The Open Web Application Security Project (OWASP) has patched a vulnerability in its Enterprise Security API (ESAPI) that, if neglected, could have been abused to run path traversal attacks. The flaw, which had a security severity rating of 7.5 out of 10 and involved the ESAPI validator interface, can be resolved by applying the patched 2.3.0.0 release. Yaniv Balmas, VP of Research at Salt Security, notes that while the vulnerability is a relatively moderate one...
Read more