The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2015-03-10T14:00:00

Updated: 2024-08-06T04:03:10.677Z

Reserved: 2014-11-18T00:00:00

Link: CVE-2015-0201

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2015-03-10T14:59:04.350

Modified: 2024-11-21T02:22:31.707

Link: CVE-2015-0201

cve-icon Redhat

Severity : Low

Publid Date: 2015-03-06T00:00:00Z

Links: CVE-2015-0201 - Bugzilla