CVE-2015-0201 Vulnerability in maven package org.springframework:spring-websocket

Description

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

Remediation

References

https://pivotal.io/security/cve-2015-0201

Related Vulnerabilities

CVE-2018-11775 Vulnerability in maven package org.apache.activemq:activemq-core

CVE-2020-2140 Vulnerability in maven package org.jenkins-ci.plugins:audit-trail

CVE-2011-2093 Vulnerability in maven package com.adobe.blazeds:flex-messaging-core

CVE-2020-28052 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk14

CVE-2019-3774 Vulnerability in maven package org.springframework.batch:spring-batch-core

Severity

Critical

Classification

CWE-254