Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 30/09/2013 Updated: 04/02/2019

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x prior to 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote malicious users to bypass intended cryptographic protection mechanisms via an attack against the intended cipher mode in a non-default configuration, a different vulnerability than CVE-2013-5679.

Vulnerable Product	Search on Vulmon	Subscribe to Product
owasp enterprise security api

CWE-310 http://www.securityfocus.com/bid/62415 http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/ESAPI-security-bulletin1.pdf http://lists.owasp.org/pipermail/esapi-dev/2013-August/002285.html http://code.google.com/p/owasp-esapi-java/issues/detail?id=306 https://github.com/ESAPI/esapi-java-legacy/issues/359 https://github.com/esapi/esapi-java-legacy/issues/306 https://github.com/ESAPI/esapi-java-legacy/blob/master/documentation/esapi4java-core-2.1.0.1-release-notes.txt https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-5960

Vulnerability Summary

References

Vulmon Search

About

Products

Connect