Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0201

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2015-0201
Last Modified 11 Mar 2015 03:20:49
Published 10 Mar 2015 10:59:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-0201

Summary

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

Vulnerable Systems

Application

  • Pivotal Software Spring Framework 4.1.0

  • Pivotal Software Spring Framework 4.1.1

  • Pivotal Software Spring Framework 4.1.2

  • Pivotal Software Spring Framework 4.1.3

  • Pivotal Software Spring Framework 4.1.4


References

CONFIRM - https://pivotal.io/security/cve-2015-0201


Last Updated: 27 May 2016 11:08:04