Session ID Prediction Vulnerability in Pivotal Spring Framework
CVE-2015-0201
Currently unrated
What is CVE-2015-0201?
The Java SockJS client within Pivotal's Spring Framework versions 4.1.x prior to 4.1.5 is susceptible to session ID prediction due to the generation of predictable session identifiers. This weakness enables remote attackers to exploit the vulnerability by sending messages to unauthorized sessions, potentially leading to sensitive data exposure and further attacks.
