Vulnerabilities in Spring Security 4.2.5