Padding Oracle Attacks Vulnerability in OWASP ESAPI for Java
CVE-2010-3300

5.9MEDIUM

Key Information:

Vendor: Owasp
Status: Owasp ESAPi
Vendor: CVE Published:; 22 June 2021

What is CVE-2010-3300?

The vulnerability occurs in all versions of the OWASP ESAPI for Java up to 2.0 RC2, where improper validation can be exploited through padding oracle attacks. This type of attack enables an adversary to decrypt sensitive data and compromise the confidentiality of the application. Attackers can leverage timing discrepancies in error messages to gain insights into the decryption process, thus exploiting the application’s cryptographic weaknesses. Ensuring the use of updated libraries and implementing robust security measures are crucial to mitigate such risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

OWASP ESAPI OWASP ESAPI for Java up to version 2.0 RC2

References

https://www.usenix.org/legacy/events/woot10/tech/full_pap...

x_refsource_MISC

https://seclists.org/oss-sec/2010/q3/357

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 22, 2021
Vulnerability Reserved
Sep 13, 2010

JSON

Owasp

What is CVE-2010-3300?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.