Vulnerability in Owasp Esapi

CVE-2010-3300

It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.

EPSS: 0.002 (42.6th percentile) — read the EPSS interpretation.

Affected products

N/a Owasp Esapi — versions OWASP ESAPI for Java up to version 2.0 RC2

Weakness classification (CWE)

CWE-649

References

www.usenix.org/legacy/events/woot10/tech/full_papers/Rizzo.pdf (x_refsource_MISC)
seclists.org/oss-sec/2010/q3/357 (x_refsource_MISC)