owasp enterprise security api vulnerabilities and exploits

(subscribe to this query)

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the *...

Owasp Enterprise Security Api Oracle Weblogic Server 12.2.1.3.0 Oracle Weblogic Server 12.2.1.4.0 Oracle Weblogic Server 14.1.1.0.0 Netapp Oncommand Workflow Automation -Netapp Active Iq Unified Manager -

1 Github repository

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a ...

Owasp Enterprise Security Api Oracle Weblogic Server 12.2.1.3.0 Oracle Weblogic Server 12.2.1.4.0 Oracle Weblogic Server 14.1.1.0.0 Netapp Oncommand Workflow Automation -Netapp Active Iq Unified Manager -

It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.

Owasp Enterprise Security Api For Java Owasp Enterprise Security Api For Java 2.0

In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise ...

Linuxfoundation Containerd Linuxfoundation Containerd 1.3.0 Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 20.04 Debian Debian Linux 10.0

4 Github repositories

dom4j prior to 2.0.3 and 2.1.x prior to 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j...

Dom4j Project Dom4j Oracle Insurance Policy Administration J2ee 10.2.0 Oracle Insurance Rules Palette 10.2.0 Oracle Retail Integration Bus 15.0 Oracle Webcenter Portal 12.2.1.3.0 Oracle Webcenter Portal 11.1.1.9.0 Oracle Utilities Framework 4.2.0.3.0 Oracle Utilities Framework 4.2.0.2.0 Oracle Utilities Framework 2.2.0.0.0 Oracle Flexcube Core Banking 11.7.0 Oracle Business Process Management Suite 12.2.1.3.0 Oracle Endeca Information Discovery Integrator 3.2.0 Oracle Application Testing Suite 13.3.0.1 Oracle Retail Order Broker 15.0 Oracle Retail Order Broker 16.0 Oracle Retail Integration Bus 16.0 Oracle Retail Customer Management And Segmentation Foundation 16.0 Oracle Retail Customer Management And Segmentation Foundation 17.0 Oracle Retail Customer Management And Segmentation Foundation 18.0 Oracle Enterprise Data Quality 12.2.1.3.0 Oracle Data Integrator 12.2.1.3.0 Oracle Utilities Framework 4.4.0.0.0

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x prior to 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote malicious users to bypass int...

Owasp Enterprise Security Api

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x prior to 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote malicious users to bypass inten...

Owasp Enterprise Security Api 2.0.1 Owasp Enterprise Security Api 2.0

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook