CVE-2010-3300

It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:owasp:enterprise_security_api_for_java:*:*:*:*:*:*:*:*
cpe:2.3:a:owasp:enterprise_security_api_for_java:2.0:-:*:*:*:*:*:*
cpe:2.3:a:owasp:enterprise_security_api_for_java:2.0:rc1:*:*:*:*:*:*

History

21 Nov 2024, 01:18

Type Values Removed Values Added
References () https://seclists.org/oss-sec/2010/q3/357 - Mailing List, Third Party Advisory () https://seclists.org/oss-sec/2010/q3/357 - Mailing List, Third Party Advisory
References () https://www.usenix.org/legacy/events/woot10/tech/full_papers/Rizzo.pdf - Third Party Advisory () https://www.usenix.org/legacy/events/woot10/tech/full_papers/Rizzo.pdf - Third Party Advisory

Information

Published : 2021-06-22 12:15

Updated : 2024-11-21 01:18


NVD link : CVE-2010-3300

Mitre link : CVE-2010-3300

CVE.ORG link : CVE-2010-3300


JSON object : View

Products Affected

owasp

  • enterprise_security_api_for_java
CWE
CWE-649

Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking