Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 3.1.2
Report Generated On : Sep 8, 2019 at 07:54:17 +00:00
Dependencies Scanned : 220 (184 unique)
Vulnerable Dependencies : 28
Vulnerabilities Found : 107
Vulnerabilities Suppressed : 0
...
NVD CVE 2002 : 27/08/2019 03:15:28
NVD CVE 2003 : 27/08/2019 02:45:38
NVD CVE 2004 : 27/08/2019 02:45:38
NVD CVE 2005 : 27/08/2019 02:45:38
NVD CVE 2006 : 29/08/2019 08:45:47
NVD CVE 2007 : 27/08/2019 02:15:31
NVD CVE 2008 : 27/08/2019 01:45:43
NVD CVE 2009 : 06/09/2019 08:15:30
NVD CVE 2010 : 27/08/2019 01:15:32
NVD CVE 2011 : 31/08/2019 08:45:45
NVD CVE 2012 : 04/09/2019 08:45:34
NVD CVE 2013 : 31/08/2019 08:45:45
NVD CVE 2014 : 31/08/2019 08:45:45
NVD CVE 2015 : 05/09/2019 08:45:28
NVD CVE 2016 : 07/09/2019 08:15:30
NVD CVE 2017 : 07/09/2019 08:15:30
NVD CVE 2018 : 07/09/2019 07:45:37
NVD CVE 2019 : 07/09/2019 07:15:29
NVD CVE Checked : 08/09/2019 07:41:22
NVD CVE Modified : 08/09/2019 05:15:29
VersionCheckOn : 1567322986466
Display:
Showing Vulnerable Dependencies (click to show all)
Dependencies
xmlpull-1.1.3.1.jar
License:
Public Domain: http://www.xmlpull.org/v1/download/unpacked/LICENSE.txt
File Path: /home/ciagent/.m2/repository/xmlpull/xmlpull/1.1.3.1/xmlpull-1.1.3.1.jar
MD5: cc57dacc720eca721a50e78934b822d2
SHA1: 2b8e230d2ab644e4ecaa94db7cdedbc40c805dfa
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor jar package name v1 Low
Vendor pom name XML Pull Parsing API High
Vendor pom url http://www.xmlpull.org Highest
Vendor central groupid xmlpull Highest
Vendor jar package name xmlpull Low
Vendor file name xmlpull High
Vendor pom groupid xmlpull Highest
Vendor pom artifactid xmlpull Low
Product pom artifactid xmlpull Highest
Product pom groupid xmlpull Low
Product jar package name v1 Low
Product pom name XML Pull Parsing API High
Product pom url http://www.xmlpull.org Medium
Product file name xmlpull High
Product central artifactid xmlpull Highest
Version file version 1.1.3.1 Highest
Version central version 1.1.3.1 Highest
Version pom version 1.1.3.1 Highest
xstream-1.4.10.jar
Description: XStream is a serialization library from Java objects to XML and back.
License:
http://x-stream.github.io/license.html
File Path: /home/ciagent/.m2/repository/com/thoughtworks/xstream/xstream/1.4.10/xstream-1.4.10.jar
MD5: d00eec778910f95b26201395ac64cca0
SHA1: dfecae23647abc9d9fd0416629a4213a3882b101
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest x-builder Maven 3.3.9 Low
Vendor central groupid com.thoughtworks.xstream Highest
Vendor pom artifactid xstream Low
Vendor pom groupid thoughtworks.xstream Highest
Vendor Manifest x-compile-target 1.5 Low
Vendor Manifest java_1_4_home /opt/blackdown-jdk-1.4.2.03 Low
Vendor Manifest x-compile-source 1.5 Low
Vendor Manifest java_1_6_home /opt/sun-jdk-1.6.0.45 Low
Vendor Manifest x-build-time 2017-05-23T14:28:02Z Low
Vendor pom groupid com.thoughtworks.xstream Highest
Vendor Manifest java_1_5_home /opt/sun-jdk-1.5.0.22 Low
Vendor pom name XStream Core High
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Vendor pom parent-artifactid xstream-parent Low
Vendor manifest Bundle-Description XStream is a serialization library from Java objects to XML and back. Medium
Vendor Manifest java_1_9_home /opt/oracle-jdk-bin-1.9.0.0_beta167 Low
Vendor Manifest specification-vendor XStream Low
Vendor Manifest Implementation-Vendor-Id com.thoughtworks.xstream Medium
Vendor Manifest bundle-docurl http://x-stream.github.io Low
Vendor file name xstream High
Vendor Manifest bundle-symbolicname xstream Medium
Vendor pom parent-groupid com.thoughtworks.xstream Medium
Vendor Manifest java_1_8_home /opt/oracle-jdk-bin-1.8.0.131 Low
Vendor Manifest Implementation-Vendor XStream High
Vendor Manifest java_1_7_home /opt/oracle-jdk-bin-1.7.0.80 Low
Product Manifest x-builder Maven 3.3.9 Low
Product pom artifactid xstream Highest
Product central artifactid xstream Highest
Product Manifest x-compile-target 1.5 Low
Product Manifest java_1_4_home /opt/blackdown-jdk-1.4.2.03 Low
Product Manifest x-compile-source 1.5 Low
Product Manifest java_1_6_home /opt/sun-jdk-1.6.0.45 Low
Product Manifest specification-title XStream Core Medium
Product Manifest x-build-time 2017-05-23T14:28:02Z Low
Product Manifest Implementation-Title XStream Core High
Product Manifest Bundle-Name XStream Core Medium
Product pom groupid thoughtworks.xstream Low
Product Manifest java_1_5_home /opt/sun-jdk-1.5.0.22 Low
Product pom parent-groupid com.thoughtworks.xstream Low
Product pom name XStream Core High
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Product manifest Bundle-Description XStream is a serialization library from Java objects to XML and back. Medium
Product Manifest java_1_9_home /opt/oracle-jdk-bin-1.9.0.0_beta167 Low
Product Manifest bundle-docurl http://x-stream.github.io Low
Product file name xstream High
Product Manifest bundle-symbolicname xstream Medium
Product pom parent-artifactid xstream-parent Medium
Product Manifest java_1_8_home /opt/oracle-jdk-bin-1.8.0.131 Low
Product Manifest java_1_7_home /opt/oracle-jdk-bin-1.7.0.80 Low
Version pom version 1.4.10 Highest
Version Manifest Implementation-Version 1.4.10 High
Version file version 1.4.10 Highest
Version central version 1.4.10 Highest
Published Vulnerabilities
CVE-2013-7285 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.
Vulnerable Software & Versions: (show all )
CVE-2019-10173 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)
Vulnerable Software & Versions:
commons-chain-1.2.jar
Description:
An implementation of the GoF Chain of Responsibility pattern
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-chain/commons-chain/1.2/commons-chain-1.2.jar
MD5: e18e2c87826644e4c8c08635572c154f
SHA1: 744a13e8766e338bd347b6fbc28c6db12979d0c6
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom artifactid commons-chain Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor central groupid commons-chain Highest
Vendor pom parent-groupid org.apache.commons Medium
Vendor Manifest bundle-symbolicname org.apache.commons.chain Medium
Vendor pom description
An implementation of the GoF Chain of Responsibility pattern
Medium
Vendor Manifest bundle-docurl http://commons.apache.org/chain/ Low
Vendor manifest Bundle-Description An implementation of the GoF Chain of Responsibility pattern Medium
Vendor pom groupid commons-chain Highest
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom url http://commons.apache.org/chain/ Highest
Vendor pom name Commons Chain High
Vendor file name commons-chain High
Vendor pom parent-artifactid commons-parent Low
Product Manifest Bundle-Name Commons Chain Medium
Product Manifest bundle-symbolicname org.apache.commons.chain Medium
Product pom parent-artifactid commons-parent Medium
Product central artifactid commons-chain Highest
Product pom url http://commons.apache.org/chain/ Medium
Product Manifest specification-title Commons Chain Medium
Product pom description
An implementation of the GoF Chain of Responsibility pattern
Medium
Product pom artifactid commons-chain Highest
Product pom groupid commons-chain Low
Product Manifest bundle-docurl http://commons.apache.org/chain/ Low
Product manifest Bundle-Description An implementation of the GoF Chain of Responsibility pattern Medium
Product Manifest Implementation-Title Commons Chain High
Product pom parent-groupid org.apache.commons Low
Product pom name Commons Chain High
Product file name commons-chain High
Version pom version 1.2 Highest
Version Manifest Implementation-Version 1.2 High
Version central version 1.2 Highest
Version file version 1.2 Highest
commons-codec-1.10.jar
Description:
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-codec/commons-codec/1.10/commons-codec-1.10.jar
MD5: 353cf6a2bdba09595ccfa073b78c7fcb
SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid commons-codec Highest
Vendor Manifest bundle-symbolicname org.apache.commons.codec Medium
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor manifest Bundle-Description The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.commons Medium
Vendor Manifest implementation-build trunk@r1637108; 2014-11-06 14:14:12+0000 Low
Vendor pom name Apache Commons Codec High
Vendor central groupid commons-codec Highest
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor pom description The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. Low
Vendor file name commons-codec High
Vendor pom url http://commons.apache.org/proper/commons-codec/ Highest
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom artifactid commons-codec Low
Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-codec/ Low
Vendor pom parent-artifactid commons-parent Low
Product Manifest bundle-symbolicname org.apache.commons.codec Medium
Product manifest Bundle-Description The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. Low
Product pom groupid commons-codec Low
Product pom parent-artifactid commons-parent Medium
Product Manifest specification-title Apache Commons Codec Medium
Product Manifest implementation-build trunk@r1637108; 2014-11-06 14:14:12+0000 Low
Product pom name Apache Commons Codec High
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product pom description The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. Low
Product pom url http://commons.apache.org/proper/commons-codec/ Medium
Product Manifest Implementation-Title Apache Commons Codec High
Product central artifactid commons-codec Highest
Product pom parent-groupid org.apache.commons Low
Product pom artifactid commons-codec Highest
Product file name commons-codec High
Product Manifest Bundle-Name Apache Commons Codec Medium
Product Manifest bundle-docurl http://commons.apache.org/proper/commons-codec/ Low
Version Manifest Implementation-Version 1.10 High
Version central version 1.10 Highest
Version file version 1.10 Highest
Version pom version 1.10 Highest
commons-httpclient-3.1.jar
Description: The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.
License:
Apache License: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/ciagent/.m2/repository/commons-httpclient/commons-httpclient/3.1/commons-httpclient-3.1.jar
MD5: 8ad8c9229ef2d59ab9f59f7050e846a5
SHA1: 964cd74171f427720480efdec40a7c7f6e58426a
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom artifactid commons-httpclient Low
Vendor pom url http://jakarta.apache.org/httpcomponents/httpclient-3.x/ Highest
Vendor pom name HttpClient High
Vendor file name commons-httpclient High
Vendor pom organization name Apache Software Foundation High
Vendor pom description The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily. Low
Vendor pom groupid commons-httpclient Highest
Vendor manifest: org/apache/commons/httpclient Implementation-Vendor Apache Software Foundation Medium
Vendor pom organization url http://jakarta.apache.org/ Medium
Vendor central groupid commons-httpclient Highest
Product pom organization url http://jakarta.apache.org/ Low
Product pom url http://jakarta.apache.org/httpcomponents/httpclient-3.x/ Medium
Product pom organization name Apache Software Foundation Low
Product pom artifactid commons-httpclient Highest
Product manifest: org/apache/commons/httpclient Specification-Title Jakarta Commons HttpClient Medium
Product pom groupid commons-httpclient Low
Product pom name HttpClient High
Product file name commons-httpclient High
Product pom description The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily. Low
Product central artifactid commons-httpclient Highest
Product manifest: org/apache/commons/httpclient Implementation-Title org.apache.commons.httpclient Medium
Version file version 3.1 Highest
Version central version 3.1 Highest
Version pom version 3.1 Highest
commons-lang-2.6.jar
Description:
Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor central groupid commons-lang High
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom name Commons Lang High
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.commons Medium
Vendor file name commons-lang High
Vendor manifest Bundle-Description Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low
Vendor Manifest bundle-docurl http://commons.apache.org/lang/ Low
Vendor pom description Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low
Vendor pom url http://commons.apache.org/lang/ Highest
Vendor pom groupid commons-lang Highest
Vendor central groupid org.netbeans.external High
Vendor pom artifactid commons-lang Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest bundle-symbolicname org.apache.commons.lang Medium
Vendor pom parent-artifactid commons-parent Low
Product pom name Commons Lang High
Product central artifactid org-apache-commons-lang High
Product file name commons-lang High
Product pom parent-artifactid commons-parent Medium
Product manifest Bundle-Description Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low
Product Manifest bundle-docurl http://commons.apache.org/lang/ Low
Product pom description Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low
Product Manifest Bundle-Name Commons Lang Medium
Product pom groupid commons-lang Low
Product pom artifactid commons-lang Highest
Product Manifest Implementation-Title Commons Lang High
Product Manifest specification-title Commons Lang Medium
Product pom parent-groupid org.apache.commons Low
Product central artifactid commons-lang High
Product pom url http://commons.apache.org/lang/ Medium
Product Manifest bundle-symbolicname org.apache.commons.lang Medium
Version Manifest Implementation-Version 2.6 High
Version file version 2.6 Highest
ical4j-1.0-beta5.jar
Description:
A Java library for reading and writing iCalendar (*.ics) files
License:
iCal4j - License: LICENSE
File Path: /home/ciagent/.m2/repository/ical4j/ical4j/1.0-beta5/ical4j-1.0-beta5.jar
MD5: 6da73e184e456aebd7bd81923c8cccce
SHA1: 6c19c4eec102ae28871c8765fc8d60dc60df93ec
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom name iCal4j High
Vendor jar package name ical4j Low
Vendor jar package name fortuna Low
Vendor file name ical4j High
Vendor pom description
A Java library for reading and writing iCalendar (*.ics) files
Medium
Vendor pom url http://ical4j.sourceforge.net Highest
Vendor jar package name net Low
Vendor pom groupid ical4j Highest
Vendor pom artifactid ical4j Low
Product pom name iCal4j High
Product jar package name ical4j Low
Product pom groupid ical4j Low
Product jar package name fortuna Low
Product pom artifactid ical4j Highest
Product file name ical4j High
Product pom description
A Java library for reading and writing iCalendar (*.ics) files
Medium
Product jar package name model Low
Product pom url http://ical4j.sourceforge.net Medium
Version pom version 1.0-beta5 Highest
Version file version 1.0.beta Highest
Version file name ical4j Medium
maven: ical4j:ical4j:1.0-beta5
Confidence :High
jcr-1.0.1.jar
Description: Content Repository for Java technology API. Specifies a standard API to access content repositories in JavaTM 2 independently of implementation.
License:
Day License: http://www.day.com/maven/jsr170/licenses/day-spec-license.htm
File Path: /home/ciagent/.m2/repository/javax/jcr/jcr/1.0.1/jcr-1.0.1.jar
MD5: 4639c7b994528948dab1a4feb1f68d6f
SHA1: 567ee103cf7592e3cf036e1bf4e2e06b9f08e1a1
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest extension-name jcr Medium
Vendor pom groupid javax.jcr Highest
Vendor pom organization name Day Software Management AG High
Vendor pom name Content Repository for Java Technology API High
Vendor file name jcr High
Vendor Manifest specification-vendor Day Software Management AG Low
Vendor pom organization url http://www.day.com/ Medium
Vendor pom description Content Repository for Java technology API. Specifies a standard API to access content repositories in JavaTM 2 independently of implementation. Low
Vendor pom artifactid jcr Low
Vendor pom url http://www.jcp.org/en/jsr/detail?id=170 Highest
Vendor Manifest Implementation-Vendor Day Software Management AG High
Product Manifest specification-title Content Repository for Java Technology API Medium
Product Manifest extension-name jcr Medium
Product pom organization url http://www.day.com/ Low
Product pom name Content Repository for Java Technology API High
Product pom url http://www.jcp.org/en/jsr/detail?id=170 Medium
Product file name jcr High
Product Manifest Implementation-Title javax.jcr High
Product pom description Content Repository for Java technology API. Specifies a standard API to access content repositories in JavaTM 2 independently of implementation. Low
Product pom groupid javax.jcr Low
Product pom artifactid jcr Highest
Product pom organization name Day Software Management AG Low
Version Manifest Implementation-Version 1.0.1 High
Version file version 1.0.1 Highest
Version pom version 1.0.1 Highest
cpe: cpe:/a:content_project:content:1.0.1
Confidence :Low
suppress
maven: javax.jcr:jcr:1.0.1
Confidence :High
Published Vulnerabilities
CVE-2017-16111 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header.
Vulnerable Software & Versions:
slf4j-api-1.7.18.jar
Description: The slf4j API
File Path: /home/ciagent/.m2/repository/org/slf4j/slf4j-api/1.7.18/slf4j-api-1.7.18.jar
MD5: 1b1d1af21206ac5ae44cd79a6c04dd92
SHA1: b631d286463ced7cc42ee2171fe3beaed2836823
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor file name slf4j-api High
Vendor Manifest bundle-symbolicname slf4j.api Medium
Vendor central groupid org.slf4j Highest
Vendor pom description The slf4j API Medium
Vendor pom groupid org.slf4j Highest
Vendor pom groupid slf4j Highest
Vendor pom parent-groupid org.slf4j Medium
Vendor pom artifactid slf4j-api Low
Vendor manifest Bundle-Description The slf4j API Medium
Vendor pom parent-artifactid slf4j-parent Low
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor pom name SLF4J API Module High
Vendor pom url http://www.slf4j.org Highest
Product file name slf4j-api High
Product Manifest bundle-symbolicname slf4j.api Medium
Product pom description The slf4j API Medium
Product Manifest Bundle-Name slf4j-api Medium
Product pom parent-groupid org.slf4j Low
Product central artifactid slf4j-api Highest
Product pom url http://www.slf4j.org Medium
Product pom groupid slf4j Low
Product manifest Bundle-Description The slf4j API Medium
Product Manifest Implementation-Title slf4j-api High
Product pom artifactid slf4j-api Highest
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product pom name SLF4J API Module High
Product pom parent-artifactid slf4j-parent Medium
Version pom version 1.7.18 Highest
Version file version 1.7.18 Highest
Version central version 1.7.18 Highest
Version Manifest Implementation-Version 1.7.18 High
jackrabbit-webdav-1.6.5.jar
Description: WebDAV library used by the Jackrabbit WebDAV support
File Path: /home/ciagent/.m2/repository/org/apache/jackrabbit/jackrabbit-webdav/1.6.5/jackrabbit-webdav-1.6.5.jar
MD5: 1d573cf67bcff173d91dd1d194334b66
SHA1: 5afbee7ce7bcf1c47d7e54e24afcd533cb6776ae
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom artifactid jackrabbit-webdav Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom groupid apache.jackrabbit Highest
Vendor Manifest Implementation-Vendor-Id org.apache.jackrabbit Medium
Vendor pom name Jackrabbit WebDAV Library High
Vendor central groupid org.apache.jackrabbit Highest
Vendor pom description WebDAV library used by the Jackrabbit WebDAV support Medium
Vendor file name jackrabbit-webdav High
Vendor pom groupid org.apache.jackrabbit Highest
Vendor pom parent-artifactid jackrabbit-parent Low
Vendor pom parent-groupid org.apache.jackrabbit Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Product pom parent-artifactid jackrabbit-parent Medium
Product Manifest Implementation-Title Jackrabbit WebDAV Library High
Product pom description WebDAV library used by the Jackrabbit WebDAV support Medium
Product central artifactid jackrabbit-webdav Highest
Product file name jackrabbit-webdav High
Product pom parent-groupid org.apache.jackrabbit Low
Product pom artifactid jackrabbit-webdav Highest
Product pom groupid apache.jackrabbit Low
Product pom name Jackrabbit WebDAV Library High
Product Manifest specification-title Jackrabbit WebDAV Library Medium
Version pom version 1.6.5 Highest
Version central version 1.6.5 Highest
Version file version 1.6.5 Highest
Version Manifest Implementation-Version 1.6.5 High
Related Dependencies
jackrabbit-jcr-commons-1.6.5.jar
File Path: /home/ciagent/.m2/repository/org/apache/jackrabbit/jackrabbit-jcr-commons/1.6.5/jackrabbit-jcr-commons-1.6.5.jar
SHA1: 0c65d825fd75f1ca3db19d553d9f453a13307175
MD5: d4a3a9629f22a0a987853419eeb9eb1d
maven: org.apache.jackrabbit:jackrabbit-jcr-commons:1.6.5 ✓
Published Vulnerabilities
CVE-2015-1833 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation
XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.
Vulnerable Software & Versions: (show all )
exo.portal.webui.core-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.webui.core/5.3.x-SNAPSHOT/exo.portal.webui.core-5.3.x-SNAPSHOT.jar
MD5: 2bdcd7617bc620aaf68b861a6239f6de
SHA1: b03f0171db0eb08d1919d2f22268f6f6f359d9f3
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom artifactid exo.portal.webui.core Low
Vendor Manifest Implementation-Vendor-Id org.exoplatform.gatein.portal Medium
Vendor Manifest os-name Linux Medium
Vendor pom groupid exoplatform.gatein.portal Highest
Vendor pom name GateIn Portal WebUI Core High
Vendor pom parent-groupid org.exoplatform.gatein.portal Medium
Vendor file name exo.portal.webui.core High
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor pom groupid org.exoplatform.gatein.portal Highest
Vendor Manifest implementation-url www.gatein.org/exo.portal.parent/exo.portal.webui/exo.portal.webui.core/ Low
Vendor Manifest Implementation-Vendor JBoss by Red Hat High
Vendor Manifest build-timestamp Fri, 6 Sep 2019 07:08:20 +0000 Low
Vendor Manifest specification-vendor JBoss by Red Hat Low
Vendor pom parent-artifactid exo.portal.webui Low
Product file name exo.portal.webui.core High
Product Manifest Implementation-Title GateIn Portal WebUI Core High
Product Manifest implementation-url www.gatein.org/exo.portal.parent/exo.portal.webui/exo.portal.webui.core/ Low
Product pom parent-groupid org.exoplatform.gatein.portal Low
Product pom parent-artifactid exo.portal.webui Medium
Product Manifest specification-title GateIn Portal WebUI Core Medium
Product pom artifactid exo.portal.webui.core Highest
Product Manifest os-name Linux Medium
Product Manifest build-timestamp Fri, 6 Sep 2019 07:08:20 +0000 Low
Product pom name GateIn Portal WebUI Core High
Product pom groupid exoplatform.gatein.portal Low
Version pom version 5.3.x-20190906.072147-61 Highest
Version pom version 5.3.x-SNAPSHOT Highest
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
Related Dependencies
exo.portal.gadgets-core-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.gadgets-core/5.3.x-SNAPSHOT/exo.portal.gadgets-core-5.3.x-SNAPSHOT.jar
SHA1: 4f49138ff8869e5f9228dc5da89d40bf0945358c
MD5: 00df8b09acf4d9258d4ee8a69055cc87
exo.portal.webui.portal-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.webui.portal/5.3.x-SNAPSHOT/exo.portal.webui.portal-5.3.x-SNAPSHOT.jar
SHA1: b6a319e05049cb024c2960b06182384fd335c004
MD5: 3f6d0e5a66ecdecdef91447d9ac17d10
exo.portal.component.resources-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.resources/5.3.x-SNAPSHOT/exo.portal.component.resources-5.3.x-SNAPSHOT.jar
SHA1: 41f64e65226f0cf47623feac632683102b1b48a6
MD5: dd5bd9cf6282477aff32b388752cbb90
exo.portal.component.api-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.api/5.3.x-SNAPSHOT/exo.portal.component.api-5.3.x-SNAPSHOT.jar
SHA1: f30f7b9ea6a5576bf3478feedb6530d516822520
MD5: 420fb78d4153824e4ce3958a5ebaa3c1
maven: org.exoplatform.gatein.portal:exo.portal.webui.core:5.3.x-SNAPSHOT
Confidence :High
cpe: cpe:/a:in-portal:in-portal:5.3.20190906
Confidence :Low
suppress
commons-webui-component-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-webui-component/5.3.x-SNAPSHOT/commons-webui-component-5.3.x-SNAPSHOT.jar
MD5: 1261e31f530995df71f81d4e6928b886
SHA1: 2de3d868c0965ede195d38c77274df295b68a36c
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom artifactid commons-webui-component Low
Vendor pom parent-groupid org.exoplatform.commons Medium
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom groupid exoplatform.commons Highest
Vendor pom name eXo PLF:: Commons - Commons WebUI High
Vendor pom groupid org.exoplatform.commons Highest
Vendor Manifest date 2019-09-06T11:21:29Z Low
Vendor pom parent-artifactid commons Low
Vendor file name commons-webui-component High
Vendor Manifest Implementation-Vendor-Id org.exoplatform.commons Medium
Vendor Manifest implementation-url https://projects.exoplatform.org/commons/commons-webui-component Low
Product file name commons-webui-component High
Product pom parent-artifactid commons Medium
Product Manifest Implementation-Title eXo PLF:: Commons - Commons WebUI High
Product Manifest specification-title eXo PLF:: Commons - Commons WebUI Medium
Product pom name eXo PLF:: Commons - Commons WebUI High
Product pom artifactid commons-webui-component Highest
Product pom parent-groupid org.exoplatform.commons Low
Product Manifest date 2019-09-06T11:21:29Z Low
Product Manifest implementation-url https://projects.exoplatform.org/commons/commons-webui-component Low
Product pom groupid exoplatform.commons Low
Version pom version 5.3.x-20190906.113205-141 Highest
Version pom version 5.3.x-SNAPSHOT Highest
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
maven: org.exoplatform.commons:commons-webui-component:5.3.x-SNAPSHOT
Confidence :High
commons-api-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-api/5.3.x-SNAPSHOT/commons-api-5.3.x-SNAPSHOT.jar
MD5: dfebac856f07ea647810535fe98cb194
SHA1: 13b6568e624628a21f3505419d50e373465b3bac
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor file name commons-api High
Vendor pom parent-groupid org.exoplatform.commons Medium
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom name eXo PLF:: Commons - API High
Vendor pom groupid exoplatform.commons Highest
Vendor Manifest implementation-url https://projects.exoplatform.org/commons/commons-api Low
Vendor pom groupid org.exoplatform.commons Highest
Vendor Manifest date 2019-09-06T11:21:29Z Low
Vendor pom parent-artifactid commons Low
Vendor pom artifactid commons-api Low
Vendor Manifest Implementation-Vendor-Id org.exoplatform.commons Medium
Product Manifest Implementation-Title eXo PLF:: Commons - API High
Product file name commons-api High
Product pom parent-artifactid commons Medium
Product pom artifactid commons-api Highest
Product pom name eXo PLF:: Commons - API High
Product Manifest implementation-url https://projects.exoplatform.org/commons/commons-api Low
Product pom parent-groupid org.exoplatform.commons Low
Product Manifest date 2019-09-06T11:21:29Z Low
Product pom groupid exoplatform.commons Low
Product Manifest specification-title eXo PLF:: Commons - API Medium
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
maven: org.exoplatform.commons:commons-api:5.3.x-SNAPSHOT
Confidence :High
jsr311-api-1.1.1.jar
License:
CDDL License
: http://www.opensource.org/licenses/cddl1.php
File Path: /home/ciagent/.m2/repository/javax/ws/rs/jsr311-api/1.1.1/jsr311-api-1.1.1.jar
MD5: c9803468299ec255c047a280ddec510f
SHA1: 59033da2a1afd56af1ac576750a8d0b1830d59e6
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom artifactid jsr311-api Low
Vendor Manifest bundle-docurl http://www.sun.com/ Low
Vendor pom organization name Sun Microsystems, Inc High
Vendor Manifest extension-name javax.ws.rs Medium
Vendor central groupid javax.ws.rs Highest
Vendor pom organization url http://www.sun.com/ Medium
Vendor file name jsr311-api High
Vendor pom url https://jsr311.dev.java.net Highest
Vendor pom name jsr311-api High
Vendor pom groupid javax.ws.rs Highest
Vendor Manifest bundle-symbolicname javax.ws.rs.jsr311-api Medium
Vendor Manifest specification-vendor Sun Microsystems, Inc. Low
Product Manifest bundle-docurl http://www.sun.com/ Low
Product pom organization name Sun Microsystems, Inc Low
Product central artifactid jsr311-api Highest
Product pom artifactid jsr311-api Highest
Product Manifest extension-name javax.ws.rs Medium
Product Manifest specification-title JAX-RS: Java API for RESTful Web Services Medium
Product pom url https://jsr311.dev.java.net Medium
Product pom groupid javax.ws.rs Low
Product file name jsr311-api High
Product Manifest Bundle-Name jsr311-api Medium
Product pom organization url http://www.sun.com/ Low
Product pom name jsr311-api High
Product Manifest bundle-symbolicname javax.ws.rs.jsr311-api Medium
Version file version 1.1.1 Highest
Version central version 1.1.1 Highest
Version pom version 1.1.1 Highest
commons-fileupload-1.3.3.jar
Description:
The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-fileupload/commons-fileupload/1.3.3/commons-fileupload-1.3.3.jar
MD5: dd77e787b7b5dc56f6a1cb658716d55d
SHA1: 04ff14d809195b711fd6bcc87e6777f886730ca1
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom name Apache Commons FileUpload High
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor manifest Bundle-Description The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Low
Vendor pom parent-groupid org.apache.commons Medium
Vendor central groupid commons-fileupload Highest
Vendor pom url http://commons.apache.org/proper/commons-fileupload/ Highest
Vendor pom artifactid commons-fileupload Low
Vendor Manifest bundle-symbolicname org.apache.commons.fileupload Medium
Vendor Manifest implementation-url http://commons.apache.org/proper/commons-fileupload/ Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Vendor file name commons-fileupload High
Vendor pom description The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Low
Vendor pom groupid commons-fileupload Highest
Vendor Manifest implementation-build UNKNOWN@r18734e9f77a267ebc82ff2ffce6d96e82a34260f; 2017-06-09 22:59:50+0000 Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-fileupload/ Low
Vendor pom parent-artifactid commons-parent Low
Product pom name Apache Commons FileUpload High
Product manifest Bundle-Description The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Low
Product pom parent-artifactid commons-parent Medium
Product pom artifactid commons-fileupload Highest
Product central artifactid commons-fileupload Highest
Product Manifest bundle-symbolicname org.apache.commons.fileupload Medium
Product Manifest implementation-url http://commons.apache.org/proper/commons-fileupload/ Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Product file name commons-fileupload High
Product Manifest specification-title Apache Commons FileUpload Medium
Product pom parent-groupid org.apache.commons Low
Product pom groupid commons-fileupload Low
Product pom description The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Low
Product pom url http://commons.apache.org/proper/commons-fileupload/ Medium
Product Manifest implementation-build UNKNOWN@r18734e9f77a267ebc82ff2ffce6d96e82a34260f; 2017-06-09 22:59:50+0000 Low
Product Manifest Implementation-Title Apache Commons FileUpload High
Product Manifest Bundle-Name Apache Commons FileUpload Medium
Product Manifest bundle-docurl http://commons.apache.org/proper/commons-fileupload/ Low
Version Manifest Implementation-Version 1.3.3 High
Version central version 1.3.3 Highest
Version file version 1.3.3 Highest
Version pom version 1.3.3 Highest
exo.ws.rest.core-5.3.x-SNAPSHOT.jar
Description: Implementation of REST Core for Exoplatform SAS 'Web Services' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/ws/exo.ws.rest.core/5.3.x-SNAPSHOT/exo.ws.rest.core-5.3.x-SNAPSHOT.jar
MD5: 86342561ef49a5cb293729a73cc4112f
SHA1: 416f7877e8ddc88b5cdfcf21f68b86abeaed70c0
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.exoplatform.ws Medium
Vendor pom artifactid exo.ws.rest.core Low
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor pom groupid exoplatform.ws Highest
Vendor file name exo.ws.rest.core High
Vendor pom groupid org.exoplatform.ws Highest
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom parent-artifactid ws-parent Low
Vendor pom name eXo PLF:: WS :: REST :: Core High
Vendor Manifest Implementation-Vendor-Id org.exoplatform.ws Medium
Vendor pom description Implementation of REST Core for Exoplatform SAS 'Web Services' project. Medium
Product pom parent-artifactid ws-parent Medium
Product pom groupid exoplatform.ws Low
Product Manifest specification-title exo-ws Medium
Product Manifest Implementation-Title eXo PLF:: WS :: REST :: Core High
Product file name exo.ws.rest.core High
Product pom artifactid exo.ws.rest.core Highest
Product pom parent-groupid org.exoplatform.ws Low
Product pom name eXo PLF:: WS :: REST :: Core High
Product pom description Implementation of REST Core for Exoplatform SAS 'Web Services' project. Medium
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
Related Dependencies
exo.ws.frameworks.json-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/ws/exo.ws.frameworks.json/5.3.x-SNAPSHOT/exo.ws.frameworks.json-5.3.x-SNAPSHOT.jar
SHA1: 82734275f0a85d68e3c8ffa170212505f74045b7
MD5: 7847a8c462e0419afcdb0c28503ab692
exo.ws.commons-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/ws/exo.ws.commons/5.3.x-SNAPSHOT/exo.ws.commons-5.3.x-SNAPSHOT.jar
SHA1: 319bfcfe62376085ca825da6a9b2654e9ffd6e75
MD5: c96ef81571e487407442682f86324e73
exo.ws.rest.ext-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/ws/exo.ws.rest.ext/5.3.x-SNAPSHOT/exo.ws.rest.ext-5.3.x-SNAPSHOT.jar
SHA1: 06eecbb170a9ae580f3432833d42d1f341c01d82
MD5: 53862a7799f6f95196ed4cd1fc096174
maven: org.exoplatform.ws:exo.ws.rest.core:5.3.x-SNAPSHOT
Confidence :High
cpe: cpe:/a:ws_project:ws:5.3
Confidence :Low
suppress
bayeux-api-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/bayeux-api/3.0.8/bayeux-api-3.0.8.jar
MD5: a09842b7f274cefffa408299b5fc8dd0
SHA1: d5aceb0e7fef4a140f7e95be48338b97723d3163
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-symbolicname bayeux-api Medium
Vendor pom name CometD :: Bayeux API High
Vendor Manifest bundle-docurl http://docs.cometd.org Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor pom parent-groupid org.cometd.java Medium
Vendor file name bayeux-api High
Vendor pom groupid org.cometd.java Highest
Vendor central groupid org.cometd.java Highest
Vendor Manifest bundle-contactaddress http://cometd.org/cometd-java/bayeux-api Low
Vendor pom groupid cometd.java Highest
Vendor pom parent-artifactid cometd-java Low
Vendor manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Vendor pom artifactid bayeux-api Low
Product Manifest bundle-symbolicname bayeux-api Medium
Product pom name CometD :: Bayeux API High
Product Manifest bundle-docurl http://docs.cometd.org Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product Manifest Bundle-Name CometD :: Bayeux API Medium
Product file name bayeux-api High
Product pom groupid cometd.java Low
Product pom parent-groupid org.cometd.java Low
Product central artifactid bayeux-api Highest
Product pom parent-artifactid cometd-java Medium
Product pom artifactid bayeux-api Highest
Product Manifest bundle-contactaddress http://cometd.org/cometd-java/bayeux-api Low
Product manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Version pom version 3.0.8 Highest
Version file version 3.0.8 Highest
Version central version 3.0.8 Highest
cometd-java-common-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-common/3.0.8/cometd-java-common-3.0.8.jar
MD5: 70c7cc13ecc20634a6b357e33134d551
SHA1: 5e2134a1b3bc6e03b7e1666a74e9993d0bb52a7d
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor file name cometd-java-common High
Vendor Manifest bundle-symbolicname cometd-java-common Medium
Vendor Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-common Low
Vendor Manifest bundle-docurl http://docs.cometd.org Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor pom parent-groupid org.cometd.java Medium
Vendor pom groupid org.cometd.java Highest
Vendor central groupid org.cometd.java Highest
Vendor pom groupid cometd.java Highest
Vendor pom parent-artifactid cometd-java Low
Vendor manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Vendor pom artifactid cometd-java-common Low
Vendor pom name CometD :: Java :: Bayeux Common High
Product file name cometd-java-common High
Product Manifest bundle-symbolicname cometd-java-common Medium
Product Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-common Low
Product Manifest Bundle-Name CometD :: Java :: Bayeux Common Medium
Product Manifest bundle-docurl http://docs.cometd.org Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product pom groupid cometd.java Low
Product pom parent-groupid org.cometd.java Low
Product pom parent-artifactid cometd-java Medium
Product pom artifactid cometd-java-common Highest
Product central artifactid cometd-java-common Highest
Product manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Product pom name CometD :: Java :: Bayeux Common High
Version pom version 3.0.8 Highest
Version file version 3.0.8 Highest
Version central version 3.0.8 Highest
cometd-java-websocket-javax-server-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-websocket-javax-server/3.0.8/cometd-java-websocket-javax-server-3.0.8.jar
MD5: afa5e80138d48292a6f93b708257d2fc
SHA1: 353860f809886a58c181dd9e273ee7b79e133277
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-websocket/cometd-java-websocket-javax-server Low
Vendor Manifest bundle-symbolicname cometd-java-websocket-javax-server Medium
Vendor pom name CometD :: Java :: WebSocket :: JSR 356 Server High
Vendor Manifest bundle-docurl http://docs.cometd.org Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor file name cometd-java-websocket-javax-server High
Vendor pom parent-groupid org.cometd.java Medium
Vendor pom groupid org.cometd.java Highest
Vendor central groupid org.cometd.java Highest
Vendor pom parent-artifactid cometd-java-websocket Low
Vendor pom artifactid cometd-java-websocket-javax-server Low
Vendor pom groupid cometd.java Highest
Vendor manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Product Manifest Bundle-Name CometD :: Java :: WebSocket :: JSR 356 Server Medium
Product Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-websocket/cometd-java-websocket-javax-server Low
Product central artifactid cometd-java-websocket-javax-server Highest
Product Manifest bundle-symbolicname cometd-java-websocket-javax-server Medium
Product pom name CometD :: Java :: WebSocket :: JSR 356 Server High
Product Manifest bundle-docurl http://docs.cometd.org Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product file name cometd-java-websocket-javax-server High
Product pom groupid cometd.java Low
Product pom parent-groupid org.cometd.java Low
Product pom parent-artifactid cometd-java-websocket Medium
Product pom artifactid cometd-java-websocket-javax-server Highest
Product manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Version pom version 3.0.8 Highest
Version file version 3.0.8 Highest
Version central version 3.0.8 Highest
cometd-java-websocket-common-server-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-websocket-common-server/3.0.8/cometd-java-websocket-common-server-3.0.8.jar
MD5: 5772b2360cec4ff610e62151fb4deb62
SHA1: 61538a1231b700bf045fa197514f63509960985e
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom name CometD :: Java :: WebSocket :: Common Server High
Vendor Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-websocket/cometd-java-websocket-common-server Low
Vendor file name cometd-java-websocket-common-server High
Vendor pom artifactid cometd-java-websocket-common-server Low
Vendor Manifest bundle-docurl http://docs.cometd.org Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor pom parent-groupid org.cometd.java Medium
Vendor pom groupid org.cometd.java Highest
Vendor central groupid org.cometd.java Highest
Vendor pom parent-artifactid cometd-java-websocket Low
Vendor Manifest bundle-symbolicname cometd-java-websocket-common-server Medium
Vendor pom groupid cometd.java Highest
Vendor manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Product pom name CometD :: Java :: WebSocket :: Common Server High
Product Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-websocket/cometd-java-websocket-common-server Low
Product central artifactid cometd-java-websocket-common-server Highest
Product file name cometd-java-websocket-common-server High
Product Manifest bundle-docurl http://docs.cometd.org Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product pom groupid cometd.java Low
Product pom parent-groupid org.cometd.java Low
Product pom parent-artifactid cometd-java-websocket Medium
Product Manifest bundle-symbolicname cometd-java-websocket-common-server Medium
Product manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Product Manifest Bundle-Name CometD :: Java :: WebSocket :: Common Server Medium
Product pom artifactid cometd-java-websocket-common-server Highest
Version pom version 3.0.8 Highest
Version file version 3.0.8 Highest
Version central version 3.0.8 Highest
cometd-java-annotations-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-annotations/3.0.8/cometd-java-annotations-3.0.8.jar
MD5: 98b60697675562cf957655c3239a1ad3
SHA1: 5b56875b2ac024b5666633596abb90702ec35e81
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-symbolicname cometd-java-annotations Medium
Vendor pom name CometD :: Java :: Annotations High
Vendor Manifest bundle-docurl http://docs.cometd.org Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor file name cometd-java-annotations High
Vendor pom parent-groupid org.cometd.java Medium
Vendor pom groupid org.cometd.java Highest
Vendor central groupid org.cometd.java Highest
Vendor pom artifactid cometd-java-annotations Low
Vendor pom groupid cometd.java Highest
Vendor pom parent-artifactid cometd-java Low
Vendor manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Vendor Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-annotations Low
Product central artifactid cometd-java-annotations Highest
Product Manifest bundle-symbolicname cometd-java-annotations Medium
Product pom name CometD :: Java :: Annotations High
Product Manifest bundle-docurl http://docs.cometd.org Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product file name cometd-java-annotations High
Product pom groupid cometd.java Low
Product pom parent-groupid org.cometd.java Low
Product pom parent-artifactid cometd-java Medium
Product pom artifactid cometd-java-annotations Highest
Product manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Product Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-annotations Low
Product Manifest Bundle-Name CometD :: Java :: Annotations Medium
Version pom version 3.0.8 Highest
Version file version 3.0.8 Highest
Version central version 3.0.8 Highest
jetty-io-9.2.14.v20151106.jar
Description: Administrative parent pom for Jetty modules
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: /home/ciagent/.m2/repository/org/eclipse/jetty/jetty-io/9.2.14.v20151106/jetty-io-9.2.14.v20151106.jar
MD5: 94d0e857144c7615b6fd65019cd32b59
SHA1: dfa4137371a3f08769820138ca1a2184dacda267
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid eclipse.jetty Highest
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low
Vendor file name jetty-io High
Vendor Manifest bundle-copyright Copyright (c) 2008-2014 Mort Bay Consulting Pty. Ltd. Low
Vendor pom url http://www.eclipse.org/jetty Highest
Vendor pom groupid org.eclipse.jetty Highest
Vendor manifest Bundle-Description Administrative parent pom for Jetty modules Medium
Vendor pom artifactid jetty-io Low
Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High
Vendor Manifest bundle-symbolicname org.eclipse.jetty.io Medium
Vendor pom parent-groupid org.eclipse.jetty Medium
Vendor Manifest url http://www.eclipse.org/jetty Low
Vendor pom name Jetty :: IO Utility High
Vendor central groupid org.eclipse.jetty Highest
Vendor pom parent-artifactid jetty-project Low
Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low
Product pom groupid eclipse.jetty Low
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low
Product file name jetty-io High
Product Manifest bundle-copyright Copyright (c) 2008-2014 Mort Bay Consulting Pty. Ltd. Low
Product manifest Bundle-Description Administrative parent pom for Jetty modules Medium
Product pom url http://www.eclipse.org/jetty Medium
Product Manifest bundle-symbolicname org.eclipse.jetty.io Medium
Product pom artifactid jetty-io Highest
Product Manifest Bundle-Name Jetty :: IO Utility Medium
Product Manifest url http://www.eclipse.org/jetty Low
Product pom name Jetty :: IO Utility High
Product central artifactid jetty-io Highest
Product pom parent-groupid org.eclipse.jetty Low
Product pom parent-artifactid jetty-project Medium
Product Manifest bundle-docurl http://www.eclipse.org/jetty Low
Version pom version 9.2.14.v20151106 Highest
Version file version 9.2.14.v20151106 Highest
Version Manifest Implementation-Version 9.2.14.v20151106 High
Version central version 9.2.14.v20151106 Highest
cometd-java-client-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-client/3.0.8/cometd-java-client-3.0.8.jar
MD5: 24f1367fb4d96fe70a3f07a1f48e447e
SHA1: 826d4ae9402e7c48cc98fe287389788134e4986f
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom name CometD :: Java :: Bayeux Client High
Vendor Manifest bundle-docurl http://docs.cometd.org Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor pom parent-groupid org.cometd.java Medium
Vendor pom artifactid cometd-java-client Low
Vendor file name cometd-java-client High
Vendor Manifest bundle-symbolicname cometd-java-client Medium
Vendor pom groupid org.cometd.java Highest
Vendor central groupid org.cometd.java Highest
Vendor pom groupid cometd.java Highest
Vendor pom parent-artifactid cometd-java Low
Vendor manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Vendor Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-client Low
Product pom artifactid cometd-java-client Highest
Product pom name CometD :: Java :: Bayeux Client High
Product Manifest bundle-docurl http://docs.cometd.org Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product central artifactid cometd-java-client Highest
Product file name cometd-java-client High
Product Manifest bundle-symbolicname cometd-java-client Medium
Product pom groupid cometd.java Low
Product pom parent-groupid org.cometd.java Low
Product pom parent-artifactid cometd-java Medium
Product Manifest Bundle-Name CometD :: Java :: Bayeux Client Medium
Product manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Product Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-client Low
Version pom version 3.0.8 Highest
Version file version 3.0.8 Highest
Version central version 3.0.8 Highest
cometd-java-websocket-common-client-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-websocket-common-client/3.0.8/cometd-java-websocket-common-client-3.0.8.jar
MD5: c17616c290c54ffc4a70dda2b901919a
SHA1: 8b75f11de5bba306d0bcb20a6c1bed89675579cd
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor file name cometd-java-websocket-common-client High
Vendor Manifest bundle-symbolicname cometd-java-websocket-common-client Medium
Vendor pom name CometD :: Java :: WebSocket :: Common Client High
Vendor Manifest bundle-docurl http://docs.cometd.org Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor pom artifactid cometd-java-websocket-common-client Low
Vendor pom parent-groupid org.cometd.java Medium
Vendor pom groupid org.cometd.java Highest
Vendor central groupid org.cometd.java Highest
Vendor pom parent-artifactid cometd-java-websocket Low
Vendor pom groupid cometd.java Highest
Vendor manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Vendor Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-websocket/cometd-java-websocket-common-client Low
Product file name cometd-java-websocket-common-client High
Product Manifest bundle-symbolicname cometd-java-websocket-common-client Medium
Product Manifest Bundle-Name CometD :: Java :: WebSocket :: Common Client Medium
Product central artifactid cometd-java-websocket-common-client Highest
Product pom name CometD :: Java :: WebSocket :: Common Client High
Product Manifest bundle-docurl http://docs.cometd.org Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product pom groupid cometd.java Low
Product pom parent-groupid org.cometd.java Low
Product pom parent-artifactid cometd-java-websocket Medium
Product pom artifactid cometd-java-websocket-common-client Highest
Product manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Product Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-websocket/cometd-java-websocket-common-client Low
Version pom version 3.0.8 Highest
Version file version 3.0.8 Highest
Version central version 3.0.8 Highest
cometd-java-websocket-javax-client-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-websocket-javax-client/3.0.8/cometd-java-websocket-javax-client-3.0.8.jar
MD5: 433dd449f689697bbe1a75b0ed2788f8
SHA1: b44bcf098667f0112301d75f73adb5ba3295699d
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor file name cometd-java-websocket-javax-client High
Vendor pom artifactid cometd-java-websocket-javax-client Low
Vendor Manifest bundle-docurl http://docs.cometd.org Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-websocket/cometd-java-websocket-javax-client Low
Vendor pom parent-groupid org.cometd.java Medium
Vendor pom name CometD :: Java :: WebSocket :: JSR 356 Client High
Vendor pom groupid org.cometd.java Highest
Vendor central groupid org.cometd.java Highest
Vendor pom parent-artifactid cometd-java-websocket Low
Vendor Manifest bundle-symbolicname cometd-java-websocket-javax-client Medium
Vendor pom groupid cometd.java Highest
Vendor manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Product file name cometd-java-websocket-javax-client High
Product Manifest bundle-docurl http://docs.cometd.org Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-websocket/cometd-java-websocket-javax-client Low
Product pom name CometD :: Java :: WebSocket :: JSR 356 Client High
Product pom groupid cometd.java Low
Product pom parent-groupid org.cometd.java Low
Product pom artifactid cometd-java-websocket-javax-client Highest
Product pom parent-artifactid cometd-java-websocket Medium
Product central artifactid cometd-java-websocket-javax-client Highest
Product Manifest bundle-symbolicname cometd-java-websocket-javax-client Medium
Product manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Product Manifest Bundle-Name CometD :: Java :: WebSocket :: JSR 356 Client Medium
Version pom version 3.0.8 Highest
Version file version 3.0.8 Highest
Version central version 3.0.8 Highest
cometd-java-oort-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-oort/3.0.8/cometd-java-oort-3.0.8.jar
MD5: 62dbbecedab27927495fc9c9e0b70505
SHA1: a72695546e010c250ba65519fc91867b208fc8f9
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-oort Low
Vendor pom name CometD :: Java :: Oort High
Vendor Manifest bundle-docurl http://docs.cometd.org Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor pom artifactid cometd-java-oort Low
Vendor pom parent-groupid org.cometd.java Medium
Vendor pom groupid org.cometd.java Highest
Vendor central groupid org.cometd.java Highest
Vendor pom groupid cometd.java Highest
Vendor pom parent-artifactid cometd-java Low
Vendor manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Vendor file name cometd-java-oort High
Vendor Manifest bundle-symbolicname cometd-java-oort Medium
Product Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-oort Low
Product pom name CometD :: Java :: Oort High
Product Manifest bundle-docurl http://docs.cometd.org Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product central artifactid cometd-java-oort Highest
Product pom groupid cometd.java Low
Product pom parent-groupid org.cometd.java Low
Product pom artifactid cometd-java-oort Highest
Product pom parent-artifactid cometd-java Medium
Product manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Product Manifest Bundle-Name CometD :: Java :: Oort Medium
Product file name cometd-java-oort High
Product Manifest bundle-symbolicname cometd-java-oort Medium
Version pom version 3.0.8 Highest
Version file version 3.0.8 Highest
Version central version 3.0.8 Highest
jetty-jmx-9.2.14.v20151106.jar
Description: JMX management artifact for jetty.
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: /home/ciagent/.m2/repository/org/eclipse/jetty/jetty-jmx/9.2.14.v20151106/jetty-jmx-9.2.14.v20151106.jar
MD5: 5eccc25d22921cb4787812d0687a2978
SHA1: 617edc5e966b4149737811ef8b289cd94b831bab
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor file name jetty-jmx High
Vendor pom groupid eclipse.jetty Highest
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low
Vendor pom description JMX management artifact for jetty. Medium
Vendor Manifest bundle-copyright Copyright (c) 2008-2014 Mort Bay Consulting Pty. Ltd. Low
Vendor pom url http://www.eclipse.org/jetty Highest
Vendor pom groupid org.eclipse.jetty Highest
Vendor pom name Jetty :: JMX Management High
Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High
Vendor pom parent-groupid org.eclipse.jetty Medium
Vendor manifest Bundle-Description JMX management artifact for jetty. Medium
Vendor Manifest url http://www.eclipse.org/jetty Low
Vendor central groupid org.eclipse.jetty Highest
Vendor pom parent-artifactid jetty-project Low
Vendor pom artifactid jetty-jmx Low
Vendor Manifest bundle-symbolicname org.eclipse.jetty.jmx Medium
Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low
Product file name jetty-jmx High
Product pom groupid eclipse.jetty Low
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low
Product pom description JMX management artifact for jetty. Medium
Product Manifest bundle-copyright Copyright (c) 2008-2014 Mort Bay Consulting Pty. Ltd. Low
Product pom url http://www.eclipse.org/jetty Medium
Product pom name Jetty :: JMX Management High
Product Manifest Bundle-Name Jetty :: JMX Management Medium
Product manifest Bundle-Description JMX management artifact for jetty. Medium
Product Manifest url http://www.eclipse.org/jetty Low
Product central artifactid jetty-jmx Highest
Product Manifest bundle-symbolicname org.eclipse.jetty.jmx Medium
Product pom parent-groupid org.eclipse.jetty Low
Product pom parent-artifactid jetty-project Medium
Product Manifest bundle-docurl http://www.eclipse.org/jetty Low
Product pom artifactid jetty-jmx Highest
Version pom version 9.2.14.v20151106 Highest
Version file version 9.2.14.v20151106 Highest
Version Manifest Implementation-Version 9.2.14.v20151106 High
Version central version 9.2.14.v20151106 Highest
Related Dependencies
jetty-util-ajax-9.2.14.v20151106.jar
File Path: /home/ciagent/.m2/repository/org/eclipse/jetty/jetty-util-ajax/9.2.14.v20151106/jetty-util-ajax-9.2.14.v20151106.jar
SHA1: 13470555681de54a10cfed3ab15b1554765d1171
MD5: 1623fc2d77b1bd864a2416e2da15cd9b
maven: org.eclipse.jetty:jetty-util-ajax:9.2.14.v20151106 ✓
jetty-client-9.2.14.v20151106.jar
File Path: /home/ciagent/.m2/repository/org/eclipse/jetty/jetty-client/9.2.14.v20151106/jetty-client-9.2.14.v20151106.jar
SHA1: d02985c3a5bd974dacbb4c3d7cf71169135a8e7a
MD5: c400f74ab61fc17fafd19144b548bede
maven: org.eclipse.jetty:jetty-client:9.2.14.v20151106 ✓
jetty-util-9.2.14.v20151106.jar
File Path: /home/ciagent/.m2/repository/org/eclipse/jetty/jetty-util/9.2.14.v20151106/jetty-util-9.2.14.v20151106.jar
SHA1: 0057e00b912ae0c35859ac81594a996007706a0b
MD5: 15eae2dc1689fa8c72652b156d2619d3
maven: org.eclipse.jetty:jetty-util:9.2.14.v20151106 ✓
jetty-http-9.2.14.v20151106.jar
File Path: /home/ciagent/.m2/repository/org/eclipse/jetty/jetty-http/9.2.14.v20151106/jetty-http-9.2.14.v20151106.jar
SHA1: 699ad1f2fa6fb0717e1b308a8c9e1b8c69d81ef6
MD5: 2e42ff59b2a5e8525f0fa1b55351d161
maven: org.eclipse.jetty:jetty-http:9.2.14.v20151106 ✓
Published Vulnerabilities
CVE-2017-7656 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.
Vulnerable Software & Versions: (show all )
CVE-2017-7657 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-190 Integer Overflow or Wraparound
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.
Vulnerable Software & Versions: (show all )
CVE-2017-7658 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-19 Data Handling
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.
Vulnerable Software & Versions: (show all )
CVE-2017-9735 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Vulnerable Software & Versions:
cometd-java-server-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-server/3.0.8/cometd-java-server-3.0.8.jar
MD5: c55eb617762fad72683da9de856e008c
SHA1: 11d535c657bdb491abc2ccd820118f9d6a8f44e0
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-server Low
Vendor Manifest bundle-symbolicname cometd-java-server Medium
Vendor file name cometd-java-server High
Vendor Manifest bundle-docurl http://docs.cometd.org Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor pom artifactid cometd-java-server Low
Vendor pom parent-groupid org.cometd.java Medium
Vendor pom name CometD :: Java :: Bayeux Server High
Vendor pom groupid org.cometd.java Highest
Vendor central groupid org.cometd.java Highest
Vendor pom groupid cometd.java Highest
Vendor pom parent-artifactid cometd-java Low
Vendor manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Product Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-server Low
Product Manifest bundle-symbolicname cometd-java-server Medium
Product file name cometd-java-server High
Product Manifest bundle-docurl http://docs.cometd.org Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product pom name CometD :: Java :: Bayeux Server High
Product pom groupid cometd.java Low
Product pom parent-groupid org.cometd.java Low
Product pom parent-artifactid cometd-java Medium
Product pom artifactid cometd-java-server Highest
Product central artifactid cometd-java-server Highest
Product Manifest Bundle-Name CometD :: Java :: Bayeux Server Medium
Product manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Version pom version 3.0.8 Highest
Version file version 3.0.8 Highest
Version central version 3.0.8 Highest
commons-comet-service-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-comet-service/5.3.x-SNAPSHOT/commons-comet-service-5.3.x-SNAPSHOT.jar
MD5: dfdf9fc213432e3ef2cfbfd5fcad1cbd
SHA1: 8c3a6ef247f7e569b39246bf6aad05f29e2d4b44
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor file name commons-comet-service High
Vendor pom parent-groupid org.exoplatform.commons Medium
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom groupid exoplatform.commons Highest
Vendor pom groupid org.exoplatform.commons Highest
Vendor Manifest date 2019-09-06T11:21:29Z Low
Vendor pom parent-artifactid commons Low
Vendor pom artifactid commons-comet-service Low
Vendor pom name eXo PLF:: Commons - Comet Services High
Vendor Manifest implementation-url https://projects.exoplatform.org/commons/commons-comet-service Low
Vendor Manifest Implementation-Vendor-Id org.exoplatform.commons Medium
Product Manifest specification-title eXo PLF:: Commons - Comet Services Medium
Product pom name eXo PLF:: Commons - Comet Services High
Product file name commons-comet-service High
Product Manifest implementation-url https://projects.exoplatform.org/commons/commons-comet-service Low
Product pom parent-artifactid commons Medium
Product pom artifactid commons-comet-service Highest
Product pom parent-groupid org.exoplatform.commons Low
Product Manifest date 2019-09-06T11:21:29Z Low
Product pom groupid exoplatform.commons Low
Product Manifest Implementation-Title eXo PLF:: Commons - Comet Services High
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
maven: org.exoplatform.commons:commons-comet-service:5.3.x-SNAPSHOT
Confidence :High
jsr250-api-1.0.jar
Description: JSR-250 Reference Implementation by Glassfish
License:
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: /home/ciagent/.m2/repository/javax/annotation/jsr250-api/1.0/jsr250-api-1.0.jar
MD5: 4cd56b2e4977e541186de69f5126b4a6
SHA1: 5025422767732a1ab45d93abfea846513d742dcf
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom url http://jcp.org/aboutJava/communityprocess/final/jsr250/index.html Highest
Vendor central groupid javax.annotation Highest
Vendor jar package name javax Low
Vendor pom artifactid jsr250-api Low
Vendor pom name JSR-250 Common Annotations for the JavaTM Platform High
Vendor pom groupid javax.annotation Highest
Vendor pom description JSR-250 Reference Implementation by Glassfish Medium
Vendor file name jsr250-api High
Vendor jar package name annotation Low
Product pom url http://jcp.org/aboutJava/communityprocess/final/jsr250/index.html Medium
Product pom artifactid jsr250-api Highest
Product pom name JSR-250 Common Annotations for the JavaTM Platform High
Product pom groupid javax.annotation Low
Product pom description JSR-250 Reference Implementation by Glassfish Medium
Product central artifactid jsr250-api Highest
Product file name jsr250-api High
Product jar package name annotation Low
Version pom version 1.0 Highest
Version file version 1.0 Highest
Version central version 1.0 Highest
staxnav.core-0.9.8.jar
File Path: /home/ciagent/.m2/repository/org/staxnav/staxnav.core/0.9.8/staxnav.core-0.9.8.jar
MD5: 0f786e5be21df9fbe8753175564564c7
SHA1: 27bd12d4d74b0851e38de79f8299462d93ba3d7f
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor jar package name staxnav Low
Vendor file name staxnav.core High
Vendor pom parent-groupid org.staxnav Medium
Vendor pom parent-artifactid staxnav.parent Low
Vendor pom name Staxnav - Core High
Vendor central groupid org.staxnav Highest
Vendor pom groupid org.staxnav Highest
Vendor pom artifactid staxnav.core Low
Vendor pom groupid staxnav Highest
Product pom artifactid staxnav.core Highest
Product pom parent-artifactid staxnav.parent Medium
Product file name staxnav.core High
Product pom name Staxnav - Core High
Product pom groupid staxnav Low
Product central artifactid staxnav.core Highest
Product pom parent-groupid org.staxnav Low
Version central version 0.9.8 Highest
Version file version 0.9.8 Highest
Version pom version 0.9.8 Highest
hibernate-entitymanager-4.2.21.Final.jar
Description: A module of the Hibernate O/RM project
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/ciagent/.m2/repository/org/hibernate/hibernate-entitymanager/4.2.21.Final/hibernate-entitymanager-4.2.21.Final.jar
MD5: 2c1a3f1c7bb83b730ab3db1fe588904e
SHA1: a6675070b4c7bb843d74d6ab3bc9440fd315dbb3
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor Hibernate.org High
Vendor pom groupid org.hibernate Highest
Vendor pom organization url http://hibernate.org Medium
Vendor pom organization name Hibernate.org High
Vendor central groupid org.hibernate Highest
Vendor file name hibernate-entitymanager High
Vendor manifest Bundle-Description Hibernate ORM JPA Entity Manager Medium
Vendor Manifest implementation-url http://hibernate.org Low
Vendor pom groupid hibernate Highest
Vendor pom description A module of the Hibernate O/RM project Medium
Vendor pom url http://hibernate.org Highest
Vendor Manifest Implementation-Vendor-Id org.hibernate Medium
Vendor Manifest bundle-symbolicname org.hibernate.entitymanager Medium
Vendor pom artifactid hibernate-entitymanager Low
Vendor pom name A Hibernate O/RM Module High
Product pom artifactid hibernate-entitymanager Highest
Product file name hibernate-entitymanager High
Product manifest Bundle-Description Hibernate ORM JPA Entity Manager Medium
Product Manifest implementation-url http://hibernate.org Low
Product pom groupid hibernate Low
Product pom description A module of the Hibernate O/RM project Medium
Product Manifest Bundle-Name hibernate-entitymanager Medium
Product pom url http://hibernate.org Medium
Product Manifest bundle-symbolicname org.hibernate.entitymanager Medium
Product pom organization url http://hibernate.org Low
Product pom organization name Hibernate.org Low
Product central artifactid hibernate-entitymanager Highest
Product pom name A Hibernate O/RM Module High
Version Manifest Implementation-Version 4.2.21.Final High
Version file version 4.2.21 Highest
Version pom version 4.2.21.Final Highest
Version central version 4.2.21.Final Highest
liquibase-core-3.4.2.jar
File Path: /home/ciagent/.m2/repository/org/liquibase/liquibase-core/3.4.2/liquibase-core-3.4.2.jar
MD5: d4ad6d5f7958b69b8fbd01a5564ae45b
SHA1: c91ccf342466857251cf6795b0cecc42509206f2
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid org.liquibase Highest
Vendor pom name Liquibase Core High
Vendor pom artifactid liquibase-core Low
Vendor file name liquibase-core High
Vendor central groupid org.liquibase Highest
Vendor pom parent-groupid org.liquibase Medium
Vendor pom parent-artifactid liquibase-parent Low
Vendor jar package name liquibase Low
Vendor pom groupid liquibase Highest
Product pom parent-groupid org.liquibase Low
Product pom parent-artifactid liquibase-parent Medium
Product pom name Liquibase Core High
Product file name liquibase-core High
Product pom groupid liquibase Low
Product central artifactid liquibase-core Highest
Product pom artifactid liquibase-core Highest
Version file version 3.4.2 Highest
Version pom version 3.4.2 Highest
Version central version 3.4.2 Highest
twitter4j-core-3.0.5.jar
Description: A Java library for the Twitter API
License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/ciagent/.m2/repository/org/twitter4j/twitter4j-core/3.0.5/twitter4j-core-3.0.5.jar
MD5: e6c8d2b10c621b2bbd7809bad9cedca3
SHA1: c38ad47bc8ba5991886ce2c0e0acd76d0fdd6e6d
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid org.twitter4j Highest
Vendor pom groupid twitter4j Highest
Vendor Manifest Implementation-Vendor-Id org.twitter4j Medium
Vendor pom description A Java library for the Twitter API Medium
Vendor pom url http://twitter4j.org/ Highest
Vendor pom name twitter4j-core High
Vendor pom artifactid twitter4j-core Low
Vendor file name twitter4j-core High
Vendor central groupid org.twitter4j Highest
Product Manifest specification-title twitter4j-core Medium
Product pom artifactid twitter4j-core Highest
Product central artifactid twitter4j-core Highest
Product pom description A Java library for the Twitter API Medium
Product pom groupid twitter4j Low
Product pom name twitter4j-core High
Product pom url http://twitter4j.org/ Medium
Product file name twitter4j-core High
Product Manifest Implementation-Title twitter4j-core High
Version file version 3.0.5 Highest
Version Manifest Implementation-Version 3.0.5 High
Version central version 3.0.5 Highest
Version pom version 3.0.5 Highest
cpe: cpe:/a:twitter_project:twitter:3.0.5
Confidence :Low
suppress
maven: org.twitter4j:twitter4j-core:3.0.5 ✓
Confidence :Highest
cpe: cpe:/a:twitter:twitter:3.0.5
Confidence :Low
suppress
scribe-1.3.5.jar
Description: The best OAuth library out there
License:
MIT: http://github.com/fernandezpablo85/scribe-java/blob/master/LICENSE.txt
File Path: /home/ciagent/.m2/repository/org/scribe/scribe/1.3.5/scribe-1.3.5.jar
MD5: 0abb910da19741cd84aabf5520385bc2
SHA1: a3b3deded9d241d9f2c8aa9c9bcd90ad29e2581e
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid org.scribe Highest
Vendor pom name Scribe OAuth Library High
Vendor file name scribe High
Vendor jar package name scribe Low
Vendor pom description The best OAuth library out there Medium
Vendor pom url http://github.com/fernandezpablo85/scribe-java Highest
Vendor jar package name api Low
Vendor jar package name builder Low
Vendor central groupid org.scribe Highest
Vendor pom groupid scribe Highest
Vendor pom artifactid scribe Low
Product pom name Scribe OAuth Library High
Product file name scribe High
Product pom description The best OAuth library out there Medium
Product pom url http://github.com/fernandezpablo85/scribe-java Medium
Product jar package name api Low
Product pom artifactid scribe Highest
Product pom groupid scribe Low
Product central artifactid scribe Highest
Product jar package name builder Low
Version file version 1.3.5 Highest
Version central version 1.3.5 Highest
Version pom version 1.3.5 Highest
google-http-client-1.14.1-beta.jar
Description:
Google HTTP Client Library for Java. Functionality that works on all supported Java platforms,
including Java 5 (or higher) desktop (SE) and web (EE), Android, and Google App Engine.
File Path: /home/ciagent/.m2/repository/com/google/http-client/google-http-client/1.14.1-beta/google-http-client-1.14.1-beta.jar
MD5: 8a3711522ebceef2531d455e2f04a639
SHA1: cb503d4021739e6bac39442ac87b4e311ec77b5e
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid com.google.http-client Highest
Vendor pom groupid google.http-client Highest
Vendor central groupid com.google.http-client Highest
Vendor pom parent-groupid com.google.http-client Medium
Vendor Manifest Implementation-Vendor Google High
Vendor Manifest Implementation-Vendor-Id com.google.http-client Medium
Vendor file name google-http-client High
Vendor pom parent-artifactid google-http-client-parent Low
Vendor pom artifactid google-http-client Low
Vendor pom name Google HTTP Client Library for Java High
Vendor pom description Google HTTP Client Library for Java. Functionality that works on all supported Java platforms, including Java 5 (or higher) desktop (SE) and web (EE), Android, and Google App Engine. Low
Product pom artifactid google-http-client Highest
Product pom groupid google.http-client Low
Product pom parent-groupid com.google.http-client Low
Product Manifest Implementation-Title Google HTTP Client Library for Java High
Product pom parent-artifactid google-http-client-parent Medium
Product file name google-http-client High
Product pom name Google HTTP Client Library for Java High
Product pom description Google HTTP Client Library for Java. Functionality that works on all supported Java platforms, including Java 5 (or higher) desktop (SE) and web (EE), Android, and Google App Engine. Low
Product central artifactid google-http-client Highest
Version central version 1.14.1-beta Highest
Version file version 1.14.1.beta Highest
Version pom version 1.14.1-beta Highest
Version Manifest Implementation-Version 1.14.1-beta High
Related Dependencies
google-oauth-client-1.14.1-beta.jar
File Path: /home/ciagent/.m2/repository/com/google/oauth-client/google-oauth-client/1.14.1-beta/google-oauth-client-1.14.1-beta.jar
SHA1: 7260cd30808a6d1d4ddef6250e3d92d814aaa4cb
MD5: 71feea1d54eb7878c12855b7c47ef289
maven: com.google.oauth-client:google-oauth-client:1.14.1-beta ✓
google-api-client-1.14.1-beta.jar
File Path: /home/ciagent/.m2/repository/com/google/api-client/google-api-client/1.14.1-beta/google-api-client-1.14.1-beta.jar
MD5: 6832804471d4d635ed74ae1fbd5d9d86
SHA1: e95d3b6e36fc67bffd7e71ef60bc5af623e73843
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor file name google-api-client High
Vendor pom artifactid google-api-client Low
Vendor pom groupid google.api-client Highest
Vendor pom name Google APIs Client Library for Java High
Vendor central groupid com.google.api-client Highest
Vendor Manifest Implementation-Vendor-Id com.google.api-client Medium
Vendor pom parent-artifactid google-api-client-parent Low
Vendor Manifest Implementation-Vendor Google High
Vendor pom parent-groupid com.google.api-client Medium
Vendor pom groupid com.google.api-client Highest
Product file name google-api-client High
Product pom groupid google.api-client Low
Product pom artifactid google-api-client Highest
Product pom name Google APIs Client Library for Java High
Product pom parent-groupid com.google.api-client Low
Product Manifest Implementation-Title Google APIs Client Library for Java High
Product pom parent-artifactid google-api-client-parent Medium
Product central artifactid google-api-client Highest
Version central version 1.14.1-beta Highest
Version file version 1.14.1.beta Highest
Version pom version 1.14.1-beta Highest
Version Manifest Implementation-Version 1.14.1-beta High
jackson-core-asl-1.9.11.jar
Description: Jackson is a high-performance JSON processor (parser, generator)
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/codehaus/jackson/jackson-core-asl/1.9.11/jackson-core-asl-1.9.11.jar
MD5: 49801a6d43725d5c3a1a52ca021d7dc5
SHA1: e32303ef8bd18a5c9272780d49b81c95e05ddf43
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor central groupid org.codehaus.jackson Highest
Vendor pom groupid codehaus.jackson Highest
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6 Low
Vendor pom artifactid jackson-core-asl Low
Vendor pom url http://jackson.codehaus.org Highest
Vendor pom name Jackson High
Vendor pom organization url http://fasterxml.com Medium
Vendor Manifest specification-vendor http://www.ietf.org/rfc/rfc4627.txt Low
Vendor Manifest Implementation-Vendor http://fasterxml.com High
Vendor file name jackson-core-asl High
Vendor Manifest bundle-symbolicname jackson-core-asl Medium
Vendor pom groupid org.codehaus.jackson Highest
Vendor pom organization name FasterXML High
Vendor pom description Jackson is a high-performance JSON processor (parser, generator)
Medium
Product Manifest specification-title JSON - JavaScript Object Notation Medium
Product pom organization name FasterXML Low
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6 Low
Product pom url http://jackson.codehaus.org Medium
Product pom name Jackson High
Product central artifactid jackson-core-asl Highest
Product Manifest Implementation-Title Jackson JSON processor High
Product pom artifactid jackson-core-asl Highest
Product Manifest Bundle-Name Jackson JSON processor Medium
Product file name jackson-core-asl High
Product Manifest bundle-symbolicname jackson-core-asl Medium
Product pom organization url http://fasterxml.com Low
Product pom groupid codehaus.jackson Low
Product pom description Jackson is a high-performance JSON processor (parser, generator)
Medium
Version file version 1.9.11 Highest
Version central version 1.9.11 Highest
Version pom version 1.9.11 Highest
Version Manifest Implementation-Version 1.9.11 High
google-http-client-jackson-1.14.1-beta.jar
File Path: /home/ciagent/.m2/repository/com/google/http-client/google-http-client-jackson/1.14.1-beta/google-http-client-jackson-1.14.1-beta.jar
MD5: 85d9f42910a68e85ff22d24805688da9
SHA1: 3cfc08bf4b0f62234ff69ff2a0b3c26d7e447829
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid com.google.http-client Highest
Vendor file name google-http-client-jackson High
Vendor pom artifactid google-http-client-jackson Low
Vendor pom groupid google.http-client Highest
Vendor central groupid com.google.http-client Highest
Vendor pom parent-groupid com.google.http-client Medium
Vendor Manifest Implementation-Vendor Google High
Vendor Manifest Implementation-Vendor-Id com.google.http-client Medium
Vendor pom name Jackson extensions to the Google HTTP Client Library for Java. High
Vendor pom parent-artifactid google-http-client-parent Low
Product file name google-http-client-jackson High
Product pom groupid google.http-client Low
Product pom parent-groupid com.google.http-client Low
Product Manifest Implementation-Title Jackson extensions to the Google HTTP Client Library for Java. High
Product pom artifactid google-http-client-jackson Highest
Product pom parent-artifactid google-http-client-parent Medium
Product pom name Jackson extensions to the Google HTTP Client Library for Java. High
Product central artifactid google-http-client-jackson Highest
Version central version 1.14.1-beta Highest
Version file version 1.14.1.beta Highest
Version pom version 1.14.1-beta Highest
Version Manifest Implementation-Version 1.14.1-beta High
google-api-services-plus-v1-rev69-1.14.2-beta.jar
File Path: /home/ciagent/.m2/repository/com/google/apis/google-api-services-plus/v1-rev69-1.14.2-beta/google-api-services-plus-v1-rev69-1.14.2-beta.jar
MD5: fbddf71619f41f1359f0b3abff442444
SHA1: a6c5cc69690a3bd7777025a65b0f1abe66112a5e
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid google.apis Highest
Vendor pom parent-artifactid google Low
Vendor central groupid com.google.apis Highest
Vendor jar package name google Low
Vendor jar package name api Low
Vendor pom artifactid google-api-services-plus Low
Vendor pom groupid com.google.apis Highest
Vendor jar package name services Low
Vendor pom parent-groupid com.google Medium
Vendor file name google-api-services-plus-v1-rev69 High
Vendor pom name Google+ API v1 (revision 69) High
Product jar package name plus Low
Product pom artifactid google-api-services-plus Highest
Product jar package name api Low
Product central artifactid google-api-services-plus Highest
Product pom groupid google.apis Low
Product jar package name services Low
Product pom parent-groupid com.google Low
Product pom parent-artifactid google Medium
Product file name google-api-services-plus-v1-rev69 High
Product pom name Google+ API v1 (revision 69) High
Version file version 1.14.2.beta Highest
Version central version v1-rev69-1.14.2-beta Highest
Version pom version v1-rev69-1.14.2-beta Highest
Version pom parent-version v1-rev69-1.14.2-beta Low
Version file name google-api-services-plus-v1-rev69 Medium
google-api-services-oauth2-v2-rev36-1.14.2-beta.jar
File Path: /home/ciagent/.m2/repository/com/google/apis/google-api-services-oauth2/v2-rev36-1.14.2-beta/google-api-services-oauth2-v2-rev36-1.14.2-beta.jar
MD5: cd2ac31ad0317e53e660c2a4578749f3
SHA1: c7249e1e4832f6e6585f7b7db307585b3ae53881
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom name Google OAuth2 API v2 (revision 36) High
Vendor pom artifactid google-api-services-oauth2 Low
Vendor pom groupid google.apis Highest
Vendor pom parent-artifactid google Low
Vendor central groupid com.google.apis Highest
Vendor jar package name google Low
Vendor file name google-api-services-oauth2-v2-rev36 High
Vendor jar package name api Low
Vendor pom groupid com.google.apis Highest
Vendor jar package name services Low
Vendor pom parent-groupid com.google Medium
Product pom name Google OAuth2 API v2 (revision 36) High
Product file name google-api-services-oauth2-v2-rev36 High
Product jar package name api Low
Product pom groupid google.apis Low
Product central artifactid google-api-services-oauth2 Highest
Product jar package name services Low
Product pom artifactid google-api-services-oauth2 Highest
Product pom parent-groupid com.google Low
Product pom parent-artifactid google Medium
Product jar package name oauth2 Low
Version file version 1.14.2.beta Highest
Version pom version v2-rev36-1.14.2-beta Highest
Version file name google-api-services-oauth2-v2-rev36 Medium
Version central version v2-rev36-1.14.2-beta Highest
Version pom parent-version v2-rev36-1.14.2-beta Low
exo.portal.webui.eXo-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.webui.eXo/5.3.x-SNAPSHOT/exo.portal.webui.eXo-5.3.x-SNAPSHOT.jar
MD5: 47e3e53c198f2e9eec36202d0ff7b0a5
SHA1: 7d6f90fd4dd8c7ecc4548d69bdf1be074f533b44
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor-Id org.exoplatform.gatein.portal Medium
Vendor Manifest implementation-url www.gatein.org/exo.portal.parent/exo.portal.webui/exo.portal.webui.eXo/ Low
Vendor Manifest os-name Linux Medium
Vendor pom groupid exoplatform.gatein.portal Highest
Vendor pom parent-groupid org.exoplatform.gatein.portal Medium
Vendor file name exo.portal.webui.eXo High
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor pom groupid org.exoplatform.gatein.portal Highest
Vendor Manifest Implementation-Vendor JBoss by Red Hat High
Vendor Manifest build-timestamp Fri, 6 Sep 2019 07:08:20 +0000 Low
Vendor Manifest specification-vendor JBoss by Red Hat Low
Vendor pom artifactid exo.portal.webui.eXo Low
Vendor pom name GateIn Portal WebUI eXo High
Vendor pom parent-artifactid exo.portal.webui Low
Product pom artifactid exo.portal.webui.eXo Highest
Product pom parent-groupid org.exoplatform.gatein.portal Low
Product Manifest specification-title GateIn Portal WebUI eXo Medium
Product pom parent-artifactid exo.portal.webui Medium
Product Manifest Implementation-Title GateIn Portal WebUI eXo High
Product Manifest implementation-url www.gatein.org/exo.portal.parent/exo.portal.webui/exo.portal.webui.eXo/ Low
Product Manifest os-name Linux Medium
Product Manifest build-timestamp Fri, 6 Sep 2019 07:08:20 +0000 Low
Product pom name GateIn Portal WebUI eXo High
Product pom groupid exoplatform.gatein.portal Low
Product file name exo.portal.webui.eXo High
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
Related Dependencies
exo.portal.component.web.oauth-common-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.web.oauth-common/5.3.x-SNAPSHOT/exo.portal.component.web.oauth-common-5.3.x-SNAPSHOT.jar
SHA1: 75dec72facc8cf5e62437ac6979b65a4b5739f2b
MD5: e6bc0a0c8db87a19940021d92b437e3d
exo.portal.component.portal-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.portal/5.3.x-SNAPSHOT/exo.portal.component.portal-5.3.x-SNAPSHOT.jar
SHA1: 8cb0b38b648ea0f7d99df1970571ac90455f28bc
MD5: 6856850537748e954227cc0feacddeb4
exo.portal.component.web.server-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.web.server/5.3.x-SNAPSHOT/exo.portal.component.web.server-5.3.x-SNAPSHOT.jar
SHA1: 4a39b0ecfdf30bf9fa9eb77acec8931014cd78b3
MD5: 0c233c9e8f22772e76bc6652cc76e568
exo.portal.component.web.security-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.web.security/5.3.x-SNAPSHOT/exo.portal.component.web.security-5.3.x-SNAPSHOT.jar
SHA1: d9adf22531c5b3f81ad0f5917a554a7f5598514a
MD5: 994748376f70fdd3327dafbcab63b1eb
exo.portal.component.application-registry-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.application-registry/5.3.x-SNAPSHOT/exo.portal.component.application-registry-5.3.x-SNAPSHOT.jar
SHA1: 73cf2e1df19bccbe24c0b33d43cba4aae2e3cd66
MD5: 1ace75600fc904dfb6d04e450f52dde4
exo.portal.component.common-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.common/5.3.x-SNAPSHOT/exo.portal.component.common-5.3.x-SNAPSHOT.jar
SHA1: 74ce70d0729e881eea71883351fa3cf485a3df40
MD5: bc4fd63f8ccd6eb11f42c754dd32b262
exo.portal.component.web.resources-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.web.resources/5.3.x-SNAPSHOT/exo.portal.component.web.resources-5.3.x-SNAPSHOT.jar
SHA1: 78b270eb851f7f2d392b84020fa09fa2812a6e25
MD5: be69b18423ee797a590dacd389b56ff8
exo.portal.webui.portlet-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.webui.portlet/5.3.x-SNAPSHOT/exo.portal.webui.portlet-5.3.x-SNAPSHOT.jar
SHA1: c597a5caf7a3c15a2d1a41490ed25b4da5076eda
MD5: 69a544a30500063b75eb2526dc08b0a4
exo.portal.component.scripting-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.scripting/5.3.x-SNAPSHOT/exo.portal.component.scripting-5.3.x-SNAPSHOT.jar
SHA1: 59b12e8ca97b734b8604ae7ed036b3699a7f39c6
MD5: 9c0db9c7ac41b768ad4d815f2f7ff595
exo.portal.component.web.api-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.web.api/5.3.x-SNAPSHOT/exo.portal.component.web.api-5.3.x-SNAPSHOT.jar
SHA1: 5967d4a67c5ea515925390d77c340837f059a620
MD5: 20903cdd7117f95559e9e3e56ec2b7b7
exo.portal.webui.framework-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.webui.framework/5.3.x-SNAPSHOT/exo.portal.webui.framework-5.3.x-SNAPSHOT.jar
SHA1: 06b5e4029561ae6f9445c2ee84675c191d6e586a
MD5: 534ea87079f47ec7c9ed70a1fd22ccf1
exo.portal.component.web.controller-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.web.controller/5.3.x-SNAPSHOT/exo.portal.component.web.controller-5.3.x-SNAPSHOT.jar
SHA1: c686eca19a9c2f904bbb590c427ee176e878d047
MD5: 0254baec06f13ebf052349a35a0e5694
maven: org.exoplatform.gatein.portal:exo.portal.webui.eXo:5.3.x-SNAPSHOT
Confidence :High
cpe: cpe:/a:in-portal:in-portal:5.3
Confidence :Low
suppress
joda-time-2.4.jar
Description: Date and time library to replace JDK date handling
License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/joda-time/joda-time/2.4/joda-time-2.4.jar
MD5: 1231c3e09de6aa5d6b6d9982c0224e20
SHA1: 89e9725439adffbbd41c5f5c215c136082b34a7f
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest specification-vendor Joda.org Low
Vendor pom organization name Joda.org High
Vendor file name joda-time High
Vendor Manifest Implementation-Vendor Joda.org High
Vendor Manifest bundle-symbolicname joda-time Medium
Vendor pom organization url http://www.joda.org Medium
Vendor Manifest Implementation-Vendor-Id org.joda Medium
Vendor pom groupid joda-time Highest
Vendor Manifest extension-name joda-time Medium
Vendor pom description Date and time library to replace JDK date handling Medium
Vendor central groupid joda-time Highest
Vendor pom url http://www.joda.org/joda-time/ Highest
Vendor pom artifactid joda-time Low
Vendor pom name Joda-Time High
Vendor Manifest bundle-docurl http://www.joda.org/joda-time/ Low
Product pom groupid joda-time Low
Product file name joda-time High
Product Manifest bundle-symbolicname joda-time Medium
Product Manifest extension-name joda-time Medium
Product Manifest Bundle-Name Joda-Time Medium
Product Manifest specification-title Joda-Time Medium
Product pom description Date and time library to replace JDK date handling Medium
Product Manifest Implementation-Title org.joda.time High
Product pom artifactid joda-time Highest
Product pom url http://www.joda.org/joda-time/ Medium
Product central artifactid joda-time Highest
Product pom organization name Joda.org Low
Product pom name Joda-Time High
Product Manifest bundle-docurl http://www.joda.org/joda-time/ Low
Product pom organization url http://www.joda.org Low
Version central version 2.4 Highest
Version file version 2.4 Highest
Version pom version 2.4 Highest
Version Manifest Implementation-Version 2.4 High
ehcache-core-2.6.9.jar
Description: This is the ehcache core module. Pair it with other modules for added functionality.
License:
The Apache Software License, Version 2.0: src/assemble/EHCACHE-CORE-LICENSE.txt
File Path: /home/ciagent/.m2/repository/net/sf/ehcache/ehcache-core/2.6.9/ehcache-core-2.6.9.jar
MD5: 521348c6da7c20dba2058917a6a8c0a9
SHA1: e892585cc2cf95d46a2533df438a1d3323034ae8
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom description This is the ehcache core module. Pair it with other modules for added functionality. Medium
Vendor file name ehcache-core High
Vendor pom groupid net.sf.ehcache Highest
Vendor pom name Ehcache Core High
Vendor pom parent-artifactid ehcache-parent Low
Vendor central groupid net.sf.ehcache Highest
Vendor pom artifactid ehcache-core Low
Vendor pom url http://ehcache.org Highest
Product pom parent-artifactid ehcache-parent Medium
Product pom url http://ehcache.org Medium
Product pom artifactid ehcache-core Highest
Product pom description This is the ehcache core module. Pair it with other modules for added functionality. Medium
Product file name ehcache-core High
Product pom name Ehcache Core High
Product central artifactid ehcache-core Highest
Product pom groupid net.sf.ehcache Low
Version file version 2.6.9 Highest
Version central version 2.6.9 Highest
Version pom version 2.6.9 Highest
juel-impl-2.2.7.jar
File Path: /home/ciagent/.m2/repository/de/odysseus/juel/juel-impl/2.2.7/juel-impl-2.2.7.jar
MD5: c5d7a62edafb5706b6beadbbcfd8f57d
SHA1: 97958467acef4c2b230b72354a4eefc66628dd99
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid de.odysseus.juel Highest
Vendor Manifest specification-vendor Sun Microsystems Inc. Low
Vendor file name juel-impl High
Vendor Manifest Implementation-Vendor Odysseus Software GmbH High
Vendor Manifest service-component OSGI-INF/services.xml Low
Vendor pom parent-artifactid juel-parent Low
Vendor Manifest Implementation-Vendor-Id de.odysseus Medium
Vendor Manifest bundle-symbolicname de.odysseus.juel-impl Medium
Vendor pom name Java Unified Expression Language Implementation High
Vendor central groupid de.odysseus.juel Highest
Vendor pom artifactid juel-impl Low
Product pom parent-artifactid juel-parent Medium
Product file name juel-impl High
Product Manifest specification-title Expression Language Medium
Product Manifest service-component OSGI-INF/services.xml Low
Product Manifest Implementation-Title JUEL High
Product Manifest Bundle-Name Expression Language Implementation Medium
Product pom artifactid juel-impl Highest
Product Manifest bundle-symbolicname de.odysseus.juel-impl Medium
Product pom groupid de.odysseus.juel Low
Product pom name Java Unified Expression Language Implementation High
Product central artifactid juel-impl Highest
Version pom version 2.2.7 Highest
Version Manifest Implementation-Version 2.2.7 High
Version central version 2.2.7 Highest
Version file version 2.2.7 Highest
el-api-6.0.41.jar
Description: Expression language package
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/tomcat/el-api/6.0.41/el-api-6.0.41.jar
MD5: 7073be2b44ca903e88ef0d36794cbfd8
SHA1: 9b2915f70905fcd366c7cde00cf25ccd2246e38b
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom description Expression language package Medium
Vendor central groupid org.apache.tomcat Highest
Vendor pom artifactid el-api Low
Vendor manifest: javax/el/ Implementation-Vendor Apache Software Foundation Medium
Vendor pom url http://tomcat.apache.org/ Highest
Vendor file name el-api High
Vendor pom groupid apache.tomcat Highest
Vendor pom groupid org.apache.tomcat Highest
Product pom description Expression language package Medium
Product pom artifactid el-api Highest
Product pom groupid apache.tomcat Low
Product file name el-api High
Product manifest: javax/el/ Specification-Title Expression Language Medium
Product manifest: javax/el/ Implementation-Title javax.el Medium
Product pom url http://tomcat.apache.org/ Medium
Product central artifactid el-api Highest
Version central version 6.0.41 Highest
Version pom version 6.0.41 Highest
Version file version 6.0.41 Highest
Published Vulnerabilities
CVE-2012-5568 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-16 Configuration
Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
Vulnerable Software & Versions: (show all )
CVE-2013-2185 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation
** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.
Vulnerable Software & Versions: (show all )
CVE-2013-4444 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')
Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.
Vulnerable Software & Versions: (show all )
CVE-2014-0227 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-19 Data Handling
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
Vulnerable Software & Versions: (show all )
CVE-2014-0230 suppress
Severity:
High
CVSS Score: 7.8
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-399 Resource Management Errors
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.
Vulnerable Software & Versions: (show all )
CVE-2014-7810 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
Vulnerable Software & Versions: (show all )
CVE-2015-5174 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
Vulnerable Software & Versions: (show all )
CVE-2015-5345 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
Vulnerable Software & Versions: (show all )
CVE-2016-0706 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.
Vulnerable Software & Versions: (show all )
CVE-2016-0714 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.
Vulnerable Software & Versions: (show all )
CVE-2016-0762 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.
Vulnerable Software & Versions: (show all )
CVE-2016-5018 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-254 Security Features
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.
Vulnerable Software & Versions: (show all )
CVE-2016-5388 suppress
Severity:
Medium
CVSS Score: 5.1
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
CWE: CWE-284 Improper Access Control
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.
Vulnerable Software & Versions: (show all )
CVE-2016-5425 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2016-6325 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2016-6794 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.
Vulnerable Software & Versions: (show all )
CVE-2016-6796 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-254 Security Features
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.
Vulnerable Software & Versions: (show all )
CVE-2016-6797 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-284 Improper Access Control
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.
Vulnerable Software & Versions: (show all )
CVE-2016-6816 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.
Vulnerable Software & Versions: (show all )
CVE-2016-8735 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-284 Improper Access Control
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.
Vulnerable Software & Versions: (show all )
CVE-2017-5647 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.
Vulnerable Software & Versions: (show all )
CVE-2017-6056 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
jasper-el-6.0.41.jar
Description: Jasper Expression Language Impl
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/tomcat/jasper-el/6.0.41/jasper-el-6.0.41.jar
MD5: a8ff295523ea0b4c08f9ff75f41b3ccd
SHA1: ea8e38e8f754e69f0ca05cbdcc675d822ef68d8e
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom artifactid jasper-el Low
Vendor Manifest Implementation-Vendor Apache Software Foundation High
Vendor central groupid org.apache.tomcat Highest
Vendor file name jasper-el High
Vendor pom url http://tomcat.apache.org/ Highest
Vendor Manifest specification-vendor Apache Software Foundation Low
Vendor pom groupid apache.tomcat Highest
Vendor pom groupid org.apache.tomcat Highest
Vendor pom description Jasper Expression Language Impl Medium
Product Manifest Implementation-Title Apache Tomcat High
Product file name jasper-el High
Product pom groupid apache.tomcat Low
Product central artifactid jasper-el Highest
Product pom artifactid jasper-el Highest
Product pom url http://tomcat.apache.org/ Medium
Product Manifest specification-title Apache Tomcat Medium
Product pom description Jasper Expression Language Impl Medium
Version Manifest Implementation-Version 6.0.41 High
Version central version 6.0.41 Highest
Version pom version 6.0.41 Highest
Version file version 6.0.41 Highest
maven: org.apache.tomcat:jasper-el:6.0.41 ✓
Confidence :Highest
cpe: cpe:/a:apache_tomcat:apache_tomcat:6.0.41
Confidence :Low
suppress
cpe: cpe:/a:apache:tomcat:6.0.41
Confidence :Highest
suppress
cpe: cpe:/a:apache_software_foundation:tomcat:6.0.41
Confidence :Low
suppress
cpe: cpe:/a:jasper_project:jasper:6.0.41
Confidence :Low
suppress
Published Vulnerabilities
CVE-2012-5568 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-16 Configuration
Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
Vulnerable Software & Versions: (show all )
CVE-2013-2185 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation
** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.
Vulnerable Software & Versions: (show all )
CVE-2013-4444 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')
Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.
Vulnerable Software & Versions: (show all )
CVE-2014-0227 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-19 Data Handling
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
Vulnerable Software & Versions: (show all )
CVE-2014-0230 suppress
Severity:
High
CVSS Score: 7.8
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-399 Resource Management Errors
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.
Vulnerable Software & Versions: (show all )
CVE-2014-7810 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
Vulnerable Software & Versions: (show all )
CVE-2015-5174 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
Vulnerable Software & Versions: (show all )
CVE-2015-5345 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
Vulnerable Software & Versions: (show all )
CVE-2016-0706 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.
Vulnerable Software & Versions: (show all )
CVE-2016-0714 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.
Vulnerable Software & Versions: (show all )
CVE-2016-0762 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.
Vulnerable Software & Versions: (show all )
CVE-2016-5018 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-254 Security Features
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.
Vulnerable Software & Versions: (show all )
CVE-2016-5388 suppress
Severity:
Medium
CVSS Score: 5.1
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
CWE: CWE-284 Improper Access Control
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.
Vulnerable Software & Versions: (show all )
CVE-2016-5425 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2016-6325 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2016-6794 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.
Vulnerable Software & Versions: (show all )
CVE-2016-6796 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-254 Security Features
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.
Vulnerable Software & Versions: (show all )
CVE-2016-6797 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-284 Improper Access Control
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.
Vulnerable Software & Versions: (show all )
CVE-2016-6816 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.
Vulnerable Software & Versions: (show all )
CVE-2016-8735 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-284 Improper Access Control
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.
Vulnerable Software & Versions: (show all )
CVE-2017-5647 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.
Vulnerable Software & Versions: (show all )
CVE-2017-6056 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
xml-apis-1.4.01.jar
Description: xml-commons provides an Apache-hosted set of DOM, SAX, and
JAXP interfaces for use in other xml-based projects. Our hope is that we
can standardize on both a common version and packaging scheme for these
critical XML standards interfaces to make the lives of both our developers
and users easier. The External Components portion of xml-commons contains
interfaces that are defined by external standards organizations. For DOM,
that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for
JAXP it's Sun.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
The SAX License: http://www.saxproject.org/copying.html
The W3C License: http://www.w3.org/TR/2004/REC-DOM-Level-3-Core-20040407/java-binding.zip
File Path: /home/ciagent/.m2/repository/xml-apis/xml-apis/1.4.01/xml-apis-1.4.01.jar
MD5: 7eaad6fea5925cca6c36ee8b3e02ac9d
SHA1: 3789d9fada2d3d458c4ba2de349d48780f381ee3
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom name XML Commons External Components XML APIs High
Vendor file name xml-apis High
Vendor manifest: javax/xml/datatype/ Implementation-Vendor Apache Software Foundation Medium
Vendor manifest: javax/xml/transform/ Implementation-Vendor Apache Software Foundation Medium
Vendor central groupid xml-apis Highest
Vendor pom url http://xml.apache.org/commons/components/external/ Highest
Vendor manifest: javax/xml/xpath/ Implementation-Vendor Apache Software Foundation Medium
Vendor pom groupid xml-apis Highest
Vendor manifest: org/xml/sax/ Implementation-Vendor David Megginson Medium
Vendor manifest: javax/xml/stream/ Implementation-Vendor Apache Software Foundation Medium
Vendor manifest: javax/xml/validation/ Implementation-Vendor Apache Software Foundation Medium
Vendor manifest: javax/xml/namespace/ Implementation-Vendor Apache Software Foundation Medium
Vendor pom artifactid xml-apis Low
Vendor manifest: javax/xml/parsers/ Implementation-Vendor Apache Software Foundation Medium
Vendor manifest: org/w3c/dom/ls/ Implementation-Vendor World Wide Web Consortium Medium
Vendor pom description xml-commons provides an Apache-hosted set of DOM, SAX, and JAXP interfaces for use in other xml-based projects. Our hope is that we can standardize on both a common version and packaging scheme for these critical XML standards interfaces to make the lives of both our developers and users easier. The External Components portion of xml-commons contains interfaces that are defined by external standards organizations. For DOM, that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for JAXP it's Sun. Low
Vendor manifest: org/w3c/dom/ Implementation-Vendor World Wide Web Consortium Medium
Vendor manifest: org/apache/xmlcommons/Version Implementation-Vendor Apache Software Foundation Medium
Product manifest: javax/xml/datatype/ Specification-Title Java API for XML Processing (JAXP) 1.4 Medium
Product pom name XML Commons External Components XML APIs High
Product manifest: javax/xml/validation/ Implementation-Title javax.xml.validation Medium
Product manifest: javax/xml/datatype/ Implementation-Title javax.xml.datatype Medium
Product file name xml-apis High
Product manifest: javax/xml/stream/ Implementation-Title javax.xml.stream Medium
Product pom groupid xml-apis Low
Product manifest: javax/xml/namespace/ Specification-Title Java API for XML Processing (JAXP) 1.4 Medium
Product manifest: javax/xml/stream/ Specification-Title Streaming API for XML (StAX) 1.0 Medium
Product manifest: org/apache/xmlcommons/Version Implementation-Title org.apache.xmlcommons.Version Medium
Product manifest: javax/xml/namespace/ Implementation-Title javax.xml.namespace Medium
Product manifest: javax/xml/xpath/ Implementation-Title javax.xml.xpath Medium
Product pom url http://xml.apache.org/commons/components/external/ Medium
Product manifest: org/w3c/dom/ls/ Implementation-Title org.w3c.dom.ls Medium
Product manifest: javax/xml/parsers/ Specification-Title Java API for XML Processing (JAXP) 1.4 Medium
Product manifest: javax/xml/validation/ Specification-Title Java API for XML Processing (JAXP) 1.4 Medium
Product central artifactid xml-apis Highest
Product manifest: javax/xml/xpath/ Specification-Title Java API for XML Processing (JAXP) 1.4 Medium
Product manifest: org/xml/sax/ Implementation-Title org.xml.sax Medium
Product pom artifactid xml-apis Highest
Product manifest: org/xml/sax/ Specification-Title Simple API for XML Medium
Product manifest: javax/xml/transform/ Specification-Title Java API for XML Processing (JAXP) 1.4 Medium
Product manifest: javax/xml/parsers/ Implementation-Title javax.xml.parsers Medium
Product manifest: org/w3c/dom/ls/ Specification-Title Document Object Model (DOM) Level 3 Load and Save Medium
Product manifest: org/w3c/dom/ Implementation-Title org.w3c.dom Medium
Product pom description xml-commons provides an Apache-hosted set of DOM, SAX, and JAXP interfaces for use in other xml-based projects. Our hope is that we can standardize on both a common version and packaging scheme for these critical XML standards interfaces to make the lives of both our developers and users easier. The External Components portion of xml-commons contains interfaces that are defined by external standards organizations. For DOM, that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for JAXP it's Sun. Low
Product manifest: javax/xml/transform/ Implementation-Title javax.xml.transform Medium
Product manifest: org/w3c/dom/ Specification-Title Document Object Model (DOM) Level 3 Core Medium
Version central version 1.4.01 Highest
Version file version 1.4.01 Highest
Version pom version 1.4.01 Highest
shindig-common-2.5.2.jar
Description: Common java code for Shindig
File Path: /home/ciagent/.m2/repository/org/apache/shindig/shindig-common/2.5.2/shindig-common-2.5.2.jar
MD5: 9deeebec74d0530849d5dd42e19ee9cd
SHA1: 8e3d0ee31607e7a18f20612ef705b32ab8eace2b
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.apache.shindig Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-artifactid shindig-project Low
Vendor pom name Apache Shindig Common Code High
Vendor central groupid org.apache.shindig Highest
Vendor pom artifactid shindig-common Low
Vendor pom description Common java code for Shindig Medium
Vendor file name shindig-common High
Vendor pom groupid apache.shindig Highest
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom groupid org.apache.shindig Highest
Vendor Manifest Implementation-Vendor-Id org.apache.shindig Medium
Product pom groupid apache.shindig Low
Product central artifactid shindig-common Highest
Product pom name Apache Shindig Common Code High
Product Manifest specification-title Apache Shindig Common Code Medium
Product pom description Common java code for Shindig Medium
Product file name shindig-common High
Product Manifest Implementation-Title Apache Shindig Common Code High
Product pom artifactid shindig-common Highest
Product pom parent-groupid org.apache.shindig Low
Product pom parent-artifactid shindig-project Medium
Version file version 2.5.2 Highest
Version Manifest Implementation-Version 2.5.2 High
Version pom version 2.5.2 Highest
Version central version 2.5.2 Highest
Related Dependencies
shindig-features-2.5.2.jar
File Path: /home/ciagent/.m2/repository/org/apache/shindig/shindig-features/2.5.2/shindig-features-2.5.2.jar
SHA1: 8da6aa8af98070e4aefe9434628db2f23cfea80d
MD5: ae2ff4a2cfe4dff4897273cb28906654
maven: org.apache.shindig:shindig-features:2.5.2 ✓
shindig-social-api-2.5.2.jar
File Path: /home/ciagent/.m2/repository/org/apache/shindig/shindig-social-api/2.5.2/shindig-social-api-2.5.2.jar
SHA1: d8eba76e26bc2e2c4b34d0ee4575816a27f26c96
MD5: eac1069ed022e9ba99b6d9703022cb99
maven: org.apache.shindig:shindig-social-api:2.5.2 ✓
shindig-gadgets-2.5.2.jar
File Path: /home/ciagent/.m2/repository/org/apache/shindig/shindig-gadgets/2.5.2/shindig-gadgets-2.5.2.jar
SHA1: ad7a540e121450a885d053c9edf59eae423a64c5
MD5: aaca1591b9f8b82ac1859b56184711b0
maven: org.apache.shindig:shindig-gadgets:2.5.2 ✓
filters-2.0.235.jar
Description: A collection of image processing filters.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/ciagent/.m2/repository/com/jhlabs/filters/2.0.235/filters-2.0.235.jar
MD5: d91073d6b28e2505e96620709626495f
SHA1: af6a2dfefef70f1ab2d7a8d1f8173f67e276b3f4
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid jhlabs Highest
Vendor central groupid com.jhlabs Highest
Vendor pom description A collection of image processing filters. Medium
Vendor Manifest Implementation-Vendor-Id com.jhlabs Medium
Vendor pom artifactid filters Low
Vendor pom url http://www.jhlabs.com/ip/index.html Highest
Vendor pom groupid com.jhlabs Highest
Vendor pom name JHLabs Image Processing Filters High
Vendor file name filters High
Product pom artifactid filters Highest
Product Manifest Implementation-Title JHLabs Image Processing Filters High
Product pom description A collection of image processing filters. Medium
Product central artifactid filters Highest
Product pom url http://www.jhlabs.com/ip/index.html Medium
Product pom groupid jhlabs Low
Product pom name JHLabs Image Processing Filters High
Product file name filters High
Product Manifest specification-title JHLabs Image Processing Filters Medium
Version file version 2.0.235 Highest
Version central version 2.0.235 Highest
Version Manifest Implementation-Version 2.0.235 High
Version pom version 2.0.235 Highest
Published Vulnerabilities
CVE-2005-0406 suppress
Severity:
Low
CVSS Score: 2.1
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.
Vulnerable Software & Versions:
CVE-2018-1000840 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
Processing Foundation Processing version 3.4 and earlier contains a XML External Entity (XXE) vulnerability in loadXML() function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use Processing to parse a crafted XML document.
Vulnerable Software & Versions:
simplecaptcha-1.1.1.Final-gatein-4.jar
File Path: /home/ciagent/.m2/repository/org/gatein/captcha/simplecaptcha/1.1.1.Final-gatein-4/simplecaptcha-1.1.1.Final-gatein-4.jar
MD5: a8b83c67e6fd04cd02d8ebcfd47348c1
SHA1: 964c53fedc87745494c5f8f2cd62b2548dbdeff5
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest build-timestamp Mon, 17 Jun 2013 09:04:01 +0200 Low
Vendor Manifest os-name Linux Medium
Vendor Manifest implementation-url www.gatein.org/simplecaptcha/ Low
Vendor pom parent-artifactid gatein-parent Low
Vendor pom parent-groupid org.gatein Medium
Vendor pom artifactid simplecaptcha Low
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor pom groupid gatein.captcha Highest
Vendor Manifest Implementation-Vendor JBoss by Red Hat High
Vendor pom name GateIn SimpleCaptcha High
Vendor Manifest specification-vendor JBoss by Red Hat Low
Vendor Manifest Implementation-Vendor-Id org.gatein.captcha Medium
Vendor pom groupid org.gatein.captcha Highest
Vendor file name simplecaptcha High
Product Manifest specification-title GateIn SimpleCaptcha Medium
Product Manifest build-timestamp Mon, 17 Jun 2013 09:04:01 +0200 Low
Product Manifest os-name Linux Medium
Product pom parent-groupid org.gatein Low
Product pom name GateIn SimpleCaptcha High
Product Manifest implementation-url www.gatein.org/simplecaptcha/ Low
Product Manifest Implementation-Title GateIn SimpleCaptcha High
Product pom groupid gatein.captcha Low
Product pom artifactid simplecaptcha Highest
Product pom parent-artifactid gatein-parent Medium
Product file name simplecaptcha High
Version Manifest Implementation-Version 1.1.1.Final-gatein-4 High
Version pom version 1.1.1.Final-gatein-4 Highest
maven: org.gatein.captcha:simplecaptcha:1.1.1.Final-gatein-4
Confidence :High
gatein-api-1.0.1.Final.jar
File Path: /home/ciagent/.m2/repository/org/gatein/api/gatein-api/1.0.1.Final/gatein-api-1.0.1.Final.jar
MD5: 04d51eb4e2734df16f83e514b7110000
SHA1: b67727b03994e6081e2e411804c25bd5d0d919a6
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest implementation-url www.gatein.org/gatein-api/ Low
Vendor Manifest os-name Linux Medium
Vendor pom parent-artifactid gatein-parent Low
Vendor pom parent-groupid org.gatein Medium
Vendor file name gatein-api High
Vendor Manifest build-timestamp Tue, 30 Jul 2013 09:10:07 -0400 Low
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor pom groupid gatein.api Highest
Vendor Manifest Implementation-Vendor JBoss by Red Hat High
Vendor pom artifactid gatein-api Low
Vendor central groupid org.gatein.api Highest
Vendor Manifest specification-vendor JBoss by Red Hat Low
Vendor pom groupid org.gatein.api Highest
Vendor Manifest Implementation-Vendor-Id org.gatein.api Medium
Product central artifactid gatein-api Highest
Product Manifest implementation-url www.gatein.org/gatein-api/ Low
Product Manifest os-name Linux Medium
Product pom parent-groupid org.gatein Low
Product Manifest specification-title gatein-api Medium
Product Manifest Implementation-Title gatein-api High
Product file name gatein-api High
Product pom groupid gatein.api Low
Product Manifest build-timestamp Tue, 30 Jul 2013 09:10:07 -0400 Low
Product pom artifactid gatein-api Highest
Product pom parent-artifactid gatein-parent Medium
Version file version 1.0.1 Highest
Version pom version 1.0.1.Final Highest
Version Manifest Implementation-Version 1.0.1.Final High
Version central version 1.0.1.Final Highest
aspectjrt-1.8.8.jar
Description: The runtime needed to execute a program using AspectJ
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: /home/ciagent/.m2/repository/org/aspectj/aspectjrt/1.8.8/aspectjrt-1.8.8.jar
MD5: 2e448cd7ae0bdc357cb2b6e892ba9c9d
SHA1: 7c5b26f24375685e34a50c2d765ebc40a96a5280
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid aspectj Highest
Vendor pom groupid org.aspectj Highest
Vendor file name aspectjrt High
Vendor pom artifactid aspectjrt Low
Vendor central groupid org.aspectj Highest
Vendor manifest: org/aspectj/lang/ Implementation-Vendor aspectj.org Medium
Vendor pom url http://www.aspectj.org Highest
Vendor pom name AspectJ runtime High
Vendor pom description The runtime needed to execute a program using AspectJ Medium
Product central artifactid aspectjrt Highest
Product pom artifactid aspectjrt Highest
Product file name aspectjrt High
Product pom groupid aspectj Low
Product manifest: org/aspectj/lang/ Implementation-Title org.aspectj.tools Medium
Product manifest: org/aspectj/lang/ Specification-Title AspectJ Runtime Classes Medium
Product pom name AspectJ runtime High
Product pom url http://www.aspectj.org Medium
Product pom description The runtime needed to execute a program using AspectJ Medium
Version central version 1.8.8 Highest
Version file version 1.8.8 Highest
Version pom version 1.8.8 Highest
guava-20.0.jar
Description:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/google/guava/guava/20.0/guava-20.0.jar
MD5: f32a8a2524620dbecc9f6bf6a20c293f
SHA1: 89507701249388e1ed5ddcf8c41f4ce1be7831ef
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor file name guava High
Vendor pom name Guava: Google Core Libraries for Java High
Vendor Manifest bundle-docurl https://github.com/google/guava/ Low
Vendor pom groupid com.google.guava Highest
Vendor pom parent-artifactid guava-parent Low
Vendor Manifest bundle-symbolicname com.google.guava Medium
Vendor pom parent-groupid com.google.guava Medium
Vendor manifest Bundle-Description Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec. Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor pom artifactid guava Low
Vendor pom description Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec. Low
Vendor pom groupid google.guava Highest
Vendor central groupid com.google.guava Highest
Product central artifactid guava Highest
Product file name guava High
Product pom name Guava: Google Core Libraries for Java High
Product Manifest bundle-docurl https://github.com/google/guava/ Low
Product pom artifactid guava Highest
Product Manifest bundle-symbolicname com.google.guava Medium
Product pom groupid google.guava Low
Product manifest Bundle-Description Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec. Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product pom parent-artifactid guava-parent Medium
Product pom description Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec. Low
Product pom parent-groupid com.google.guava Low
Product Manifest Bundle-Name Guava: Google Core Libraries for Java Medium
Version central version 20.0 Highest
Version file version 20.0 Highest
Version pom version 20.0 Highest
Published Vulnerabilities
CVE-2018-10237 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
Vulnerable Software & Versions: (show all )
owasp-java-html-sanitizer-20160413.1.jar
File Path: /home/ciagent/.m2/repository/com/googlecode/owasp-java-html-sanitizer/owasp-java-html-sanitizer/20160413.1/owasp-java-html-sanitizer-20160413.1.jar
MD5: f2dbfedbd7bea844cedc1fc1e95fca80
SHA1: 61780b5d65c39013d733b70b2d2968f72f83aa0a
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor jar package name html Low
Vendor file name owasp-java-html-sanitizer High
Vendor pom groupid googlecode.owasp-java-html-sanitizer Highest
Vendor pom parent-groupid com.googlecode.owasp-java-html-sanitizer Medium
Vendor central groupid com.googlecode.owasp-java-html-sanitizer Highest
Vendor jar package name owasp Low
Vendor pom name OWASP Java HTML Sanitizer High
Vendor pom artifactid owasp-java-html-sanitizer Low
Vendor pom parent-artifactid parent Low
Vendor pom groupid com.googlecode.owasp-java-html-sanitizer Highest
Product pom groupid googlecode.owasp-java-html-sanitizer Low
Product jar package name html Low
Product file name owasp-java-html-sanitizer High
Product pom parent-artifactid parent Medium
Product pom artifactid owasp-java-html-sanitizer Highest
Product pom name OWASP Java HTML Sanitizer High
Product central artifactid owasp-java-html-sanitizer Highest
Product pom parent-groupid com.googlecode.owasp-java-html-sanitizer Low
Version file version 20160413.1 Highest
Version central version 20160413.1 Highest
Version pom version 20160413.1 Highest
jrcs.diff-0.4.2.jar
File Path: /home/ciagent/.m2/repository/org/suigeneris/jrcs.diff/0.4.2/jrcs.diff-0.4.2.jar
MD5: a05e71b59b7099da7844fd3b5f38e299
SHA1: 6e8eea2281426cd791a64b348c0932c88b966f39
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor file name jrcs.diff High
Vendor pom artifactid jrcs.diff Low
Vendor pom groupid suigeneris Highest
Vendor jar package name diff Low
Vendor jar package name suigeneris Low
Vendor pom groupid org.suigeneris Highest
Vendor central groupid org.jvnet.hudson Highest
Vendor jar package name jrcs Low
Product pom groupid suigeneris Low
Product file name jrcs.diff High
Product jar package name diff Low
Product pom artifactid jrcs.diff Highest
Product central artifactid org.suigeneris.jrcs.diff Highest
Product jar package name jrcs Low
Version pom version 0.4.2 Highest
Version central version 0.4.2 Highest
Version file version 0.4.2 Highest
ecs-1.4.2.jar
File Path: /home/ciagent/.m2/repository/ecs/ecs/1.4.2/ecs-1.4.2.jar
MD5: 62d53be190ca9cbfe01bec9fc3396934
SHA1: f9bc5fdde56d60876c1785087ce2a301b4e4a676
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor central groupid ecs Highest
Vendor file name ecs High
Vendor jar package name apache Low
Vendor pom groupid ecs Highest
Vendor pom artifactid ecs Low
Vendor jar package name ecs Low
Product pom artifactid ecs Highest
Product file name ecs High
Product pom groupid ecs Low
Product central artifactid ecs Highest
Product jar package name ecs Low
Version central version 1.4.2 Highest
Version file version 1.4.2 Highest
Version pom version 1.4.2 Highest
jackson-core-2.9.8.jar
Description: Core Jackson processing abstractions (aka Streaming API), implementation for JSON
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.9.8/jackson-core-2.9.8.jar
MD5: 65831e4f46f29db904708e4b9cc72843
SHA1: 0f5a654e4675769c716e5b387830d19b501ca191
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid com.fasterxml.jackson.core Highest
Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low
Vendor pom name Jackson-core High
Vendor pom parent-groupid com.fasterxml.jackson Medium
Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium
Vendor manifest Bundle-Description Core Jackson processing abstractions (aka Streaming API), implementation for JSON Medium
Vendor central groupid com.fasterxml.jackson.core Highest
Vendor pom parent-artifactid jackson-base Low
Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium
Vendor pom url FasterXML/jackson-core Highest
Vendor file name jackson-core High
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor pom artifactid jackson-core Low
Vendor pom description Core Jackson processing abstractions (aka Streaming API), implementation for JSON Medium
Vendor Manifest automatic-module-name com.fasterxml.jackson.core Medium
Vendor Manifest specification-vendor FasterXML Low
Vendor pom groupid fasterxml.jackson.core Highest
Vendor Manifest implementation-build-date 2018-12-15 21:18:52+0000 Low
Vendor Manifest Implementation-Vendor FasterXML High
Product pom groupid fasterxml.jackson.core Low
Product pom artifactid jackson-core Highest
Product pom parent-groupid com.fasterxml.jackson Low
Product Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low
Product pom name Jackson-core High
Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium
Product manifest Bundle-Description Core Jackson processing abstractions (aka Streaming API), implementation for JSON Medium
Product file name jackson-core High
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product Manifest specification-title Jackson-core Medium
Product Manifest Bundle-Name Jackson-core Medium
Product pom description Core Jackson processing abstractions (aka Streaming API), implementation for JSON Medium
Product Manifest automatic-module-name com.fasterxml.jackson.core Medium
Product pom url FasterXML/jackson-core High
Product Manifest Implementation-Title Jackson-core High
Product central artifactid jackson-core Highest
Product Manifest implementation-build-date 2018-12-15 21:18:52+0000 Low
Product pom parent-artifactid jackson-base Medium
Version Manifest Implementation-Version 2.9.8 High
Version pom version 2.9.8 Highest
Version file version 2.9.8 Highest
Version central version 2.9.8 Highest
Related Dependencies
jackson-dataformat-yaml-2.9.8.jar
jackson-annotations-2.9.8.jar
File Path: /home/ciagent/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.9.8/jackson-annotations-2.9.8.jar
SHA1: ba7f0e6f8f1b28d251eeff2a5604bed34c53ff35
MD5: 25fed62a8553a51981b5225d703a23ef
maven: com.fasterxml.jackson.core:jackson-annotations:2.9.8 ✓
jackson-databind-2.9.8.jar
Description: General data-binding functionality for Jackson: works on core streaming API
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.8/jackson-databind-2.9.8.jar
MD5: 39271d9bb1cb7ec563925953b1fa9ff7
SHA1: 11283f21cc480aa86c4df7a0a3243ec508372ed2
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom name jackson-databind High
Vendor pom groupid com.fasterxml.jackson.core Highest
Vendor pom parent-groupid com.fasterxml.jackson Medium
Vendor pom description General data-binding functionality for Jackson: works on core streaming API Medium
Vendor central groupid com.fasterxml.jackson.core Highest
Vendor manifest Bundle-Description General data-binding functionality for Jackson: works on core streaming API Medium
Vendor pom parent-artifactid jackson-base Low
Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor Manifest automatic-module-name com.fasterxml.jackson.databind Medium
Vendor pom artifactid jackson-databind Low
Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium
Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low
Vendor Manifest implementation-build-date 2018-12-15 21:58:52+0000 Low
Vendor file name jackson-databind High
Vendor Manifest specification-vendor FasterXML Low
Vendor pom groupid fasterxml.jackson.core Highest
Vendor Manifest Implementation-Vendor FasterXML High
Vendor pom url http://github.com/FasterXML/jackson Highest
Product pom groupid fasterxml.jackson.core Low
Product pom name jackson-databind High
Product pom url http://github.com/FasterXML/jackson Medium
Product central artifactid jackson-databind Highest
Product pom parent-groupid com.fasterxml.jackson Low
Product Manifest Bundle-Name jackson-databind Medium
Product pom artifactid jackson-databind Highest
Product pom description General data-binding functionality for Jackson: works on core streaming API Medium
Product Manifest Implementation-Title jackson-databind High
Product manifest Bundle-Description General data-binding functionality for Jackson: works on core streaming API Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product Manifest automatic-module-name com.fasterxml.jackson.databind Medium
Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium
Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low
Product Manifest implementation-build-date 2018-12-15 21:58:52+0000 Low
Product file name jackson-databind High
Product pom parent-artifactid jackson-base Medium
Product Manifest specification-title jackson-databind Medium
Version Manifest Implementation-Version 2.9.8 High
Version pom version 2.9.8 Highest
Version file version 2.9.8 Highest
Version central version 2.9.8 Highest
Published Vulnerabilities
CVE-2019-12086 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.
Vulnerable Software & Versions: (show all )
CVE-2019-12384 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-502 Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.
CONFIRM - https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html
CONFIRM - https://security.netapp.com/advisory/ntap-20190703-0002/
MISC - https://blog.doyensec.com/2019/07/22/jackson-gadgets.html
MISC - https://doyensec.com/research.html
MISC - https://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aad
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
REDHAT - RHSA-2019:1820
Vulnerable Software & Versions: (show all )
CVE-2019-12814 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.
CONFIRM - https://github.com/FasterXML/jackson-databind/issues/2341
CONFIRM - https://security.netapp.com/advisory/ntap-20190625-0006/
MISC - https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
MLIST - [accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1
MLIST - [debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
MLIST - [zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
MLIST - [zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
MLIST - [zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
MLIST - [zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
MLIST - [zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
MLIST - [zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
MLIST - [zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
MLIST - [zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
MLIST - [zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
MLIST - [zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
MLIST - [zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
MLIST - [zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
MLIST - [zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
Vulnerable Software & Versions: (show all )
CVE-2019-14379 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used, leading to remote code execution.
CONFIRM - https://security.netapp.com/advisory/ntap-20190814-0001/
MISC - https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2
MISC - https://github.com/FasterXML/jackson-databind/issues/2387
MLIST - [ambari-commits] 20190813 [ambari] branch branch-2.7 updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379 (#3066)
MLIST - [ambari-commits] 20190813 [ambari] branch trunk updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379(trunk) (#3067)
MLIST - [debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update
MLIST - [pulsar-commits] 20190822 [GitHub] [pulsar] massakam opened a new pull request #5011: [security] Upgrade jackson-databind
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
Vulnerable Software & Versions: (show all )
CVE-2019-14439 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
CONFIRM - https://security.netapp.com/advisory/ntap-20190814-0001/
MISC - https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b
MISC - https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2
MISC - https://github.com/FasterXML/jackson-databind/issues/2389
MLIST - [debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
Vulnerable Software & Versions: (show all )
snakeyaml-1.23.jar
Description: YAML 1.1 parser and emitter for Java
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/yaml/snakeyaml/1.23/snakeyaml-1.23.jar
MD5: 64ec8bd26b6d5034a87ecb1c8ce0efdc
SHA1: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid org.yaml Highest
Vendor pom url http://www.snakeyaml.org Highest
Vendor file name snakeyaml High
Vendor pom groupid yaml Highest
Vendor pom name SnakeYAML High
Vendor Manifest bundle-symbolicname org.yaml.snakeyaml Medium
Vendor pom artifactid snakeyaml Low
Vendor pom description YAML 1.1 parser and emitter for Java Medium
Vendor manifest Bundle-Description YAML 1.1 parser and emitter for Java Medium
Vendor central groupid org.yaml Highest
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product pom url http://www.snakeyaml.org Medium
Product file name snakeyaml High
Product pom name SnakeYAML High
Product central artifactid snakeyaml Highest
Product Manifest bundle-symbolicname org.yaml.snakeyaml Medium
Product pom artifactid snakeyaml Highest
Product pom groupid yaml Low
Product pom description YAML 1.1 parser and emitter for Java Medium
Product manifest Bundle-Description YAML 1.1 parser and emitter for Java Medium
Product Manifest Bundle-Name SnakeYAML Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Version pom version 1.23 Highest
Version file version 1.23 Highest
Version central version 1.23 Highest
swagger-annotations-1.5.22.jar
Description: Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/
License:
http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/ciagent/.m2/repository/io/swagger/swagger-annotations/1.5.22/swagger-annotations-1.5.22.jar
MD5: 96beab010e2b2fb1d4950990377becc5
SHA1: df523e9a80cf653af6d37c777c4b1306e56b5ae7
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid swagger-project Low
Vendor Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-annotations Low
Vendor central groupid io.swagger Highest
Vendor manifest Bundle-Description Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/ Medium
Vendor pom artifactid swagger-annotations Low
Vendor pom name swagger-annotations High
Vendor pom groupid io.swagger Highest
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor file name swagger-annotations High
Vendor Manifest bundle-symbolicname io.swagger.annotations Medium
Product Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-annotations Low
Product manifest Bundle-Description Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/ Medium
Product pom groupid io.swagger Low
Product pom name swagger-annotations High
Product central artifactid swagger-annotations Highest
Product pom parent-artifactid swagger-project Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product Manifest Bundle-Name swagger-annotations Medium
Product pom artifactid swagger-annotations Highest
Product file name swagger-annotations High
Product Manifest bundle-symbolicname io.swagger.annotations Medium
Version pom version 1.5.22 Highest
Version file version 1.5.22 Highest
Version central version 1.5.22 Highest
swagger-models-1.5.22.jar
Description: Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/
License:
http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/ciagent/.m2/repository/io/swagger/swagger-models/1.5.22/swagger-models-1.5.22.jar
MD5: 9fdf1034b4bf5761a2c4240a63d31dca
SHA1: b5c0217a9056995faaadc89fe970de7e9154f3db
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid swagger-project Low
Vendor file name swagger-models High
Vendor Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-models Low
Vendor central groupid io.swagger Highest
Vendor manifest Bundle-Description Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/ Medium
Vendor pom groupid io.swagger Highest
Vendor Manifest bundle-symbolicname io.swagger.models Medium
Vendor pom name swagger-models High
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor pom artifactid swagger-models Low
Product file name swagger-models High
Product Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-models Low
Product pom artifactid swagger-models Highest
Product manifest Bundle-Description Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/ Medium
Product pom groupid io.swagger Low
Product Manifest Bundle-Name swagger-models Medium
Product Manifest bundle-symbolicname io.swagger.models Medium
Product pom parent-artifactid swagger-project Medium
Product pom name swagger-models High
Product central artifactid swagger-models Highest
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Version pom version 1.5.22 Highest
Version file version 1.5.22 Highest
Version central version 1.5.22 Highest
validation-api-1.1.0.Final.jar
Description:
Bean Validation API
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/javax/validation/validation-api/1.1.0.Final/validation-api-1.1.0.Final.jar
MD5: 4c257f52462860b62ab3cdab45f53082
SHA1: 8613ae82954779d518631e05daa73a6a954817d5
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor manifest Bundle-Description Bean Validation API Medium
Vendor central groupid javax.validation Highest
Vendor pom url http://beanvalidation.org Highest
Vendor pom artifactid validation-api Low
Vendor pom name Bean Validation API High
Vendor pom groupid javax.validation Highest
Vendor Manifest bundle-symbolicname javax.validation.api Medium
Vendor file name validation-api High
Vendor pom description
Bean Validation API
Medium
Product pom artifactid validation-api Highest
Product manifest Bundle-Description Bean Validation API Medium
Product pom name Bean Validation API High
Product Manifest Bundle-Name Bean Validation API Medium
Product central artifactid validation-api Highest
Product Manifest bundle-symbolicname javax.validation.api Medium
Product file name validation-api High
Product pom description
Bean Validation API
Medium
Product pom groupid javax.validation Low
Product pom url http://beanvalidation.org Medium
Version file version 1.1.0 Highest
Version central version 1.1.0.Final Highest
Version pom version 1.1.0.Final Highest
swagger-core-1.5.22.jar
Description: Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/
License:
http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/ciagent/.m2/repository/io/swagger/swagger-core/1.5.22/swagger-core-1.5.22.jar
MD5: 9516f1c7020f33614275e68774b5053b
SHA1: b4d972553208dc594dcf5022553c0726cb02e231
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid swagger-project Low
Vendor central groupid io.swagger Highest
Vendor manifest Bundle-Description Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/ Medium
Vendor Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-core Low
Vendor file name swagger-core High
Vendor Manifest bundle-symbolicname io.swagger.core Medium
Vendor pom groupid io.swagger Highest
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor pom artifactid swagger-core Low
Vendor pom name swagger-core High
Product pom artifactid swagger-core Highest
Product manifest Bundle-Description Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/ Medium
Product Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-core Low
Product central artifactid swagger-core Highest
Product pom groupid io.swagger Low
Product file name swagger-core High
Product Manifest bundle-symbolicname io.swagger.core Medium
Product Manifest Bundle-Name swagger-core Medium
Product pom parent-artifactid swagger-project Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product pom name swagger-core High
Version pom version 1.5.22 Highest
Version file version 1.5.22 Highest
Version central version 1.5.22 Highest
reflections-0.9.11.jar
Description: Reflections - a Java runtime metadata analysis
License:
WTFPL: http://www.wtfpl.net/
The New BSD License: http://www.opensource.org/licenses/bsd-license.html
File Path: /home/ciagent/.m2/repository/org/reflections/reflections/0.9.11/reflections-0.9.11.jar
MD5: aca303b243a6c2225685b992ceea1cb3
SHA1: 4c686033d918ec1727e329b7222fcb020152e32b
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom artifactid reflections Low
Vendor manifest Bundle-Description Reflections - a Java runtime metadata analysis Medium
Vendor central groupid org.reflections Highest
Vendor file name reflections High
Vendor pom description Reflections - a Java runtime metadata analysis Medium
Vendor pom name Reflections High
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor pom groupid reflections Highest
Vendor pom url http://github.com/ronmamo/reflections Highest
Vendor Manifest bundle-symbolicname org.reflections Medium
Vendor pom groupid org.reflections Highest
Product pom artifactid reflections Highest
Product pom groupid reflections Low
Product Manifest Bundle-Name Reflections Medium
Product manifest Bundle-Description Reflections - a Java runtime metadata analysis Medium
Product file name reflections High
Product pom description Reflections - a Java runtime metadata analysis Medium
Product pom name Reflections High
Product central artifactid reflections Highest
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product pom url http://github.com/ronmamo/reflections Medium
Product Manifest bundle-symbolicname org.reflections Medium
Version pom version 0.9.11 Highest
Version file version 0.9.11 Highest
Version central version 0.9.11 Highest
swagger-jaxrs-1.5.22.jar
Description: Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/
License:
http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/ciagent/.m2/repository/io/swagger/swagger-jaxrs/1.5.22/swagger-jaxrs-1.5.22.jar
MD5: cb6444b29892967b52eaaf4788dee566
SHA1: 0ceff7bcb0d1d47d4308843989ce10a9c8ee4dc0
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid swagger-project Low
Vendor Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-jaxrs Low
Vendor central groupid io.swagger Highest
Vendor manifest Bundle-Description Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/ Medium
Vendor pom groupid io.swagger Highest
Vendor file name swagger-jaxrs High
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor Manifest bundle-symbolicname io.swagger.jaxrs Medium
Vendor pom name swagger-jaxrs High
Vendor pom artifactid swagger-jaxrs Low
Product pom artifactid swagger-jaxrs Highest
Product Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-jaxrs Low
Product manifest Bundle-Description Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/ Medium
Product pom groupid io.swagger Low
Product Manifest Bundle-Name swagger-jaxrs Medium
Product pom parent-artifactid swagger-project Medium
Product file name swagger-jaxrs High
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product Manifest bundle-symbolicname io.swagger.jaxrs Medium
Product pom name swagger-jaxrs High
Product central artifactid swagger-jaxrs Highest
Version pom version 1.5.22 Highest
Version file version 1.5.22 Highest
Version central version 1.5.22 Highest
commons-component-common-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-component-common/5.3.x-SNAPSHOT/commons-component-common-5.3.x-SNAPSHOT.jar
MD5: 245804f27b80919142dced673ab44dd3
SHA1: 816f6f21367594b89e6b7ae0ceeaa464b30d9fcd
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.exoplatform.commons Medium
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom artifactid commons-component-common Low
Vendor pom groupid exoplatform.commons Highest
Vendor pom groupid org.exoplatform.commons Highest
Vendor Manifest date 2019-09-06T11:21:29Z Low
Vendor pom parent-artifactid commons Low
Vendor Manifest implementation-url https://projects.exoplatform.org/commons/commons-component-common Low
Vendor pom name eXo PLF:: Commons - Common Services High
Vendor Manifest Implementation-Vendor-Id org.exoplatform.commons Medium
Vendor file name commons-component-common High
Product Manifest specification-title eXo PLF:: Commons - Common Services Medium
Product Manifest implementation-url https://projects.exoplatform.org/commons/commons-component-common Low
Product pom name eXo PLF:: Commons - Common Services High
Product pom parent-artifactid commons Medium
Product file name commons-component-common High
Product pom parent-groupid org.exoplatform.commons Low
Product Manifest date 2019-09-06T11:21:29Z Low
Product pom artifactid commons-component-common Highest
Product pom groupid exoplatform.commons Low
Product Manifest Implementation-Title eXo PLF:: Commons - Common Services High
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
maven: org.exoplatform.commons:commons-component-common:5.3.x-SNAPSHOT
Confidence :High
exo.kernel.component.cache-5.3.x-SNAPSHOT.jar
Description: Implementation of Cache Service of Exoplatform SAS 'eXo Kernel' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.component.cache/5.3.x-SNAPSHOT/exo.kernel.component.cache-5.3.x-SNAPSHOT.jar
MD5: d246da05cfe23217bb9ec089e25edf65
SHA1: 26e5d60fdb52a55b953749ae88f0bf9992a313f7
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom name eXo PLF:: Kernel :: Component :: Cache Service High
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor pom parent-artifactid kernel-parent Low
Vendor pom description Implementation of Cache Service of Exoplatform SAS 'eXo Kernel' project. Medium
Vendor pom artifactid exo.kernel.component.cache Low
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor Manifest Implementation-Vendor-Id org.exoplatform.kernel Medium
Vendor pom parent-groupid org.exoplatform.kernel Medium
Vendor file name exo.kernel.component.cache High
Vendor pom groupid org.exoplatform.kernel Highest
Vendor pom groupid exoplatform.kernel Highest
Product pom name eXo PLF:: Kernel :: Component :: Cache Service High
Product pom description Implementation of Cache Service of Exoplatform SAS 'eXo Kernel' project. Medium
Product pom groupid exoplatform.kernel Low
Product pom artifactid exo.kernel.component.cache Highest
Product Manifest specification-title exo-kernel Medium
Product file name exo.kernel.component.cache High
Product pom parent-artifactid kernel-parent Medium
Product Manifest Implementation-Title eXo PLF:: Kernel :: Component :: Cache Service High
Product pom parent-groupid org.exoplatform.kernel Low
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
maven: org.exoplatform.kernel:exo.kernel.component.cache:5.3.x-SNAPSHOT
Confidence :High
antlr-2.7.7.jar
Description:
A framework for constructing recognizers, compilers,
and translators from grammatical descriptions containing
Java, C#, C++, or Python actions.
License:
BSD License: http://www.antlr.org/license.html
File Path: /home/ciagent/.m2/repository/antlr/antlr/2.7.7/antlr-2.7.7.jar
MD5: f8f1352c52a4c6a500b597596501fc64
SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor file name antlr High
Vendor pom artifactid antlr Low
Vendor jar package name antlr Low
Vendor pom description A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions. Low
Vendor central groupid antlr Highest
Vendor pom name AntLR Parser Generator High
Vendor pom groupid antlr Highest
Vendor pom url http://www.antlr.org/ Highest
Product file name antlr High
Product pom description A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions. Low
Product pom artifactid antlr Highest
Product pom groupid antlr Low
Product pom name AntLR Parser Generator High
Product pom url http://www.antlr.org/ Medium
Product central artifactid antlr Highest
Version file version 2.7.7 Highest
Version central version 2.7.7 Highest
Version pom version 2.7.7 Highest
dom4j-1.6.1.jar
Description: dom4j: the flexible XML framework for Java
File Path: /home/ciagent/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar
MD5: 4d8f51d3fe3900efc6e395be48030d6d
SHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom artifactid dom4j Low
Vendor pom name dom4j High
Vendor central groupid org.zenframework.z8.dependencies.commons High
Vendor pom organization url http://sourceforge.net/projects/dom4j Medium
Vendor central groupid dom4j High
Vendor file name dom4j High
Vendor pom description dom4j: the flexible XML framework for Java Medium
Vendor pom groupid dom4j Highest
Vendor Manifest extension-name dom4j Medium
Vendor Manifest Implementation-Vendor MetaStuff Ltd. High
Vendor Manifest specification-vendor MetaStuff Ltd. Low
Vendor pom organization name MetaStuff Ltd. High
Vendor pom url http://dom4j.org Highest
Product pom artifactid dom4j Highest
Product pom organization name MetaStuff Ltd. Low
Product Manifest specification-title dom4j : XML framework for Java Medium
Product central artifactid dom4j High
Product pom name dom4j High
Product pom url http://dom4j.org Medium
Product pom groupid dom4j Low
Product Manifest Implementation-Title org.dom4j High
Product file name dom4j High
Product central artifactid dom4j-1.6.1 High
Product pom organization url http://sourceforge.net/projects/dom4j Low
Product pom description dom4j: the flexible XML framework for Java Medium
Product Manifest extension-name dom4j Medium
Version pom version 1.6.1 Highest
Version file version 1.6.1 Highest
Version central version 2.0 High
Version Manifest Implementation-Version 1.6.1 High
Version central version 1.6.1 High
Published Vulnerabilities
CVE-2018-1000632 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-91 XML Injection (aka Blind XPath Injection)
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
Vulnerable Software & Versions: (show all )
hibernate-jpa-2.0-api-1.0.1.Final.jar
Description:
Hibernate definition of the Java Persistence 2.0 (JSR 317) API.
License:
license.txt
File Path: /home/ciagent/.m2/repository/org/hibernate/javax/persistence/hibernate-jpa-2.0-api/1.0.1.Final/hibernate-jpa-2.0-api-1.0.1.Final.jar
MD5: d7e7d8f60fc44a127ba702d43e71abec
SHA1: 3306a165afa81938fc3d8a0948e891de9f6b192b
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor hibernate.org High
Vendor pom groupid hibernate.javax.persistence Highest
Vendor file name hibernate-jpa-2.0-api-1.0.1.Final High
Vendor pom organization url http://hibernate.org Medium
Vendor pom artifactid hibernate-jpa-2.0-api Low
Vendor pom organization name Hibernate.org High
Vendor pom name JPA 2.0 API High
Vendor pom groupid org.hibernate.javax.persistence Highest
Vendor pom url http://hibernate.org Highest
Vendor pom description
Hibernate definition of the Java Persistence 2.0 (JSR 317) API.
Medium
Vendor Manifest specification-vendor Sun Microsystems, Inc. Low
Vendor central groupid org.hibernate.javax.persistence Highest
Product pom groupid hibernate.javax.persistence Low
Product central artifactid hibernate-jpa-2.0-api Highest
Product file name hibernate-jpa-2.0-api-1.0.1.Final High
Product Manifest specification-title Java Persistence API, Version 2.0 Medium
Product pom url http://hibernate.org Medium
Product pom artifactid hibernate-jpa-2.0-api Highest
Product Manifest Implementation-Title JPA API High
Product pom description
Hibernate definition of the Java Persistence 2.0 (JSR 317) API.
Medium
Product pom organization url http://hibernate.org Low
Product pom organization name Hibernate.org Low
Product pom name JPA 2.0 API High
Version pom version 1.0.1.Final Highest
Version Manifest Implementation-Version 1.0.1.Final High
Version central version 1.0.1.Final Highest
jboss-logging-annotations-1.2.0.Beta1.jar
File Path: /home/ciagent/.m2/repository/org/jboss/logging/jboss-logging-annotations/1.2.0.Beta1/jboss-logging-annotations-1.2.0.Beta1.jar
MD5: 938e552e319015a8863dd91284aada54
SHA1: 2f437f37bb265d9f8f1392823dbca12d2bec06d6
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor-Id org.jboss.logging Medium
Vendor pom artifactid jboss-logging-annotations Low
Vendor Manifest os-name Linux Medium
Vendor pom parent-artifactid jboss-logging-tools-parent Low
Vendor pom groupid jboss.logging Highest
Vendor Manifest build-timestamp Tue, 18 Jun 2013 18:41:43 -0500 Low
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor pom groupid org.jboss.logging Highest
Vendor Manifest implementation-url http://www.jboss.org/jboss-logging-tools-parent/jboss-logging-annotations Low
Vendor central groupid org.jboss.logging Highest
Vendor Manifest Implementation-Vendor JBoss by Red Hat High
Vendor file name jboss-logging-annotations High
Vendor pom parent-groupid org.jboss.logging Medium
Vendor Manifest specification-vendor JBoss by Red Hat Low
Vendor pom name JBoss Logging I18n Annotations High
Product pom artifactid jboss-logging-annotations Highest
Product pom groupid jboss.logging Low
Product Manifest os-name Linux Medium
Product Manifest build-timestamp Tue, 18 Jun 2013 18:41:43 -0500 Low
Product Manifest specification-title JBoss Logging I18n Annotations Medium
Product Manifest implementation-url http://www.jboss.org/jboss-logging-tools-parent/jboss-logging-annotations Low
Product pom parent-groupid org.jboss.logging Low
Product file name jboss-logging-annotations High
Product central artifactid jboss-logging-annotations Highest
Product Manifest Implementation-Title JBoss Logging I18n Annotations High
Product pom parent-artifactid jboss-logging-tools-parent Medium
Product pom name JBoss Logging I18n Annotations High
Version Manifest Implementation-Version 1.2.0.Beta1 High
Version pom version 1.2.0.Beta1 Highest
Version central version 1.2.0.Beta1 Highest
hibernate-commons-annotations-4.0.5.Final.jar
Description: Common reflection code used in support of annotation processing
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/ciagent/.m2/repository/org/hibernate/common/hibernate-commons-annotations/4.0.5.Final/hibernate-commons-annotations-4.0.5.Final.jar
MD5: 5dadbafd7c7bc1168c10a2ba87e927a2
SHA1: 2a581b9edb8168e45060d8bad8b7f46712d2c52c
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor Hibernate.org High
Vendor pom groupid hibernate.common Highest
Vendor pom description Common reflection code used in support of annotation processing Medium
Vendor pom groupid org.hibernate.common Highest
Vendor pom artifactid hibernate-commons-annotations Low
Vendor pom organization url http://hibernate.org Medium
Vendor pom name Hibernate Commons Annotations High
Vendor pom organization name Hibernate.org High
Vendor central groupid org.hibernate.common Highest
Vendor Manifest implementation-url http://hibernate.org Low
Vendor file name hibernate-commons-annotations High
Vendor pom url http://hibernate.org Highest
Vendor Manifest Implementation-Vendor-Id org.hibernate Medium
Vendor Manifest bundle-symbolicname org.hibernate.common.hibernate-commons-annotations Medium
Product pom description Common reflection code used in support of annotation processing Medium
Product pom name Hibernate Commons Annotations High
Product pom groupid hibernate.common Low
Product Manifest implementation-url http://hibernate.org Low
Product Manifest Bundle-Name hibernate-commons-annotations Medium
Product file name hibernate-commons-annotations High
Product central artifactid hibernate-commons-annotations Highest
Product pom url http://hibernate.org Medium
Product pom artifactid hibernate-commons-annotations Highest
Product Manifest bundle-symbolicname org.hibernate.common.hibernate-commons-annotations Medium
Product pom organization url http://hibernate.org Low
Product pom organization name Hibernate.org Low
Version central version 4.0.5.Final Highest
Version file version 4.0.5 Highest
Version pom version 4.0.5.Final Highest
Version Manifest Implementation-Version 4.0.5.Final High
hibernate-core-4.2.21.Final.jar
Description: A module of the Hibernate O/RM project
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/ciagent/.m2/repository/org/hibernate/hibernate-core/4.2.21.Final/hibernate-core-4.2.21.Final.jar
MD5: 492567c1f36fb3a5968ca2d3c452edaf
SHA1: bb587d00287c13d9e4324bc76c13abbd493efa81
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor Hibernate.org High
Vendor pom groupid org.hibernate Highest
Vendor pom organization url http://hibernate.org Medium
Vendor pom organization name Hibernate.org High
Vendor file name hibernate-core High
Vendor pom artifactid hibernate-core Low
Vendor central groupid org.hibernate Highest
Vendor Manifest implementation-url http://hibernate.org Low
Vendor Manifest bundle-symbolicname org.hibernate.core Medium
Vendor pom groupid hibernate Highest
Vendor pom description A module of the Hibernate O/RM project Medium
Vendor pom url http://hibernate.org Highest
Vendor Manifest Implementation-Vendor-Id org.hibernate Medium
Vendor manifest Bundle-Description Hibernate ORM Core Medium
Vendor pom name A Hibernate O/RM Module High
Product file name hibernate-core High
Product Manifest implementation-url http://hibernate.org Low
Product Manifest bundle-symbolicname org.hibernate.core Medium
Product pom groupid hibernate Low
Product pom description A module of the Hibernate O/RM project Medium
Product central artifactid hibernate-core Highest
Product pom url http://hibernate.org Medium
Product manifest Bundle-Description Hibernate ORM Core Medium
Product Manifest Bundle-Name hibernate-core Medium
Product pom organization url http://hibernate.org Low
Product pom artifactid hibernate-core Highest
Product pom organization name Hibernate.org Low
Product pom name A Hibernate O/RM Module High
Version Manifest Implementation-Version 4.2.21.Final High
Version file version 4.2.21 Highest
Version pom version 4.2.21.Final Highest
Version central version 4.2.21.Final Highest
jakarta-regexp-1.4.jar
File Path: /home/ciagent/.m2/repository/jakarta-regexp/jakarta-regexp/1.4/jakarta-regexp-1.4.jar
MD5: 5d8b8c601c21b37aa6142d38f45c0297
SHA1: 0ea514a179ac1dd7e81c7e6594468b9b9910d298
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor jar package name regexp Low
Vendor central groupid jakarta-regexp Highest
Vendor pom artifactid jakarta-regexp Low
Vendor jar package name apache Low
Vendor pom groupid jakarta-regexp Highest
Vendor file name jakarta-regexp High
Product jar package name regexp Low
Product pom artifactid jakarta-regexp Highest
Product pom groupid jakarta-regexp Low
Product central artifactid jakarta-regexp Highest
Product file name jakarta-regexp High
Version file version 1.4 Highest
Version central version 1.4 Highest
Version pom version 1.4 Highest
xpp3-1.1.6.jar
Description: XML Pull parser library developed by Extreme Computing Lab, Indiana University
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/ogce/xpp3/1.1.6/xpp3-1.1.6.jar
MD5: 626a429318310e92e3466151e050bdc5
SHA1: dc87e00ddb69341b46a3eb1c331c6fcebf6c8546
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor jar package name v1 Low
Vendor pom url http://www.extreme.indiana.edu/xpp/ Highest
Vendor file name xpp3 High
Vendor pom artifactid xpp3 Low
Vendor pom groupid ogce Highest
Vendor jar package name xmlpull Low
Vendor central groupid org.ogce Highest
Vendor pom name XPP3 High
Vendor pom groupid org.ogce Highest
Vendor jar package name builder Low
Vendor pom description XML Pull parser library developed by Extreme Computing Lab, Indiana University Medium
Product jar package name v1 Low
Product pom url http://www.extreme.indiana.edu/xpp/ Medium
Product file name xpp3 High
Product jar package name xpath Low
Product central artifactid xpp3 Highest
Product pom name XPP3 High
Product pom groupid ogce Low
Product jar package name builder Low
Product pom artifactid xpp3 Highest
Product pom description XML Pull parser library developed by Extreme Computing Lab, Indiana University Medium
Version file version 1.1.6 Highest
Version central version 1.1.6 Highest
Version pom version 1.1.6 Highest
exo.core.component.organization.api-5.3.x-SNAPSHOT.jar
Description: API of Organization Service of Exoplatform SAS 'eXo Core' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.organization.api/5.3.x-SNAPSHOT/exo.core.component.organization.api-5.3.x-SNAPSHOT.jar
MD5: a322059283b3d334deaf17f6206a0fb7
SHA1: f50faa1d5facbc878c883845e348483c487a4629
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.exoplatform.core Medium
Vendor Manifest Implementation-Vendor-Id org.exoplatform.core Medium
Vendor file name exo.core.component.organization.api High
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor pom groupid exoplatform.core Highest
Vendor pom name eXo PLF Core :: Component :: Organization Service API High
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom groupid org.exoplatform.core Highest
Vendor pom artifactid exo.core.component.organization.api Low
Vendor pom parent-artifactid core-parent Low
Vendor pom description API of Organization Service of Exoplatform SAS 'eXo Core' project. Medium
Product Manifest Implementation-Title eXo PLF Core :: Component :: Organization Service API High
Product pom artifactid exo.core.component.organization.api Highest
Product file name exo.core.component.organization.api High
Product pom parent-artifactid core-parent Medium
Product pom name eXo PLF Core :: Component :: Organization Service API High
Product Manifest specification-title exo-core Medium
Product pom groupid exoplatform.core Low
Product pom parent-groupid org.exoplatform.core Low
Product pom description API of Organization Service of Exoplatform SAS 'eXo Core' project. Medium
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
cpe: cpe:/a:api-platform:core:5.3
Confidence :Low
suppress
maven: org.exoplatform.core:exo.core.component.organization.api:5.3.x-SNAPSHOT
Confidence :High
exo.core.component.security.core-5.3.x-SNAPSHOT.jar
Description: Implementation of 'eXo Security' component of Exoplatform SAS 'eXo Core' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.security.core/5.3.x-SNAPSHOT/exo.core.component.security.core-5.3.x-SNAPSHOT.jar
MD5: 071993a644f6709e1c5a36f6f093633e
SHA1: c5246451a7c9a95dbabcfe7495c6231e4ae9b849
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.exoplatform.core Medium
Vendor pom description Implementation of 'eXo Security' component of Exoplatform SAS 'eXo Core' project. Medium
Vendor Manifest Implementation-Vendor-Id org.exoplatform.core Medium
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor pom groupid exoplatform.core Highest
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom artifactid exo.core.component.security.core Low
Vendor file name exo.core.component.security.core High
Vendor pom groupid org.exoplatform.core Highest
Vendor pom parent-artifactid core-parent Low
Vendor pom name eXo PLF Core :: Component :: Security Service High
Product pom artifactid exo.core.component.security.core Highest
Product pom description Implementation of 'eXo Security' component of Exoplatform SAS 'eXo Core' project. Medium
Product Manifest Implementation-Title eXo PLF Core :: Component :: Security Service High
Product pom parent-artifactid core-parent Medium
Product Manifest specification-title exo-core Medium
Product file name exo.core.component.security.core High
Product pom groupid exoplatform.core Low
Product pom parent-groupid org.exoplatform.core Low
Product pom name eXo PLF Core :: Component :: Security Service High
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
maven: org.exoplatform.core:exo.core.component.security.core:5.3.x-SNAPSHOT
Confidence :High
fontbox-1.8.14.jar
Description:
The Apache FontBox library is an open source Java tool to obtain low level information
from font files. FontBox is a subproject of Apache PDFBox.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/pdfbox/fontbox/1.8.14/fontbox-1.8.14.jar
MD5: 901640f7e2bd12508ae4a7cccba3df79
SHA1: 9c7caec614a6a132bedc83f1d6d247bb96ca0df3
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom description The Apache FontBox library is an open source Java tool to obtain low level information from font files. FontBox is a subproject of Apache PDFBox. Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom artifactid fontbox Low
Vendor Manifest bundle-symbolicname org.apache.pdfbox.fontbox Medium
Vendor pom name Apache FontBox High
Vendor central groupid org.apache.pdfbox Highest
Vendor manifest Bundle-Description The Apache FontBox library is an open source Java tool to obtain low level information from font files. FontBox is a subproject of Apache PDFBox. Low
Vendor Manifest Implementation-Vendor-Id org.apache.pdfbox Medium
Vendor pom parent-artifactid pdfbox-parent Low
Vendor pom groupid org.apache.pdfbox Highest
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Vendor file name fontbox High
Vendor Manifest bundle-docurl http://pdfbox.apache.org Low
Vendor pom groupid apache.pdfbox Highest
Vendor pom url http://pdfbox.apache.org/ Highest
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom parent-groupid org.apache.pdfbox Medium
Product pom description The Apache FontBox library is an open source Java tool to obtain low level information from font files. FontBox is a subproject of Apache PDFBox. Low
Product Manifest Bundle-Name Apache FontBox Medium
Product Manifest bundle-symbolicname org.apache.pdfbox.fontbox Medium
Product pom groupid apache.pdfbox Low
Product pom name Apache FontBox High
Product pom artifactid fontbox Highest
Product manifest Bundle-Description The Apache FontBox library is an open source Java tool to obtain low level information from font files. FontBox is a subproject of Apache PDFBox. Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Product pom parent-groupid org.apache.pdfbox Low
Product Manifest Implementation-Title Apache FontBox High
Product file name fontbox High
Product pom url http://pdfbox.apache.org/ Medium
Product Manifest bundle-docurl http://pdfbox.apache.org Low
Product pom parent-artifactid pdfbox-parent Medium
Product central artifactid fontbox Highest
Product Manifest specification-title Apache FontBox Medium
Version file version 1.8.14 Highest
Version central version 1.8.14 Highest
Version pom version 1.8.14 Highest
Version Manifest Implementation-Version 1.8.14 High
Published Vulnerabilities
CVE-2018-11797 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.
Vulnerable Software & Versions: (show all )
CVE-2018-8036 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
Vulnerable Software & Versions: (show all )
jempbox-1.8.14.jar
Description:
The Apache JempBox library is an open source Java tool that implements Adobe's XMP(TM)
specification. JempBox is a subproject of Apache PDFBox.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/pdfbox/jempbox/1.8.14/jempbox-1.8.14.jar
MD5: 393135759731daf4e301903b3de2fbbb
SHA1: 7f94c7cd4efc21e78729436cc4cf0c09eeea0f38
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor file name jempbox High
Vendor pom description The Apache JempBox library is an open source Java tool that implements Adobe's XMP(TM) specification. JempBox is a subproject of Apache PDFBox. Low
Vendor central groupid org.apache.pdfbox Highest
Vendor manifest Bundle-Description The Apache JempBox library is an open source Java tool that implements Adobe's XMP(TM) specification. JempBox is a subproject of Apache PDFBox. Low
Vendor Manifest Implementation-Vendor-Id org.apache.pdfbox Medium
Vendor pom name Apache JempBox High
Vendor pom parent-artifactid pdfbox-parent Low
Vendor pom groupid org.apache.pdfbox Highest
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Vendor Manifest bundle-docurl http://pdfbox.apache.org Low
Vendor pom groupid apache.pdfbox Highest
Vendor Manifest bundle-symbolicname org.apache.pdfbox.jempbox Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom parent-groupid org.apache.pdfbox Medium
Vendor pom artifactid jempbox Low
Product file name jempbox High
Product Manifest Bundle-Name Apache JempBox Medium
Product pom description The Apache JempBox library is an open source Java tool that implements Adobe's XMP(TM) specification. JempBox is a subproject of Apache PDFBox. Low
Product pom groupid apache.pdfbox Low
Product manifest Bundle-Description The Apache JempBox library is an open source Java tool that implements Adobe's XMP(TM) specification. JempBox is a subproject of Apache PDFBox. Low
Product pom name Apache JempBox High
Product pom artifactid jempbox Highest
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Product pom parent-groupid org.apache.pdfbox Low
Product Manifest Implementation-Title Apache JempBox High
Product central artifactid jempbox Highest
Product Manifest bundle-docurl http://pdfbox.apache.org Low
Product Manifest bundle-symbolicname org.apache.pdfbox.jempbox Medium
Product pom parent-artifactid pdfbox-parent Medium
Product Manifest specification-title Apache JempBox Medium
Version file version 1.8.14 Highest
Version central version 1.8.14 Highest
Version pom version 1.8.14 Highest
Version Manifest Implementation-Version 1.8.14 High
Published Vulnerabilities
CVE-2018-11797 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.
Vulnerable Software & Versions: (show all )
CVE-2018-8036 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
Vulnerable Software & Versions: (show all )
pdfbox-1.8.14.jar
Description:
The Apache PDFBox library is an open source Java tool for working with PDF documents.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/pdfbox/pdfbox/1.8.14/pdfbox-1.8.14.jar
MD5: c90740e185fc2f8013d1119f509ea4f3
SHA1: 7550298240c8540b721733ede6dc88fcf4fa2b0f
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor Manifest bundle-symbolicname org.apache.pdfbox Medium
Vendor central groupid org.apache.pdfbox Highest
Vendor Manifest Implementation-Vendor-Id org.apache.pdfbox Medium
Vendor pom parent-artifactid pdfbox-parent Low
Vendor pom groupid org.apache.pdfbox Highest
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Vendor pom artifactid pdfbox Low
Vendor Manifest bundle-docurl http://pdfbox.apache.org Low
Vendor pom groupid apache.pdfbox Highest
Vendor pom description
The Apache PDFBox library is an open source Java tool for working with PDF documents.
Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom parent-groupid org.apache.pdfbox Medium
Vendor pom name Apache PDFBox High
Vendor manifest Bundle-Description The Apache PDFBox library is an open source Java tool for working with PDF documents. Medium
Vendor file name pdfbox High
Product Manifest Implementation-Title Apache PDFBox High
Product Manifest bundle-symbolicname org.apache.pdfbox Medium
Product pom groupid apache.pdfbox Low
Product central artifactid pdfbox Highest
Product Manifest Bundle-Name Apache PDFBox Medium
Product pom artifactid pdfbox Highest
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Product pom parent-groupid org.apache.pdfbox Low
Product Manifest specification-title Apache PDFBox Medium
Product Manifest bundle-docurl http://pdfbox.apache.org Low
Product pom parent-artifactid pdfbox-parent Medium
Product pom description
The Apache PDFBox library is an open source Java tool for working with PDF documents.
Medium
Product pom name Apache PDFBox High
Product manifest Bundle-Description The Apache PDFBox library is an open source Java tool for working with PDF documents. Medium
Product file name pdfbox High
Version file version 1.8.14 Highest
Version central version 1.8.14 Highest
Version pom version 1.8.14 Highest
Version Manifest Implementation-Version 1.8.14 High
Published Vulnerabilities
CVE-2018-11797 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.
Vulnerable Software & Versions: (show all )
CVE-2018-8036 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
Vulnerable Software & Versions: (show all )
htmllexer-2.1.jar
Description: HTML Lexer is the low level lexical analyzer.
File Path: /home/ciagent/.m2/repository/org/htmlparser/htmllexer/2.1/htmllexer-2.1.jar
MD5: 1cb7184766a0c52f4d98d671bb08be19
SHA1: 2ebf2c073e649b7e674cddd0558ff102a486402f
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor central groupid org.htmlparser Highest
Vendor pom name HTML Lexer Jar High
Vendor file name htmllexer High
Vendor pom groupid org.htmlparser Highest
Vendor jar package name htmlparser Low
Vendor pom artifactid htmllexer Low
Vendor pom description HTML Lexer is the low level lexical analyzer. Medium
Vendor pom url http://htmlparser.org Highest
Vendor pom groupid htmlparser Highest
Vendor pom parent-groupid org.htmlparser Medium
Vendor pom parent-artifactid HTMLParserProject Low
Product pom name HTML Lexer Jar High
Product file name htmllexer High
Product pom parent-groupid org.htmlparser Low
Product pom groupid htmlparser Low
Product pom parent-artifactid HTMLParserProject Medium
Product pom url http://htmlparser.org Medium
Product pom description HTML Lexer is the low level lexical analyzer. Medium
Product central artifactid htmllexer Highest
Product pom artifactid htmllexer Highest
Version pom version 2.1 Highest
Version central version 2.1 Highest
Version file version 2.1 Highest
htmlparser-2.1.jar
Description: HTML Parser is the high level syntactical analyzer.
File Path: /home/ciagent/.m2/repository/org/htmlparser/htmlparser/2.1/htmlparser-2.1.jar
MD5: aa05b921026c228f92ef8b4a13c26f8d
SHA1: c752e5984b7767533cbd3fdffa48cecb52fa226c
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor central groupid org.htmlparser Highest
Vendor file name htmlparser High
Vendor pom artifactid htmlparser Low
Vendor pom name HTML Parser Jar High
Vendor pom groupid org.htmlparser Highest
Vendor jar package name htmlparser Low
Vendor pom description HTML Parser is the high level syntactical analyzer. Medium
Vendor pom url http://htmlparser.org Highest
Vendor pom groupid htmlparser Highest
Vendor pom parent-groupid org.htmlparser Medium
Vendor pom parent-artifactid HTMLParserProject Low
Product file name htmlparser High
Product pom name HTML Parser Jar High
Product pom artifactid htmlparser Highest
Product pom parent-groupid org.htmlparser Low
Product pom groupid htmlparser Low
Product pom parent-artifactid HTMLParserProject Medium
Product pom url http://htmlparser.org Medium
Product pom description HTML Parser is the high level syntactical analyzer. Medium
Product central artifactid htmlparser Highest
Version pom version 2.1 Highest
Version central version 2.1 Highest
Version file version 2.1 Highest
poi-3.13.jar
Description: Apache POI - Java API To Access Microsoft Format Files
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/poi/poi/3.13/poi-3.13.jar
MD5: 1b43f32e2211546040597a9e2d07b869
SHA1: 0f59f504ba8c521e61e25f417ec652fd485010f3
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor central groupid org.apache.poi Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom organization name Apache Software Foundation High
Vendor pom groupid apache.poi Highest
Vendor pom groupid org.apache.poi Highest
Vendor pom organization url http://www.apache.org/ Medium
Vendor pom url http://poi.apache.org/ Highest
Vendor Manifest Implementation-Vendor-Id org.apache.poi Medium
Vendor pom artifactid poi Low
Vendor pom description Apache POI - Java API To Access Microsoft Format Files Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom name Apache POI High
Vendor file name poi High
Product pom organization name Apache Software Foundation Low
Product pom url http://poi.apache.org/ Medium
Product Manifest Implementation-Title Apache POI High
Product pom organization url http://www.apache.org/ Low
Product pom description Apache POI - Java API To Access Microsoft Format Files Medium
Product pom groupid apache.poi Low
Product Manifest specification-title Apache POI Medium
Product pom artifactid poi Highest
Product pom name Apache POI High
Product central artifactid poi Highest
Product file name poi High
Version central version 3.13 Highest
Version file version 3.13 Highest
Version Manifest Implementation-Version 3.13 High
Version pom version 3.13 Highest
Related Dependencies
poi-ooxml-3.13.jar
File Path: /home/ciagent/.m2/repository/org/apache/poi/poi-ooxml/3.13/poi-ooxml-3.13.jar
SHA1: c364a8f5422d613e3a56db3b4b889f2989d7ee73
MD5: 38bb36c35a16030d4bc0ac14421430d7
cpe: cpe:/a:apache:poi:3.13
maven: org.apache.poi:poi-ooxml:3.13 ✓
poi-scratchpad-3.13.jar
File Path: /home/ciagent/.m2/repository/org/apache/poi/poi-scratchpad/3.13/poi-scratchpad-3.13.jar
SHA1: 09d763275e6c7fa05d47e2581606748669e88c55
MD5: d8dbe05b289da779874e4783881e1b57
cpe: cpe:/a:apache:poi:3.13
maven: org.apache.poi:poi-scratchpad:3.13 ✓
poi-ooxml-schemas-3.13.jar
File Path: /home/ciagent/.m2/repository/org/apache/poi/poi-ooxml-schemas/3.13/poi-ooxml-schemas-3.13.jar
SHA1: 56fb0b9f3ffc3d7f7fc9b59e17b5fa2c3ab921e7
MD5: ca12e13961e9df83ddd5471733d73d91
cpe: cpe:/a:apache:poi:3.13
maven: org.apache.poi:poi-ooxml-schemas:3.13 ✓
Published Vulnerabilities
CVE-2016-5000 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vulnerable Software & Versions:
CVE-2017-5644 suppress
Severity:
High
CVSS Score: 7.1
(AV:N/AC:M/Au:N/C:N/I:N/A:C)
CWE: CWE-399 Resource Management Errors
Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
Vulnerable Software & Versions:
tika-core-1.5.jar
Description: This is the core Apache Tika™ toolkit library from which all other modules inherit functionality. It also includes the core facades for the Tika API.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/tika/tika-core/1.5/tika-core-1.5.jar
MD5: e864bf637f51283dc525087b015d7b1a
SHA1: 194ca0fb3d73b07737524806fbc3bec89063c03a
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom name Apache Tika core High
Vendor pom organization url http://www.apache.org Medium
Vendor Manifest bundle-docurl http://tika.apache.org/ Low
Vendor pom groupid org.apache.tika Highest
Vendor manifest Bundle-Description This is the core Apache Tika™ toolkit library from which all other modules inherit functionality. It also includes the core facades for the Tika API. Low
Vendor pom artifactid tika-core Low
Vendor pom groupid apache.tika Highest
Vendor pom parent-groupid org.apache.tika Medium
Vendor central groupid org.apache.tika Highest
Vendor pom parent-artifactid tika-parent Low
Vendor pom organization name The Apache Software Foundation High
Vendor pom description This is the core Apache Tika™ toolkit library from which all other modules inherit functionality. It also includes the core facades for the Tika API. Low
Vendor pom url http://tika.apache.org/ Highest
Vendor file name tika-core High
Vendor Manifest bundle-symbolicname org.apache.tika.core Medium
Product pom artifactid tika-core Highest
Product pom name Apache Tika core High
Product Manifest bundle-docurl http://tika.apache.org/ Low
Product pom organization name The Apache Software Foundation Low
Product manifest Bundle-Description This is the core Apache Tika™ toolkit library from which all other modules inherit functionality. It also includes the core facades for the Tika API. Low
Product central artifactid tika-core Highest
Product pom url http://tika.apache.org/ Medium
Product pom parent-artifactid tika-parent Medium
Product pom groupid apache.tika Low
Product pom parent-groupid org.apache.tika Low
Product pom organization url http://www.apache.org Low
Product pom description This is the core Apache Tika™ toolkit library from which all other modules inherit functionality. It also includes the core facades for the Tika API. Low
Product Manifest Bundle-Name Apache Tika core Medium
Product file name tika-core High
Product Manifest bundle-symbolicname org.apache.tika.core Medium
Version central version 1.5 Highest
Version pom version 1.5 Highest
Version file version 1.5 Highest
Related Dependencies
tika-parsers-1.5.jar
File Path: /home/ciagent/.m2/repository/org/apache/tika/tika-parsers/1.5/tika-parsers-1.5.jar
SHA1: 9b895231b7a0dae7349dfb42cb1b926c345b5281
MD5: f1056da5d1021ad1bbac7dab01b335d1
cpe: cpe:/a:apache:tika:1.5
maven: org.apache.tika:tika-parsers:1.5 ✓
Published Vulnerabilities
CVE-2016-6809 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.
Vulnerable Software & Versions:
CVE-2018-11761 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.
Vulnerable Software & Versions: (show all )
CVE-2018-11762 suppress
Severity:
Medium
CVSS Score: 5.8
(AV:N/AC:M/Au:N/C:N/I:P/A:P)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file.
Vulnerable Software & Versions: (show all )
CVE-2018-11796 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later.
Vulnerable Software & Versions: (show all )
CVE-2018-1335 suppress
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.
Vulnerable Software & Versions: (show all )
CVE-2018-1338 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18.
Vulnerable Software & Versions: (show all )
CVE-2018-1339 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18.
Vulnerable Software & Versions: (show all )
CVE-2018-8017 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser.
Vulnerable Software & Versions: (show all )
vorbis-java-core-0.1-tests.jar
File Path: /home/ciagent/.m2/repository/org/gagravarr/vorbis-java-core/0.1/vorbis-java-core-0.1-tests.jar
MD5: d58f076c08a917277d03f3417aa867a6
SHA1: c849979e199d8a7c3da1a00799c623c00f94efac
Referenced In Project/Scope:
eXo PLF:: Calendar Service:test,provided
Evidence
Type Source Name Value Confidence
Vendor pom name Ogg and Vorbis for Java, Core High
Vendor jar package name gagravarr Low
Vendor jar package name ogg Low
Vendor pom url Gagravarr/VorbisJava Highest
Vendor pom parent-groupid org.gagravarr Medium
Vendor pom groupid gagravarr Highest
Vendor central groupid org.gagravarr Highest
Vendor pom artifactid vorbis-java-core Low
Vendor pom groupid org.gagravarr Highest
Vendor pom parent-artifactid vorbis-java-parent Low
Vendor file name vorbis-java-core High
Product pom name Ogg and Vorbis for Java, Core High
Product central artifactid vorbis-java-core Highest
Product jar package name ogg Low
Product pom url Gagravarr/VorbisJava High
Product pom parent-artifactid vorbis-java-parent Medium
Product pom groupid gagravarr Low
Product pom artifactid vorbis-java-core Highest
Product pom parent-groupid org.gagravarr Low
Product file name vorbis-java-core High
Version pom version 0.1 Highest
Version file version 0.1 Highest
Version central version 0.1 Highest
vorbis-java-tika-0.1.jar
File Path: /home/ciagent/.m2/repository/org/gagravarr/vorbis-java-tika/0.1/vorbis-java-tika-0.1.jar
MD5: 1fccc6796a0924ba4f32eb1d44b8616b
SHA1: 6966c8663a7f689021accb13cceaa6101f53ea3d
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor jar package name gagravarr Low
Vendor pom url Gagravarr/VorbisJava Highest
Vendor pom parent-groupid org.gagravarr Medium
Vendor pom name Apache Tika plugin for Ogg, Vorbis and FLAC High
Vendor pom groupid gagravarr Highest
Vendor central groupid org.gagravarr Highest
Vendor pom groupid org.gagravarr Highest
Vendor jar package name tika Low
Vendor file name vorbis-java-tika High
Vendor pom parent-artifactid vorbis-java-parent Low
Vendor pom artifactid vorbis-java-tika Low
Product pom artifactid vorbis-java-tika Highest
Product pom url Gagravarr/VorbisJava High
Product pom name Apache Tika plugin for Ogg, Vorbis and FLAC High
Product pom parent-artifactid vorbis-java-parent Medium
Product pom groupid gagravarr Low
Product jar package name tika Low
Product file name vorbis-java-tika High
Product pom parent-groupid org.gagravarr Low
Product central artifactid vorbis-java-tika Highest
Version pom version 0.1 Highest
Version file version 0.1 Highest
Version central version 0.1 Highest
Published Vulnerabilities
CVE-2016-6809 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.
Vulnerable Software & Versions:
CVE-2018-11761 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.
Vulnerable Software & Versions: (show all )
CVE-2018-11796 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later.
Vulnerable Software & Versions: (show all )
CVE-2018-1335 suppress
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.
Vulnerable Software & Versions: (show all )
CVE-2018-1338 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18.
Vulnerable Software & Versions: (show all )
CVE-2018-1339 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18.
Vulnerable Software & Versions: (show all )
netcdf-4.2-min.jar
Description: The NetCDF-Java Library is a Java interface to NetCDF files,
as well as to many other types of scientific data formats.
License:
(MIT-style) netCDF C library license.: http://www.unidata.ucar.edu/software/netcdf/copyright.html
File Path: /home/ciagent/.m2/repository/edu/ucar/netcdf/4.2-min/netcdf-4.2-min.jar
MD5: eb00b40b0511f0fc1dfcfc9cb89e3c53
SHA1: 0f3c3f3db4c54483aa1fbc4497e300879ce24da1
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid edu.ucar Highest
Vendor pom name The NetCDF-Java Library High
Vendor pom description The NetCDF-Java Library is a Java interface to NetCDF files, as well as to many other types of scientific data formats. Low
Vendor Manifest built-on 2010-11-24 05:51:29 Low
Vendor pom url http://www.unidata.ucar.edu/software/netcdf-java/ Highest
Vendor file name netcdf High
Vendor pom artifactid netcdf Low
Vendor Manifest Implementation-Vendor UCAR/Unidata High
Vendor central groupid edu.ucar Highest
Product pom name The NetCDF-Java Library High
Product central artifactid netcdf Highest
Product pom description The NetCDF-Java Library is a Java interface to NetCDF files, as well as to many other types of scientific data formats. Low
Product pom url http://www.unidata.ucar.edu/software/netcdf-java/ Medium
Product Manifest built-on 2010-11-24 05:51:29 Low
Product Manifest Implementation-Title NetCDF-Java-Library High
Product file name netcdf High
Product pom groupid edu.ucar Low
Product pom artifactid netcdf Highest
Version file version 4.2 Highest
Version pom version 4.2-min Highest
Version central version 4.2-min Highest
apache-mime4j-core-0.7.2.jar
Description: Java stream based MIME message parser
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/james/apache-mime4j-core/0.7.2/apache-mime4j-core-0.7.2.jar
MD5: 88f799546eca803c53eee01a4ce5edcd
SHA1: a81264fe0265ebe8fd1d8128aad06dc320de6eef
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom artifactid apache-mime4j-core Low
Vendor manifest Bundle-Description Java stream based MIME message parser Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom name Apache JAMES Mime4j (Core) High
Vendor central groupid org.apache.james Highest
Vendor pom parent-groupid org.apache.james Medium
Vendor Manifest bundle-symbolicname org.apache.james.apache-mime4j-core Medium
Vendor Manifest url http://james.apache.org/mime4j/apache-mime4j-core Low
Vendor pom groupid apache.james Highest
Vendor file name apache-mime4j-core High
Vendor Manifest bundle-docurl http://www.apache.org/ Low
Vendor pom groupid org.apache.james Highest
Vendor pom parent-artifactid apache-mime4j-project Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Product manifest Bundle-Description Java stream based MIME message parser Medium
Product Manifest Bundle-Name Apache JAMES Mime4j (Core) Medium
Product pom name Apache JAMES Mime4j (Core) High
Product central artifactid apache-mime4j-core Highest
Product Manifest specification-title Apache Mime4j Medium
Product pom parent-artifactid apache-mime4j-project Medium
Product Manifest bundle-symbolicname org.apache.james.apache-mime4j-core Medium
Product Manifest url http://james.apache.org/mime4j/apache-mime4j-core Low
Product pom groupid apache.james Low
Product file name apache-mime4j-core High
Product Manifest bundle-docurl http://www.apache.org/ Low
Product pom parent-groupid org.apache.james Low
Product Manifest Implementation-Title Apache Mime4j High
Product pom artifactid apache-mime4j-core Highest
Version Manifest Implementation-Version 0.7.2 High
Version pom version 0.7.2 Highest
Version file version 0.7.2 Highest
Version central version 0.7.2 Highest
Related Dependencies
apache-mime4j-dom-0.7.2.jar
File Path: /home/ciagent/.m2/repository/org/apache/james/apache-mime4j-dom/0.7.2/apache-mime4j-dom-0.7.2.jar
SHA1: 1c289aa264548a0a1f1b43685a9cb2ab23f67287
MD5: dedc747b5c367fbd7f8a7235d1d7cbee
maven: org.apache.james:apache-mime4j-dom:0.7.2 ✓
xz-1.2.jar
Description: XZ data compression
License:
Public Domain
File Path: /home/ciagent/.m2/repository/org/tukaani/xz/1.2/xz-1.2.jar
MD5: 04bd31459826c30c2a3c304e3b225ad4
SHA1: bfc66dda280a18ab341b5023248925265c00394c
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid tukaani Highest
Vendor pom groupid org.tukaani Highest
Vendor Manifest bundle-symbolicname org.tukaani.xz Medium
Vendor pom artifactid xz Low
Vendor pom url http://tukaani.org/xz/java.html Highest
Vendor pom name XZ for Java High
Vendor central groupid org.tukaani Highest
Vendor file name xz High
Vendor Manifest bundle-docurl http://tukaani.org/xz/java.html Low
Vendor Manifest implementation-url http://tukaani.org/xz/java.html Low
Vendor pom description XZ data compression Medium
Product Manifest bundle-symbolicname org.tukaani.xz Medium
Product Manifest Bundle-Name XZ data compression Medium
Product pom name XZ for Java High
Product pom artifactid xz Highest
Product pom description XZ data compression Medium
Product pom url http://tukaani.org/xz/java.html Medium
Product central artifactid xz Highest
Product pom groupid tukaani Low
Product file name xz High
Product Manifest Implementation-Title XZ data compression High
Product Manifest bundle-docurl http://tukaani.org/xz/java.html Low
Product Manifest implementation-url http://tukaani.org/xz/java.html Low
Version pom version 1.2 Highest
Version Manifest Implementation-Version 1.2 High
Version central version 1.2 Highest
Version file version 1.2 Highest
maven: org.tukaani:xz:1.2 ✓
Confidence :Highest
cpe: cpe:/a:tukaani:xz:1.2
Confidence :Low
suppress
Published Vulnerabilities
CVE-2015-4035 suppress
Severity:
Medium
CVSS Score: 4.6
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation
scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name.
Vulnerable Software & Versions:
commons-compress-1.5.jar
Description:
Apache Commons Compress software defines an API for working with compression and archive formats.
These include: bzip2, gzip, pack200, xz and ar, cpio, jar, tar, zip, dump.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/commons/commons-compress/1.5/commons-compress-1.5.jar
MD5: 5e18cfcf472548c2e0b90a4ea1cedf42
SHA1: d2bd2c0bd328f1dabdf33e10b6d223ebcbe93343
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor file name commons-compress High
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor Manifest implementation-build tags/COMPRESS-1.5_RC1@r1455005; 2013-03-11 07:12:20+0100 Low
Vendor pom parent-groupid org.apache.commons Medium
Vendor pom description
Apache Commons Compress software defines an API for working with compression and archive formats.
These include: bzip2, gzip, pack200, xz and ar, cpio, jar, tar, zip, dump. Low
Vendor Manifest bundle-symbolicname org.apache.commons.compress Medium
Vendor pom groupid apache.commons Highest
Vendor pom groupid org.apache.commons Highest
Vendor pom url http://commons.apache.org/compress/ Highest
Vendor pom name Commons Compress High
Vendor pom artifactid commons-compress Low
Vendor manifest Bundle-Description Apache Commons Compress software defines an API for working with compression and archive formats.These include: bzip2, gzip, pack200, xz and ar, cpio, jar, tar, zip, dump. Low
Vendor central groupid org.apache.commons Highest
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest bundle-docurl http://commons.apache.org/compress/ Low
Vendor Manifest extension-name org.apache.commons.compress Medium
Vendor pom parent-artifactid commons-parent Low
Product file name commons-compress High
Product Manifest implementation-build tags/COMPRESS-1.5_RC1@r1455005; 2013-03-11 07:12:20+0100 Low
Product central artifactid commons-compress Highest
Product pom parent-artifactid commons-parent Medium
Product Manifest specification-title Commons Compress Medium
Product pom description
Apache Commons Compress software defines an API for working with compression and archive formats.
These include: bzip2, gzip, pack200, xz and ar, cpio, jar, tar, zip, dump. Low
Product Manifest bundle-symbolicname org.apache.commons.compress Medium
Product Manifest Bundle-Name Commons Compress Medium
Product pom parent-groupid org.apache.commons Low
Product pom name Commons Compress High
Product pom url http://commons.apache.org/compress/ Medium
Product manifest Bundle-Description Apache Commons Compress software defines an API for working with compression and archive formats.These include: bzip2, gzip, pack200, xz and ar, cpio, jar, tar, zip, dump. Low
Product pom artifactid commons-compress Highest
Product pom groupid apache.commons Low
Product Manifest bundle-docurl http://commons.apache.org/compress/ Low
Product Manifest extension-name org.apache.commons.compress Medium
Product Manifest Implementation-Title Commons Compress High
Version central version 1.5 Highest
Version pom version 1.5 Highest
Version file version 1.5 Highest
Version Manifest Implementation-Version 1.5 High
cpe: cpe:/a:apache:commons_compress:1.5
Confidence :Low
suppress
maven: org.apache.commons:commons-compress:1.5 ✓
Confidence :Highest
cpe: cpe:/a:apache:commons-compress:1.5
Confidence :Low
suppress
bcmail-jdk15-1.45.jar
Description: The Bouncy Castle Java CMS and S/MIME APIs for handling the CMS and S/MIME protocols. This jar contains CMS and S/MIME APIs for JDK 1.5. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. If the S/MIME API is used, the JavaMail API and the Java activation framework will also be needed.
License:
Bouncy Castle Licence: http://www.bouncycastle.org/licence.html
File Path: /home/ciagent/.m2/repository/org/bouncycastle/bcmail-jdk15/1.45/bcmail-jdk15-1.45.jar
MD5: 13321fc7eff7bcada7b4fedfb592025c
SHA1: 3aed7e642dd8d39dc14ed1dec3ff79e084637148
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom name Bouncy Castle CMS and S/MIME API High
Vendor pom url http://www.bouncycastle.org/java.html Highest
Vendor pom groupid bouncycastle Highest
Vendor pom artifactid bcmail-jdk15 Low
Vendor Manifest extension-name org.bouncycastle.bcmail Medium
Vendor Manifest specification-vendor BouncyCastle.org Low
Vendor Manifest Implementation-Vendor-Id org.bouncycastle Medium
Vendor pom groupid org.bouncycastle Highest
Vendor central groupid org.bouncycastle Highest
Vendor Manifest Implementation-Vendor BouncyCastle.org High
Vendor pom description The Bouncy Castle Java CMS and S/MIME APIs for handling the CMS and S/MIME protocols. This jar contains CMS and S/MIME APIs for JDK 1.5. The APIs can be used in conjunction with a JCE/JCA provider ... Low
Vendor file name bcmail-jdk15 High
Product pom groupid bouncycastle Low
Product pom name Bouncy Castle CMS and S/MIME API High
Product central artifactid bcmail-jdk15 Highest
Product pom description The Bouncy Castle Java CMS and S/MIME APIs for handling the CMS and S/MIME protocols. This jar contains CMS and S/MIME APIs for JDK 1.5. The APIs can be used in conjunction with a JCE/JCA provider ... Low
Product pom url http://www.bouncycastle.org/java.html Medium
Product file name bcmail-jdk15 High
Product pom artifactid bcmail-jdk15 Highest
Product Manifest extension-name org.bouncycastle.bcmail Medium
Version pom version 1.45 Highest
Version Manifest Implementation-Version 1.45.0 High
Version file version 1.45 Highest
Version central version 1.45 Highest
bcprov-jdk15-1.45.jar
Description: The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5.
License:
Bouncy Castle Licence: http://www.bouncycastle.org/licence.html
File Path: /home/ciagent/.m2/repository/org/bouncycastle/bcprov-jdk15/1.45/bcprov-jdk15-1.45.jar
MD5: 2062f8e3d15748443ea60a94b266371c
SHA1: 7741883cb07b4634e8b5fd3337113b6ea770a9bb
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom artifactid bcprov-jdk15 Low
Vendor pom description The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5. Low
Vendor pom url http://www.bouncycastle.org/java.html Highest
Vendor pom groupid bouncycastle Highest
Vendor Manifest specification-vendor BouncyCastle.org Low
Vendor Manifest Implementation-Vendor-Id org.bouncycastle Medium
Vendor Manifest extension-name org.bouncycastle.bcprovider Medium
Vendor pom groupid org.bouncycastle Highest
Vendor central groupid org.bouncycastle Highest
Vendor Manifest Implementation-Vendor BouncyCastle.org High
Vendor pom name Bouncy Castle Provider High
Vendor file name bcprov-jdk15 High
Product Manifest extension-name org.bouncycastle.bcprovider Medium
Product pom groupid bouncycastle Low
Product pom description The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5. Low
Product pom url http://www.bouncycastle.org/java.html Medium
Product pom name Bouncy Castle Provider High
Product pom artifactid bcprov-jdk15 Highest
Product central artifactid bcprov-jdk15 Highest
Product file name bcprov-jdk15 High
Version pom version 1.45 Highest
Version Manifest Implementation-Version 1.45.0 High
Version file version 1.45 Highest
Version central version 1.45 Highest
cpe: cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.45
Confidence :Low
suppress
maven: org.bouncycastle:bcprov-jdk15:1.45 ✓
Confidence :Highest
cpe: cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.45
Confidence :Low
suppress
Published Vulnerabilities
CVE-2015-7940 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."
Vulnerable Software & Versions: (show all )
tagsoup-1.2.1.jar
Description: TagSoup is a SAX-compliant parser written in Java that, instead of parsing well-formed or valid XML, parses HTML as it is found in the wild: poor, nasty and brutish, though quite often far from short. TagSoup is designed for people who have to process this stuff using some semblance of a rational application design. By providing a SAX interface, it allows standard XML tools to be applied to even the worst HTML. TagSoup also includes a command-line processor that reads HTML files and can generate either clean HTML or well-formed XML that is a close approximation to XHTML.
License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/ccil/cowan/tagsoup/tagsoup/1.2.1/tagsoup-1.2.1.jar
MD5: ae73a52cdcbec10cd61d9ef22fab5936
SHA1: 5584627487e984c03456266d3f8802eb85a9ce97
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid org.ccil.cowan.tagsoup Highest
Vendor pom artifactid tagsoup Low
Vendor pom groupid ccil.cowan.tagsoup Highest
Vendor pom url http://home.ccil.org/~cowan/XML/tagsoup/ Highest
Vendor file name tagsoup High
Vendor pom description TagSoup is a SAX-compliant parser written in Java that, instead of parsing well-formed or valid XML, parses HTML as it is found in the wild: poor, nasty and brutish, though quite often far from short. TagSoup is designed for people who have to process this stuff using some semblance of a rational application design. By providing a SAX interface, it allows standard XML tools to be applied to even the worst HTML. TagSoup also includes a command-line processor that reads HTML files and can generate either clean HTML or well-formed XML that is a close approximation to XHTML. Low
Vendor central groupid org.ccil.cowan.tagsoup Highest
Vendor pom name TagSoup High
Product pom url http://home.ccil.org/~cowan/XML/tagsoup/ Medium
Product central artifactid tagsoup Highest
Product file name tagsoup High
Product pom artifactid tagsoup Highest
Product pom description TagSoup is a SAX-compliant parser written in Java that, instead of parsing well-formed or valid XML, parses HTML as it is found in the wild: poor, nasty and brutish, though quite often far from short. TagSoup is designed for people who have to process this stuff using some semblance of a rational application design. By providing a SAX interface, it allows standard XML tools to be applied to even the worst HTML. TagSoup also includes a command-line processor that reads HTML files and can generate either clean HTML or well-formed XML that is a close approximation to XHTML. Low
Product pom groupid ccil.cowan.tagsoup Low
Product pom name TagSoup High
Version central version 1.2.1 Highest
Version file version 1.2.1 Highest
Version pom version 1.2.1 Highest
asm-debug-all-4.1.jar
File Path: /home/ciagent/.m2/repository/org/ow2/asm/asm-debug-all/4.1/asm-debug-all-4.1.jar
MD5: 6c3a8842f484dd3d620002b361e3610e
SHA1: dd6ba5c392d4102458494e29f54f70ac534ec2a2
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom artifactid asm-debug-all Low
Vendor pom groupid org.ow2.asm Highest
Vendor pom groupid ow2.asm Highest
Vendor pom parent-artifactid asm-parent Low
Vendor Manifest Implementation-Vendor France Telecom R&D High
Vendor central groupid org.ow2.asm Highest
Vendor Manifest bundle-symbolicname org.objectweb.asm.all.debug Medium
Vendor Manifest bundle-docurl http://asm.objectweb.org Low
Vendor file name asm-debug-all High
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor pom name ASM Debug All High
Vendor pom parent-groupid org.ow2.asm Medium
Product Manifest Bundle-Name ASM all classes with debug info Medium
Product pom artifactid asm-debug-all Highest
Product pom parent-groupid org.ow2.asm Low
Product pom groupid ow2.asm Low
Product Manifest bundle-symbolicname org.objectweb.asm.all.debug Medium
Product Manifest bundle-docurl http://asm.objectweb.org Low
Product file name asm-debug-all High
Product Manifest Implementation-Title ASM all classes with debug info High
Product pom parent-artifactid asm-parent Medium
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product pom name ASM Debug All High
Product central artifactid asm-debug-all Highest
Version Manifest Implementation-Version 4.1 High
Version file version 4.1 Highest
Version pom version 4.1 Highest
Version central version 4.1 Highest
isoparser-1.0-RC-1.jar
Description: A generic parser and writer for all ISO 14496 based files (MP4, Quicktime, DCF, PDCF, ...)
License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/googlecode/mp4parser/isoparser/1.0-RC-1/isoparser-1.0-RC-1.jar
MD5: b0444fde2290319c9028564c3c3ff1ab
SHA1: 4a5768b1070b9488a433362d736720fd7a7b264f
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid com.googlecode.mp4parser Highest
Vendor pom name ISO Parser High
Vendor jar package name coremedia Low
Vendor central groupid com.googlecode.mp4parser Highest
Vendor file name isoparser High
Vendor pom groupid googlecode.mp4parser Highest
Vendor pom artifactid isoparser Low
Vendor jar package name iso Low
Vendor pom description A generic parser and writer for all ISO 14496 based files (MP4, Quicktime, DCF, PDCF, ...)
Medium
Vendor pom url http://code.google.com/p/mp4parser/ Highest
Vendor jar package name boxes Low
Product pom name ISO Parser High
Product file name isoparser High
Product central artifactid isoparser Highest
Product pom artifactid isoparser Highest
Product jar package name iso Low
Product pom description A generic parser and writer for all ISO 14496 based files (MP4, Quicktime, DCF, PDCF, ...)
Medium
Product pom groupid googlecode.mp4parser Low
Product pom url http://code.google.com/p/mp4parser/ Medium
Product jar package name boxes Low
Version file name isoparser Medium
Version pom version 1.0-RC-1 Highest
Version file version 1.0 Highest
Version central version 1.0-RC-1 Highest
Published Vulnerabilities
CVE-2013-0259 suppress
Severity:
Low
CVSS Score: 2.1
(AV:N/AC:H/Au:S/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web script or HTML via the subject parameter.
Vulnerable Software & Versions: (show all )
xmpcore-5.1.2.jar
Description:
The XMP Library for Java is based on the C++ XMPCore library
and the API is similar.
License:
The BSD License: http://www.adobe.com/devnet/xmp/library/eula-xmp-library-java.html
File Path: /home/ciagent/.m2/repository/com/adobe/xmp/xmpcore/5.1.2/xmpcore-5.1.2.jar
MD5: 0b2cf2a09d32abdedd17de864e93ad25
SHA1: 55615fa2582424e38705487d1d3969af8554f637
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid com.adobe.xmp Highest
Vendor pom groupid adobe.xmp Highest
Vendor Manifest implementation-engbuild 003 Low
Vendor pom artifactid xmpcore Low
Vendor file name xmpcore High
Vendor pom name XMP Library for Java High
Vendor pom url http://www.adobe.com/devnet/xmp.html Highest
Vendor Manifest Implementation-Vendor Copyright 2006-2009 Adobe Systems Incorporated. All rights reserved High
Vendor Manifest implementation-minor 1 Low
Vendor Manifest builddate 2012 Jul 03 11:48:46-CEST Low
Vendor Manifest implementation-micro 1 Low
Vendor pom description
The XMP Library for Java is based on the C++ XMPCore library
and the API is similar.
Medium
Vendor Manifest implementation-major 5 Low
Vendor central groupid com.adobe.xmp Highest
Product Manifest implementation-engbuild 003 Low
Product pom groupid adobe.xmp Low
Product file name xmpcore High
Product pom name XMP Library for Java High
Product central artifactid xmpcore Highest
Product Manifest Implementation-Title Adobe XMP Core High
Product Manifest implementation-minor 1 Low
Product pom url http://www.adobe.com/devnet/xmp.html Medium
Product Manifest builddate 2012 Jul 03 11:48:46-CEST Low
Product Manifest implementation-micro 1 Low
Product pom description
The XMP Library for Java is based on the C++ XMPCore library
and the API is similar.
Medium
Product pom artifactid xmpcore Highest
Product Manifest implementation-major 5 Low
Version central version 5.1.2 Highest
Version file version 5.1.2 Highest
Version pom version 5.1.2 Highest
metadata-extractor-2.6.2.jar
Description: Java library for reading metadata from image files.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/drewnoakes/metadata-extractor/2.6.2/metadata-extractor-2.6.2.jar
MD5: 8f3acbee87dbd5b0cdfacee3bb3aff8b
SHA1: 13930ff22d3f152bd969a63e88537d2f2adc2cd5
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom url http://code.google.com/p/metadata-extractor/ Highest
Vendor file name metadata-extractor High
Vendor pom artifactid metadata-extractor Low
Vendor pom groupid com.drewnoakes Highest
Vendor pom name metadata-extractor High
Vendor pom groupid drewnoakes Highest
Vendor jar package name metadata Low
Vendor central groupid com.drewnoakes Highest
Vendor jar package name drew Low
Vendor pom description Java library for reading metadata from image files. Medium
Product file name metadata-extractor High
Product pom groupid drewnoakes Low
Product pom url http://code.google.com/p/metadata-extractor/ Medium
Product pom name metadata-extractor High
Product central artifactid metadata-extractor Highest
Product jar package name metadata Low
Product pom artifactid metadata-extractor Highest
Product pom description Java library for reading metadata from image files. Medium
Version file version 2.6.2 Highest
Version central version 2.6.2 Highest
Version pom version 2.6.2 Highest
vorbis-java-core-0.1.jar
File Path: /home/ciagent/.m2/repository/org/gagravarr/vorbis-java-core/0.1/vorbis-java-core-0.1.jar
MD5: b88115be2754cb6883e652ba68ca46c8
SHA1: 662a02b94701947e6e66e7793d996043f05fad4a
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom name Ogg and Vorbis for Java, Core High
Vendor jar package name gagravarr Low
Vendor pom url Gagravarr/VorbisJava Highest
Vendor pom parent-groupid org.gagravarr Medium
Vendor pom groupid gagravarr Highest
Vendor central groupid org.gagravarr Highest
Vendor pom artifactid vorbis-java-core Low
Vendor pom groupid org.gagravarr Highest
Vendor pom parent-artifactid vorbis-java-parent Low
Vendor file name vorbis-java-core High
Product pom name Ogg and Vorbis for Java, Core High
Product central artifactid vorbis-java-core Highest
Product pom url Gagravarr/VorbisJava High
Product pom parent-artifactid vorbis-java-parent Medium
Product pom groupid gagravarr Low
Product pom artifactid vorbis-java-core Highest
Product pom parent-groupid org.gagravarr Low
Product file name vorbis-java-core High
Version pom version 0.1 Highest
Version file version 0.1 Highest
Version central version 0.1 Highest
juniversalchardet-1.0.3.jar
Description: Java port of universalchardet
License:
Mozilla Public License 1.1 (MPL 1.1): http://www.mozilla.org/MPL/MPL-1.1.html
File Path: /home/ciagent/.m2/repository/com/googlecode/juniversalchardet/juniversalchardet/1.0.3/juniversalchardet-1.0.3.jar
MD5: d9ea0a9a275336c175b343f2e4cd8f27
SHA1: cd49678784c46aa8789c060538e0154013bb421b
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom description Java port of universalchardet Medium
Vendor pom groupid googlecode.juniversalchardet Highest
Vendor central groupid org.zenframework.z8.dependencies.commons High
Vendor pom name juniversalchardet High
Vendor pom artifactid juniversalchardet Low
Vendor pom url http://juniversalchardet.googlecode.com/ Highest
Vendor jar package name universalchardet Low
Vendor jar package name prober Low
Vendor central groupid com.googlecode.juniversalchardet High
Vendor file name juniversalchardet High
Vendor jar package name mozilla Low
Vendor pom groupid com.googlecode.juniversalchardet Highest
Product jar package name prober Low
Product pom description Java port of universalchardet Medium
Product central artifactid juniversalchardet-1.0.3 High
Product pom artifactid juniversalchardet Highest
Product pom url http://juniversalchardet.googlecode.com/ Medium
Product central artifactid juniversalchardet High
Product file name juniversalchardet High
Product pom name juniversalchardet High
Product pom groupid googlecode.juniversalchardet Low
Product jar package name universalchardet Low
Version pom version 1.0.3 Highest
Version file version 1.0.3 Highest
Version file name juniversalchardet Medium
Version central version 1.0.3 High
Version central version 2.0 High
jhighlight-1.0.jar
Description:
JHighlight is an embeddable pure Java syntax highlighting
library that supports Java, HTML, XHTML, XML and LZX
languages and outputs to XHTML.
It also supports RIFE templates tags and highlights them
clearly so that you can easily identify the difference
between your RIFE markup and the actual marked up source.
License:
CDDL, v1.0: http://www.opensource.org/licenses/cddl1.php
LGPL, v2.1 or later: http://www.opensource.org/licenses/lgpl-license.php
File Path: /home/ciagent/.m2/repository/com/uwyn/jhighlight/1.0/jhighlight-1.0.jar
MD5: 0ad5cf1bc56657f5e9e327e5e768da0a
SHA1: 0b1774029ee29472df8c25e5ba796431f7689fd6
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid uwyn Highest
Vendor pom description JHighlight is an embeddable pure Java syntax highlighting library that supports Java, HTML, XHTML, XML and LZX languages and outputs to XHTML. It also supports RIFE templates tags and highlights them clearly so that you can easily identify the difference between your RIFE markup and the actual marked up source. Low
Vendor pom url https://jhighlight.dev.java.net/ Highest
Vendor pom organization name Uwyn High
Vendor jar package name jhighlight Low
Vendor central groupid com.uwyn Highest
Vendor pom groupid com.uwyn Highest
Vendor file name jhighlight High
Vendor pom organization url http://uwyn.com/ Medium
Vendor pom name JHighlight High
Vendor jar package name uwyn Low
Vendor pom artifactid jhighlight Low
Product pom organization url http://uwyn.com/ Low
Product pom url https://jhighlight.dev.java.net/ Medium
Product file name jhighlight High
Product pom organization name Uwyn Low
Product pom description JHighlight is an embeddable pure Java syntax highlighting library that supports Java, HTML, XHTML, XML and LZX languages and outputs to XHTML. It also supports RIFE templates tags and highlights them clearly so that you can easily identify the difference between your RIFE markup and the actual marked up source. Low
Product pom artifactid jhighlight Highest
Product jar package name jhighlight Low
Product pom name JHighlight High
Product pom groupid uwyn Low
Product central artifactid jhighlight Highest
Version pom version 1.0 Highest
Version file version 1.0 Highest
Version central version 1.0 Highest
xmlbeans-2.6.0.jar
Description: XmlBeans main jar
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/xmlbeans/xmlbeans/2.6.0/xmlbeans-2.6.0.jar
MD5: 6591c08682d613194dacb01e95c78c2c
SHA1: 29e80d2dd51f9dcdef8f9ffaee0d4dc1c9bbfc87
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom organization name XmlBeans High
Vendor central groupid org.apache.xmlbeans Highest
Vendor pom groupid apache.xmlbeans Highest
Vendor pom description XmlBeans main jar Medium
Vendor pom url http://xmlbeans.apache.org Highest
Vendor file name xmlbeans High
Vendor manifest: org/apache/xmlbeans/ Implementation-Vendor Apache Software Foundation Medium
Vendor pom organization url http://xmlbeans.apache.org/ Medium
Vendor pom name XmlBeans High
Vendor pom groupid org.apache.xmlbeans Highest
Vendor pom artifactid xmlbeans Low
Product pom artifactid xmlbeans Highest
Product manifest: org/apache/xmlbeans/ Implementation-Title org.apache.xmlbeans Medium
Product pom url http://xmlbeans.apache.org Medium
Product pom description XmlBeans main jar Medium
Product file name xmlbeans High
Product pom organization name XmlBeans Low
Product pom organization url http://xmlbeans.apache.org/ Low
Product pom name XmlBeans High
Product central artifactid xmlbeans Highest
Product pom groupid apache.xmlbeans Low
Version pom version 2.6.0 Highest
Version central version 2.6.0 Highest
Version file version 2.6.0 Highest
exo.core.component.document-5.3.x-SNAPSHOT.jar
Description: Implementation of Document Service of Exoplatform SAS 'eXo Core' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.document/5.3.x-SNAPSHOT/exo.core.component.document-5.3.x-SNAPSHOT.jar
MD5: 36a4e819c7f1b9b06d16d16f0d18591a
SHA1: 656c3fad7f712b4b5f3726e98156904ab9243630
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor file name exo.core.component.document High
Vendor pom artifactid exo.core.component.document Low
Vendor pom parent-groupid org.exoplatform.core Medium
Vendor Manifest Implementation-Vendor-Id org.exoplatform.core Medium
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor pom groupid exoplatform.core Highest
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom groupid org.exoplatform.core Highest
Vendor pom parent-artifactid core-parent Low
Vendor pom name eXo PLF Core :: Component :: Document Service High
Vendor pom description Implementation of Document Service of Exoplatform SAS 'eXo Core' project. Medium
Product file name exo.core.component.document High
Product pom parent-artifactid core-parent Medium
Product Manifest specification-title exo-core Medium
Product pom groupid exoplatform.core Low
Product pom parent-groupid org.exoplatform.core Low
Product Manifest Implementation-Title eXo PLF Core :: Component :: Document Service High
Product pom name eXo PLF Core :: Component :: Document Service High
Product pom description Implementation of Document Service of Exoplatform SAS 'eXo Core' project. Medium
Product pom artifactid exo.core.component.document Highest
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
maven: org.exoplatform.core:exo.core.component.document:5.3.x-SNAPSHOT
Confidence :High
exo.core.component.database-5.3.x-SNAPSHOT.jar
Description: Implementation of Database Service of Exoplatform SAS eXo Core' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.database/5.3.x-SNAPSHOT/exo.core.component.database-5.3.x-SNAPSHOT.jar
MD5: 351cb644962c2cec3ddf3d006c01896e
SHA1: 798a841bc2c8e3484857b3576d6b59aa8839738b
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.exoplatform.core Medium
Vendor Manifest Implementation-Vendor-Id org.exoplatform.core Medium
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor pom groupid exoplatform.core Highest
Vendor pom name eXo PLF Core :: Component :: Database Service High
Vendor pom description Implementation of Database Service of Exoplatform SAS eXo Core' project. Medium
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom groupid org.exoplatform.core Highest
Vendor pom artifactid exo.core.component.database Low
Vendor pom parent-artifactid core-parent Low
Vendor file name exo.core.component.database High
Product Manifest Implementation-Title eXo PLF Core :: Component :: Database Service High
Product pom artifactid exo.core.component.database Highest
Product pom parent-artifactid core-parent Medium
Product pom name eXo PLF Core :: Component :: Database Service High
Product pom description Implementation of Database Service of Exoplatform SAS eXo Core' project. Medium
Product Manifest specification-title exo-core Medium
Product pom groupid exoplatform.core Low
Product pom parent-groupid org.exoplatform.core Low
Product file name exo.core.component.database High
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
maven: org.exoplatform.core:exo.core.component.database:5.3.x-SNAPSHOT
Confidence :High
lucene-core-3.6.2.jar
Description: Apache Lucene Java Core
File Path: /home/ciagent/.m2/repository/org/apache/lucene/lucene-core/3.6.2/lucene-core-3.6.2.jar
MD5: ee396d04f5a35557b424025f5382c815
SHA1: 9ec77e2507f9cc01756964c71d91efd8154a8c47
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid apache.lucene Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom name Lucene Core High
Vendor pom parent-artifactid lucene-parent Low
Vendor pom groupid org.apache.lucene Highest
Vendor file name lucene-core High
Vendor pom artifactid lucene-core Low
Vendor Manifest extension-name org.apache.lucene Medium
Vendor central groupid org.apache.lucene Highest
Vendor pom description Apache Lucene Java Core Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom parent-groupid org.apache.lucene Medium
Product pom parent-artifactid lucene-parent Medium
Product Manifest Implementation-Title org.apache.lucene High
Product Manifest specification-title Lucene Search Engine: core Medium
Product pom name Lucene Core High
Product pom parent-groupid org.apache.lucene Low
Product central artifactid lucene-core Highest
Product file name lucene-core High
Product pom description Apache Lucene Java Core Medium
Product Manifest extension-name org.apache.lucene Medium
Product pom artifactid lucene-core Highest
Product pom groupid apache.lucene Low
Version file version 3.6.2 Highest
Version central version 3.6.2 Highest
Version pom version 3.6.2 Highest
lucene-analyzers-3.6.2.jar
Description: Additional Analyzers
File Path: /home/ciagent/.m2/repository/org/apache/lucene/lucene-analyzers/3.6.2/lucene-analyzers-3.6.2.jar
MD5: 13f8241b6991bd1349c05369a7c0f002
SHA1: 3a083510dcb0d0fc67f8456cdac6f48aa0da2993
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid apache.lucene Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom artifactid lucene-analyzers Low
Vendor pom parent-artifactid lucene-parent Low
Vendor pom groupid org.apache.lucene Highest
Vendor Manifest extension-name org.apache.lucene Medium
Vendor pom description Additional Analyzers Medium
Vendor central groupid org.apache.lucene Highest
Vendor pom name Lucene Common Analyzers High
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom parent-groupid org.apache.lucene Medium
Vendor file name lucene-analyzers High
Product pom parent-artifactid lucene-parent Medium
Product pom name Lucene Common Analyzers High
Product Manifest Implementation-Title org.apache.lucene High
Product pom parent-groupid org.apache.lucene Low
Product Manifest extension-name org.apache.lucene Medium
Product pom artifactid lucene-analyzers Highest
Product pom description Additional Analyzers Medium
Product central artifactid lucene-analyzers Highest
Product file name lucene-analyzers High
Product Manifest specification-title Lucene Search Engine: analyzers Medium
Product pom groupid apache.lucene Low
Version file version 3.6.2 Highest
Version central version 3.6.2 Highest
Version pom version 3.6.2 Highest
lucene-spellchecker-3.6.2.jar
Description: Spell Checker
File Path: /home/ciagent/.m2/repository/org/apache/lucene/lucene-spellchecker/3.6.2/lucene-spellchecker-3.6.2.jar
MD5: a4b684913f93aea76f5dbd7e479f19c5
SHA1: 15db0c0cfee44e275f15ad046e46b9a05910ad24
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid apache.lucene Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-artifactid lucene-parent Low
Vendor pom groupid org.apache.lucene Highest
Vendor Manifest extension-name org.apache.lucene Medium
Vendor pom artifactid lucene-spellchecker Low
Vendor central groupid org.apache.lucene Highest
Vendor pom name Lucene Spellchecker High
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom description Spell Checker Medium
Vendor pom parent-groupid org.apache.lucene Medium
Vendor file name lucene-spellchecker High
Product central artifactid lucene-spellchecker Highest
Product pom parent-artifactid lucene-parent Medium
Product Manifest Implementation-Title org.apache.lucene High
Product Manifest specification-title Lucene Search Engine: spellchecker Medium
Product pom parent-groupid org.apache.lucene Low
Product pom name Lucene Spellchecker High
Product pom artifactid lucene-spellchecker Highest
Product Manifest extension-name org.apache.lucene Medium
Product pom description Spell Checker Medium
Product file name lucene-spellchecker High
Product pom groupid apache.lucene Low
Version file version 3.6.2 Highest
Version central version 3.6.2 Highest
Version pom version 3.6.2 Highest
jta-1.1.jar
Description:
The javax.transaction package. It is appropriate for inclusion in a classpath, and may be added to a Java 2 installation.
File Path: /home/ciagent/.m2/repository/javax/transaction/jta/1.1/jta-1.1.jar
MD5: 82a10ce714f411b28f13850059de09ee
SHA1: 2ca09f0b36ca7d71b762e14ea2ff09d5eac57558
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor central groupid javax.transaction High
Vendor pom name Java Transaction API High
Vendor pom groupid javax.transaction Highest
Vendor Manifest extension-name javax.transaction Medium
Vendor pom description The javax.transaction package. It is appropriate for inclusion in a classpath, and may be added to a Java 2 installation. Low
Vendor pom url http://java.sun.com/products/jta Highest
Vendor Manifest specification-vendor Sun Microsystems, Inc. Low
Vendor pom artifactid jta Low
Vendor file name jta High
Product pom artifactid jta Highest
Product pom name Java Transaction API High
Product Manifest extension-name javax.transaction Medium
Product pom description The javax.transaction package. It is appropriate for inclusion in a classpath, and may be added to a Java 2 installation. Low
Product central artifactid transaction-api High
Product central artifactid jta High
Product Manifest specification-title Java Transaction API Specification Medium
Product file name jta High
Product pom url http://java.sun.com/products/jta Medium
Product pom groupid javax.transaction Low
Version pom version 1.1 Highest
Version file version 1.1 Highest
Version central version 1.1 High
concurrent-1.3.4.jar
License:
Public domain, Sun Microsoystems: >http://gee.cs.oswego.edu/dl/classes/EDU/oswego/cs/dl/util/concurrent/intro.html
File Path: /home/ciagent/.m2/repository/concurrent/concurrent/1.3.4/concurrent-1.3.4.jar
MD5: f29b9d930d3426ebc56919eba10fbd4d
SHA1: 1cf394c2a388199db550cda311174a4c6a7d117c
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom artifactid concurrent Low
Vendor jar package name cs Low
Vendor file name concurrent High
Vendor central groupid concurrent Highest
Vendor pom groupid concurrent Highest
Vendor pom organization url http://gee.cs.oswego.edu/dl/classes/EDU/oswego/cs/dl/util/concurrent/intro.html Medium
Vendor jar package name oswego Low
Vendor pom organization name Dough Lea High
Vendor pom name Dough Lea's util.concurrent package High
Vendor jar package name edu Low
Product jar package name cs Low
Product file name concurrent High
Product pom organization url http://gee.cs.oswego.edu/dl/classes/EDU/oswego/cs/dl/util/concurrent/intro.html Low
Product pom organization name Dough Lea Low
Product jar package name dl Low
Product jar package name oswego Low
Product pom groupid concurrent Low
Product pom artifactid concurrent Highest
Product central artifactid concurrent Highest
Product pom name Dough Lea's util.concurrent package High
Version central version 1.3.4 Highest
Version file version 1.3.4 Highest
Version pom version 1.3.4 Highest
commons-collections-3.2.2.jar
Description: Types that extend and augment the Java Collections Framework.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor manifest Bundle-Description Types that extend and augment the Java Collections Framework. Medium
Vendor pom parent-groupid org.apache.commons Medium
Vendor pom artifactid commons-collections Low
Vendor Manifest bundle-docurl http://commons.apache.org/collections/ Low
Vendor Manifest implementation-build tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100 Low
Vendor pom groupid commons-collections Highest
Vendor pom url http://commons.apache.org/collections/ Highest
Vendor central groupid commons-collections Highest
Vendor Manifest implementation-url http://commons.apache.org/collections/ Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))" Low
Vendor file name commons-collections High
Vendor Manifest bundle-symbolicname org.apache.commons.collections Medium
Vendor pom description Types that extend and augment the Java Collections Framework. Medium
Vendor pom name Apache Commons Collections High
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom parent-artifactid commons-parent Low
Product Manifest Implementation-Title Apache Commons Collections High
Product pom artifactid commons-collections Highest
Product manifest Bundle-Description Types that extend and augment the Java Collections Framework. Medium
Product Manifest bundle-docurl http://commons.apache.org/collections/ Low
Product Manifest implementation-build tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100 Low
Product pom parent-artifactid commons-parent Medium
Product central artifactid commons-collections Highest
Product Manifest specification-title Apache Commons Collections Medium
Product Manifest Bundle-Name Apache Commons Collections Medium
Product Manifest implementation-url http://commons.apache.org/collections/ Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))" Low
Product pom groupid commons-collections Low
Product file name commons-collections High
Product Manifest bundle-symbolicname org.apache.commons.collections Medium
Product pom parent-groupid org.apache.commons Low
Product pom description Types that extend and augment the Java Collections Framework. Medium
Product pom name Apache Commons Collections High
Product pom url http://commons.apache.org/collections/ Medium
Version Manifest Implementation-Version 3.2.2 High
Version central version 3.2.2 Highest
Version file version 3.2.2 Highest
Version pom version 3.2.2 Highest
jgroups-3.6.13.Final.jar
Description:
Reliable cluster communication toolkit
License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/ciagent/.m2/repository/org/jgroups/jgroups/3.6.13.Final/jgroups-3.6.13.Final.jar
MD5: d7a4d1065e9b09e3f48bfa88ab368a0c
SHA1: 1315a8a1aed98dcafc11a850957ced42dc26bf18
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor file name jgroups High
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low
Vendor pom description
Reliable cluster communication toolkit
Medium
Vendor Manifest bundle-symbolicname org.jgroups Medium
Vendor manifest Bundle-Description Ant/ivy based build.xml file for JGroups. Needs ant to run Medium
Vendor central groupid org.jgroups Highest
Vendor pom groupid org.jgroups Highest
Vendor pom artifactid jgroups Low
Vendor pom url http://www.jgroups.org Highest
Vendor Manifest bundle-docurl http://www.jboss.org Low
Vendor pom organization name JBoss, a division of Red Hat High
Vendor pom groupid jgroups Highest
Vendor pom organization url http://www.jboss.org Medium
Vendor pom name JGroups High
Product file name jgroups High
Product pom organization url http://www.jboss.org Low
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low
Product pom description
Reliable cluster communication toolkit
Medium
Product Manifest bundle-symbolicname org.jgroups Medium
Product manifest Bundle-Description Ant/ivy based build.xml file for JGroups. Needs ant to run Medium
Product central artifactid jgroups Highest
Product pom artifactid jgroups Highest
Product Manifest Bundle-Name JGroups Medium
Product pom groupid jgroups Low
Product pom url http://www.jgroups.org Medium
Product Manifest bundle-docurl http://www.jboss.org Low
Product pom name JGroups High
Product pom organization name JBoss, a division of Red Hat Low
Version pom version 3.6.13.Final Highest
Version central version 3.6.13.Final Highest
Version Manifest Implementation-Version 3.6.13.Final High
Version file version 3.6.13 Highest
jbossjta-4.16.6.Final.jar
Description: JBossTS - JBoss Transaction Service. JTA, JTS and XTS (WS-AT, WS-BA)
License:
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/ciagent/.m2/repository/org/jboss/jbossts/jbossjta/4.16.6.Final/jbossjta-4.16.6.Final.jar
MD5: 9e3c8d7d93b92ab97489aeb5816370c8
SHA1: 99e79e03ced180bea4e3307511d350eb2b88c91c
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor central groupid org.jboss.jbossts Highest
Vendor file name jbossjta High
Vendor pom url http://www.jboss.org/jbosstm/ Highest
Vendor Manifest arjuna-builder JBoss Inc. [tom] Linux 3.4.11-1.fc16.x86_64 2012/Oct/02 15:05 Low
Vendor Manifest arjuna-properties-file jbossts-properties.xml Low
Vendor pom description JBossTS - JBoss Transaction Service. JTA, JTS and XTS (WS-AT, WS-BA) Medium
Vendor pom name JBossTS jbossjta High
Vendor pom groupid jboss.jbossts Highest
Vendor pom groupid org.jboss.jbossts Highest
Vendor pom artifactid jbossjta Low
Product pom groupid jboss.jbossts Low
Product pom url http://www.jboss.org/jbosstm/ Medium
Product file name jbossjta High
Product pom artifactid jbossjta Highest
Product Manifest arjuna-builder JBoss Inc. [tom] Linux 3.4.11-1.fc16.x86_64 2012/Oct/02 15:05 Low
Product Manifest arjuna-properties-file jbossts-properties.xml Low
Product pom description JBossTS - JBoss Transaction Service. JTA, JTS and XTS (WS-AT, WS-BA) Medium
Product pom name JBossTS jbossjta High
Product central artifactid jbossjta Highest
Version file version 4.16.6 Highest
Version pom version 4.16.6.Final Highest
Version central version 4.16.6.Final Highest
ws-commons-util-1.0.1.jar
Description: This is a small collection of utility classes, that allow high performance XML processing based on SAX. Basically, it is assumed, that you are using an JAXP 1.1 compliant XML parser and nothing else. In particular, no dependency on the javax.xml.transform package is introduced.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/ws/commons/ws-commons-util/1.0.1/ws-commons-util-1.0.1.jar
MD5: 66919d22287ddab742a135da764c2cd6
SHA1: 126e80ff798fece634bc94e61f8be8a8da00be60
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest extension-name ws-commons-util Medium
Vendor Manifest Implementation-Vendor Apache Software Foundation High
Vendor pom name Apache WebServices Common Utilities High
Vendor pom groupid org.apache.ws.commons Highest
Vendor pom organization name Apache Software Foundation High
Vendor file name ws-commons-util High
Vendor pom organization url http://www.apache.org/ Medium
Vendor pom url http://ws.apache.org/commons/util Highest
Vendor central groupid ws-commons-util High
Vendor pom groupid apache.ws.commons Highest
Vendor pom artifactid ws-commons-util Low
Vendor central groupid org.apache.ws.commons High
Vendor Manifest specification-vendor Apache Software Foundation Low
Vendor pom description This is a small collection of utility classes, that allow high performance XML processing based on SAX. Basically, it is assumed, that you are using an JAXP 1.1 compliant XML parser and nothing else. In particular, no dependency on the javax.xml.transform package is introduced. Low
Product pom organization name Apache Software Foundation Low
Product Manifest extension-name ws-commons-util Medium
Product pom organization url http://www.apache.org/ Low
Product pom name Apache WebServices Common Utilities High
Product file name ws-commons-util High
Product central artifactid ws-commons-util High
Product pom url http://ws.apache.org/commons/util Medium
Product Manifest specification-title This is a small collection of utility classes, that allow high performance XML processing based on SAX. Basically, it is assumed, that you are using an JAXP 1.1 compliant XML parser and nothing else. In particular, no dependency on the javax.xml.transform package is introduced. Medium
Product Manifest Implementation-Title ws-commons-util High
Product pom description This is a small collection of utility classes, that allow high performance XML processing based on SAX. Basically, it is assumed, that you are using an JAXP 1.1 compliant XML parser and nothing else. In particular, no dependency on the javax.xml.transform package is introduced. Low
Product pom groupid apache.ws.commons Low
Product pom artifactid ws-commons-util Highest
Version Manifest Implementation-Version 1.0.1 High
Version file version 1.0.1 Highest
Version central version 1.0.1 High
Version pom version 1.0.1 Highest
Published Vulnerabilities
CVE-2016-10542 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.
Vulnerable Software & Versions:
jboss-common-core-2.2.22.GA.jar
Description: JBoss Common Core Utility classes
File Path: /home/ciagent/.m2/repository/org/jboss/jboss-common-core/2.2.22.GA/jboss-common-core-2.2.22.GA.jar
MD5: 8c415e1467075a90045a7b0fd19886a3
SHA1: ae1a22412d879c4ac48e35cf00f438bb263d41c3
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor JBoss, a division of Red Hat, Inc. High
Vendor Manifest Implementation-Vendor-Id org.jboss Medium
Vendor Manifest specification-vendor JBoss, a division of Red Hat, Inc. Low
Vendor pom groupid jboss Highest
Vendor file name jboss-common-core High
Vendor pom parent-artifactid jboss-parent Low
Vendor pom parent-groupid org.jboss Medium
Vendor pom groupid org.jboss Highest
Vendor pom url http://www.jboss.org/jboss-common Highest
Vendor pom artifactid jboss-common-core Low
Vendor Manifest implementation-url http://www.jboss.org/jboss-common Low
Vendor pom name JBoss Common Classes High
Vendor central groupid org.jboss Highest
Vendor pom description JBoss Common Core Utility classes Medium
Product pom parent-artifactid jboss-parent Medium
Product file name jboss-common-core High
Product Manifest specification-title JBoss Common Classes Medium
Product pom groupid jboss Low
Product Manifest implementation-url http://www.jboss.org/jboss-common Low
Product pom name JBoss Common Classes High
Product central artifactid jboss-common-core Highest
Product pom description JBoss Common Core Utility classes Medium
Product Manifest Implementation-Title JBoss Common Classes High
Product pom parent-groupid org.jboss Low
Product pom url http://www.jboss.org/jboss-common Medium
Product pom artifactid jboss-common-core Highest
Version pom version 2.2.22.GA Highest
Version file version 2.2.22 Highest
Version central version 2.2.22.GA Highest
Version Manifest Implementation-Version 2.2.22.GA High
stringtemplate-3.2.1.jar
Description: StringTemplate is a java template engine for generating source code,
web pages, emails, or any other formatted text output.
StringTemplate is particularly good at multi-targeted code generators,
multiple site skins, and internationalization/localization.
It evolved over years of effort developing jGuru.com.
StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org
and powers the ANTLR v3 code generator. Its distinguishing characteristic
is that unlike other engines, it strictly enforces model-view separation.
Strict separation makes websites and code generators more flexible
and maintainable; it also provides an excellent defense against malicious
template authors.
There are currently about 600 StringTemplate source downloads a month.
License:
BSD licence: http://antlr.org/license.html
File Path: /home/ciagent/.m2/repository/org/antlr/stringtemplate/3.2.1/stringtemplate-3.2.1.jar
MD5: b58ca53e518a92a1991eb63b61917582
SHA1: 59ec8083721eae215c6f3caee944c410d2be34de
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor file name stringtemplate High
Vendor pom artifactid stringtemplate Low
Vendor jar package name antlr Low
Vendor pom url http://www.stringtemplate.org Highest
Vendor jar package name language Low
Vendor pom description StringTemplate is a java template engine for generating source code,
web pages, emails, or any other formatted text output. StringTemplate is particularly good at multi-targeted code generators,
multiple site skins, and internationalization/localization. It evolved over years of effort developing jGuru.com. StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org
and powers the ANTLR v3 code generator. Its distinguishing characteristic is that un... Low
Vendor central groupid org.antlr Highest
Vendor pom name ANTLR StringTemplate High
Vendor pom groupid antlr Highest
Vendor pom groupid org.antlr Highest
Vendor jar package name stringtemplate Low
Product file name stringtemplate High
Product jar package name language Low
Product pom url http://www.stringtemplate.org Medium
Product pom description StringTemplate is a java template engine for generating source code,
web pages, emails, or any other formatted text output. StringTemplate is particularly good at multi-targeted code generators,
multiple site skins, and internationalization/localization. It evolved over years of effort developing jGuru.com. StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org
and powers the ANTLR v3 code generator. Its distinguishing characteristic is that un... Low
Product pom groupid antlr Low
Product pom artifactid stringtemplate Highest
Product central artifactid stringtemplate Highest
Product pom name ANTLR StringTemplate High
Product jar package name stringtemplate Low
Version pom version 3.2.1 Highest
Version file version 3.2.1 Highest
Version central version 3.2.1 Highest
antlr-runtime-3.5.jar
Description: A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.
File Path: /home/ciagent/.m2/repository/org/antlr/antlr-runtime/3.5/antlr-runtime-3.5.jar
MD5: aa6d7c8b425df59f5f5bc98c58cfd9fc
SHA1: 0baa82bff19059401e90e1b90020beb9c96305d7
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom url http://www.antlr.org Highest
Vendor file name antlr-runtime High
Vendor pom name ANTLR 3 Runtime High
Vendor pom groupid org.antlr Highest
Vendor Manifest Implementation-Vendor-Id org.antlr Medium
Vendor pom artifactid antlr-runtime Low
Vendor pom description A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions. Low
Vendor central groupid org.antlr Highest
Vendor pom parent-groupid org.antlr Medium
Vendor Manifest Implementation-Vendor ANTLR High
Vendor pom groupid antlr Highest
Vendor pom parent-artifactid antlr-master Low
Product file name antlr-runtime High
Product pom name ANTLR 3 Runtime High
Product pom url http://www.antlr.org Medium
Product pom description A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions. Low
Product pom artifactid antlr-runtime Highest
Product pom groupid antlr Low
Product pom parent-artifactid antlr-master Medium
Product central artifactid antlr-runtime Highest
Product Manifest Implementation-Title ANTLR 3 Runtime High
Product pom parent-groupid org.antlr Low
Version pom version 3.5 Highest
Version Manifest Implementation-Version 3.5 High
Version file version 3.5 Highest
Version central version 3.5 Highest
exo.kernel.component.ext.cache.impl.infinispan.v8-5.3.x-SNAPSHOT.jar
Description: Infinispan Implementation of Cache Service for Exoplatform SAS 'eXo Kernel' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.component.ext.cache.impl.infinispan.v8/5.3.x-SNAPSHOT/exo.kernel.component.ext.cache.impl.infinispan.v8-5.3.x-SNAPSHOT.jar
MD5: cf459153049afcb424d6852d48006f4b
SHA1: 2eba4f7d71d04c099a85379d7065b7ce78d48029
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor file name exo.kernel.component.ext.cache.impl.infinispan.v8 High
Vendor pom artifactid exo.kernel.component.ext.cache.impl.infinispan.v8 Low
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor pom parent-artifactid kernel-parent Low
Vendor pom name eXo PLF:: Kernel :: Cache Extension :: Infinispan Implementation High
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor Manifest Implementation-Vendor-Id org.exoplatform.kernel Medium
Vendor pom parent-groupid org.exoplatform.kernel Medium
Vendor pom groupid org.exoplatform.kernel Highest
Vendor pom groupid exoplatform.kernel Highest
Vendor pom description Infinispan Implementation of Cache Service for Exoplatform SAS 'eXo Kernel' project. Medium
Product file name exo.kernel.component.ext.cache.impl.infinispan.v8 High
Product pom name eXo PLF:: Kernel :: Cache Extension :: Infinispan Implementation High
Product pom groupid exoplatform.kernel Low
Product Manifest specification-title exo-kernel Medium
Product pom parent-artifactid kernel-parent Medium
Product pom artifactid exo.kernel.component.ext.cache.impl.infinispan.v8 Highest
Product pom parent-groupid org.exoplatform.kernel Low
Product Manifest Implementation-Title eXo PLF:: Kernel :: Cache Extension :: Infinispan Implementation High
Product pom description Infinispan Implementation of Cache Service for Exoplatform SAS 'eXo Kernel' project. Medium
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
maven: org.exoplatform.kernel:exo.kernel.component.ext.cache.impl.infinispan.v8:5.3.x-SNAPSHOT
Confidence :High
cpe: cpe:/a:infinispan:infinispan:5.3.0
Confidence :Highest
suppress
Published Vulnerabilities
CVE-2016-0750 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.
Vulnerable Software & Versions: (show all )
CVE-2017-15089 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
Vulnerable Software & Versions: (show all )
CVE-2017-2638 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
Vulnerable Software & Versions: (show all )
jboss-marshalling-osgi-2.0.0.Beta3.jar
Description: JBoss Marshalling OSGi Bundle with API and implementations
License:
http://repository.jboss.org/licenses/cc0-1.0.txt
File Path: /home/ciagent/.m2/repository/org/jboss/marshalling/jboss-marshalling-osgi/2.0.0.Beta3/jboss-marshalling-osgi-2.0.0.Beta3.jar
MD5: 7652392087f6e70312cf0309ab563a4f
SHA1: a55fe6527a2d50dc48ad3f8b9093bd0cb01302b0
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor-Id org.jboss.marshalling Medium
Vendor Manifest os-name Linux Medium
Vendor jar package name jboss Low
Vendor pom groupid org.jboss.marshalling Highest
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor central groupid org.jboss.marshalling Highest
Vendor Manifest implementation-url http://www.jboss.org/jboss-marshalling-parent/jboss-marshalling-osgi Low
Vendor file name jboss-marshalling-osgi High
Vendor Manifest Implementation-Vendor JBoss by Red Hat High
Vendor manifest Bundle-Description JBoss Marshalling OSGi Bundle with API and implementations Medium
Vendor Manifest specification-vendor JBoss by Red Hat Low
Vendor Manifest bundle-docurl http://jboss.org/jbossmarshalling Low
Vendor Manifest bundle-symbolicname org.jboss.marshalling.jboss-marshalling-osgi Medium
Vendor jar package name marshalling Low
Product Manifest Implementation-Title JBoss Marshalling OSGi Bundle High
Product pom artifactid jboss-marshalling-osgi Highest
Product Manifest os-name Linux Medium
Product Manifest implementation-url http://www.jboss.org/jboss-marshalling-parent/jboss-marshalling-osgi Low
Product file name jboss-marshalling-osgi High
Product Manifest Bundle-Name JBoss Marshalling OSGi Bundle Medium
Product manifest Bundle-Description JBoss Marshalling OSGi Bundle with API and implementations Medium
Product Manifest bundle-docurl http://jboss.org/jbossmarshalling Low
Product central artifactid jboss-marshalling-osgi Highest
Product Manifest bundle-symbolicname org.jboss.marshalling.jboss-marshalling-osgi Medium
Product Manifest specification-title JBoss Marshalling OSGi Bundle Medium
Product jar package name marshalling Low
Version pom version 2.0.0.Beta3 Highest
Version central version 2.0.0.Beta3 Highest
Version Manifest Implementation-Version 2.0.0.Beta3 High
infinispan-core-8.2.6.Final.jar
Description: Infinispan core module
License:
http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/ciagent/.m2/repository/org/infinispan/infinispan-core/8.2.6.Final/infinispan-core-8.2.6.Final.jar
MD5: 06371c22b39aef4faf1da8d21b2102cb
SHA1: 84937a866a56760b9c50bfbca10442fa14be6375
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom artifactid infinispan-core Low
Vendor Manifest Implementation-Vendor-Id org.infinispan Medium
Vendor Manifest bundle-blueprint OSGI-INF/blueprint/blueprint.xml Low
Vendor pom groupid org.infinispan Highest
Vendor manifest Bundle-Description Infinispan core module Medium
Vendor pom groupid infinispan Highest
Vendor file name infinispan-core High
Vendor central groupid org.infinispan Highest
Vendor pom parent-groupid org.infinispan Medium
Vendor pom parent-artifactid infinispan-parent Low
Vendor Manifest bundle-docurl http://www.infinispan.org/ Low
Vendor Manifest specification-vendor JBoss, a division of Red Hat Low
Vendor Manifest Implementation-Vendor JBoss, a division of Red Hat High
Vendor pom description Infinispan core module Medium
Vendor Manifest bundle-symbolicname org.infinispan.core Medium
Vendor pom name Infinispan Core High
Product pom groupid infinispan Low
Product Manifest bundle-blueprint OSGI-INF/blueprint/blueprint.xml Low
Product Manifest Bundle-Name Infinispan Core Medium
Product manifest Bundle-Description Infinispan core module Medium
Product Manifest specification-title Infinispan Core Medium
Product file name infinispan-core High
Product Manifest bundle-docurl http://www.infinispan.org/ Low
Product Manifest Implementation-Title Infinispan Core High
Product pom parent-artifactid infinispan-parent Medium
Product pom description Infinispan core module Medium
Product central artifactid infinispan-core Highest
Product pom artifactid infinispan-core Highest
Product pom parent-groupid org.infinispan Low
Product Manifest bundle-symbolicname org.infinispan.core Medium
Product pom name Infinispan Core High
Version pom version 8.2.6.Final Highest
Version Manifest Implementation-Version 8.2.6.Final High
Version file version 8.2.6 Highest
Version central version 8.2.6.Final Highest
Related Dependencies
infinispan-cachestore-jdbc-8.2.6.Final.jar
File Path: /home/ciagent/.m2/repository/org/infinispan/infinispan-cachestore-jdbc/8.2.6.Final/infinispan-cachestore-jdbc-8.2.6.Final.jar
SHA1: 1703f2cae7b2cb483158dca831d68ee711f301ab
MD5: 3ca2e9d4e5ed44fc984fe94c2d943bf2
cpe: cpe:/a:infinispan:infinispan:8.2.6
maven: org.infinispan:infinispan-cachestore-jdbc:8.2.6.Final ✓
Published Vulnerabilities
CVE-2016-0750 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.
Vulnerable Software & Versions: (show all )
CVE-2017-15089 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
Vulnerable Software & Versions: (show all )
CVE-2017-2638 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
Vulnerable Software & Versions: (show all )
exo.jcr.component.core-5.3.x-SNAPSHOT.jar
Description: Implementation of Core Service of Exoplatform SAS 'eXo Core' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/jcr/exo.jcr.component.core/5.3.x-SNAPSHOT/exo.jcr.component.core-5.3.x-SNAPSHOT.jar
MD5: c34faf606491d2ab1610fc473993ec86
SHA1: b568dd1a9a7d7bad1feb77d52b64dbf7a5527bef
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom description Implementation of Core Service of Exoplatform SAS 'eXo Core' project. Medium
Vendor pom groupid exoplatform.jcr Highest
Vendor file name exo.jcr.component.core High
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor pom artifactid exo.jcr.component.core Low
Vendor pom parent-groupid org.exoplatform.jcr Medium
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom name eXo PLF:: JCR :: Component :: Core Service High
Vendor pom parent-artifactid jcr-parent Low
Vendor pom groupid org.exoplatform.jcr Highest
Vendor Manifest Implementation-Vendor-Id org.exoplatform.jcr Medium
Product Manifest Implementation-Title eXo PLF:: JCR :: Component :: Core Service High
Product pom description Implementation of Core Service of Exoplatform SAS 'eXo Core' project. Medium
Product Manifest specification-title exo-jcr Medium
Product file name exo.jcr.component.core High
Product pom parent-artifactid jcr-parent Medium
Product pom name eXo PLF:: JCR :: Component :: Core Service High
Product pom groupid exoplatform.jcr Low
Product pom parent-groupid org.exoplatform.jcr Low
Product pom artifactid exo.jcr.component.core Highest
Version pom version 5.3.x-20190901.145403-35 Highest
Version pom version 5.3.x-SNAPSHOT Highest
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
maven: org.exoplatform.jcr:exo.jcr.component.core:5.3.x-SNAPSHOT
Confidence :High
jtidy-r938.jar
Description:
JTidy is a Java port of HTML Tidy, a HTML syntax checker and pretty printer. Like its non-Java cousin, JTidy can be
used as a tool for cleaning up malformed and faulty HTML. In addition, JTidy provides a DOM interface to the
document that is being processed, which effectively makes you able to use JTidy as a DOM parser for real-world HTML.
License:
Java HTML Tidy License: http://jtidy.svn.sourceforge.net/viewvc/jtidy/trunk/jtidy/LICENSE.txt?revision=95
File Path: /home/ciagent/.m2/repository/net/sf/jtidy/jtidy/r938/jtidy-r938.jar
MD5: 6a9121561b8f98c0a8fb9b6e57f50e6b
SHA1: ab08d87a225a715a69107732b67f21e1da930349
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor central groupid net.sf.jtidy Highest
Vendor pom organization name sourceforge High
Vendor pom description JTidy is a Java port of HTML Tidy, a HTML syntax checker and pretty printer. Like its non-Java cousin, JTidy can be used as a tool for cleaning up malformed and faulty HTML. In addition, JTidy provides a DOM interface to the document that is being processed, which effectively makes you able to use JTidy as a DOM parser for real-world HTML. Low
Vendor file name jtidy-r938 High
Vendor jar package name w3c Low
Vendor pom url http://jtidy.sourceforge.net Highest
Vendor jar package name tidy Low
Vendor pom organization url http://sourceforge.net Medium
Vendor pom groupid net.sf.jtidy Highest
Vendor pom name JTidy High
Vendor pom artifactid jtidy Low
Product pom url http://jtidy.sourceforge.net Medium
Product pom organization url http://sourceforge.net Low
Product pom description JTidy is a Java port of HTML Tidy, a HTML syntax checker and pretty printer. Like its non-Java cousin, JTidy can be used as a tool for cleaning up malformed and faulty HTML. In addition, JTidy provides a DOM interface to the document that is being processed, which effectively makes you able to use JTidy as a DOM parser for real-world HTML. Low
Product file name jtidy-r938 High
Product pom groupid net.sf.jtidy Low
Product pom artifactid jtidy Highest
Product jar package name tidy Low
Product pom organization name sourceforge Low
Product pom name JTidy High
Product central artifactid jtidy Highest
Version file version 938 Medium
Version pom version r938 Highest
Version file name jtidy-r938 Medium
Version central version r938 Highest
exo.core.component.xml-processing-5.3.x-SNAPSHOT.jar
Description: Implementation of XML Processing Service of Exoplatform SAS 'eXo Core' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.xml-processing/5.3.x-SNAPSHOT/exo.core.component.xml-processing-5.3.x-SNAPSHOT.jar
MD5: 986cd0d4b96b49b33770b8e416059263
SHA1: 90cfa8f49b2562445be557a94f17dfac700b265c
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.exoplatform.core Medium
Vendor Manifest Implementation-Vendor-Id org.exoplatform.core Medium
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor pom groupid exoplatform.core Highest
Vendor pom description Implementation of XML Processing Service of Exoplatform SAS 'eXo Core' project. Medium
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom groupid org.exoplatform.core Highest
Vendor pom artifactid exo.core.component.xml-processing Low
Vendor pom parent-artifactid core-parent Low
Vendor file name exo.core.component.xml-processing High
Vendor pom name eXo PLF Core :: Component :: XML Processing Service High
Product Manifest Implementation-Title eXo PLF Core :: Component :: XML Processing Service High
Product pom parent-artifactid core-parent Medium
Product pom artifactid exo.core.component.xml-processing Highest
Product pom description Implementation of XML Processing Service of Exoplatform SAS 'eXo Core' project. Medium
Product Manifest specification-title exo-core Medium
Product pom groupid exoplatform.core Low
Product pom parent-groupid org.exoplatform.core Low
Product file name exo.core.component.xml-processing High
Product pom name eXo PLF Core :: Component :: XML Processing Service High
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
cpe: cpe:/a:processing:processing:5.3
Confidence :Low
suppress
maven: org.exoplatform.core:exo.core.component.xml-processing:5.3.x-SNAPSHOT
Confidence :High
groovy-all-2.4.12.jar
Description: Groovy: A powerful, dynamic language for the JVM
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/codehaus/groovy/groovy-all/2.4.12/groovy-all-2.4.12.jar
MD5: dddb0b3d3619875fa1c538c743ae8f99
SHA1: 760afc568cbd94c09d78f801ce51aed1326710af
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor manifest Bundle-Description Groovy Runtime Medium
Vendor pom organization url http://groovy-lang.org Medium
Vendor pom name Apache Groovy High
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom organization name Apache Software Foundation High
Vendor Manifest bundle-symbolicname groovy-all Medium
Vendor pom description Groovy: A powerful, dynamic language for the JVM Medium
Vendor pom url http://groovy-lang.org Highest
Vendor pom groupid org.codehaus.groovy Highest
Vendor Manifest extension-name groovy Medium
Vendor Manifest originally-created-by 1.8.0_131-b11 (Oracle Corporation) Low
Vendor pom groupid codehaus.groovy Highest
Vendor file name groovy-all High
Vendor pom artifactid groovy-all Low
Vendor central groupid org.codehaus.groovy Highest
Vendor Manifest specification-vendor The Apache Software Foundation Low
Product manifest Bundle-Description Groovy Runtime Medium
Product pom organization name Apache Software Foundation Low
Product pom name Apache Groovy High
Product pom url http://groovy-lang.org Medium
Product Manifest bundle-symbolicname groovy-all Medium
Product pom description Groovy: A powerful, dynamic language for the JVM Medium
Product Manifest specification-title Groovy: a powerful, dynamic language for the JVM Medium
Product Manifest Bundle-Name Groovy Runtime Medium
Product pom artifactid groovy-all Highest
Product Manifest extension-name groovy Medium
Product Manifest originally-created-by 1.8.0_131-b11 (Oracle Corporation) Low
Product Manifest Implementation-Title Groovy: a powerful, dynamic language for the JVM High
Product central artifactid groovy-all Highest
Product file name groovy-all High
Product pom organization url http://groovy-lang.org Low
Product pom groupid codehaus.groovy Low
Version central version 2.4.12 Highest
Version file version 2.4.12 Highest
Version Manifest Implementation-Version 2.4.12 High
Version pom version 2.4.12 Highest
exo.core.component.script.groovy-5.3.x-SNAPSHOT.jar
Description: Groovy Scripts Instantiator of Exoplatform SAS 'eXo Core' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.script.groovy/5.3.x-SNAPSHOT/exo.core.component.script.groovy-5.3.x-SNAPSHOT.jar
MD5: d71fb015f2b99163857b0028637c0215
SHA1: 38d88cb95aa45f54cc3ea9494419328c469e5317
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom description Groovy Scripts Instantiator of Exoplatform SAS 'eXo Core' project. Medium
Vendor pom parent-groupid org.exoplatform.core Medium
Vendor Manifest Implementation-Vendor-Id org.exoplatform.core Medium
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor pom groupid exoplatform.core Highest
Vendor pom artifactid exo.core.component.script.groovy Low
Vendor file name exo.core.component.script.groovy High
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom groupid org.exoplatform.core Highest
Vendor pom parent-artifactid core-parent Low
Vendor pom name eXo PLF Core :: Component :: Groovy Scripts Instantiator High
Product pom description Groovy Scripts Instantiator of Exoplatform SAS 'eXo Core' project. Medium
Product pom parent-artifactid core-parent Medium
Product file name exo.core.component.script.groovy High
Product Manifest specification-title exo-core Medium
Product Manifest Implementation-Title eXo PLF Core :: Component :: Groovy Scripts Instantiator High
Product pom groupid exoplatform.core Low
Product pom parent-groupid org.exoplatform.core Low
Product pom artifactid exo.core.component.script.groovy Highest
Product pom name eXo PLF Core :: Component :: Groovy Scripts Instantiator High
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
maven: org.exoplatform.core:exo.core.component.script.groovy:5.3.x-SNAPSHOT
Confidence :High
exo.jcr.component.ext-5.3.x-SNAPSHOT.jar
Description: Implementation of Extension Service of Exoplatform SAS 'eXo JCR' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/jcr/exo.jcr.component.ext/5.3.x-SNAPSHOT/exo.jcr.component.ext-5.3.x-SNAPSHOT.jar
MD5: 16e2b18bffa93e825bb0c86e5f9f9a67
SHA1: d3a306ea6ddf8e114753224ef1deae1a5671e904
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid exoplatform.jcr Highest
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor pom parent-groupid org.exoplatform.jcr Medium
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom description Implementation of Extension Service of Exoplatform SAS 'eXo JCR' project. Medium
Vendor file name exo.jcr.component.ext High
Vendor pom name eXo PLF:: JCR :: Component :: Extension Service High
Vendor pom parent-artifactid jcr-parent Low
Vendor pom artifactid exo.jcr.component.ext Low
Vendor pom groupid org.exoplatform.jcr Highest
Vendor Manifest Implementation-Vendor-Id org.exoplatform.jcr Medium
Product Manifest Implementation-Title eXo PLF:: JCR :: Component :: Extension Service High
Product Manifest specification-title exo-jcr Medium
Product pom artifactid exo.jcr.component.ext Highest
Product pom parent-artifactid jcr-parent Medium
Product pom description Implementation of Extension Service of Exoplatform SAS 'eXo JCR' project. Medium
Product file name exo.jcr.component.ext High
Product pom groupid exoplatform.jcr Low
Product pom name eXo PLF:: JCR :: Component :: Extension Service High
Product pom parent-groupid org.exoplatform.jcr Low
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
maven: org.exoplatform.jcr:exo.jcr.component.ext:5.3.x-SNAPSHOT
Confidence :High
mime-util-2.1.3.jar
Description: mime-util is a simple to use, small, light weight and fast open source java utility library that can detect
MIME types from files, input streams, URL's and byte arrays.
Due to the use of regular expressions and the java.nio packages it requires at least Java 1.4.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/eu/medsea/mimeutil/mime-util/2.1.3/mime-util-2.1.3.jar
MD5: 3d4f3e1a96eb79683197f1c8b182f4a6
SHA1: 0c9cfae15c74f62491d4f28def0dff1dabe52a47
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom name Mime Detection Utility High
Vendor Manifest url http://www.medsea.eu/mime-util/ Low
Vendor Manifest bundle-symbolicname eu.medsea.mimeutil.mime-util Medium
Vendor Manifest bundle-docurl http://www.medsea.eu Low
Vendor file name mime-util High
Vendor pom url http://www.medsea.eu/mime-util/ Highest
Vendor pom organization url http://www.medsea.eu Medium
Vendor pom organization name Medsea Business Solutions S.L. High
Vendor pom groupid eu.medsea.mimeutil Highest
Vendor pom artifactid mime-util Low
Vendor manifest Bundle-Description mime-util is a simple to use, small, light weight and fast open source java utility library that can detect MIME types from files, input streams, URL's and byte arrays. Due to the use of regular expressions and the java.nio packages it requires at least Java 1.4. Low
Vendor pom description mime-util is a simple to use, small, light weight and fast open source java utility library that can detect MIME types from files, input streams, URL's and byte arrays. Due to the use of regular expressions and the java.nio packages it requires at least Java 1.4. Low
Vendor central groupid eu.medsea.mimeutil Highest
Product pom name Mime Detection Utility High
Product Manifest url http://www.medsea.eu/mime-util/ Low
Product Manifest bundle-symbolicname eu.medsea.mimeutil.mime-util Medium
Product Manifest bundle-docurl http://www.medsea.eu Low
Product file name mime-util High
Product pom organization url http://www.medsea.eu Low
Product Manifest Bundle-Name Mime Detection Utility Medium
Product pom artifactid mime-util Highest
Product central artifactid mime-util Highest
Product manifest Bundle-Description mime-util is a simple to use, small, light weight and fast open source java utility library that can detect MIME types from files, input streams, URL's and byte arrays. Due to the use of regular expressions and the java.nio packages it requires at least Java 1.4. Low
Product pom url http://www.medsea.eu/mime-util/ Medium
Product pom groupid eu.medsea.mimeutil Low
Product pom organization name Medsea Business Solutions S.L. Low
Product pom description mime-util is a simple to use, small, light weight and fast open source java utility library that can detect MIME types from files, input streams, URL's and byte arrays. Due to the use of regular expressions and the java.nio packages it requires at least Java 1.4. Low
Version pom version 2.1.3 Highest
Version central version 2.1.3 Highest
Version file version 2.1.3 Highest
exo.kernel.commons-5.3.x-SNAPSHOT.jar
Description: Implementation of Commons Utils of Exoplatform SAS 'eXo Kernel' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.commons/5.3.x-SNAPSHOT/exo.kernel.commons-5.3.x-SNAPSHOT.jar
MD5: 282b4bd581fc9a95b032fe6eda634568
SHA1: 5562effa2e420335521f5f7bd503646863d33b02
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom description Implementation of Commons Utils of Exoplatform SAS 'eXo Kernel' project. Medium
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor pom parent-artifactid kernel-parent Low
Vendor file name exo.kernel.commons High
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor Manifest Implementation-Vendor-Id org.exoplatform.kernel Medium
Vendor pom parent-groupid org.exoplatform.kernel Medium
Vendor pom groupid org.exoplatform.kernel Highest
Vendor pom artifactid exo.kernel.commons Low
Vendor pom name eXo PLF:: Kernel :: Commons Utils High
Vendor pom groupid exoplatform.kernel Highest
Product pom description Implementation of Commons Utils of Exoplatform SAS 'eXo Kernel' project. Medium
Product Manifest Implementation-Title eXo PLF:: Kernel :: Commons Utils High
Product file name exo.kernel.commons High
Product pom groupid exoplatform.kernel Low
Product pom artifactid exo.kernel.commons Highest
Product Manifest specification-title exo-kernel Medium
Product pom parent-artifactid kernel-parent Medium
Product pom parent-groupid org.exoplatform.kernel Low
Product pom name eXo PLF:: Kernel :: Commons Utils High
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
maven: org.exoplatform.kernel:exo.kernel.commons:5.3.x-SNAPSHOT
Confidence :High
commons-digester-2.1.jar
Description:
The Digester package lets you configure an XML to Java object mapping module
which triggers certain actions called rules whenever a particular
pattern of nested XML elements is recognized.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-digester/commons-digester/2.1/commons-digester-2.1.jar
MD5: 528445033f22da28f5047b6abcd1c7c9
SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-docurl http://commons.apache.org/digester/ Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.commons Medium
Vendor pom description The Digester package lets you configure an XML to Java object mapping module which triggers certain actions called rules whenever a particular pattern of nested XML elements is recognized. Low
Vendor pom artifactid commons-digester Low
Vendor central groupid commons-digester Highest
Vendor pom url http://commons.apache.org/digester/ Highest
Vendor pom name Commons Digester High
Vendor manifest Bundle-Description The Digester package lets you configure an XML to Java object mapping module which triggers certain actions called rules whenever a particular pattern of nested XML elements is recognized. Low
Vendor Manifest bundle-symbolicname org.apache.commons.digester Medium
Vendor pom groupid commons-digester Highest
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor file name commons-digester High
Vendor pom parent-artifactid commons-parent Low
Product pom artifactid commons-digester Highest
Product Manifest bundle-docurl http://commons.apache.org/digester/ Low
Product Manifest specification-title Commons Digester Medium
Product pom parent-artifactid commons-parent Medium
Product pom description The Digester package lets you configure an XML to Java object mapping module which triggers certain actions called rules whenever a particular pattern of nested XML elements is recognized. Low
Product Manifest Bundle-Name Commons Digester Medium
Product central artifactid commons-digester Highest
Product Manifest Implementation-Title Commons Digester High
Product pom groupid commons-digester Low
Product pom url http://commons.apache.org/digester/ Medium
Product pom name Commons Digester High
Product manifest Bundle-Description The Digester package lets you configure an XML to Java object mapping module which triggers certain actions called rules whenever a particular pattern of nested XML elements is recognized. Low
Product pom parent-groupid org.apache.commons Low
Product Manifest bundle-symbolicname org.apache.commons.digester Medium
Product file name commons-digester High
Version pom version 2.1 Highest
Version Manifest Implementation-Version 2.1 High
Version central version 2.1 Highest
Version file version 2.1 Highest
exo.kernel.component.command-5.3.x-SNAPSHOT.jar
Description: Implementation of Command Service of Exoplatform SAS 'eXo Kernel' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.component.command/5.3.x-SNAPSHOT/exo.kernel.component.command-5.3.x-SNAPSHOT.jar
MD5: 1a7dd2ecb3c1cd5a72142791636c598a
SHA1: 4cd3e62eb5fa7e9a45503127329e089823129afa
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom name eXo PLF:: Kernel :: Component :: Command Service High
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor pom parent-artifactid kernel-parent Low
Vendor pom description Implementation of Command Service of Exoplatform SAS 'eXo Kernel' project. Medium
Vendor pom artifactid exo.kernel.component.command Low
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor Manifest Implementation-Vendor-Id org.exoplatform.kernel Medium
Vendor file name exo.kernel.component.command High
Vendor pom parent-groupid org.exoplatform.kernel Medium
Vendor pom groupid org.exoplatform.kernel Highest
Vendor pom groupid exoplatform.kernel Highest
Product pom artifactid exo.kernel.component.command Highest
Product pom name eXo PLF:: Kernel :: Component :: Command Service High
Product pom description Implementation of Command Service of Exoplatform SAS 'eXo Kernel' project. Medium
Product Manifest Implementation-Title eXo PLF:: Kernel :: Component :: Command Service High
Product pom groupid exoplatform.kernel Low
Product file name exo.kernel.component.command High
Product Manifest specification-title exo-kernel Medium
Product pom parent-artifactid kernel-parent Medium
Product pom parent-groupid org.exoplatform.kernel Low
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
maven: org.exoplatform.kernel:exo.kernel.component.command:5.3.x-SNAPSHOT
Confidence :High
mail-1.4.7.jar
Description: JavaMail API (compat)
License:
http://www.sun.com/cddl, https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /home/ciagent/.m2/repository/javax/mail/mail/1.4.7/mail-1.4.7.jar
MD5: 77f53ff0c78ba43c4812ecc9f53e20f8
SHA1: 9add058589d5d85adeb625859bf2c5eeaaedf12d
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid javax.mail Highest
Vendor pom parent-artifactid all Low
Vendor Manifest probe-provider-xml-file-names META-INF/gfprobe-provider.xml Medium
Vendor manifest Bundle-Description JavaMail API (compat) Medium
Vendor central groupid org.zenframework.z8.dependencies.commons High
Vendor file name mail High
Vendor Manifest (hint) Implementation-Vendor sun High
Vendor Manifest (hint) specification-vendor sun Low
Vendor Manifest bundle-symbolicname javax.mail Medium
Vendor pom artifactid mail Low
Vendor Manifest Implementation-Vendor-Id com.sun Medium
Vendor Manifest extension-name javax.mail Medium
Vendor central groupid javax.mail High
Vendor Manifest originally-created-by 1.7.0_15 (Oracle Corporation) Low
Vendor pom parent-groupid com.sun.mail Medium
Vendor pom name JavaMail API (compat) High
Vendor Manifest specification-vendor Oracle Low
Vendor Manifest Implementation-Vendor Oracle High
Vendor Manifest bundle-docurl http://www.oracle.com Low
Product central artifactid mail-1.4.7 High
Product Manifest probe-provider-xml-file-names META-INF/gfprobe-provider.xml Medium
Product manifest Bundle-Description JavaMail API (compat) Medium
Product Manifest Bundle-Name JavaMail API (compat) Medium
Product file name mail High
Product Manifest specification-title JavaMail(TM) API Design Specification Medium
Product central artifactid mail High
Product pom parent-groupid com.sun.mail Low
Product Manifest bundle-symbolicname javax.mail Medium
Product Manifest extension-name javax.mail Medium
Product Manifest originally-created-by 1.7.0_15 (Oracle Corporation) Low
Product pom name JavaMail API (compat) High
Product pom groupid javax.mail Low
Product pom artifactid mail Highest
Product pom parent-artifactid all Medium
Product Manifest Implementation-Title javax.mail High
Product Manifest bundle-docurl http://www.oracle.com Low
Version central version 1.4.7 High
Version file version 1.4.7 Highest
Version Manifest Implementation-Version 1.4.7 High
Version central version 2.0 High
Version pom version 1.4.7 Highest
commons-dbcp-1.4.jar
Description: Commons Database Connection Pooling
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-dbcp/commons-dbcp/1.4/commons-dbcp-1.4.jar
MD5: b004158fab904f37f5831860898b3cd9
SHA1: 30be73c965cc990b153a100aaaaafcf239f82d39
Referenced In Project/Scope:
eXo PLF:: Calendar Service:runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.commons Medium
Vendor Manifest bundle-docurl http://commons.apache.org/dbcp/ Low
Vendor pom artifactid commons-dbcp Low
Vendor central groupid commons-dbcp Highest
Vendor pom name Commons DBCP High
Vendor manifest Bundle-Description Commons Database Connection Pooling Medium
Vendor pom url http://commons.apache.org/dbcp/ Highest
Vendor pom groupid commons-dbcp Highest
Vendor file name commons-dbcp High
Vendor Manifest bundle-symbolicname org.apache.commons.dbcp Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom parent-artifactid commons-parent Low
Vendor pom description Commons Database Connection Pooling Medium
Product central artifactid commons-dbcp Highest
Product Manifest Implementation-Title Commons DBCP High
Product pom parent-artifactid commons-parent Medium
Product Manifest bundle-docurl http://commons.apache.org/dbcp/ Low
Product pom artifactid commons-dbcp Highest
Product pom name Commons DBCP High
Product pom groupid commons-dbcp Low
Product manifest Bundle-Description Commons Database Connection Pooling Medium
Product pom url http://commons.apache.org/dbcp/ Medium
Product pom parent-groupid org.apache.commons Low
Product Manifest Bundle-Name Commons DBCP Medium
Product file name commons-dbcp High
Product Manifest bundle-symbolicname org.apache.commons.dbcp Medium
Product Manifest specification-title Commons DBCP Medium
Product pom description Commons Database Connection Pooling Medium
Version file version 1.4 Highest
Version central version 1.4 Highest
Version Manifest Implementation-Version 1.4 High
Version pom version 1.4 Highest
commons-pool-1.6.jar
Description: Commons Object Pooling Library
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-pool/commons-pool/1.6/commons-pool-1.6.jar
MD5: 5ca02245c829422176d23fa530e919cc
SHA1: 4572d589699f09d866a226a14b7f4323c6d8f040
Referenced In Project/Scope:
eXo PLF:: Calendar Service:runtime
Evidence
Type Source Name Value Confidence
Vendor file name commons-pool High
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest bundle-symbolicname org.apache.commons.pool Medium
Vendor manifest Bundle-Description Commons Object Pooling Library Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.commons Medium
Vendor pom url http://commons.apache.org/pool/ Highest
Vendor Manifest implementation-build UNKNOWN_BRANCH@r??????; 2012-01-04 10:31:47-0500 Low
Vendor Manifest bundle-docurl http://commons.apache.org/pool/ Low
Vendor central groupid commons-pool Highest
Vendor pom description Commons Object Pooling Library Medium
Vendor pom groupid commons-pool Highest
Vendor pom artifactid commons-pool Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom name Commons Pool High
Vendor pom parent-artifactid commons-parent Low
Product file name commons-pool High
Product Manifest bundle-symbolicname org.apache.commons.pool Medium
Product manifest Bundle-Description Commons Object Pooling Library Medium
Product pom url http://commons.apache.org/pool/ Medium
Product pom parent-artifactid commons-parent Medium
Product central artifactid commons-pool Highest
Product Manifest implementation-build UNKNOWN_BRANCH@r??????; 2012-01-04 10:31:47-0500 Low
Product Manifest bundle-docurl http://commons.apache.org/pool/ Low
Product Manifest specification-title Commons Pool Medium
Product pom description Commons Object Pooling Library Medium
Product pom parent-groupid org.apache.commons Low
Product Manifest Bundle-Name Commons Pool Medium
Product pom name Commons Pool High
Product Manifest Implementation-Title Commons Pool High
Product pom artifactid commons-pool Highest
Product pom groupid commons-pool Low
Version pom version 1.6 Highest
Version file version 1.6 Highest
Version Manifest Implementation-Version 1.6 High
Version central version 1.6 Highest
exo.kernel.component.common-5.3.x-SNAPSHOT.jar
Description: Implementation of Common Service of Exoplatform SAS 'eXo Kernel' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.component.common/5.3.x-SNAPSHOT/exo.kernel.component.common-5.3.x-SNAPSHOT.jar
MD5: d6b89bb676ad571d7966948e2703b45d
SHA1: f9d16a5bfdc94c5624a028e3c29e580efb53b9ca
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor file name exo.kernel.component.common High
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor pom parent-artifactid kernel-parent Low
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom description Implementation of Common Service of Exoplatform SAS 'eXo Kernel' project. Medium
Vendor Manifest Implementation-Vendor-Id org.exoplatform.kernel Medium
Vendor pom parent-groupid org.exoplatform.kernel Medium
Vendor pom name eXo PLF:: Kernel :: Component :: Common Service High
Vendor pom groupid org.exoplatform.kernel Highest
Vendor pom artifactid exo.kernel.component.common Low
Vendor pom groupid exoplatform.kernel Highest
Product file name exo.kernel.component.common High
Product Manifest Implementation-Title eXo PLF:: Kernel :: Component :: Common Service High
Product pom groupid exoplatform.kernel Low
Product pom artifactid exo.kernel.component.common Highest
Product pom description Implementation of Common Service of Exoplatform SAS 'eXo Kernel' project. Medium
Product Manifest specification-title exo-kernel Medium
Product pom name eXo PLF:: Kernel :: Component :: Common Service High
Product pom parent-artifactid kernel-parent Medium
Product pom parent-groupid org.exoplatform.kernel Low
Version pom version 5.3.x-20190901.133139-32 Highest
Version pom version 5.3.x-SNAPSHOT Highest
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
maven: org.exoplatform.kernel:exo.kernel.component.common:5.3.x-SNAPSHOT
Confidence :High
commons-beanutils-1.8.3.jar
Description: BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-beanutils/commons-beanutils/1.8.3/commons-beanutils-1.8.3.jar
MD5: b45be74134796c89db7126083129532f
SHA1: 686ef3410bcf4ab8ce7fd0b899e832aaba5facf7
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor file name commons-beanutils High
Vendor pom parent-groupid org.apache.commons Medium
Vendor Manifest bundle-docurl http://commons.apache.org/beanutils/ Low
Vendor pom name Commons BeanUtils High
Vendor pom description BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. Medium
Vendor Manifest bundle-symbolicname org.apache.commons.beanutils Medium
Vendor pom groupid commons-beanutils Highest
Vendor pom url http://commons.apache.org/beanutils/ Highest
Vendor pom artifactid commons-beanutils Low
Vendor manifest Bundle-Description BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid commons-beanutils Highest
Vendor pom parent-artifactid commons-parent Low
Product file name commons-beanutils High
Product Manifest bundle-docurl http://commons.apache.org/beanutils/ Low
Product pom parent-artifactid commons-parent Medium
Product pom name Commons BeanUtils High
Product central artifactid commons-beanutils Highest
Product pom description BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. Medium
Product Manifest bundle-symbolicname org.apache.commons.beanutils Medium
Product pom url http://commons.apache.org/beanutils/ Medium
Product Manifest specification-title Commons BeanUtils Medium
Product pom parent-groupid org.apache.commons Low
Product manifest Bundle-Description BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. Medium
Product pom artifactid commons-beanutils Highest
Product pom groupid commons-beanutils Low
Product Manifest Bundle-Name Commons BeanUtils Medium
Product Manifest Implementation-Title Commons BeanUtils High
Version pom version 1.8.3 Highest
Version central version 1.8.3 Highest
Version file version 1.8.3 Highest
Version Manifest Implementation-Version 1.8.3 High
Published Vulnerabilities
CVE-2014-0114 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
Vulnerable Software & Versions: (show all )
CVE-2019-10086 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
Vulnerable Software & Versions:
wci-wci-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/wci/wci-wci/5.3.x-SNAPSHOT/wci-wci-5.3.x-SNAPSHOT.jar
MD5: c5b844fb7a773e4dac04279121d46994
SHA1: 003a6a515d6f1ad92303eeb83284de3c92cb4ed9
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom name GateIn - Web Container Integration component (wci) High
Vendor pom artifactid wci-wci Low
Vendor Manifest os-name Linux Medium
Vendor Manifest build-timestamp Sun, 1 Sep 2019 12:30:48 +0000 Low
Vendor pom parent-artifactid wci-parent Low
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor Manifest Implementation-Vendor JBoss by Red Hat High
Vendor pom groupid exoplatform.gatein.wci Highest
Vendor Manifest specification-vendor JBoss by Red Hat Low
Vendor pom parent-groupid org.exoplatform.gatein.wci Medium
Vendor file name wci-wci High
Vendor Manifest implementation-url www.gatein.org/wci-parent/wci-wci/ Low
Vendor pom groupid org.exoplatform.gatein.wci Highest
Vendor Manifest Implementation-Vendor-Id org.exoplatform.gatein.wci Medium
Product pom name GateIn - Web Container Integration component (wci) High
Product Manifest specification-title GateIn - Web Container Integration component (wci) Medium
Product Manifest os-name Linux Medium
Product pom parent-artifactid wci-parent Medium
Product Manifest Implementation-Title GateIn - Web Container Integration component (wci) High
Product pom artifactid wci-wci Highest
Product pom groupid exoplatform.gatein.wci Low
Product Manifest build-timestamp Sun, 1 Sep 2019 12:30:48 +0000 Low
Product file name wci-wci High
Product Manifest implementation-url www.gatein.org/wci-parent/wci-wci/ Low
Product pom parent-groupid org.exoplatform.gatein.wci Low
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
maven: org.exoplatform.gatein.wci:wci-wci:5.3.x-SNAPSHOT
Confidence :High
jibx-run-1.2.6.jar
Description: JiBX runtime code
License:
http://jibx.sourceforge.net/jibx-license.html
File Path: /home/ciagent/.m2/repository/org/jibx/jibx-run/1.2.6/jibx-run-1.2.6.jar
MD5: 4ef53e4279c8440aff2d16c0af024231
SHA1: 544f3ac7887d7eed20ca0420ee1963df6c7ecebb
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-docurl http://www.jibx.org Low
Vendor pom parent-groupid org.jibx.config Medium
Vendor pom parent-artifactid main-reactor Low
Vendor file name jibx-run High
Vendor pom groupid jibx Highest
Vendor Manifest bundle-symbolicname jibx-run Medium
Vendor pom name jibx-run - JiBX runtime High
Vendor central groupid org.jibx Highest
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Vendor pom groupid org.jibx Highest
Vendor manifest Bundle-Description JiBX runtime code Medium
Vendor pom artifactid jibx-run Low
Vendor pom description JiBX runtime code Medium
Product Manifest bundle-docurl http://www.jibx.org Low
Product central artifactid jibx-run Highest
Product pom artifactid jibx-run Highest
Product file name jibx-run High
Product Manifest bundle-symbolicname jibx-run Medium
Product pom name jibx-run - JiBX runtime High
Product pom parent-groupid org.jibx.config Low
Product pom parent-artifactid main-reactor Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Product manifest Bundle-Description JiBX runtime code Medium
Product pom groupid jibx Low
Product Manifest Bundle-Name jibx-run - JiBX runtime Medium
Product pom description JiBX runtime code Medium
Version central version 1.2.6 Highest
Version file version 1.2.6 Highest
Version pom version 1.2.6 Highest
javax.inject-1.jar
Description: The javax.inject API
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom url http://code.google.com/p/atinject/ Highest
Vendor jar package name javax Low
Vendor central groupid javax.inject Highest
Vendor file name javax.inject-1 High
Vendor pom name javax.inject High
Vendor pom description The javax.inject API Medium
Vendor pom groupid javax.inject Highest
Vendor pom artifactid javax.inject Low
Vendor jar package name inject Low
Product pom url http://code.google.com/p/atinject/ Medium
Product pom artifactid javax.inject Highest
Product pom groupid javax.inject Low
Product file name javax.inject-1 High
Product pom name javax.inject High
Product pom description The javax.inject API Medium
Product central artifactid javax.inject Highest
Product jar package name inject Low
Version file version 1 Medium
Version central version 1 Highest
Version pom version 1 Highest
cdi-api-1.0-SP4.jar
Description: APIs for JSR-299: Contexts and Dependency Injection for Java EE
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/ciagent/.m2/repository/javax/enterprise/cdi-api/1.0-SP4/cdi-api-1.0-SP4.jar
MD5: 6c1e2b4036d64b6ba1a1136a00c7cdaa
SHA1: 6e38490033eb8b36c4cf1f7605163424a574dcf0
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom description APIs for JSR-299: Contexts and Dependency Injection for Java EE Medium
Vendor pom name CDI APIs High
Vendor Manifest implementation-url http://www.seamframework.org/Weld Low
Vendor Manifest specification-vendor Seam Framework Low
Vendor pom organization name Seam Framework High
Vendor central groupid javax.enterprise Highest
Vendor file name cdi-api High
Vendor pom parent-artifactid weld-parent Low
Vendor pom url http://www.seamframework.org/Weld Highest
Vendor pom groupid javax.enterprise Highest
Vendor pom organization url http://seamframework.org Medium
Vendor pom artifactid cdi-api Low
Vendor Manifest Implementation-Vendor Seam Framework High
Vendor pom parent-groupid org.jboss.weld Medium
Product pom description APIs for JSR-299: Contexts and Dependency Injection for Java EE Medium
Product pom artifactid cdi-api Highest
Product pom organization url http://seamframework.org Low
Product pom parent-groupid org.jboss.weld Low
Product pom parent-artifactid weld-parent Medium
Product pom name CDI APIs High
Product pom groupid javax.enterprise Low
Product Manifest implementation-url http://www.seamframework.org/Weld Low
Product Manifest Implementation-Title CDI APIs High
Product file name cdi-api High
Product pom url http://www.seamframework.org/Weld Medium
Product Manifest specification-title CDI APIs Medium
Product pom organization name Seam Framework Low
Product central artifactid cdi-api Highest
Version pom version 1.0-SP4 Highest
Version file version 1.0.sp4 Highest
Version central version 1.0-SP4 Highest
exo.kernel.container-5.3.x-SNAPSHOT.jar
Description: Implementation of Container for Exoplatform SAS 'eXo Kernel' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.container/5.3.x-SNAPSHOT/exo.kernel.container-5.3.x-SNAPSHOT.jar
MD5: 0db2a5178dfbd3a920f6d4f48ca8f194
SHA1: d7453b549cd5262ff637714d8efa149cc38c9951
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor file name exo.kernel.container High
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor pom parent-artifactid kernel-parent Low
Vendor pom name eXo PLF:: Kernel :: Container High
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom description Implementation of Container for Exoplatform SAS 'eXo Kernel' project. Medium
Vendor Manifest Implementation-Vendor-Id org.exoplatform.kernel Medium
Vendor pom parent-groupid org.exoplatform.kernel Medium
Vendor pom groupid org.exoplatform.kernel Highest
Vendor pom groupid exoplatform.kernel Highest
Vendor pom artifactid exo.kernel.container Low
Product file name exo.kernel.container High
Product pom artifactid exo.kernel.container Highest
Product pom groupid exoplatform.kernel Low
Product pom name eXo PLF:: Kernel :: Container High
Product pom description Implementation of Container for Exoplatform SAS 'eXo Kernel' project. Medium
Product Manifest specification-title exo-kernel Medium
Product pom parent-artifactid kernel-parent Medium
Product Manifest Implementation-Title eXo PLF:: Kernel :: Container High
Product pom parent-groupid org.exoplatform.kernel Low
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
maven: org.exoplatform.kernel:exo.kernel.container:5.3.x-SNAPSHOT
Confidence :High
icu4j-56.1.jar
Description:
International Component for Unicode for Java (ICU4J) is a mature, widely used Java library
providing Unicode and Globalization support
License:
ICU License: http://source.icu-project.org/repos/icu/icu/trunk/license.html
File Path: /home/ciagent/.m2/repository/com/ibm/icu/icu4j/56.1/icu4j-56.1.jar
MD5: 7bd1a7a1295868726f991c7593dce442
SHA1: 8dd6671f52165a0419e6de5e1016400875a90fa9
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor manifest Bundle-Description International Components for Unicode for Java Medium
Vendor Manifest specification-vendor icu-project.org Low
Vendor pom description International Component for Unicode for Java (ICU4J) is a mature, widely used Java library providing Unicode and Globalization support Low
Vendor Manifest Implementation-Vendor IBM Corporation High
Vendor pom artifactid icu4j Low
Vendor pom name ICU4J High
Vendor Manifest Implementation-Vendor-Id com.ibm Medium
Vendor Manifest bundle-copyright Copyright 2000-2015, International Business Machines Corporation and others. All Rights Reserved. Low
Vendor pom url http://icu-project.org/ Highest
Vendor central groupid com.ibm.icu Highest
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor file name icu4j High
Vendor pom groupid ibm.icu Highest
Vendor pom groupid com.ibm.icu Highest
Vendor Manifest bundle-symbolicname com.ibm.icu Medium
Product manifest Bundle-Description International Components for Unicode for Java Medium
Product pom description International Component for Unicode for Java (ICU4J) is a mature, widely used Java library providing Unicode and Globalization support Low
Product pom artifactid icu4j Highest
Product pom name ICU4J High
Product Manifest Bundle-Name ICU4J Medium
Product central artifactid icu4j Highest
Product Manifest Implementation-Title International Components for Unicode for Java High
Product Manifest specification-title International Components for Unicode for Java Medium
Product pom groupid ibm.icu Low
Product Manifest bundle-copyright Copyright 2000-2015, International Business Machines Corporation and others. All Rights Reserved. Low
Product pom url http://icu-project.org/ Medium
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product file name icu4j High
Product Manifest bundle-symbolicname com.ibm.icu Medium
Version pom version 56.1 Highest
Version central version 56.1 Highest
Version Manifest Implementation-Version 56.1 High
Version file version 56.1 Highest
Published Vulnerabilities
CVE-2016-6293 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument.
Vulnerable Software & Versions:
CVE-2016-7415 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string.
Vulnerable Software & Versions:
CVE-2017-14952 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-415 Double Free
Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue.
Vulnerable Software & Versions:
CVE-2017-15396 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Vulnerable Software & Versions: (show all )
CVE-2017-15422 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-190 Integer Overflow or Wraparound
Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Vulnerable Software & Versions: (show all )
CVE-2017-17484 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC.
Vulnerable Software & Versions:
CVE-2017-7867 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-787 Out-of-bounds Write
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.
Vulnerable Software & Versions:
CVE-2017-7868 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-787 Out-of-bounds Write
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.
Vulnerable Software & Versions:
portlet-api-2.0.jar
Description: The Java Portlet API version 2.0 developed by the Java Community Process JSR-286 Expert Group.
File Path: /home/ciagent/.m2/repository/javax/portlet/portlet-api/2.0/portlet-api-2.0.jar
MD5: 0ec08593cda1df33985391919996c740
SHA1: 1cd72f2a37fcf8ab9893a9468d7ba71c85fe2653
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom artifactid portlet-api Low
Vendor file name portlet-api High
Vendor Manifest bundle-docurl http://www.jcp.org/en/jsr/detail?id=286 Low
Vendor pom name Java Portlet Specification V2.0 High
Vendor pom groupid javax.portlet Highest
Vendor Manifest bundle-symbolicname javax.portlet Medium
Vendor pom description The Java Portlet API version 2.0 developed by the Java Community Process JSR-286 Expert Group. Medium
Vendor central groupid javax.portlet Highest
Vendor pom url http://www.jcp.org/en/jsr/detail?id=286 Highest
Product Manifest Bundle-Name JSR 286 Medium
Product pom url http://www.jcp.org/en/jsr/detail?id=286 Medium
Product file name portlet-api High
Product Manifest bundle-docurl http://www.jcp.org/en/jsr/detail?id=286 Low
Product pom name Java Portlet Specification V2.0 High
Product Manifest bundle-symbolicname javax.portlet Medium
Product central artifactid portlet-api Highest
Product pom description The Java Portlet API version 2.0 developed by the Java Community Process JSR-286 Expert Group. Medium
Product pom groupid javax.portlet Low
Product pom artifactid portlet-api Highest
Version pom version 2.0 Highest
Version central version 2.0 Highest
Version file version 2.0 Highest
commons-file-storage-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-file-storage/5.3.x-SNAPSHOT/commons-file-storage-5.3.x-SNAPSHOT.jar
MD5: de897c87fc8c515aa78100ce41d3ce1b
SHA1: 8dd07a6c70f20a12fa00cee6ea3a2af8500e1bb4
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.exoplatform.commons Medium
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor Manifest implementation-url https://projects.exoplatform.org/commons/commons-file-storage Low
Vendor pom groupid exoplatform.commons Highest
Vendor pom groupid org.exoplatform.commons Highest
Vendor pom artifactid commons-file-storage Low
Vendor Manifest date 2019-09-06T11:21:29Z Low
Vendor pom parent-artifactid commons Low
Vendor Manifest Implementation-Vendor-Id org.exoplatform.commons Medium
Vendor file name commons-file-storage High
Vendor pom name eXo PLF:: Commons - Common File Storage High
Product Manifest specification-title eXo PLF:: Commons - Common File Storage Medium
Product Manifest Implementation-Title eXo PLF:: Commons - Common File Storage High
Product pom parent-artifactid commons Medium
Product file name commons-file-storage High
Product Manifest implementation-url https://projects.exoplatform.org/commons/commons-file-storage Low
Product pom parent-groupid org.exoplatform.commons Low
Product pom artifactid commons-file-storage Highest
Product Manifest date 2019-09-06T11:21:29Z Low
Product pom groupid exoplatform.commons Low
Product pom name eXo PLF:: Commons - Common File Storage High
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
maven: org.exoplatform.commons:commons-file-storage:5.3.x-SNAPSHOT
Confidence :High
commons-component-product-5.3.x-SNAPSHOT.jar
Description: Product informations: version, revision and build numbers
File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-component-product/5.3.x-SNAPSHOT/commons-component-product-5.3.x-SNAPSHOT.jar
MD5: 39868222f97b451bbc252ccaf069d60a
SHA1: ba0a9525c79d3a1aaee16a14074ebc892dd0112c
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.exoplatform.commons Medium
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor pom artifactid commons-component-product Low
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom groupid exoplatform.commons Highest
Vendor pom groupid org.exoplatform.commons Highest
Vendor file name commons-component-product High
Vendor Manifest date 2019-09-06T11:21:29Z Low
Vendor pom parent-artifactid commons Low
Vendor pom name eXo PLF:: Commons - Product Informations High
Vendor Manifest implementation-url https://projects.exoplatform.org/commons/commons-component-product Low
Vendor Manifest Implementation-Vendor-Id org.exoplatform.commons Medium
Vendor pom description Product informations: version, revision and build numbers Medium
Product Manifest specification-title eXo PLF:: Commons - Product Informations Medium
Product Manifest implementation-url https://projects.exoplatform.org/commons/commons-component-product Low
Product Manifest Implementation-Title eXo PLF:: Commons - Product Informations High
Product pom parent-artifactid commons Medium
Product pom description Product informations: version, revision and build numbers Medium
Product pom artifactid commons-component-product Highest
Product pom parent-groupid org.exoplatform.commons Low
Product file name commons-component-product High
Product Manifest date 2019-09-06T11:21:29Z Low
Product pom name eXo PLF:: Commons - Product Informations High
Product pom groupid exoplatform.commons Low
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
maven: org.exoplatform.commons:commons-component-product:5.3.x-SNAPSHOT
Confidence :High
commons-component-upgrade-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-component-upgrade/5.3.x-SNAPSHOT/commons-component-upgrade-5.3.x-SNAPSHOT.jar
MD5: 0d77919f46e202711eb1a3a67caae84a
SHA1: fb17088216f8ec2a4e7659361f8a962ac33bf91e
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.exoplatform.commons Medium
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor file name commons-component-upgrade High
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom groupid exoplatform.commons Highest
Vendor pom groupid org.exoplatform.commons Highest
Vendor pom artifactid commons-component-upgrade Low
Vendor Manifest date 2019-09-06T11:21:29Z Low
Vendor pom parent-artifactid commons Low
Vendor Manifest implementation-url https://projects.exoplatform.org/commons/commons-component-upgrade Low
Vendor Manifest Implementation-Vendor-Id org.exoplatform.commons Medium
Vendor pom name eXo PLF:: Commons - Transparent Upgrade Framework High
Product Manifest specification-title eXo PLF:: Commons - Transparent Upgrade Framework Medium
Product pom artifactid commons-component-upgrade Highest
Product pom parent-artifactid commons Medium
Product Manifest Implementation-Title eXo PLF:: Commons - Transparent Upgrade Framework High
Product file name commons-component-upgrade High
Product pom parent-groupid org.exoplatform.commons Low
Product Manifest date 2019-09-06T11:21:29Z Low
Product Manifest implementation-url https://projects.exoplatform.org/commons/commons-component-upgrade Low
Product pom groupid exoplatform.commons Low
Product pom name eXo PLF:: Commons - Transparent Upgrade Framework High
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
maven: org.exoplatform.commons:commons-component-upgrade:5.3.x-SNAPSHOT
Confidence :High
social-component-common-5.3.x-SNAPSHOT.jar
Description: eXo Social Common Component
File Path: /home/ciagent/.m2/repository/org/exoplatform/social/social-component-common/5.3.x-SNAPSHOT/social-component-common-5.3.x-SNAPSHOT.jar
MD5: 64bfa507a9beb803d3afbe88e735bf4c
SHA1: 81f3efd9271ea0c26763645b5c4f2ace8885afff
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom name eXo PLF:: Social Common Component High
Vendor pom parent-groupid org.exoplatform.social Medium
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor pom groupid exoplatform.social Highest
Vendor pom groupid org.exoplatform.social Highest
Vendor Manifest date 2019-09-06T11:52:45Z Low
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor file name social-component-common High
Vendor pom description eXo Social Common Component Medium
Vendor Manifest implementation-url https://projects.exoplatform.org/social/social-component/social-component-common Low
Vendor pom parent-artifactid social-component Low
Vendor Manifest Implementation-Vendor-Id org.exoplatform.social Medium
Vendor pom artifactid social-component-common Low
Product pom name eXo PLF:: Social Common Component High
Product Manifest implementation-url https://projects.exoplatform.org/social/social-component/social-component-common Low
Product pom artifactid social-component-common Highest
Product pom parent-groupid org.exoplatform.social Low
Product pom parent-artifactid social-component Medium
Product Manifest date 2019-09-06T11:52:45Z Low
Product Manifest Implementation-Title eXo PLF:: Social Common Component High
Product Manifest specification-title eXo PLF:: Social Common Component Medium
Product pom groupid exoplatform.social Low
Product file name social-component-common High
Product pom description eXo Social Common Component Medium
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
maven: org.exoplatform.social:social-component-common:5.3.x-SNAPSHOT
Confidence :High
common-common-2.2.2.Final.jar
File Path: /home/ciagent/.m2/repository/org/gatein/common/common-common/2.2.2.Final/common-common-2.2.2.Final.jar
MD5: 8ce16b5e3991285cd27e553740d09d1f
SHA1: 44522d899e31a5a10dbd70f7b0ca2fe5a614f740
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest os-name Linux Medium
Vendor Manifest build-timestamp Mon, 17 Mar 2014 20:43:14 +0100 Low
Vendor pom parent-artifactid common-parent Low
Vendor file name common-common High
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor pom parent-groupid org.gatein.common Medium
Vendor Manifest Implementation-Vendor JBoss by Red Hat High
Vendor central groupid org.gatein.common Highest
Vendor pom artifactid common-common Low
Vendor Manifest specification-vendor JBoss by Red Hat Low
Vendor Manifest implementation-url www.gatein.org/common-parent/common-common/ Low
Vendor pom groupid gatein.common Highest
Vendor pom name GateIn - Common component (common) High
Vendor pom groupid org.gatein.common Highest
Vendor Manifest Implementation-Vendor-Id org.gatein.common Medium
Product pom parent-artifactid common-parent Medium
Product central artifactid common-common Highest
Product pom groupid gatein.common Low
Product Manifest Implementation-Title GateIn - Common component (common) High
Product Manifest os-name Linux Medium
Product Manifest build-timestamp Mon, 17 Mar 2014 20:43:14 +0100 Low
Product Manifest specification-title GateIn - Common component (common) Medium
Product pom parent-groupid org.gatein.common Low
Product file name common-common High
Product Manifest implementation-url www.gatein.org/common-parent/common-common/ Low
Product pom name GateIn - Common component (common) High
Product pom artifactid common-common Highest
Version central version 2.2.2.Final Highest
Version file version 2.2.2 Highest
Version Manifest Implementation-Version 2.2.2.Final High
Version pom version 2.2.2.Final Highest
common-logging-2.2.2.Final.jar
File Path: /home/ciagent/.m2/repository/org/gatein/common/common-logging/2.2.2.Final/common-logging-2.2.2.Final.jar
MD5: 28b7108ee63899bca08636d360e7df11
SHA1: aee18008518671fb10982c0fe5f7383e98f71c47
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor file name common-logging High
Vendor pom name GateIn - Common component (logging) High
Vendor Manifest os-name Linux Medium
Vendor Manifest build-timestamp Mon, 17 Mar 2014 20:43:14 +0100 Low
Vendor pom parent-artifactid common-parent Low
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor pom parent-groupid org.gatein.common Medium
Vendor pom artifactid common-logging Low
Vendor Manifest Implementation-Vendor JBoss by Red Hat High
Vendor central groupid org.gatein.common Highest
Vendor Manifest specification-vendor JBoss by Red Hat Low
Vendor Manifest implementation-url www.gatein.org/common-parent/common-logging/ Low
Vendor pom groupid gatein.common Highest
Vendor pom groupid org.gatein.common Highest
Vendor Manifest Implementation-Vendor-Id org.gatein.common Medium
Product file name common-logging High
Product pom parent-artifactid common-parent Medium
Product pom name GateIn - Common component (logging) High
Product pom groupid gatein.common Low
Product Manifest os-name Linux Medium
Product Manifest build-timestamp Mon, 17 Mar 2014 20:43:14 +0100 Low
Product pom parent-groupid org.gatein.common Low
Product Manifest specification-title GateIn - Common component (logging) Medium
Product pom artifactid common-logging Highest
Product Manifest Implementation-Title GateIn - Common component (logging) High
Product Manifest implementation-url www.gatein.org/common-parent/common-logging/ Low
Product central artifactid common-logging Highest
Version central version 2.2.2.Final Highest
Version file version 2.2.2 Highest
Version Manifest Implementation-Version 2.2.2.Final High
Version pom version 2.2.2.Final Highest
pc-api-5.3.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/pc/pc-api/5.3.x-SNAPSHOT/pc-api-5.3.x-SNAPSHOT.jar
MD5: a540de83d8e373fd944e96917b14ebda
SHA1: 2aee5a73fe107cce4eaf4c96ad75d637acbccbac
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid pc-parent Low
Vendor pom groupid org.exoplatform.gatein.pc Highest
Vendor Manifest os-name Linux Medium
Vendor pom artifactid pc-api Low
Vendor Manifest implementation-url http://www.jboss.org/gatein/portletcontainer.html/pc-api Low
Vendor pom groupid exoplatform.gatein.pc Highest
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor file name pc-api High
Vendor Manifest Implementation-Vendor-Id org.exoplatform.gatein.pc Medium
Vendor Manifest Implementation-Vendor GateIn High
Vendor pom name GateIn - Portlet Container (api) High
Vendor Manifest specification-vendor GateIn Low
Vendor Manifest build-timestamp Sun, 1 Sep 2019 15:16:33 +0000 Low
Vendor pom parent-groupid org.exoplatform.gatein.pc Medium
Product pom artifactid pc-api Highest
Product Manifest Implementation-Title GateIn - Portlet Container (api) High
Product file name pc-api High
Product pom parent-groupid org.exoplatform.gatein.pc Low
Product Manifest os-name Linux Medium
Product pom groupid exoplatform.gatein.pc Low
Product pom parent-artifactid pc-parent Medium
Product pom name GateIn - Portlet Container (api) High
Product Manifest implementation-url http://www.jboss.org/gatein/portletcontainer.html/pc-api Low
Product Manifest specification-title GateIn - Portlet Container (api) Medium
Product Manifest build-timestamp Sun, 1 Sep 2019 15:16:33 +0000 Low
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
maven: org.exoplatform.gatein.pc:pc-api:5.3.x-SNAPSHOT
Confidence :High
json-simple-1.1.1.jar
Description: A simple Java toolkit for JSON
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/googlecode/json-simple/json-simple/1.1.1/json-simple-1.1.1.jar
MD5: 5cc2c478d73e8454b4c369cee66c5bc7
SHA1: c9ad4a0850ab676c5c64461a05ca524cdfff59f1
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-symbolicname com.googlecode.json-simple Medium
Vendor central groupid com.googlecode.json-simple Highest
Vendor pom groupid com.googlecode.json-simple Highest
Vendor pom url http://code.google.com/p/json-simple/ Highest
Vendor pom groupid googlecode.json-simple Highest
Vendor pom description A simple Java toolkit for JSON Medium
Vendor manifest Bundle-Description A simple Java toolkit for JSON Medium
Vendor pom artifactid json-simple Low
Vendor file name json-simple High
Vendor pom name JSON.simple High
Product pom artifactid json-simple Highest
Product Manifest bundle-symbolicname com.googlecode.json-simple Medium
Product pom url http://code.google.com/p/json-simple/ Medium
Product pom description A simple Java toolkit for JSON Medium
Product manifest Bundle-Description A simple Java toolkit for JSON Medium
Product file name json-simple High
Product Manifest Bundle-Name JSON.simple Medium
Product pom name JSON.simple High
Product central artifactid json-simple Highest
Product pom groupid googlecode.json-simple Low
Version file version 1.1.1 Highest
Version central version 1.1.1 Highest
Version pom version 1.1.1 Highest
caja-r5054.jar
Description:
Caja is a HTML/CSS/JavaScript compiler which allows websites to safely embed web applications
from third parties, and enables rich interaction between the embedding page and the embedded
applications using an object-capability security model.
License:
Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/ciagent/.m2/repository/caja/caja/r5054/caja-r5054.jar
MD5: 7379ecf5bc7945ca6ab533b905e449a3
SHA1: 18b47afa0172413346d9c8ae1595b6ffbbddd499
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom organization url http://www.google.com Medium
Vendor pom url http://code.google.com/p/google-caja Highest
Vendor pom organization name Google High
Vendor jar package name google Low
Vendor pom groupid caja Highest
Vendor pom groupid google.caja Highest
Vendor jar package name caja Low
Vendor pom artifactid caja Low
Vendor pom description Caja is a HTML/CSS/JavaScript compiler which allows websites to safely embed web applications from third parties, and enables rich interaction between the embedding page and the embedded applications using an object-capability security model. Low
Vendor pom name Caja High
Vendor file name caja-r5054 High
Product pom artifactid caja Highest
Product pom groupid google.caja Low
Product pom url http://code.google.com/p/google-caja Medium
Product jar package name caja Low
Product pom description Caja is a HTML/CSS/JavaScript compiler which allows websites to safely embed web applications from third parties, and enables rich interaction between the embedding page and the embedded applications using an object-capability security model. Low
Product pom organization url http://www.google.com Low
Product pom name Caja High
Product file name caja-r5054 High
Product pom organization name Google Low
Version file version 5054 Medium
Version file name caja-r5054 Medium
Version pom version r5054 Highest
maven: com.google.caja:caja:r5054
Confidence :High
htmlparser-r4209.jar
Description:
A patched version of the nu.validator v1.2.1 HTML parser.
License:
No Warranty
File Path: /home/ciagent/.m2/repository/caja/htmlparser/r4209/htmlparser-r4209.jar
MD5: 31c18bc52991e53ed4eaa28347c44189
SHA1: 0573217e5c9bf8fad6ce827a94191ca0f5785087
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom artifactid htmlparser Low
Vendor pom url http://code.google.com/p/google-caja Highest
Vendor file name htmlparser-r4209 High
Vendor pom groupid caja Highest
Vendor jar package name htmlparser Low
Vendor jar package name validator Low
Vendor pom organization url http://validator.nu Medium
Vendor pom name HtmlParser High
Vendor pom description
A patched version of the nu.validator v1.2.1 HTML parser.
Medium
Vendor jar package name nu Low
Vendor pom organization name Validator.nu High
Product pom groupid caja Low
Product pom organization name Validator.nu Low
Product pom organization url http://validator.nu Low
Product pom artifactid htmlparser Highest
Product file name htmlparser-r4209 High
Product pom url http://code.google.com/p/google-caja Medium
Product jar package name htmlparser Low
Product jar package name validator Low
Product pom name HtmlParser High
Product pom description
A patched version of the nu.validator v1.2.1 HTML parser.
Medium
Version file version 4209 Medium
Version pom version r4209 Highest
Version file name htmlparser-r4209 Medium
maven: caja:htmlparser:r4209
Confidence :High
oauth-20100527.jar
File Path: /home/ciagent/.m2/repository/net/oauth/core/oauth/20100527/oauth-20100527.jar
MD5: 91c7c70579f95b7ddee95b2143a49b41
SHA1: a84c5331e225bc25a5a288db328048d6b1bb6fd5
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor file name oauth-20100527 High
Vendor pom name OAuth Core High
Vendor central groupid net.oauth.core Highest
Vendor pom artifactid oauth Low
Vendor pom groupid net.oauth.core Highest
Vendor pom parent-artifactid oauth-core-parent Low
Vendor jar package name net Low
Vendor jar package name oauth Low
Product file name oauth-20100527 High
Product central artifactid oauth Highest
Product pom artifactid oauth Highest
Product pom name OAuth Core High
Product pom parent-artifactid oauth-core-parent Medium
Product pom groupid net.oauth.core Low
Product jar package name oauth Low
Version file version 20100527 Medium
Version central version 20100527 Highest
Version pom version 20100527 Highest
oauth-consumer-20090617.jar
File Path: /home/ciagent/.m2/repository/net/oauth/core/oauth-consumer/20090617/oauth-consumer-20090617.jar
MD5: f0e2849d152f4d8bf725aa4e11b8f969
SHA1: fb70a4c98119c27e78320c5e42a99f0b9eb7c356
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom name OAuth Core: Consumer High
Vendor pom groupid net.oauth.core Highest
Vendor file name oauth-consumer-20090617 High
Vendor pom artifactid oauth-consumer Low
Vendor pom parent-artifactid oauth-core-parent Low
Vendor jar package name client Low
Vendor jar package name net Low
Vendor jar package name oauth Low
Product pom parent-artifactid oauth-core-parent Medium
Product pom groupid net.oauth.core Low
Product pom name OAuth Core: Consumer High
Product file name oauth-consumer-20090617 High
Product pom artifactid oauth-consumer Highest
Product jar package name client Low
Product jar package name oauth Low
Version pom version 20090617 Highest
Version file version 20090617 Medium
maven: net.oauth.core:oauth-consumer:20090617
Confidence :High
oauth-httpclient4-20090913.jar
File Path: /home/ciagent/.m2/repository/net/oauth/core/oauth-httpclient4/20090913/oauth-httpclient4-20090913.jar
MD5: 577e1f28c28bc5006b8adcf838ffd46d
SHA1: a42f9135d3d72e77274982c4aa14fa0f4dab882f
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom name OAuth Core: HttpClient4 High
Vendor pom groupid net.oauth.core Highest
Vendor pom artifactid oauth-httpclient4 Low
Vendor file name oauth-httpclient4-20090913 High
Vendor pom parent-artifactid oauth-core-parent Low
Vendor jar package name client Low
Vendor jar package name net Low
Vendor jar package name oauth Low
Product pom artifactid oauth-httpclient4 Highest
Product jar package name httpclient4 Low
Product pom parent-artifactid oauth-core-parent Medium
Product pom groupid net.oauth.core Low
Product pom name OAuth Core: HttpClient4 High
Product file name oauth-httpclient4-20090913 High
Product jar package name client Low
Product jar package name oauth Low
Version file version 4.20090913 Highest
Version pom version 20090913 Highest
Version file name oauth-httpclient4-20090913 Medium
Version pom parent-version 20090913 Low
maven: net.oauth.core:oauth-httpclient4:20090913
Confidence :High
oauth-provider-20100527.jar
File Path: /home/ciagent/.m2/repository/net/oauth/core/oauth-provider/20100527/oauth-provider-20100527.jar
MD5: afdc85d3f14481e4842c317c4f414f7e
SHA1: 165bfc97e63e5af8e052a47f4dee832ce06bf7d7
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor file name oauth-provider-20100527 High
Vendor central groupid net.oauth.core Highest
Vendor pom artifactid oauth-provider Low
Vendor pom groupid net.oauth.core Highest
Vendor pom name OAuth Core: Provider High
Vendor pom parent-artifactid oauth-core-parent Low
Vendor jar package name net Low
Vendor jar package name oauth Low
Product pom parent-artifactid oauth-core-parent Medium
Product pom groupid net.oauth.core Low
Product file name oauth-provider-20100527 High
Product central artifactid oauth-provider Highest
Product pom name OAuth Core: Provider High
Product jar package name oauth Low
Product pom artifactid oauth-provider Highest
Version file version 20100527 Medium
Version central version 20100527 Highest
Version pom version 20100527 Highest
aopalliance-1.0.jar
Description: AOP Alliance
License:
Public Domain
File Path: /home/ciagent/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom description AOP Alliance Medium
Vendor central groupid aopalliance Highest
Vendor jar package name aopalliance Low
Vendor pom url http://aopalliance.sourceforge.net Highest
Vendor pom groupid aopalliance Highest
Vendor pom artifactid aopalliance Low
Vendor jar package name intercept Low
Vendor pom name AOP alliance High
Vendor file name aopalliance High
Product pom artifactid aopalliance Highest
Product pom groupid aopalliance Low
Product pom description AOP Alliance Medium
Product pom url http://aopalliance.sourceforge.net Medium
Product jar package name intercept Low
Product pom name AOP alliance High
Product central artifactid aopalliance Highest
Product file name aopalliance High
Version pom version 1.0 Highest
Version file version 1.0 Highest
Version central version 1.0 Highest
guice-3.0.jar
Description: Guice is a lightweight dependency injection framework for Java 5 and above
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/google/inject/guice/3.0/guice-3.0.jar
MD5: ca1c7ba366884cfcd2cfb48d2395c400
SHA1: 9d84f15fe35e2c716a02979fb62f50a29f38aefa
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor central groupid com.google.inject Highest
Vendor pom name Google Guice - Core Library High
Vendor pom artifactid guice Low
Vendor pom groupid com.google.inject Highest
Vendor manifest Bundle-Description Guice is a lightweight dependency injection framework for Java 5 and above Medium
Vendor Manifest bundle-docurl http://code.google.com/p/google-guice/ Low
Vendor pom groupid google.inject Highest
Vendor pom parent-groupid com.google.inject Medium
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5,JavaSE-1.6 Low
Vendor Manifest bundle-copyright Copyright (C) 2006 Google Inc. Low
Vendor Manifest bundle-symbolicname com.google.inject Medium
Vendor pom parent-artifactid guice-parent Low
Vendor file name guice High
Product pom groupid google.inject Low
Product pom name Google Guice - Core Library High
Product pom parent-groupid com.google.inject Low
Product manifest Bundle-Description Guice is a lightweight dependency injection framework for Java 5 and above Medium
Product Manifest bundle-docurl http://code.google.com/p/google-guice/ Low
Product pom artifactid guice Highest
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5,JavaSE-1.6 Low
Product Manifest bundle-copyright Copyright (C) 2006 Google Inc. Low
Product Manifest Bundle-Name guice Medium
Product Manifest bundle-symbolicname com.google.inject Medium
Product central artifactid guice Highest
Product file name guice High
Product pom parent-artifactid guice-parent Medium
Version pom version 3.0 Highest
Version file version 3.0 Highest
Version central version 3.0 Highest
guice-multibindings-3.0.jar
Description: Guice is a lightweight dependency injection framework for Java 5 and above
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/google/inject/extensions/guice-multibindings/3.0/guice-multibindings-3.0.jar
MD5: 4be1e91408e173eb10ed53a1a565a793
SHA1: 5e670615a927571234df68a8b1fe1a16272be555
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-symbolicname com.google.inject.multibindings Medium
Vendor pom parent-artifactid extensions-parent Low
Vendor pom name Google Guice - Extensions - MultiBindings High
Vendor manifest Bundle-Description Guice is a lightweight dependency injection framework for Java 5 and above Medium
Vendor Manifest bundle-docurl http://code.google.com/p/google-guice/ Low
Vendor file name guice-multibindings High
Vendor central groupid com.google.inject.extensions Highest
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5,JavaSE-1.6 Low
Vendor Manifest bundle-copyright Copyright (C) 2006 Google Inc. Low
Vendor pom groupid com.google.inject.extensions Highest
Vendor pom parent-groupid com.google.inject.extensions Medium
Vendor pom groupid google.inject.extensions Highest
Vendor pom artifactid guice-multibindings Low
Product Manifest bundle-symbolicname com.google.inject.multibindings Medium
Product Manifest Bundle-Name guice-multibindings Medium
Product pom parent-artifactid extensions-parent Medium
Product pom name Google Guice - Extensions - MultiBindings High
Product manifest Bundle-Description Guice is a lightweight dependency injection framework for Java 5 and above Medium
Product Manifest bundle-docurl http://code.google.com/p/google-guice/ Low
Product file name guice-multibindings High
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5,JavaSE-1.6 Low
Product Manifest bundle-copyright Copyright (C) 2006 Google Inc. Low
Product pom artifactid guice-multibindings Highest
Product pom groupid google.inject.extensions Low
Product pom parent-groupid com.google.inject.extensions Low
Product central artifactid guice-multibindings Highest
Version pom version 3.0 Highest
Version file version 3.0 Highest
Version central version 3.0 Highest
nekohtml-1.9.22.jar
Description: An HTML parser and tag balancer.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/net/sourceforge/nekohtml/nekohtml/1.9.22/nekohtml-1.9.22.jar
MD5: a97dfe2d0ceb81ffbdd15436961b0f23
SHA1: 4f54af68ecb345f2453fb6884672ad08414154e3
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor central groupid net.sourceforge.nekohtml Highest
Vendor pom url http://nekohtml.sourceforge.net/ Highest
Vendor file name nekohtml High
Vendor pom artifactid nekohtml Low
Vendor manifest: org/cyberneko/html/ Implementation-Vendor Andy Clark, Marc Guillemot Medium
Vendor pom groupid net.sourceforge.nekohtml Highest
Vendor pom name Neko HTML High
Vendor pom description An HTML parser and tag balancer. Medium
Product file name nekohtml High
Product manifest: org/cyberneko/html/ Specification-Title Hyper-Text Markup Language (HTML) Medium
Product central artifactid nekohtml Highest
Product pom name Neko HTML High
Product pom url http://nekohtml.sourceforge.net/ Medium
Product pom description An HTML parser and tag balancer. Medium
Product pom artifactid nekohtml Highest
Product manifest: org/cyberneko/html/ Implementation-Title CyberNeko HTML Parser Medium
Product pom groupid net.sourceforge.nekohtml Low
Version file version 1.9.22 Highest
Version central version 1.9.22 Highest
Version pom version 1.9.22 Highest
xercesImpl-2.9.1.jar
Description:
Xerces2 is the next generation of high performance, fully compliant XML parsers in the
Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI),
a complete framework for building parser components and configurations that is extremely
modular and easy to program.
File Path: /home/ciagent/.m2/repository/xerces/xercesImpl/2.9.1/xercesImpl-2.9.1.jar
MD5: f807f86d7d9db25edbfc782aca7ca2a9
SHA1: 7bc7e49ddfe4fb5f193ed37ecc96c12292c8ceb6
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor file name xercesImpl High
Vendor pom url http://xerces.apache.org/xerces2-j Highest
Vendor pom groupid xerces Highest
Vendor manifest: org/apache/xerces/xni/ Implementation-Vendor Apache Software Foundation Medium
Vendor manifest: javax/xml/datatype/ Implementation-Vendor Apache Software Foundation Medium
Vendor manifest: javax/xml/transform/ Implementation-Vendor Apache Software Foundation Medium
Vendor manifest: org/apache/xerces/impl/Version.class Implementation-Vendor Apache Software Foundation Medium
Vendor central groupid xerces Highest
Vendor manifest: javax/xml/xpath/ Implementation-Vendor Apache Software Foundation Medium
Vendor pom artifactid xercesImpl Low
Vendor manifest: org/xml/sax/ Implementation-Vendor David Megginson Medium
Vendor pom parent-groupid org.apache Medium
Vendor manifest: javax/xml/validation/ Implementation-Vendor Apache Software Foundation Medium
Vendor pom description Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program. Low
Vendor manifest: javax/xml/parsers/ Implementation-Vendor Apache Software Foundation Medium
Vendor manifest: org/w3c/dom/ls/ Implementation-Vendor World Wide Web Consortium Medium
Vendor manifest: org/w3c/dom/ Implementation-Vendor World Wide Web Consortium Medium
Vendor pom parent-artifactid apache Low
Vendor pom name Xerces2 Java Parser High
Product file name xercesImpl High
Product manifest: org/w3c/dom/ls/ Specification-Title Document Object Model, Level 3 Load and Save Medium
Product manifest: org/apache/xerces/xni/ Implementation-Title org.apache.xerces.xni Medium
Product manifest: org/apache/xerces/xni/ Specification-Title Xerces Native Interface Medium
Product manifest: javax/xml/validation/ Implementation-Title javax.xml.validation Medium
Product manifest: org/w3c/dom/ Specification-Title Document Object Model, Level 3 Core Medium
Product manifest: javax/xml/datatype/ Implementation-Title javax.xml.datatype Medium
Product manifest: javax/xml/validation/ Specification-Title Java API for XML Processing Medium
Product pom groupid xerces Low
Product manifest: javax/xml/parsers/ Specification-Title Java API for XML Processing Medium
Product manifest: javax/xml/xpath/ Implementation-Title javax.xml.xpath Medium
Product central artifactid xercesImpl Highest
Product manifest: org/w3c/dom/ls/ Implementation-Title org.w3c.dom.ls Medium
Product pom artifactid xercesImpl Highest
Product pom url http://xerces.apache.org/xerces2-j Medium
Product pom parent-artifactid apache Medium
Product manifest: org/xml/sax/ Implementation-Title org.xml.sax Medium
Product manifest: org/xml/sax/ Specification-Title Simple API for XML Medium
Product manifest: org/apache/xerces/impl/Version.class Implementation-Title org.apache.xerces.impl.Version Medium
Product manifest: javax/xml/parsers/ Implementation-Title javax.xml.parsers Medium
Product manifest: javax/xml/datatype/ Specification-Title Java API for XML Processing Medium
Product pom description Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program. Low
Product manifest: org/w3c/dom/ Implementation-Title org.w3c.dom Medium
Product pom parent-groupid org.apache Low
Product manifest: javax/xml/transform/ Specification-Title Java API for XML Processing Medium
Product manifest: javax/xml/xpath/ Specification-Title Java API for XML Processing Medium
Product pom name Xerces2 Java Parser High
Product manifest: javax/xml/transform/ Implementation-Title javax.xml.transform Medium
Version central version 2.9.1 Highest
Version pom version 2.9.1 Highest
Version file version 2.9.1 Highest
Published Vulnerabilities
CVE-2012-0881 suppress
Severity:
High
CVSS Score: 7.8
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-399 Resource Management Errors
Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.
Vulnerable Software & Versions:
sanselan-0.97-incubator.jar
Description: Apache Sanselan is a pure-Java image library.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/sanselan/sanselan/0.97-incubator/sanselan-0.97-incubator.jar
MD5: 84f823e61d93fcedcb3c10a827c45989
SHA1: 8396778b076a2eaf62024b64f6d924e4e0095fca
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom description Apache Sanselan is a pure-Java image library. Medium
Vendor file name sanselan High
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom organization url http://cwiki.apache.org/SANSELAN/ Medium
Vendor Manifest bundle-docurl http://cwiki.apache.org/SANSELAN/ Low
Vendor pom artifactid sanselan Low
Vendor Manifest bundle-symbolicname org.apache.sanselan.sanselan Medium
Vendor pom groupid apache.sanselan Highest
Vendor manifest Bundle-Description Apache Sanselan is a pure-Java image library. Medium
Vendor pom name Apache Sanselan High
Vendor pom groupid org.apache.sanselan Highest
Vendor pom parent-groupid org.apache Medium
Vendor pom url http://sanselan.apache.org/ Highest
Vendor central groupid org.apache.sanselan Highest
Vendor pom parent-artifactid apache Low
Product pom description Apache Sanselan is a pure-Java image library. Medium
Product file name sanselan High
Product Manifest specification-title Apache Sanselan Medium
Product pom parent-artifactid apache Medium
Product Manifest bundle-docurl http://cwiki.apache.org/SANSELAN/ Low
Product pom url http://sanselan.apache.org/ Medium
Product pom organization url http://cwiki.apache.org/SANSELAN/ Low
Product Manifest Bundle-Name Apache Sanselan Medium
Product Manifest Implementation-Title Apache Sanselan High
Product Manifest bundle-symbolicname org.apache.sanselan.sanselan Medium
Product manifest Bundle-Description Apache Sanselan is a pure-Java image library. Medium
Product pom name Apache Sanselan High
Product pom artifactid sanselan Highest
Product pom parent-groupid org.apache Low
Product central artifactid sanselan Highest
Product pom groupid apache.sanselan Low
Version pom version 0.97-incubator Highest
Version central version 0.97-incubator Highest
Version file version 0.97 Highest
Version Manifest Implementation-Version 0.97-incubator High
httpcore-4.3.3.jar
Description:
HttpComponents Core (blocking I/O)
File Path: /home/ciagent/.m2/repository/org/apache/httpcomponents/httpcore/4.3.3/httpcore-4.3.3.jar
MD5: c26171852f9810cd3d2416604a387e71
SHA1: f91b7a4aadc5cf486df6e4634748d7dd7a73f06d
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom artifactid httpcore Low
Vendor Manifest url http://hc.apache.org/httpcomponents-core-ga Low
Vendor Manifest implementation-build tags/4.3.3-RC1/httpcore@r1632770; 2014-10-18 13:50:12+0200 Low
Vendor pom groupid apache.httpcomponents Highest
Vendor pom parent-groupid org.apache.httpcomponents Medium
Vendor pom name Apache HttpCore High
Vendor central groupid org.apache.httpcomponents Highest
Vendor pom parent-artifactid httpcomponents-core Low
Vendor pom groupid org.apache.httpcomponents Highest
Vendor file name httpcore High
Vendor pom url http://hc.apache.org/httpcomponents-core-ga Highest
Vendor pom description
HttpComponents Core (blocking I/O)
Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Product Manifest specification-title HttpComponents Apache HttpCore Medium
Product Manifest url http://hc.apache.org/httpcomponents-core-ga Low
Product Manifest implementation-build tags/4.3.3-RC1/httpcore@r1632770; 2014-10-18 13:50:12+0200 Low
Product pom name Apache HttpCore High
Product Manifest Implementation-Title HttpComponents Apache HttpCore High
Product pom artifactid httpcore Highest
Product file name httpcore High
Product pom parent-artifactid httpcomponents-core Medium
Product pom description
HttpComponents Core (blocking I/O)
Medium
Product central artifactid httpcore Highest
Product pom url http://hc.apache.org/httpcomponents-core-ga Medium
Product pom groupid apache.httpcomponents Low
Product pom parent-groupid org.apache.httpcomponents Low
Version central version 4.3.3 Highest
Version pom version 4.3.3 Highest
Version Manifest Implementation-Version 4.3.3 High
Version file version 4.3.3 Highest
httpclient-4.3.6.jar
Description:
HttpComponents Client
File Path: /home/ciagent/.m2/repository/org/apache/httpcomponents/httpclient/4.3.6/httpclient-4.3.6.jar
MD5: 2d29a27bb6c6b44bc8a608a0e5d09735
SHA1: 4c47155e3e6c9a41a28db36680b828ced53b8af4
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom description
HttpComponents Client
Medium
Vendor pom groupid apache.httpcomponents Highest
Vendor pom parent-groupid org.apache.httpcomponents Medium
Vendor file name httpclient High
Vendor pom url http://hc.apache.org/httpcomponents-client Highest
Vendor central groupid org.apache.httpcomponents Highest
Vendor pom name Apache HttpClient High
Vendor Manifest url http://hc.apache.org/httpcomponents-client Low
Vendor pom groupid org.apache.httpcomponents Highest
Vendor Manifest implementation-build tags/4.3.6-RC1/httpclient@r1636012; 2014-11-02 14:45:03+0100 Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom artifactid httpclient Low
Vendor pom parent-artifactid httpcomponents-client Low
Product central artifactid httpclient Highest
Product pom artifactid httpclient Highest
Product pom description
HttpComponents Client
Medium
Product Manifest specification-title HttpComponents Apache HttpClient Medium
Product file name httpclient High
Product pom parent-artifactid httpcomponents-client Medium
Product pom name Apache HttpClient High
Product Manifest url http://hc.apache.org/httpcomponents-client Low
Product Manifest Implementation-Title HttpComponents Apache HttpClient High
Product Manifest implementation-build tags/4.3.6-RC1/httpclient@r1636012; 2014-11-02 14:45:03+0100 Low
Product pom url http://hc.apache.org/httpcomponents-client Medium
Product pom groupid apache.httpcomponents Low
Product pom parent-groupid org.apache.httpcomponents Low
Version file version 4.3.6 Highest
Version central version 4.3.6 Highest
Version pom version 4.3.6 Highest
Version Manifest Implementation-Version 4.3.6 High
closure-compiler-externs-v20170910.jar
File Path: /home/ciagent/.m2/repository/com/google/javascript/closure-compiler-externs/v20170910/closure-compiler-externs-v20170910.jar
MD5: 573e49fb83760d25b675028eb612e2b2
SHA1: 036e801a929fcd121d212093923daf34986f5572
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid com.google.javascript Medium
Vendor pom parent-artifactid closure-compiler-parent Low
Vendor file name closure-compiler-externs-v20170910 High
Vendor central groupid com.google.javascript Highest
Vendor pom artifactid closure-compiler-externs Low
Vendor pom groupid google.javascript Highest
Vendor pom name Closure Compiler Externs High
Vendor pom groupid com.google.javascript Highest
Product central artifactid closure-compiler-externs Highest
Product pom artifactid closure-compiler-externs Highest
Product file name closure-compiler-externs-v20170910 High
Product pom groupid google.javascript Low
Product pom name Closure Compiler Externs High
Product pom parent-groupid com.google.javascript Low
Product pom parent-artifactid closure-compiler-parent Medium
Version central version v20170910 Highest
Version file name closure-compiler-externs-v20170910 Medium
Version file version 20170910 Medium
Version pom version v20170910 Highest
args4j-2.33.jar
Description: args4j : Java command line arguments parser
License:
http://www.opensource.org/licenses/mit-license.php
File Path: /home/ciagent/.m2/repository/args4j/args4j/2.33/args4j-2.33.jar
MD5: 0a6d515f76b15d29e3cd529de9319739
SHA1: bd87a75374a6d6523de82fef51fc3cfe9baf9fc9
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor file name args4j High
Vendor pom artifactid args4j Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Vendor central groupid args4j Highest
Vendor Manifest bundle-symbolicname org.kohsuke.args4j Medium
Vendor pom parent-artifactid args4j-site Low
Vendor Manifest bundle-docurl http://www.kohsuke.org/ Low
Vendor pom groupid args4j Highest
Vendor manifest Bundle-Description args4j : Java command line arguments parser Medium
Vendor pom name args4j High
Product Manifest Bundle-Name args4j Medium
Product file name args4j High
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Product Manifest bundle-symbolicname org.kohsuke.args4j Medium
Product pom parent-artifactid args4j-site Medium
Product pom artifactid args4j Highest
Product pom groupid args4j Low
Product central artifactid args4j Highest
Product Manifest bundle-docurl http://www.kohsuke.org/ Low
Product manifest Bundle-Description args4j : Java command line arguments parser Medium
Product pom name args4j High
Version file version 2.33 Highest
Version central version 2.33 Highest
Version pom version 2.33 Highest
error_prone_annotations-2.0.18.jar
File Path: /home/ciagent/.m2/repository/com/google/errorprone/error_prone_annotations/2.0.18/error_prone_annotations-2.0.18.jar
MD5: 98051758c08c9b7111b3268655069432
SHA1: 5f65affce1684999e2f4024983835efc3504012e
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid error_prone_parent Low
Vendor jar package name google Low
Vendor pom groupid google.errorprone Highest
Vendor pom artifactid error_prone_annotations Low
Vendor pom groupid com.google.errorprone Highest
Vendor jar package name annotations Low
Vendor pom name error-prone annotations High
Vendor jar package name errorprone Low
Vendor file name error_prone_annotations High
Vendor pom parent-groupid com.google.errorprone Medium
Vendor central groupid com.google.errorprone Highest
Product central artifactid error_prone_annotations Highest
Product pom parent-groupid com.google.errorprone Low
Product jar package name annotations Low
Product pom artifactid error_prone_annotations Highest
Product pom groupid google.errorprone Low
Product pom name error-prone annotations High
Product jar package name errorprone Low
Product pom parent-artifactid error_prone_parent Medium
Product file name error_prone_annotations High
Version pom version 2.0.18 Highest
Version central version 2.0.18 Highest
Version file version 2.0.18 Highest
protobuf-java-3.0.2.jar
Description:
Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an
efficient yet extensible format.
License:
http://www.opensource.org/licenses/bsd-license.php
File Path: /home/ciagent/.m2/repository/com/google/protobuf/protobuf-java/3.0.2/protobuf-java-3.0.2.jar
MD5: fca93e016f4dd35aacde356a4b711423
SHA1: ee55e8e697d10b6643d77bb1f686bac3b9ba8579
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid protobuf-parent Low
Vendor manifest Bundle-Description Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Low
Vendor Manifest bundle-symbolicname com.google.protobuf Medium
Vendor pom groupid com.google.protobuf Highest
Vendor pom name Protocol Buffers [Core] High
Vendor pom artifactid protobuf-java Low
Vendor central groupid com.google.protobuf Highest
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor pom description Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Low
Vendor pom groupid google.protobuf Highest
Vendor file name protobuf-java High
Vendor Manifest bundle-docurl https://developers.google.com/protocol-buffers/ Low
Vendor pom parent-groupid com.google.protobuf Medium
Product pom groupid google.protobuf Low
Product manifest Bundle-Description Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Low
Product Manifest bundle-symbolicname com.google.protobuf Medium
Product pom parent-groupid com.google.protobuf Low
Product pom name Protocol Buffers [Core] High
Product central artifactid protobuf-java Highest
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product pom artifactid protobuf-java Highest
Product pom parent-artifactid protobuf-parent Medium
Product pom description Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Low
Product Manifest Bundle-Name Protocol Buffers [Core] Medium
Product file name protobuf-java High
Product Manifest bundle-docurl https://developers.google.com/protocol-buffers/ Low
Version pom version 3.0.2 Highest
Version file version 3.0.2 Highest
Version central version 3.0.2 Highest
Published Vulnerabilities
CVE-2015-5237 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.
Vulnerable Software & Versions: (show all )
gson-2.7.jar
Description: Gson JSON library
File Path: /home/ciagent/.m2/repository/com/google/code/gson/gson/2.7/gson-2.7.jar
MD5: 5134a2350f58890ffb9db0b40047195d
SHA1: 751f548c85fa49f330cecbb1875893f971b33c4e
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor file name gson High
Vendor central groupid com.google.code.gson High
Vendor pom groupid google.code.gson Highest
Vendor Manifest bundle-symbolicname com.google.gson Medium
Vendor manifest Bundle-Description Gson JSON library Medium
Vendor central groupid org.netbeans.external High
Vendor pom name Gson High
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor pom artifactid gson Low
Vendor pom parent-groupid com.google.code.gson Medium
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8 Low
Vendor Manifest bundle-contactaddress https://github.com/google/gson Low
Vendor pom parent-artifactid gson-parent Low
Vendor pom groupid com.google.code.gson Highest
Product file name gson High
Product Manifest Bundle-Name Gson Medium
Product pom groupid google.code.gson Low
Product Manifest bundle-symbolicname com.google.gson Medium
Product manifest Bundle-Description Gson JSON library Medium
Product pom name Gson High
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product pom parent-groupid com.google.code.gson Low
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8 Low
Product central artifactid gson High
Product Manifest bundle-contactaddress https://github.com/google/gson Low
Product pom parent-artifactid gson-parent Medium
Product pom artifactid gson Highest
Product central artifactid com-google-gson High
Version central version RELEASE110 High
Version central version 2.7 High
Version central version RELEASE111 High
Version central version RELEASE100 High
Version file version 2.7 Highest
Version pom version 2.7 Highest
jsr305-3.0.1.jar
Description: JSR305 Annotations for Findbugs
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/google/code/findbugs/jsr305/3.0.1/jsr305-3.0.1.jar
MD5: c6532beb3f7cc54a8d73d25d5602b9e4
SHA1: f7be08ec23c21485b9b5a1cf1654c2ec8c58168d
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor manifest Bundle-Description JSR305 Annotations for Findbugs Medium
Vendor pom description JSR305 Annotations for Findbugs Medium
Vendor central groupid com.google.code.findbugs Highest
Vendor pom groupid google.code.findbugs Highest
Vendor pom url http://findbugs.sourceforge.net/ Highest
Vendor file name jsr305 High
Vendor pom groupid com.google.code.findbugs Highest
Vendor Manifest bundle-symbolicname org.jsr-305 Medium
Vendor pom artifactid jsr305 Low
Vendor pom name FindBugs-jsr305 High
Product pom artifactid jsr305 Highest
Product pom groupid google.code.findbugs Low
Product manifest Bundle-Description JSR305 Annotations for Findbugs Medium
Product Manifest Bundle-Name FindBugs-jsr305 Medium
Product pom description JSR305 Annotations for Findbugs Medium
Product file name jsr305 High
Product Manifest bundle-symbolicname org.jsr-305 Medium
Product central artifactid jsr305 Highest
Product pom name FindBugs-jsr305 High
Product pom url http://findbugs.sourceforge.net/ Medium
Version central version 3.0.1 Highest
Version pom version 3.0.1 Highest
Version file version 3.0.1 Highest
jsinterop-annotations-1.0.0.jar
File Path: /home/ciagent/.m2/repository/com/google/jsinterop/jsinterop-annotations/1.0.0/jsinterop-annotations-1.0.0.jar
MD5: 93302e3d0cc146097ecd08039dc1de52
SHA1: 23c3a3c060ffe4817e67673cc8294e154b0a4a95
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid com.google.jsinterop Medium
Vendor pom parent-artifactid jsinterop Low
Vendor pom artifactid jsinterop-annotations Low
Vendor jar package name annotations Low
Vendor central groupid com.google.jsinterop Highest
Vendor file name jsinterop-annotations High
Vendor pom groupid com.google.jsinterop Highest
Vendor jar package name jsinterop Low
Vendor pom groupid google.jsinterop Highest
Product pom artifactid jsinterop-annotations Highest
Product central artifactid jsinterop-annotations Highest
Product pom groupid google.jsinterop Low
Product jar package name annotations Low
Product file name jsinterop-annotations High
Product pom parent-artifactid jsinterop Medium
Product pom parent-groupid com.google.jsinterop Low
Version pom version 1.0.0 Highest
Version central version 1.0.0 Highest
Version file version 1.0.0 Highest
closure-compiler-v20170910.jar
File Path: /home/ciagent/.m2/repository/com/google/javascript/closure-compiler/v20170910/closure-compiler-v20170910.jar
MD5: ca8e9f88ba9aad9c5e2c0f8f937fe869
SHA1: 3b87499e9ed3f068e69889182ab95cff92de0932
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor file name closure-compiler-v20170910 High
Vendor jar package name google Low
Vendor central groupid com.google.javascript Highest
Vendor jar package name javascript Low
Vendor pom groupid com.google.javascript Highest
Product file name closure-compiler-v20170910 High
Product central artifactid closure-compiler Highest
Product jar package name javascript Low
Product pom artifactid closure-compiler Highest
Version central version v20170910 Highest
Version file name closure-compiler-v20170910 Medium
Version file version 20170910 Medium
Version pom version v20170910 Highest
social-component-core-5.3.x-SNAPSHOT.jar
Description: eXo Social Core Component: People and Space
File Path: /home/ciagent/.m2/repository/org/exoplatform/social/social-component-core/5.3.x-SNAPSHOT/social-component-core-5.3.x-SNAPSHOT.jar
MD5: 47bf61d4e1cf0d2d0f01465c0a2a1cdd
SHA1: f65d59abd386e9a8bc7fd87559ce2cafb86f5964
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.exoplatform.social Medium
Vendor Manifest implementation-url https://projects.exoplatform.org/social/social-component/social-component-core Low
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor pom groupid exoplatform.social Highest
Vendor pom description eXo Social Core Component: People and Space Medium
Vendor pom groupid org.exoplatform.social Highest
Vendor Manifest date 2019-09-06T11:52:45Z Low
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom artifactid social-component-core Low
Vendor pom parent-artifactid social-component Low
Vendor file name social-component-core High
Vendor Manifest Implementation-Vendor-Id org.exoplatform.social Medium
Vendor pom name eXo PLF:: Social Core Component High
Product Manifest Implementation-Title eXo PLF:: Social Core Component High
Product Manifest implementation-url https://projects.exoplatform.org/social/social-component/social-component-core Low
Product pom description eXo Social Core Component: People and Space Medium
Product pom parent-groupid org.exoplatform.social Low
Product file name social-component-core High
Product pom parent-artifactid social-component Medium
Product Manifest date 2019-09-06T11:52:45Z Low
Product Manifest specification-title eXo PLF:: Social Core Component Medium
Product pom name eXo PLF:: Social Core Component High
Product pom artifactid social-component-core Highest
Product pom groupid exoplatform.social Low
Version Manifest Implementation-Version 5.3.x-SNAPSHOT High
Version file version 5.3 Highest
maven: org.exoplatform.social:social-component-core:5.3.x-SNAPSHOT
Confidence :High
c3p0-0.9.1.1.jar
Description:
c3p0 is an easy-to-use library for augmenting traditional (DriverManager-based) JDBC drivers with JNDI-bindable DataSources,
including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 std extension.
License:
GNU LESSER GENERAL PUBLIC LICENSE: http://www.gnu.org/licenses/lgpl.txt
File Path: /home/ciagent/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar
MD5: 640c58226e7bb6beacc8ac3f6bb533d1
SHA1: 302704f30c6e7abb7a0457f7771739e03c973e80
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom url http://c3p0.sourceforge.net Highest
Vendor Manifest Implementation-Vendor-Id com.mchange Medium
Vendor Manifest extension-name com.mchange.v2.c3p0 Medium
Vendor pom groupid c3p0 Highest
Vendor pom description c3p0 is an easy-to-use library for augmenting traditional (DriverManager-based) JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 std extension. Low
Vendor file name c3p0 High
Vendor Manifest specification-vendor Machinery For Change, Inc. Low
Vendor pom name c3p0:JDBC DataSources/Resource Pools High
Vendor central groupid c3p0 Highest
Vendor pom artifactid c3p0 Low
Vendor Manifest Implementation-Vendor Machinery For Change, Inc. High
Product pom url http://c3p0.sourceforge.net Medium
Product central artifactid c3p0 Highest
Product Manifest extension-name com.mchange.v2.c3p0 Medium
Product pom description c3p0 is an easy-to-use library for augmenting traditional (DriverManager-based) JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 std extension. Low
Product file name c3p0 High
Product pom name c3p0:JDBC DataSources/Resource Pools High
Product pom artifactid c3p0 Highest
Product pom groupid c3p0 Low
Version Manifest Implementation-Version 0.9.1.1 High
Version file version 0.9.1.1 Highest
Version central version 0.9.1.1 Highest
Version pom version 0.9.1.1 Highest
Published Vulnerabilities
CVE-2019-5427 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
Vulnerable Software & Versions: (show all )
quartz-2.2.2.jar
Description: Enterprise Job Scheduler
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
Apache Software License, Version 2.0
File Path: /home/ciagent/.m2/repository/org/quartz-scheduler/quartz/2.2.2/quartz-2.2.2.jar
MD5: 6acfd6ada2f4ad0abf4de916654dcaea
SHA1: 6fd24da6803ab7c3a08bc519a62219a9bebeb0df
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-symbolicname org.quartz-scheduler.quartz Medium
Vendor pom groupid quartz-scheduler Highest
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low
Vendor manifest terracotta-description Enterprise Job Scheduler Medium
Vendor pom name quartz High
Vendor central groupid org.quartz-scheduler Highest
Vendor pom parent-artifactid quartz-parent Low
Vendor Manifest buildinfo-url https://svn.terracotta.org/repo/quartz/tags/quartz-2.2.2 Low
Vendor Manifest buildinfo-timestamp 20151012-045213 Low
Vendor pom parent-groupid org.quartz-scheduler Medium
Vendor Manifest bundle-docurl http://www.terracotta.org Low
Vendor Manifest buildinfo-user jenkins-slave Low
Vendor pom description Enterprise Job Scheduler Medium
Vendor Manifest buildinfo-host tc-c65-jenkins-slave-001.eur.ad.sag Low
Vendor pom artifactid quartz Low
Vendor Manifest terracotta-name quartz Medium
Vendor Manifest buildinfo-revision 2464 Low
Vendor manifest Bundle-Description Enterprise Job Scheduler Medium
Vendor file name quartz High
Vendor pom groupid org.quartz-scheduler Highest
Product Manifest bundle-symbolicname org.quartz-scheduler.quartz Medium
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low
Product manifest terracotta-description Enterprise Job Scheduler Medium
Product pom name quartz High
Product Manifest Bundle-Name quartz Medium
Product Manifest buildinfo-url https://svn.terracotta.org/repo/quartz/tags/quartz-2.2.2 Low
Product Manifest buildinfo-timestamp 20151012-045213 Low
Product pom artifactid quartz Highest
Product Manifest bundle-docurl http://www.terracotta.org Low
Product Manifest buildinfo-user jenkins-slave Low
Product pom description Enterprise Job Scheduler Medium
Product Manifest buildinfo-host tc-c65-jenkins-slave-001.eur.ad.sag Low
Product pom parent-groupid org.quartz-scheduler Low
Product central artifactid quartz Highest
Product Manifest terracotta-name quartz Medium
Product Manifest buildinfo-revision 2464 Low
Product pom groupid quartz-scheduler Low
Product manifest Bundle-Description Enterprise Job Scheduler Medium
Product file name quartz High
Product pom parent-artifactid quartz-parent Medium
Version pom version 2.2.2 Highest
Version file version 2.2.2 Highest
Version central version 2.2.2 Highest
xpp3-1.1.4c.jar
Description: MXP1 is a stable XmlPull parsing engine that is based on ideas from XPP and in particular XPP2 but completely revised and rewritten to take the best advantage of latest JIT JVMs such as Hotspot in JDK 1.4+.
License:
Indiana University Extreme! Lab Software License, vesion 1.1.1: http://www.extreme.indiana.edu/viewcvs/~checkout~/XPP3/java/LICENSE.txt
Public Domain: http://creativecommons.org/licenses/publicdomain
Apache Software License, version 1.1: http://www.apache.org/licenses/LICENSE-1.1
File Path: /home/ciagent/.m2/repository/xpp3/xpp3/1.1.4c/xpp3-1.1.4c.jar
MD5: 6e3c39f391e4994888b7d0030f775804
SHA1: 9b988ea84b9e4e9f1874e390ce099b8ac12cfff5
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom artifactid xpp3 Low
Vendor jar package name xmlpull Low
Vendor pom groupid xpp3 Highest
Vendor jar package name builder Low
Vendor central groupid xpp3 Highest
Vendor jar package name v1 Low
Vendor pom url http://www.extreme.indiana.edu/xgws/xsoap/xpp/mxp1/ Highest
Vendor file name xpp3 High
Vendor pom name MXP1: Xml Pull Parser 3rd Edition (XPP3) High
Vendor pom organization name Extreme! Lab, Indiana University High
Vendor pom description MXP1 is a stable XmlPull parsing engine that is based on ideas from XPP and in particular XPP2 but completely revised and rewritten to take the best advantage of latest JIT JVMs ... Low
Vendor pom organization url http://www.extreme.indiana.edu/ Medium
Product jar package name v1 Low
Product file name xpp3 High
Product pom name MXP1: Xml Pull Parser 3rd Edition (XPP3) High
Product pom organization url http://www.extreme.indiana.edu/ Low
Product central artifactid xpp3 Highest
Product jar package name builder Low
Product pom artifactid xpp3 Highest
Product pom groupid xpp3 Low
Product pom description MXP1 is a stable XmlPull parsing engine that is based on ideas from XPP and in particular XPP2 but completely revised and rewritten to take the best advantage of latest JIT JVMs ... Low
Product pom organization name Extreme! Lab, Indiana University Low
Product pom url http://www.extreme.indiana.edu/xgws/xsoap/xpp/mxp1/ Medium
Version pom version 1.1.4c Highest
Version file version 1.1.4c Highest
Version central version 1.1.4c Highest
picocontainer-1.1.jar
Description: Please refer to the main website for documentation.
File Path: /home/ciagent/.m2/repository/picocontainer/picocontainer/1.1/picocontainer-1.1.jar
MD5: 98f476491eed3b106b9a015f15bf5fda
SHA1: a2babe80a3af3a3672095341625e4a9ba4278c1b
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom artifactid picocontainer Low
Vendor central groupid picocontainer Highest
Vendor pom groupid picocontainer Highest
Vendor Manifest Implementation-Vendor Codehaus High
Vendor file name picocontainer High
Vendor Manifest extension-name picocontainer Medium
Vendor pom organization name Codehaus High
Vendor pom name PicoContainer High
Vendor Manifest specification-vendor Codehaus Low
Vendor pom url http://www.picocontainer.org/ Highest
Vendor pom organization url http://codehaus.org/ Medium
Vendor pom description Please refer to the main website for documentation. Medium
Product Manifest Implementation-Title org.picocontainer High
Product pom url http://www.picocontainer.org/ Medium
Product pom artifactid picocontainer Highest
Product pom groupid picocontainer Low
Product pom organization name Codehaus Low
Product pom organization url http://codehaus.org/ Low
Product file name picocontainer High
Product Manifest extension-name picocontainer Medium
Product Manifest specification-title Small footprint Dependency Injection container Medium
Product pom name PicoContainer High
Product central artifactid picocontainer Highest
Product pom description Please refer to the main website for documentation. Medium
Version pom version 1.1 Highest
Version file version 1.1 Highest
Version Manifest Implementation-Version 1.1 High
Version central version 1.1 Highest
jdom-1.0.jar
File Path: /home/ciagent/.m2/repository/jdom/jdom/1.0/jdom-1.0.jar
MD5: 0b8f97de82fc9529b1028a77125ce4f8
SHA1: a2ac1cd690ab4c80defe7f9bce14d35934c35cec
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor central groupid jdom High
Vendor file name jdom High
Vendor manifest: org/jdom/input/ Implementation-Vendor jdom.org Medium
Vendor pom groupid jdom Highest
Vendor manifest: org/jdom/output/ Implementation-Vendor jdom.org Medium
Vendor manifest: org/jdom/adapters/ Implementation-Vendor jdom.org Medium
Vendor manifest: org/jdom/xpath/ Implementation-Vendor jdom.org Medium
Vendor central groupid com.sun.phobos High
Vendor pom artifactid jdom Low
Vendor manifest: org/jdom/filter/ Implementation-Vendor jdom.org Medium
Vendor manifest: org/jdom/transform/ Implementation-Vendor jdom.org Medium
Vendor manifest: org/jdom/ Implementation-Vendor jdom.org Medium
Product manifest: org/jdom/filter/ Specification-Title JDOM Filter Classes Medium
Product pom groupid jdom Low
Product manifest: org/jdom/xpath/ Specification-Title JDOM XPath Classes Medium
Product manifest: org/jdom/adapters/ Implementation-Title org.jdom.adapters Medium
Product manifest: org/jdom/input/ Specification-Title JDOM Input Classes Medium
Product manifest: org/jdom/ Specification-Title JDOM Classes Medium
Product file name jdom High
Product manifest: org/jdom/transform/ Specification-Title JDOM Transformation Classes Medium
Product manifest: org/jdom/transform/ Implementation-Title org.jdom.transform Medium
Product manifest: org/jdom/output/ Specification-Title JDOM Output Classes Medium
Product manifest: org/jdom/adapters/ Specification-Title JDOM Adapter Classes Medium
Product pom artifactid jdom Highest
Product manifest: org/jdom/filter/ Implementation-Title org.jdom.filter Medium
Product manifest: org/jdom/output/ Implementation-Title org.jdom.output Medium
Product manifest: org/jdom/xpath/ Implementation-Title org.jdom.xpath Medium
Product central artifactid jdom High
Product manifest: org/jdom/ Implementation-Title org.jdom Medium
Product manifest: org/jdom/input/ Implementation-Title org.jdom.input Medium
Version pom version 1.0 Highest
Version file version 1.0 Highest
Version central version 1.0 High
rome-1.0.jar
Description: All Roads Lead to ROME. ROME is a set of Atom/RSS Java utilities that make it
easy to work in Java with most syndication formats. Today it accepts all flavors of RSS
(0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0), Atom 0.3 and Atom 1.0 feeds. Rome includes
a set of parsers and generators for the various flavors of feeds, as well as converters
to convert from one format to another. The parsers can give you back Java objects that
are either specific for the format you want to work with, or a generic normalized
SyndFeed object that lets you work on with the data without bothering about the
underlying format.
File Path: /home/ciagent/.m2/repository/rome/rome/1.0/rome-1.0.jar
MD5: 53d38c030287b939f4e6d745ba1269a7
SHA1: 022b33347f315833e9348cec2751af1a5d5656e4
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid rome Highest
Vendor pom artifactid rome Low
Vendor Manifest bundle-symbolicname rome.rome Medium
Vendor pom description All Roads Lead to ROME. ROME is a set of Atom/RSS Java utilities that make it easy to work in Java with most syndication formats. Today it accepts all flavors of RSS (0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0), Atom 0.3 and Atom 1.0 feeds. Rome includes a set of parsers and generators for the various flavors of feeds, as well as converters to convert from one format to another. The parsers can give you back Java objects that are either specific for the format you want to work with, or a generic normalized SyndFeed object that lets you work on with the data without bothering about the underlying format. Low
Vendor central groupid rome Highest
Vendor Manifest originally-created-by 1.6.0_10 (Sun Microsystems Inc.) Low
Vendor file name rome High
Vendor manifest Bundle-Description All Roads Lead to ROME. ROME is a set of Atom/RSS Java utilities that make it easy to work in Java with most syndication formats. Today it accepts all flavors of RSS (0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0), Atom 0.3 and Atom 1.0 feeds. Rome includes a set of parsers and generators for the various flavors of feeds, as well as converters to convert from one format to another. The parsers can give you back Java objects that are either specific for the format you want to work with, or a generic normalized SyndFeed object that lets you work on with the data without bothering about the underlying format. Low
Vendor Manifest bundle-docurl http://java.sun.com/ Low
Vendor pom name ROME, RSS and atOM utilitiEs for Java High
Vendor Manifest embed-directory META-INF/lib Low
Vendor pom organization url http://java.sun.com/ Medium
Vendor pom organization name Sun Microsystems High
Vendor pom url https://rome.dev.java.net/ Highest
Product pom url https://rome.dev.java.net/ Medium
Product pom organization url http://java.sun.com/ Low
Product Manifest bundle-symbolicname rome.rome Medium
Product pom description All Roads Lead to ROME. ROME is a set of Atom/RSS Java utilities that make it easy to work in Java with most syndication formats. Today it accepts all flavors of RSS (0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0), Atom 0.3 and Atom 1.0 feeds. Rome includes a set of parsers and generators for the various flavors of feeds, as well as converters to convert from one format to another. The parsers can give you back Java objects that are either specific for the format you want to work with, or a generic normalized SyndFeed object that lets you work on with the data without bothering about the underlying format. Low
Product Manifest originally-created-by 1.6.0_10 (Sun Microsystems Inc.) Low
Product pom organization name Sun Microsystems Low
Product Manifest Bundle-Name ROME, RSS and atOM utilitiEs for Java Medium
Product file name rome High
Product manifest Bundle-Description All Roads Lead to ROME. ROME is a set of Atom/RSS Java utilities that make it easy to work in Java with most syndication formats. Today it accepts all flavors of RSS (0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0), Atom 0.3 and Atom 1.0 feeds. Rome includes a set of parsers and generators for the various flavors of feeds, as well as converters to convert from one format to another. The parsers can give you back Java objects that are either specific for the format you want to work with, or a generic normalized SyndFeed object that lets you work on with the data without bothering about the underlying format. Low
Product Manifest bundle-docurl http://java.sun.com/ Low
Product pom name ROME, RSS and atOM utilitiEs for Java High
Product pom artifactid rome Highest
Product Manifest embed-directory META-INF/lib Low
Product pom groupid rome Low
Product central artifactid rome Highest
Version pom version 1.0 Highest
Version file version 1.0 Highest
Version central version 1.0 Highest
javax.servlet-api-3.0.1.jar
Description: Java.net - The Source for Java Technology Collaboration
License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /home/ciagent/.m2/repository/javax/servlet/javax.servlet-api/3.0.1/javax.servlet-api-3.0.1.jar
MD5: 3ef236ac4c24850cd54abff60be25f35
SHA1: 6bf0ebb7efd993e222fc1112377b5e92a13b38dd
Referenced In Project/Scope:
eXo PLF:: Calendar Service:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest extension-name javax.servlet Medium
Vendor Manifest Implementation-Vendor GlassFish Community High
Vendor pom organization name GlassFish Community High
Vendor pom artifactid javax.servlet-api Low
Vendor pom url http://servlet-spec.java.net Highest
Vendor Manifest bundle-docurl https://glassfish.dev.java.net Low
Vendor pom parent-artifactid jvnet-parent Low
Vendor file name javax.servlet-api High
Vendor pom groupid javax.servlet Highest
Vendor Manifest (hint) specification-vendor sun Low
Vendor manifest Bundle-Description Java.net - The Source for Java Technology Collaboration Medium
Vendor Manifest bundle-symbolicname javax.servlet-api Medium
Vendor Manifest Implementation-Vendor-Id org.glassfish Medium
Vendor pom name Java Servlet API High
Vendor Manifest specification-vendor Oracle Low
Vendor central groupid javax.servlet Highest
Vendor pom parent-groupid net.java Medium
Vendor pom organization url https://glassfish.dev.java.net Medium
Product Manifest extension-name javax.servlet Medium
Product pom parent-artifactid jvnet-parent Medium
Product pom parent-groupid net.java Low
Product pom url http://servlet-spec.java.net Medium
Product Manifest bundle-docurl https://glassfish.dev.java.net Low
Product pom organization url https://glassfish.dev.java.net Low
Product file name javax.servlet-api High
Product Manifest Bundle-Name Java Servlet API Medium
Product manifest Bundle-Description Java.net - The Source for Java Technology Collaboration Medium
Product Manifest specification-title Java(TM) Servlet API Design Specification Medium
Product central artifactid javax.servlet-api Highest
Product Manifest bundle-symbolicname javax.servlet-api Medium
Product pom artifactid javax.servlet-api Highest
Product pom name Java Servlet API High
Product pom groupid javax.servlet Low
Product pom organization name GlassFish Community Low
Version central version 3.0.1 Highest
Version pom version 3.0.1 Highest
Version file version 3.0.1 Highest
Version Manifest Implementation-Version 3.0.1 High
ehcache-core-2.6.9.jar: sizeof-agent.jar
File Path: /home/ciagent/.m2/repository/net/sf/ehcache/ehcache-core/2.6.9/ehcache-core-2.6.9.jar/net/sf/ehcache/pool/sizeof/sizeof-agent.jar
MD5: 5ad919b3ac0516897bdca079c9a222a8
SHA1: e86399a80ae6a6c7a563717eaa0ce9ba4708571c
Referenced In Project/Scope:
eXo PLF:: Calendar Service:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest hudson-build-number 6 Low
Vendor Manifest jenkins-project sizeof-agent_sizeof-agent-1.0.1_publisher Low
Vendor pom name Ehcache Size-Of Agent High
Vendor Manifest jenkins-build-number 6 Low
Vendor pom groupid net.sf.ehcache Highest
Vendor pom artifactid sizeof-agent Low
Vendor pom parent-artifactid ehcache-parent Low
Vendor pom url http://www.ehcache.org Highest
Vendor Manifest hudson-project sizeof-agent_sizeof-agent-1.0.1_publisher Low
Vendor file name sizeof-agent High
Product pom parent-artifactid ehcache-parent Medium
Product Manifest hudson-build-number 6 Low
Product Manifest jenkins-project sizeof-agent_sizeof-agent-1.0.1_publisher Low
Product pom name Ehcache Size-Of Agent High
Product Manifest jenkins-build-number 6 Low
Product pom url http://www.ehcache.org Medium
Product Manifest hudson-project sizeof-agent_sizeof-agent-1.0.1_publisher Low
Product file name sizeof-agent High
Product pom groupid net.sf.ehcache Low
Product pom artifactid sizeof-agent Highest
Version Manifest hudson-build-number 6 Low
Version Manifest jenkins-build-number 6 Low
Version pom version 1.0.1 Highest
Version pom parent-version 1.0.1 Low
Version Manifest jenkins-version 1.449 Medium
Version Manifest hudson-version 1.449 Medium
maven: net.sf.ehcache:sizeof-agent:1.0.1
Confidence :High
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling/pom.xml
Description: JBoss Marshalling API
File Path: /home/ciagent/.m2/repository/org/jboss/marshalling/jboss-marshalling-osgi/2.0.0.Beta3/jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling/pom.xml
MD5: 2b0e9541ec4a0f19e378eaabc5e85ea0
SHA1: da91abf3554dceed9454faa89acafc48c0649df5
Evidence
Type Source Name Value Confidence
Vendor pom description JBoss Marshalling API Medium
Vendor pom name JBoss Marshalling API High
Vendor pom parent-groupid org.jboss.marshalling Medium
Vendor pom artifactid jboss-marshalling Low
Vendor pom groupid jboss.marshalling Highest
Vendor pom parent-artifactid jboss-marshalling-parent Low
Product pom parent-artifactid jboss-marshalling-parent Medium
Product pom description JBoss Marshalling API Medium
Product pom name JBoss Marshalling API High
Product pom groupid jboss.marshalling Low
Product pom parent-groupid org.jboss.marshalling Low
Product pom artifactid jboss-marshalling Highest
Version pom version 2.0.0.Beta3 Highest
maven: org.jboss.marshalling:jboss-marshalling:2.0.0.Beta3
Confidence :High
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-river/pom.xml
Description: JBoss Marshalling River Implementation
File Path: /home/ciagent/.m2/repository/org/jboss/marshalling/jboss-marshalling-osgi/2.0.0.Beta3/jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-river/pom.xml
MD5: 1dda062cdd15bd160a4ee6cf1be9f93d
SHA1: 366411529f00ec1eb4451b9b45012bfc09bde34b
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.jboss.marshalling Medium
Vendor pom groupid jboss.marshalling Highest
Vendor pom name JBoss Marshalling River High
Vendor pom artifactid jboss-marshalling-river Low
Vendor pom description JBoss Marshalling River Implementation Medium
Vendor pom parent-artifactid jboss-marshalling-parent Low
Product pom parent-artifactid jboss-marshalling-parent Medium
Product pom artifactid jboss-marshalling-river Highest
Product pom groupid jboss.marshalling Low
Product pom name JBoss Marshalling River High
Product pom description JBoss Marshalling River Implementation Medium
Product pom parent-groupid org.jboss.marshalling Low
Version pom version 2.0.0.Beta3 Highest
maven: org.jboss.marshalling:jboss-marshalling-river:2.0.0.Beta3
Confidence :High
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-serial/pom.xml
Description: JBoss Marshalling Serial Implementation
File Path: /home/ciagent/.m2/repository/org/jboss/marshalling/jboss-marshalling-osgi/2.0.0.Beta3/jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-serial/pom.xml
MD5: 16b74097e7ec70db37b74205776ad0a7
SHA1: cf519c8805a14e6ce20933b7a89bfe0d5a7dbf0f
Evidence
Type Source Name Value Confidence
Vendor pom description JBoss Marshalling Serial Implementation Medium
Vendor pom parent-groupid org.jboss.marshalling Medium
Vendor pom name JBoss Marshalling Serial High
Vendor pom groupid jboss.marshalling Highest
Vendor pom artifactid jboss-marshalling-serial Low
Vendor pom parent-artifactid jboss-marshalling-parent Low
Product pom parent-artifactid jboss-marshalling-parent Medium
Product pom description JBoss Marshalling Serial Implementation Medium
Product pom groupid jboss.marshalling Low
Product pom artifactid jboss-marshalling-serial Highest
Product pom name JBoss Marshalling Serial High
Product pom parent-groupid org.jboss.marshalling Low
Version pom version 2.0.0.Beta3 Highest
maven: org.jboss.marshalling:jboss-marshalling-serial:2.0.0.Beta3
Confidence :High
closure-compiler-v20170910.jar/META-INF/maven/com.google.javascript/closure-compiler/pom.xml
Description:
Closure Compiler is a JavaScript optimizing compiler. It parses your
JavaScript, analyzes it, removes dead code and rewrites and minimizes
what's left. It also checks syntax, variable references, and types, and
warns about common JavaScript pitfalls. It is used in many of Google's
JavaScript apps, including Gmail, Google Web Search, Google Maps, and
Google Docs.
File Path: /home/ciagent/.m2/repository/com/google/javascript/closure-compiler/v20170910/closure-compiler-v20170910.jar/META-INF/maven/com.google.javascript/closure-compiler/pom.xml
MD5: 1b66a934999bffadab1ef6f26b68288b
SHA1: c4f1e36254f80d8b202705a678e804bc484c1e27
Evidence
Type Source Name Value Confidence
Vendor pom description Closure Compiler is a JavaScript optimizing compiler. It parses your JavaScript, analyzes it, removes dead code and rewrites and minimizes what's left. It also checks syntax, variable references, and types, and warns about common JavaScript pitfalls. It is used in many of Google's JavaScript apps, including Gmail, Google Web Search, Google Maps, and Google Docs. Low
Vendor pom artifactid closure-compiler Low
Vendor pom parent-groupid com.google.javascript Medium
Vendor pom name Closure Compiler High
Vendor pom url https://developers.google.com/closure/compiler/ Highest
Vendor pom groupid google.javascript Highest
Vendor pom parent-artifactid closure-compiler-main Low
Product pom description Closure Compiler is a JavaScript optimizing compiler. It parses your JavaScript, analyzes it, removes dead code and rewrites and minimizes what's left. It also checks syntax, variable references, and types, and warns about common JavaScript pitfalls. It is used in many of Google's JavaScript apps, including Gmail, Google Web Search, Google Maps, and Google Docs. Low
Product pom name Closure Compiler High
Product pom artifactid closure-compiler Highest
Product pom url https://developers.google.com/closure/compiler/ Medium
Product pom groupid google.javascript Low
Product pom parent-artifactid closure-compiler-main Medium
Product pom parent-groupid com.google.javascript Low
Version pom version v20170910 Highest
maven: com.google.javascript:closure-compiler:v20170910
Confidence :High
cpe: cpe:/a:google:gmail:-
Confidence :Low
suppress
Published Vulnerabilities
CVE-2017-17689 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
Vulnerable Software & Versions: (show all )