CVE-2010-3300: Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking

August 13, 2021

It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.

References

github.com/advisories/GHSA-3gp6-hhfw-4gqx
nvd.nist.gov/vuln/detail/CVE-2010-3300
seclists.org/oss-sec/2010/q3/357
www.usenix.org/legacy/events/woot10/tech/full_papers/Rizzo.pdf

Detect and mitigate CVE-2010-3300 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →