Description

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

Remediation

References

https://pivotal.io/security/cve-2015-0201

Related Vulnerabilities

CVE-2014-3662 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2019-3875 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2022-47551 Vulnerability in maven package io.apiman:apiman-manager-api-rest-impl

CVE-2023-36469 Vulnerability in maven package org.xwiki.platform:xwiki-platform-notifications-ui

CVE-2018-1272 Vulnerability in maven package org.springframework:spring-core

Severity

Critical

Classification

CWE-254

Tags

Vendor Advisory