CVE-2015-0201

Spring Framework 4.1.x < 4.1.5 - Predictable Session ID Generation in Java SockJS Client

Title source: llm

Description

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://pivotal.io/security/cve-2015-0201

Scores

EPSS 0.0018

EPSS Percentile 39.4%

Details

CWE

CWE-254

Status published

Products (6)

org.springframework/spring-core 4.1.0 - 4.1.5Maven

pivotal_software/spring_framework 4.1.0

vmware/spring_framework 4.1.1

vmware/spring_framework 4.1.2

vmware/spring_framework 4.1.3

vmware/spring_framework 4.1.4

Published Mar 10, 2015

Tracked Since Feb 18, 2026