Description

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

Remediation

References

https://pivotal.io/security/cve-2015-0201

Related Vulnerabilities

CVE-2018-1000186 Vulnerability in maven package org.jenkins-ci.plugins:ghprb

CVE-2023-35148 Vulnerability in maven package org.jenkins-ci.plugins:ease-plugin

CVE-2023-49620 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-common

CVE-2023-28677 Vulnerability in maven package org.jenkins-ci.plugins:convert-to-pipeline

CVE-2022-2053 Vulnerability in maven package io.undertow:undertow-core

Severity

Critical

Classification

CWE-254

Tags

Vendor Advisory