2 matches found
am.ik.springmvc:new-controller (>=0.1.0 <=0.2.0), am.ik.woothee:woothee-spring (=1.0.0) +1180 more potentially affected by CVE-2015-0201 via org.springframework:spring-core (>=4.1.0.RELEASE <=4.1.4.RELEASE)
org.springframework:spring-core MAVEN version =4.1.0.RELEASE, =0.1.0, =1.0, =0.0.1, =0.0.1, =0.7, =1.5.0, =1.0.1, =1.1.0 and more Source cves: CVE-2015-0201 Source advisory: OSV:GHSA-45VG-2V73-VM62...
CVE-2015-0201
The CVE-2015-0201 issue affects the Java SockJS client in Pivotal Spring Framework 4.1.x prior to 4.1.5. The root cause is generation of predictable session IDs, enabling remote attackers to send messages to other sessions through unspecified vectors. Impact is partial confidentiality of session ...