Description

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

Remediation

References

https://pivotal.io/security/cve-2015-0201

Related Vulnerabilities

CVE-2017-8039 Vulnerability in maven package org.springframework.webflow:spring-webflow

CVE-2023-28155 Vulnerability in maven package org.webjars.bower:request

CVE-2023-37478 Vulnerability in npm package @pnpm/linuxstatic-arm64

CVE-2022-23223 Vulnerability in maven package org.apache.shenyu:shenyu-common

CVE-2019-10453 Vulnerability in maven package org.jenkins-ci.plugins:delphix

Severity

Critical

Classification

CWE-254

Tags

Vendor Advisory