EUVD-2018-0494

Malware in sbrugna...

Moderate severity vulnerability that affects org.springframework:spring-core

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors...

Brute-force Session Guessing Attacks

sockjs-client is vulnerable to brute-force session guessing attacks. The vulnerability is due to using default random 8-character long session ID which is not robust enough to prevent the attackers from guessing the ID using the Brute-Force search...

Unspecified Vulnerability in Pivotal Software Spring Framework Java SockJS Client

Pivotal Software Spring Framework is the U.S. Pivotal Software, Inc. of a set of open source Java, Java EE application framework. The framework helps developers build high-quality applications . A security vulnerability exists in the Java SockJS client in Pivotal Software Spring Framework version...

CVE-2015-0201

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors...

CVE-2015-0201

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors...

Insufficiently random session id in Java SockJS client

Session id generation in the Java SockJS client is not sufficiently secure and could allow a user to send messages to another user’s session. Note that this only affects users of the Java SockJS client, which generates its own session id. It does not affect browser clients even if they’re...