The Java SockJS client in Pivotal Spring Framework 4.1.x prior to 4.1.5 generates predictable session ids, which allows remote malicious users to send messages to other sessions via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pivotal software spring framework 4.1.0 |
||
vmware spring framework 4.1.2 |
||
vmware spring framework 4.1.4 |
||
vmware spring framework 4.1.1 |
||
vmware spring framework 4.1.3 |