CVE-2009-2540
published 2009-07-20CVE-2009-2540: Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
3.05%
85.9th percentile
Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opera | opera_browser | <= 9.64 | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
ghsa5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-whgj-f82x-p3xc: Opera, possibly 9
ghsa_unreviewed·2022-05-02·CVSS 7.1
CVE-2009-2540 [HIGH] CWE-770 GHSA-whgj-f82x-p3xc: Opera, possibly 9
Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
GHSA
Spring Framework Inefficient Regular Expression Complexity
ghsa·2022-05-02·CVSS 5.0
CVE-2009-1190 [MEDIUM] CWE-1333 Spring Framework Inefficient Regular Expression Complexity
Spring Framework Inefficient Regular Expression Complexity
Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540.
Red Hat
Spring Framework Remote Denial of Service vulnerability
vendor_redhat·2009-04-22·CVSS 5.0
CVE-2009-1190 [MEDIUM] Spring Framework Remote Denial of Service vulnerability
Spring Framework Remote Denial of Service vulnerability
Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540.
Statement: This flaw affected JBoss Enterprise BRMS Platform 5.1.0 when run on Sun JDK 1.5.x. It was resolved in JBoss Enterprise BRMS Platform 5.2.0, both by updating spring and by dropping support for Sun JDK 1.5.x.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Uncontrolled Resource Consumption
mitre_cwe
CWE-400 Uncontrolled Resource Consumption
CWE-400: Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
Modes of Introduction:
Phase: Operation
Note: The product could be operated in a system or environment with lower resource limits than expected, which might make it easier for attackers to consume all available resources.
Phase: System Configuration
Note: The product could be configured with lower resource limits than expected, which might make it easier for attackers to consume all available resources.
Phase: Architecture and Design
Note: The designer might not consider how to handle and throttle excessive resource requests, which typically requires careful planning to handle more gracefully than a crash or exit.
Phase: Implementation
Note: There are at
CWE
Allocation of Resources Without Limits or Throttling
mitre_cwe
CWE-770 Allocation of Resources Without Limits or Throttling
CWE-770: Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Modes of Introduction:
Phase: Architecture and Design
Note: OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase.
Phase: Implementation
Phase: Operation
Phase: System Configuration
Common Consequences:
Scope: Availability. Impact: DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Resource Consumption (Other). When allocating resources without limits, an attacker could prevent other systems, applications, or processes from accessing the same type of resource. It can be
http://www.exploit-db.com/exploits/9160http://www.g-sec.lu/one-bug-to-rule-them-all.htmlhttp://www.securityfocus.com/archive/1/504969/100/0/threadedhttp://www.securityfocus.com/archive/1/504988/100/0/threadedhttp://www.securityfocus.com/archive/1/504989/100/0/threadedhttp://www.securityfocus.com/archive/1/505006/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/52874https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5957http://www.exploit-db.com/exploits/9160http://www.g-sec.lu/one-bug-to-rule-them-all.htmlhttp://www.securityfocus.com/archive/1/504969/100/0/threadedhttp://www.securityfocus.com/archive/1/504988/100/0/threadedhttp://www.securityfocus.com/archive/1/504989/100/0/threadedhttp://www.securityfocus.com/archive/1/505006/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/52874https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5957
2009-07-20
Published