CVE-2010-3300

It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.

Date published : 2021-06-22

https://seclists.org/oss-sec/2010/q3/357

https://www.usenix.org/legacy/events/woot10/tech/full_papers/Rizzo.pdf