CVE-2010-3300

It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
VendorProductVersion
owaspenterprise_security_api_for_java
𝑥
< 2.0
owaspenterprise_security_api_for_java
2.0
owaspenterprise_security_api_for_java
2.0:rc1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://seclists.org/oss-sec/2010/q3/357
https://www.usenix.org/legacy/events/woot10/tech/full_papers/Rizzo.pdf
https://seclists.org/oss-sec/2010/q3/357
https://www.usenix.org/legacy/events/woot10/tech/full_papers/Rizzo.pdf