Description

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

Remediation

References

https://pivotal.io/security/cve-2015-0201

Related Vulnerabilities

CVE-2022-34194 Vulnerability in maven package org.jenkins-ci.plugins:readonly-parameters

CVE-2020-2194 Vulnerability in maven package io.jenkins.plugins:echarts-api

CVE-2023-37943 Vulnerability in maven package org.jenkins-ci.plugins:active-directory

CVE-2015-3192 Vulnerability in maven package org.springframework:spring-oxm

CVE-2018-1000606 Vulnerability in maven package org.jenkins-ci.plugins:urltrigger

Severity

Critical

Classification

CWE-254

Tags

Vendor Advisory