Lucene search

GitHub Advisory DatabaseGHSA-45VG-2V73-VM62

HistoryOct 17, 2018 - 8:28 p.m.

Moderate severity vulnerability that affects org.springframework:spring-core

2018-10-1720:28:20

GitHub Advisory Database

github.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.003

Percentile

70.5%

JSON

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

Affected configurations

Vulners

Node

org.springframework\springMatchcore

VendorProductVersionCPE
org.springframework\springcorecpe:2.3:a:org.springframework\:spring:core:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.springframework\	spring	core	cpe:2.3:a:org.springframework\:spring:core::::::::

References

github.com/advisories/GHSA-45vg-2v73-vm62

github.com/spring-projects/spring-framework/commit/d63cfc8eebc396be009e733a81ebb4c984811f6e

github.com/spring-projects/spring-framework/commit/dc5b5ca8ee09c890352f89b2dae58bc0132d6545

nvd.nist.gov/vuln/detail/CVE-2015-0201

pivotal.io/security/cve-2015-0201

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.003

Percentile

70.5%

JSON

Related for GHSA-45VG-2V73-VM62