23 matches found
DEBIAN-CVE-2018-1270
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...
Remote Code Execution (RCE)
spring-messaging is susceptible to remote code execution RCE attack. The vulnerability exists through the simple STOMP broker that exposes a weakness to malicious users who can perform a RCE attack through the STORM payload...
Insufficiently random session id in Java SockJS client
Session id generation in the Java SockJS client is not sufficiently secure and could allow a user to send messages to another user’s session. Note that this only affects users of the Java SockJS client, which generates its own session id. It does not affect browser clients even if they’re...