Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-w4q4-38gp-m3d8

Summary

Exposure of Sensitive Information to an Unauthorized Actor
This package does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests.

Aliases

alias	CVE-2012-5055

alias	GHSA-3533-rvpc-6x56

Fixed_packages

url pkg:maven/org.springframework.security/spring-security-core@2.0.8.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@2.0.8.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@2.0.8.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@3.0.8.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@3.0.8.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-deuk-emca-3kgr

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.8.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@3.1.3.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@3.1.3.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-deuk-emca-3kgr

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.1.3.RELEASE

Affected_packages

url pkg:maven/org.springframework.security/spring-security-core@2.0.0

purl pkg:maven/org.springframework.security/spring-security-core@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-n8yr-3aex-kyah

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@2.0.0

url pkg:maven/org.springframework.security/spring-security-core@2.0.1

purl pkg:maven/org.springframework.security/spring-security-core@2.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-n8yr-3aex-kyah

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@2.0.1

url pkg:maven/org.springframework.security/spring-security-core@2.0.2

purl pkg:maven/org.springframework.security/spring-security-core@2.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-n8yr-3aex-kyah

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@2.0.2

url pkg:maven/org.springframework.security/spring-security-core@2.0.3

purl pkg:maven/org.springframework.security/spring-security-core@2.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-n8yr-3aex-kyah

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@2.0.3

url pkg:maven/org.springframework.security/spring-security-core@2.0.4

purl pkg:maven/org.springframework.security/spring-security-core@2.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-n8yr-3aex-kyah

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@2.0.4

url pkg:maven/org.springframework.security/spring-security-core@2.0.5.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@2.0.5.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-n8yr-3aex-kyah

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@2.0.5.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@2.0.6.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@2.0.6.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@2.0.6.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@2.0.7.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@2.0.7.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@2.0.7.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@3.0.0

purl pkg:maven/org.springframework.security/spring-security-core@3.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-n8yr-3aex-kyah

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-w4q4-38gp-m3d8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.0

url pkg:maven/org.springframework.security/spring-security-core@3.0.0.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@3.0.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-deuk-emca-3kgr

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-n8yr-3aex-kyah

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.0.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@3.0.1.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@3.0.1.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-deuk-emca-3kgr

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-n8yr-3aex-kyah

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.1.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@3.0.2.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@3.0.2.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-deuk-emca-3kgr

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-n8yr-3aex-kyah

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.2.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@3.0.3.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@3.0.3.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-deuk-emca-3kgr

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-n8yr-3aex-kyah

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.3.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@3.0.4.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@3.0.4.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-deuk-emca-3kgr

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.4.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@3.0.5.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@3.0.5.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-deuk-emca-3kgr

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-ev1k-za9z-87hq

vulnerability	VCID-nddv-1dfd-jfdd

vulnerability	VCID-sy5j-6rkg-n3b7

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.5.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@3.0.6.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@3.0.6.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-deuk-emca-3kgr

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.6.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@3.0.7.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@3.0.7.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-deuk-emca-3kgr

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.7.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@3.1.0

purl pkg:maven/org.springframework.security/spring-security-core@3.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kqpg-9cqw-nuen

vulnerability	VCID-w4q4-38gp-m3d8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.1.0

url pkg:maven/org.springframework.security/spring-security-core@3.1.0.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@3.1.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-deuk-emca-3kgr

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.1.0.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@3.1.1.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@3.1.1.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-deuk-emca-3kgr

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.1.1.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@3.1.2.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@3.1.2.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jtc-ehgu-x3c5

vulnerability	VCID-cden-3spy-pyhz

vulnerability	VCID-deuk-emca-3kgr

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-dwcq-d6nf-1ubn

vulnerability	VCID-u6vb-w2bu-ykfk

vulnerability	VCID-w4q4-38gp-m3d8

vulnerability	VCID-yeaf-ta2h-p7c1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.1.2.RELEASE

References

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5055.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5055.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-5055

reference_id

reference_type

scores

value	0.00359
scoring_system	epss
scoring_elements	0.58097
published_at	2026-04-21T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58111
published_at	2026-04-12T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.5809
published_at	2026-04-13T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58121
published_at	2026-04-16T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58122
published_at	2026-04-18T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.57979
published_at	2026-04-01T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58063
published_at	2026-04-02T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58085
published_at	2026-04-04T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58059
published_at	2026-04-07T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58114
published_at	2026-04-08T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58118
published_at	2026-04-09T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58134
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-5055

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-5055

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-5055

reference_url

http://support.springsource.com/security/CVE-2012-5055

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://support.springsource.com/security/CVE-2012-5055

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=886031
reference_id	886031
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=886031

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security::::::::
reference_id	cpe:2.3:a:vmware:springsource_spring_security::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.0:::::::*
reference_id	cpe:2.3:a:vmware:springsource_spring_security:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.1:::::::*
reference_id	cpe:2.3:a:vmware:springsource_spring_security:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.2:::::::*
reference_id	cpe:2.3:a:vmware:springsource_spring_security:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.3:::::::*
reference_id	cpe:2.3:a:vmware:springsource_spring_security:2.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.4:::::::*
reference_id	cpe:2.3:a:vmware:springsource_spring_security:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.5:::::::*
reference_id	cpe:2.3:a:vmware:springsource_spring_security:2.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.0:::::::*
reference_id	cpe:2.3:a:vmware:springsource_spring_security:3.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.1:::::::*
reference_id	cpe:2.3:a:vmware:springsource_spring_security:3.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.2:::::::*
reference_id	cpe:2.3:a:vmware:springsource_spring_security:3.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.3:::::::*
reference_id	cpe:2.3:a:vmware:springsource_spring_security:3.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.4:::::::*
reference_id	cpe:2.3:a:vmware:springsource_spring_security:3.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.5:::::::*
reference_id	cpe:2.3:a:vmware:springsource_spring_security:3.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.1.1:::::::*
reference_id	cpe:2.3:a:vmware:springsource_spring_security:3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.1.2:::::::*
reference_id	cpe:2.3:a:vmware:springsource_spring_security:3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.1.2:::::::*

reference_url	http://support.springsource.com/security/cve-2012-5055
reference_id	CVE-2012-5055
reference_type
scores
url	http://support.springsource.com/security/cve-2012-5055

reference_url

https://github.com/advisories/GHSA-3533-rvpc-6x56

reference_id

GHSA-3533-rvpc-6x56

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3533-rvpc-6x56

reference_url	https://access.redhat.com/errata/RHSA-2013:0649
reference_id	RHSA-2013:0649
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0649

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	200
name	Exposure of Sensitive Information to an Unauthorized Actor
description	The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w4q4-38gp-m3d8

Vulnerability Instance