Description
Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=497161
http://secunia.com/advisories/34892
http://www.springsource.com/securityadvisory
http://www.packetstormsecurity.org/hitb06/DAY_1_-_Marc_Schoenefeld_-_Pentesting_Java_J2EE.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50083
http://www.securityfocus.com/archive/1/502926/100/0/threaded
Related Vulnerabilities
CVE-2020-7778 Vulnerability in npm package systeminformation
CVE-2023-49800 Vulnerability in npm package nuxt-api-party
CVE-2023-49383 Vulnerability in maven package com.jfinal:jfinal
CVE-2023-24428 Vulnerability in maven package org.jenkins-ci.plugins:bitbucket-oauth
CVE-2022-40309 Vulnerability in maven package org.apache.archiva:maven2-repository