CVE-2015-0201

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

Published: Mar 10, 2015
Updated: May 9, 2024
CVE: CVE-2015-0201
GHSA: GHSA-45vg-2v73-vm62
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-254

Affected Software
References

Software	From	Fixed in
pivotal_software / spring_framework	4.1.0	4.1.0.x
vmware / spring_framework	4.1.1	4.1.1.x
vmware / spring_framework	4.1.2	4.1.2.x
vmware / spring_framework	4.1.3	4.1.3.x
vmware / spring_framework	4.1.4	4.1.4.x
org.springframework / spring-core	4.1.0	4.1.5

https://pivotal.io/security/cve-2015-0201

Vulnerability Database

289,599

CVE-2015-0201