Description

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

Remediation

References

https://pivotal.io/security/cve-2015-0201

Related Vulnerabilities

CVE-2011-2730 Vulnerability in maven package org.springframework:spring-web

CVE-2019-10091 Vulnerability in maven package org.apache.geode:geode-core

CVE-2023-40336 Vulnerability in maven package org.jenkins-ci.plugins:cloudbees-folder

CVE-2019-10286 Vulnerability in maven package com.openmake:deployhub

CVE-2023-50723 Vulnerability in maven package org.xwiki.platform:xwiki-platform-administration-ui

Severity

Critical

Classification

CWE-254

Tags

Vendor Advisory