Skip to main content

Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking

CVE-2010-3300

Severity Medium
Score 5.9/10

Summary

It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.

  • HIGH
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • NONE

CWE-649 - Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking

The software uses obfuscation or encryption of inputs that should not be mutable by an external actor, but the software does not use integrity checks to detect if those inputs have been modified.

References

Advisory Timeline

  • Published