CVE Database · CVE-2015-0201
CVSS v3.1
N/A
EPSS
1.91%
Published
Mar 10, 2015
Modified
May 6, 2026
Public PoC / Exploit (1)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.
Weaknesses (CWE)
Affected Products (5)
References (2)
