Padding Oracle Attacks Vulnerability in OWASP ESAPI for Java
CVE-2010-3300

5.9MEDIUM

Key Information:

Vendor: Owasp
Status: Owasp ESAPi
Vendor: CVE Published:; 22 June 2021

What is CVE-2010-3300?

The vulnerability occurs in all versions of the OWASP ESAPI for Java up to 2.0 RC2, where improper validation can be exploited through padding oracle attacks. This type of attack enables an adversary to decrypt sensitive data and compromise the confidentiality of the application. Attackers can leverage timing discrepancies in error messages to gain insights into the decryption process, thus exploiting the application’s cryptographic weaknesses. Ensuring the use of updated libraries and implementing robust security measures are crucial to mitigate such risks.

Affected Version(s)

OWASP ESAPI OWASP ESAPI for Java up to version 2.0 RC2

References

https://www.usenix.org/legacy/events/woot10/tech/full_pap...

x_refsource_MISC

https://seclists.org/oss-sec/2010/q3/357

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2021
Vulnerability Reserved
Sep 13, 2010

CVE-2010-3300 Data

JSON

Owasp

What is CVE-2010-3300?

Affected Version(s)

References

CVSS V3.1

Timeline