Description

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

Remediation

References

https://pivotal.io/security/cve-2015-0201

Related Vulnerabilities

CVE-2011-1184 Vulnerability in maven package tomcat:catalina

CVE-2019-11269 Vulnerability in maven package org.springframework.security.oauth:spring-security-oauth2

CVE-2022-45347 Vulnerability in maven package org.apache.shardingsphere:shardingsphere-mysql-protocol

CVE-2020-2216 Vulnerability in maven package org.jenkins-ci.plugins:zephyr-for-jira-test-management

CVE-2021-42357 Vulnerability in maven package org.apache.knox:gateway-service-knoxsso

Severity

Critical

Classification

CWE-254

Tags

Vendor Advisory