1. Home
  2. Vulnerabilities
  3. CVE-2015-0201

CVE-2015-0201

CVSS v2.0 5 (Medium)
50% Progress
EPSS 0.32 % (71th)
0.32% Progress
Affected Products 2
Advisories 1
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

Weaknesses
CWE-254
7PK - Security Features
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2015-03-10 14:59:04
(9 years ago)
Updated Date
2022-04-11 17:18:31
(2 years ago)

Affected Products

Pivotal Software

Vmware

Configuration #1

    CPE23 From Up To
  Pivotal Software Spring Framework 4.1.0 cpe:2.3:a:pivotal_software:spring_framework:4.1.0
  Vmware Spring Framework 4.1.1 cpe:2.3:a:vmware:spring_framework:4.1.1
  Vmware Spring Framework 4.1.2 cpe:2.3:a:vmware:spring_framework:4.1.2
  Vmware Spring Framework 4.1.3 cpe:2.3:a:vmware:spring_framework:4.1.3
  Vmware Spring Framework 4.1.4 cpe:2.3:a:vmware:spring_framework:4.1.4