It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.
The product uses obfuscation or encryption of inputs that should not be mutable by an external actor, but the product does not use integrity checks to detect if those inputs have been modified.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Enterprise_security_api_for_java | Owasp | * | 2.0 (excluding) |
Enterprise_security_api_for_java | Owasp | 2.0 (including) | 2.0 (including) |
Enterprise_security_api_for_java | Owasp | 2.0-rc1 (including) | 2.0-rc1 (including) |