Lucene search
K

4 matches found

OSV
OSV
added 2022/04/25 12:0 a.m.37 views

CVE-2022-23457 Path Traversal in ESAPI

ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of Validator.getValidDirectoryPathString, String, File, boolean may incorrectly treat the tested input string as a child of the specified...

7.5CVSS7.1AI score0.02674EPSS
Exploits2References8
NVD
NVD
added 2013/09/30 5:9 p.m.18 views

CVE-2013-5960

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic...

5.8CVSS9.3AI score0.01655EPSS
Exploits1References7
Cvelist
Cvelist
added 2013/09/30 10:0 a.m.21 views

CVE-2013-5960

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic...

9.2AI score0.01655EPSS
Exploits1References7
Cvelist
Cvelist
added 2013/09/30 10:0 a.m.33 views

CVE-2013-5679

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protectio...

9.2AI score0.02426EPSS
Exploits1References4
Rows per page
Query Builder