Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-m3ht-28wc-yyeg
Vulnerability ID VCID-m3ht-28wc-yyeg
Aliases CVE-2012-5055
GHSA-3533-rvpc-6x56
Summary Exposure of Sensitive Information to an Unauthorized Actor This package does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2012-5055
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2012-5055
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2012-5055
generic_textual MODERATE http://support.springsource.com/security/CVE-2012-5055
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5055.json
https://api.first.org/data/v1/epss?cve=CVE-2012-5055
https://nvd.nist.gov/vuln/detail/CVE-2012-5055
http://support.springsource.com/security/CVE-2012-5055
886031 https://bugzilla.redhat.com/show_bug.cgi?id=886031
CVE-2012-5055 http://support.springsource.com/security/cve-2012-5055
RHSA-2013:0649 https://access.redhat.com/errata/RHSA-2013:0649
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.58364
EPSS Score 0.00359
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-02T04:36:06.637900+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-core/CVE-2012-5055.yml 38.6.0