PRIOn knowledge basePRION:CVE-2013-5960

HistorySep 30, 2013 - 5:09 p.m.

Default configuration

2013-09-3017:09:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

70.4%

JSON

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against the intended cipher mode in a non-default configuration, a different vulnerability than CVE-2013-5679.

CPENameOperatorVersion
enterprise_security_apige2.0
enterprise_security_apilt2.1.0.1

CPE	Name	Operator	Version
	enterprise_security_api	ge	2.0
	enterprise_security_api	lt	2.1.0.1

References

lists.owasp.org/pipermail/esapi-dev/2013-August/002285.html

www.securityfocus.com/bid/62415

code.google.com/p/owasp-esapi-java/issues/detail?id=306

github.com/ESAPI/esapi-java-legacy/blob/master/documentation/esapi4java-core-2.1.0.1-release-notes.txt

github.com/esapi/esapi-java-legacy/issues/306

github.com/ESAPI/esapi-java-legacy/issues/359

owasp-esapi-java.googlecode.com/svn/trunk/documentation/ESAPI-security-bulletin1.pdf

6.7 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

70.4%

JSON

Related for PRION:CVE-2013-5960