CVE-2010-3300

Published: Jun 22, 2021
Updated: May 9, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2010-3300" target="_blank" rel="noopener"> CVE-2010-3300
GHSA: <a href="https://github.com/advisories/GHSA-3gp6-hhfw-4gqx" target="_blank" rel="noopener"> GHSA-3gp6-hhfw-4gqx
Severity: Medium
Exploit:

It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.

CVSS v3:

CVSS v2:

CWEs:

Software	From	Fixed in
owasp / enterprise_security_api_for_java	-	2.0
owasp / enterprise_security_api_for_java	2.0	2.0.x
owasp / enterprise_security_api_for_java	2.0-rc1	2.0-rc1.x
org.owasp.esapi / esapi	-	2.0GA