matchCriteriaId": "DC0ABF7A-107B-4B97-9BD7-7B0CEDAAF359",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*",
              "matchCriteriaId": "59ED507D-AEF8-4631-A298-8BDA6D6E8CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*",
              "matchCriteriaId": "A5DA4242-30D9-44C8-9D0D-877348FFA22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*",
              "matchCriteriaId": "C61C6043-99D0-4F36-AF84-1A5F90B895EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0_03:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "0DF9EC3A-E40C-415B-8BF3-40D3C474AF70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0_03:*:windows:*:*:*:*:*",
              "matchCriteriaId": "937EEE89-443C-4435-9064-EE228B3CEBD9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:springsource:dm_server:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D95E4679-D525-4E6A-921F-9CE1C7E1EE09",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:dm_server:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A8C3A93-F837-4595-8A4D-F53CA97AC7E4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:dm_server:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "27410ECF-4E3D-40B2-86A6-6A4BAA9E9C82",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "12B16A98-BB2E-4F5B-AE14-F84B6A879097",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1274AB42-FE68-4EF5-B11F-6343685A7747",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.0:m1:*:*:*:*:*:*",
              "matchCriteriaId": "E88635C7-2305-41F6-9BD9-8E945F524C12",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.0:m2:*:*:*:*:*:*",
              "matchCriteriaId": "2DD492C8-A0EF-44E8-AC9F-56F8F64C99A4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.0:m3:*:*:*:*:*:*",
              "matchCriteriaId": "C419AC44-21A5-456C-B537-B8BAF475BCF3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.0:m4:*:*:*:*:*:*",
              "matchCriteriaId": "EFAAE3B9-C62E-47F6-A23D-1024E5870B7E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.0:m5:*:*:*:*:*:*",
              "matchCriteriaId": "DA630C68-21E8-4F2A-8044-5DAF3CA3CC37",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "012985DE-5D39-470C-8E51-5AFCED594FB9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "94639F24-EEF4-4AA3-83F4-6C86A3286E5B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "6649C191-78C3-403F-BEAF-741AF9FF2893",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "6A4E6F8A-44B0-4982-9D52-96E8C85D9CFF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "56CC4457-E99A-4AAF-B9FA-E4852E4E1967",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0474C87-8CC6-4E71-B350-3A4AA7CF452D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5049E640-145C-4338-B25C-7AA82A67FA0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCDB933A-AED3-4A0B-9911-CBBF0B9E91B6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "58F22748-6F62-495A-96F5-694E5E1EBCB8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.1:m1:*:*:*:*:*:*",
              "matchCriteriaId": "030CC42C-8582-4B71-B93E-9D7AE5D2EBF9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.1:m2:*:*:*:*:*:*",
              "matchCriteriaId": "629C79A0-0233-4750-9A43-F98C97BBA47D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.1:m3:*:*:*:*:*:*",
              "matchCriteriaId": "AB6958CD-61D4-41ED-A16A-2B74E17AD501",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.1:m4:*:*:*:*:*:*",
              "matchCriteriaId": "AC4E5B16-5012-44CD-9719-ADDAACF4FBAE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ECA0EF4-6BEA-4464-B098-37C0342AEDDF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F45DF1E8-2BB9-45A6-96C4-406C81827E68",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FFE1B570-A480-46AD-A8AE-E984824CF6BE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4DDA5A7-62A4-471A-9B01-D54CF560BF56",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B977B334-EC1A-45BD-976D-3DF3332ADA90",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DC37B55-E7DF-4426-B1E2-2644078EDD19",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A939B963-7C6C-4617-A695-A9CC4FC774EE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB2D44CB-BBBF-45DE-B3C9-2BD2625BC8E7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:2.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F709DAAC-AA32-4D37-9E0C-A014FB519697",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:3.0.0:m1:*:*:*:*:*:*",
              "matchCriteriaId": "13E1344C-CB41-48FC-BB98-7FEBEBF190E9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:springsource:spring_framework:3.0.0:m2:*:*:*:*:*:*",
              "matchCriteriaId": "AD66E687-C387-486D-AC34-279961311A8F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de complejidad algor\u00edtmica  en el m\u00e9todo java.util.regex.Pattern.compile en Sun Java Development Kit (JDK) antes de la versi\u00f3n 1.6, cuando se utiliza con spring.jar en la plataforma SpringSource Spring Framework v1.1.0 a la v2.5.6 y v3.0.0.M1 a y v3.0.0.M2 y dm Server v1.0.0 a v1.0.2, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (mediante un excesivo consumo de CPU) a trav\u00e9s de datos serializables con una cadena regex demasiado larga que almacene multiples grupos opcionales. Vulnerabilidad relacionada con la CVE-2004-2540."
    }
  ],
  "id": "CVE-2009-1190",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-04-27T22:30:00.267",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34892"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.packetstormsecurity.org/hitb06/DAY_1_-_Marc_Schoenefeld_-_Pentesting_Java_J2EE.pdf"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/502926/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.springsource.com/securityadvisory"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=497161"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34892"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.packetstormsecurity.org/hitb06/DAY_1_-_Marc_Schoenefeld_-_Pentesting_Java_J2EE.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/502926/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.springsource.com/securityadvisory"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=497161"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50083"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.