Lucene search
HistoryDec 05, 2012 - 5:55 p.m.
CVE-2012-5055
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.7
Confidence
Low
EPSS
0.002
Percentile
57.4%
DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests.
Affected configurations
Node
vmwarespringsource_spring_securityRange≤2.0.6
ORvmwarespringsource_spring_securityMatch2.0.0
ORvmwarespringsource_spring_securityMatch2.0.1
ORvmwarespringsource_spring_securityMatch2.0.2
ORvmwarespringsource_spring_securityMatch2.0.3
ORvmwarespringsource_spring_securityMatch2.0.4
ORvmwarespringsource_spring_securityMatch2.0.5
Node
vmwarespringsource_spring_securityMatch3.0.0
ORvmwarespringsource_spring_securityMatch3.0.1
ORvmwarespringsource_spring_securityMatch3.0.2
ORvmwarespringsource_spring_securityMatch3.0.3
ORvmwarespringsource_spring_securityMatch3.0.4
ORvmwarespringsource_spring_securityMatch3.0.5
Node
vmwarespringsource_spring_securityMatch3.1.1
ORvmwarespringsource_spring_securityMatch3.1.2
Related
ubuntucve
ubuntucve
CVE-2012-5055
2012-12-05 00:00:00
prion
prion
Default credentials
2012-12-05 17:55:00
osv
osv
cve
cve
CVE-2012-5055
2022-10-03 16:15:30
github
github
cvelist
cvelist
CVE-2012-5055
2022-10-03 16:15:30
redhat
redhat
(RHSA-2013:0649) Important: Fuse ESB Enterprise 7.1.0 update
2013-03-14 00:00:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities identified in IBM StoredIQ
2020-02-20 12:42:12
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.7
Confidence
Low
EPSS
0.002
Percentile
57.4%
Related for NVD:CVE-2012-5055