Session ID Prediction Vulnerability in Pivotal Spring Framework
CVE-2015-0201

Currently unrated

Key Information:

Vendor
CVE Published:
10 March 2015

What is CVE-2015-0201?

The Java SockJS client within Pivotal's Spring Framework versions 4.1.x prior to 4.1.5 is susceptible to session ID prediction due to the generation of predictable session identifiers. This weakness enables remote attackers to exploit the vulnerability by sending messages to unauthorized sessions, potentially leading to sensitive data exposure and further attacks.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.