Description

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

Remediation

References

https://pivotal.io/security/cve-2015-0201

Related Vulnerabilities

CVE-2020-26870 Vulnerability in maven package org.webjars.npm:dompurify

CVE-2018-15531 Vulnerability in maven package net.bull.javamelody:javamelody-core

CVE-2017-12634 Vulnerability in maven package org.apache.camel:camel-castor

CVE-2023-1108 Vulnerability in maven package io.undertow:undertow-core

CVE-2021-40865 Vulnerability in maven package org.apache.storm:storm-server

Severity

Critical

Classification

CWE-254

Tags

Vendor Advisory