Apr 23rd, 2009, 03:42 PM
Security Advisory: Sun JDK 1.5 and Spring 1.0-3.0
SpringSource has issued a security advisory announcement concerning a potential vulnerability. The root cause of the vulnerability is a Sun JDK 1.5 issue with exponential compilation times when using optional groups. When a Sun JVM 1.5 driven application with spring.jar in its classpath accepts serializable data, an attacker could use a long regex string with many optional groups to consume enormous CPU resources.
Affected Versions: Spring Framework 1.1.0-2.5.6, 3.0.0.M1-3.0.0.M2; dm Server 1.0.0-1.0.2
Read the official security advisory for the complete details about the issue and how to resolve it.