Description

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

Remediation

References

https://pivotal.io/security/cve-2015-0201

Related Vulnerabilities

CVE-2018-15758 Vulnerability in maven package org.springframework.security.oauth:spring-security-oauth2

CVE-2022-43430 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-for-total-test

CVE-2023-34104 Vulnerability in npm package fast-xml-parser

CVE-2022-34195 Vulnerability in maven package org.jenkins-ci.plugins:repository-connector

CVE-2017-1000399 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

Critical

Classification

CWE-254

Tags

Vendor Advisory