CVE-2010-3300

EPSS 0.2%
Published 22.06.2021 12:15:08
Last modified 21.11.2024 01:18:28
Source secalert@redhat.com
Teams watchlist Login
Open Login

It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Owasp ≫ Enterprise Security Api For Java Version < 2.0

Owasp ≫ Enterprise Security Api For Java Version2.0 Update-

Owasp ≫ Enterprise Security Api For Java Version2.0 Updaterc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.2%	0.396

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-649 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking

The product uses obfuscation or encryption of inputs that should not be mutable by an external actor, but the product does not use integrity checks to detect if those inputs have been modified.

https://seclists.org/oss-sec/2010/q3/357

Third Party Advisory

Mailing List

https://www.usenix.org/legacy/events/woot10/tech/full_papers/Rizzo.pdf

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2010-3300

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-3300

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-3300

EUVD