Information Disclosure
Spring Web Services is vulnerable to Information Disclosure. The vulnerability is due to overly detailed authentication error handling in Spring Security integration paths, where account state information such as whether a user account is locked or disabled can be exposed through SOAP fault...