1. Home
  2. Vulnerabilities
  3. CVE-2013-5960

CVE-2013-5960

CVSS v2.0 5.8 (Medium)
58% Progress
EPSS 0.53 % (77th)
0.53% Progress
Affected Products 1
Advisories 3
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against the intended cipher mode in a non-default configuration, a different vulnerability than CVE-2013-5679.

Weaknesses
CWE-310
Cryptographic Issues
Related CVEs
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2013-09-30 17:09:26
(11 years ago)
Updated Date
2019-02-04 16:33:01
(5 years ago)

Affected Products

Owasp

Configuration #1

    CPE23 From Up To
  Owasp Enterprise Security Api from 2.0 version and prior 2.1.0.1 version cpe:2.3:a:owasp:enterprise_security_api >= 2.0 < 2.1.0.1