Description

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

Remediation

References

https://pivotal.io/security/cve-2015-0201

Related Vulnerabilities

CVE-2022-22968 Vulnerability in maven package org.springframework:spring-context

CVE-2014-7810 Vulnerability in maven package org.apache.tomcat:tomcat-jasper

CVE-2022-34204 Vulnerability in maven package com.geteasyqa:easyqa

CVE-2023-4863 Vulnerability in npm package electron

CVE-2016-6816 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

Severity

Critical

Classification

CWE-254

Tags

Vendor Advisory