CVE-2015-0201

Published: Mar 10, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

Affected (5)

Products: Pivotal Software: Spring Framework · Vmware: Spring Framework

1 product

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Pivotal Software Spring Framework	Version 4.1.0
Vmware Spring Framework	Version 4.1.1
Vmware Spring Framework	Version 4.1.2
Vmware Spring Framework	Version 4.1.3
Vmware Spring Framework	Version 4.1.4

Related CWEs

CWE-254

References (2)

https://pivotal.io/security/cve-2015-0201

Source: secalert@redhat.com

Vendor Advisory

https://pivotal.io/security/cve-2015-0201

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.