Announcement Announcement Module
No announcement yet.
Security Advisory: Sun JDK 1.5 and dm Server 1.0 Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security Advisory: Sun JDK 1.5 and dm Server 1.0

    SpringSource has issued a security advisory announcement concerning a potential vulnerability. The root cause of the vulnerability is a Sun JDK 1.5 issue with exponential compilation times when using optional groups. When a Sun JVM 1.5 driven application with spring.jar in its classpath accepts serializable data, an attacker could use a long regex string with many optional groups to consume enormous CPU resources.

    Affected Versions: Spring Framework 1.1.0-2.5.6, 3.0.0.M1-3.0.0.M2; dm Server 1.0.0-1.0.2

    Read the official security advisory for the complete details about the issue and how to resolve it.