It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.
The software uses obfuscation or encryption of inputs that should not be mutable by an external actor, but the software does not use integrity checks to detect if those inputs have been modified.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Enterprise_security_api_for_java | Owasp | * | * |
Enterprise_security_api_for_java | Owasp | 2.0 | 2.0 |
Enterprise_security_api_for_java | Owasp | 2.0 | 2.0 |