Unrated severityNVD Advisory· Published Sep 21, 2009· Updated Apr 23, 2026

CVE-2009-3275

Description

Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs in Microsoft patterns & practices Enterprise Library (aka EntLib) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many \ (backslash) characters followed by a " (double quote), related to a certain regular expression, aka a "ReDoS" vulnerability.

Affected products

Microsoft/Enterprise Library3 versions
cpe:2.3:a:microsoft:enterprise_library:3.1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:enterprise_library:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:enterprise_library:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:enterprise_library:4.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.checkmarx.com/Upload/Documents/PDF/Checkmarx_OWASP_IL_2009_ReDoS.pdfnvdExploit
www.securityfocus.com/archive/1/506419/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.008
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000