CVE-2022-24891 – Cross-site Scripting in org.owasp.esapi:esapi -- antisamy-esapi.xml configuration file
https://notcve.org/view.php?id=CVE-2022-24891
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi.xml** configuration file that can cause "javascript:" URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the "onsiteURL" regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers' release notes and security bulletin. • https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin8.pdf https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.3.0.0-release-notes.txt https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-q77q-vx4q-xx6q https://security.netapp.com/advisory/ntap-20230127-0014 https://www.oracle.com/security-alerts/cpujul2022.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-23457 – Path Traversal in ESAPI
https://notcve.org/view.php?id=CVE-2022-23457
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the 'input' path. This vulnerability is patched in release 2.3.0.0 of ESAPI. As a workaround, it is possible to write one's own implementation of the Validator interface. • https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.3.0.0-release-notes.txt https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-8m5h-hrqm-pxm2 https://security.netapp.com/advisory/ntap-20230127-0014 https://securitylab.github.com/advisories/GHSL-2022-008_The_OWASP_Enterprise_Security_API https://www.oracle.com/security-alerts/cpujul2022.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2010-3300
https://notcve.org/view.php?id=CVE-2010-3300
It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks. Se ha detectado que todos los OWASP ESAPI para Java hasta versión 2.0 RC2, son vulnerables a ataques de tipo padding oracle • https://seclists.org/oss-sec/2010/q3/357 https://www.usenix.org/legacy/events/woot10/tech/full_papers/Rizzo.pdf • CWE-649: Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking •
CVE-2013-5960
https://notcve.org/view.php?id=CVE-2013-5960
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against the intended cipher mode in a non-default configuration, a different vulnerability than CVE-2013-5679. La característica de cifrado autenticado en la implementación de cifrado simétrico en la API OWASP Enterprise Security (ESAPI) para Java en versiones 2.x anteriores a la versión 2.1.0.1 no resiste adecuadamente la manipulación del texto cifrado serializado, lo que facilita a los atacantes remotos la posibilidad de eludir los mecanismos de protección criptográfica previstos mediante un ataque contra el modo de cifrado establecido en una configuración que no es por defecto. Esta es una vulnerabilidad diferente de CVE-2013-5679. • http://code.google.com/p/owasp-esapi-java/issues/detail?id=306 http://lists.owasp.org/pipermail/esapi-dev/2013-August/002285.html http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/ESAPI-security-bulletin1.pdf http://www.securityfocus.com/bid/62415 https://github.com/ESAPI/esapi-java-legacy/blob/master/documentation/esapi4java-core-2.1.0.1-release-notes.txt https://github.com/ESAPI/esapi-java-legacy/issues/359 https://github.com/esapi/esapi-java-legacy/issues/306 • CWE-310: Cryptographic Issues •
CVE-2013-5679
https://notcve.org/view.php?id=CVE-2013-5679
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against authenticity in the default configuration, involving a null MAC and a zero MAC length. La función de cifrado-autenticado en el cifrado-simétrico implementado en OWASP Enterprise Security API (ESAPI) para Java 2.x anterior a la versión 2.1.0 no resiste adecuadamente a la manipulación con texto cifrado serializado, lo que hace más fácil a atacantes remotos evadir los mecanismos de protección criptográficos intencionados a través de un ataque contra la autenticidad en la configuración por defecto, involucrando una MAC nula y una MAC con longitud cero. • http://code.google.com/p/owasp-esapi-java/issues/detail?id=306 http://lists.owasp.org/pipermail/esapi-dev/2013-August/002285.html http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/ESAPI-security-bulletin1.pdf http://www.securityfocus.com/bid/62415 • CWE-310: Cryptographic Issues •