CVE-2015-0201
EPSS 0.18%Moderate severity vulnerability that affects org.springframework:spring-core
發布日:2018/10/17修改日:2024/12/2
描述
The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.
受影響套件(1)
- Maven/org.springframework:spring-core>= 4.1.0, < 4.1.5
參考連結(6)
- ADVISORYhttps://github.com/advisories/GHSA-45vg-2v73-vm62
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-0201
- PATCHhttps://github.com/spring-projects/spring-framework
- WEBhttps://github.com/spring-projects/spring-framework/commit/d63cfc8eebc396be009e733a81ebb4c984811f6e
- WEBhttps://github.com/spring-projects/spring-framework/commit/dc5b5ca8ee09c890352f89b2dae58bc0132d6545
- WEBhttps://pivotal.io/security/cve-2015-0201