Authenticated encryption vulnerability in OWASP ESAPI for Java
CVE-2013-5960

Currently unrated

Key Information:

Vendor: Owasp
Status: Enterprise Security Api
Vendor: CVE Published:; 30 September 2013

What is CVE-2013-5960?

The authenticated-encryption feature in the OWASP Enterprise Security API (ESAPI) for Java version 2.x prior to 2.1.0.1 suffers from a vulnerability that allows attackers to manipulate serialized ciphertext. This flaw can enable malicious actors to bypass the intended cryptographic protections, particularly when the cipher mode is configured in a non-default setting. Proper measures and upgrades are essential to mitigate these risks and ensure the security of sensitive data handled by the API.

References

http://www.securityfocus.com/bid/62415

vdb-entryx_refsource_BID

http://lists.owasp.org/pipermail/esapi-dev/2013-August/00...

mailing-listx_refsource_MLIST

http://code.google.com/p/owasp-esapi-java/issues/detail?i...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 30, 2013
Vulnerability Reserved
Sep 30, 2013

CVE-2013-5960 Data

JSON

Owasp

What is CVE-2013-5960?

References

Timeline