Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
CVE-2010-3300
Summary
It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.
- HIGH
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- HIGH
- NONE
CWE-649 - Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
The software uses obfuscation or encryption of inputs that should not be mutable by an external actor, but the software does not use integrity checks to detect if those inputs have been modified.
References
Advisory Timeline
- Published