CVE-2010-3300

EUVD-2021-1544
It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
owaspenterprise_security_api_for_java
𝑥
< 2.0
owaspenterprise_security_api_for_java
2.0
owaspenterprise_security_api_for_java
2.0:rc1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://seclists.org/oss-sec/2010/q3/357
https://www.usenix.org/legacy/events/woot10/tech/full_papers/Rizzo.pdf
https://seclists.org/oss-sec/2010/q3/357
https://www.usenix.org/legacy/events/woot10/tech/full_papers/Rizzo.pdf