CVE-2015-0201

2015-03-1014:59:04

CWE-254

redhat

web.nvd.nist.gov

cve-2015-0201

java

sockjs

pivotal

spring framework

remote attacks

session ids

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.003

Percentile

70.5%

JSON

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

Affected configurations

Nvd

Node

pivotal_softwarespring_frameworkMatch4.1.0

vmwarespring_frameworkMatch4.1.1

vmwarespring_frameworkMatch4.1.2

vmwarespring_frameworkMatch4.1.3

vmwarespring_frameworkMatch4.1.4

VendorProductVersionCPE
pivotal_softwarespring_framework4.1.0cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*
vmwarespring_framework4.1.1cpe:2.3:a:vmware:spring_framework:4.1.1:*:*:*:*:*:*:*
vmwarespring_framework4.1.2cpe:2.3:a:vmware:spring_framework:4.1.2:*:*:*:*:*:*:*
vmwarespring_framework4.1.3cpe:2.3:a:vmware:spring_framework:4.1.3:*:*:*:*:*:*:*
vmwarespring_framework4.1.4cpe:2.3:a:vmware:spring_framework:4.1.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pivotal_software	spring_framework	4.1.0	cpe:2.3:a:pivotal_software:spring_framework:4.1.0:::::::*
vmware	spring_framework	4.1.1	cpe:2.3:a:vmware:spring_framework:4.1.1:::::::*
vmware	spring_framework	4.1.2	cpe:2.3:a:vmware:spring_framework:4.1.2:::::::*
vmware	spring_framework	4.1.3	cpe:2.3:a:vmware:spring_framework:4.1.3:::::::*
vmware	spring_framework	4.1.4	cpe:2.3:a:vmware:spring_framework:4.1.4:::::::*