Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: eXo PLF:: Commons - Transparent Upgrade Framework

org.exoplatform.commons:commons-component-upgrade:6.0.x-SNAPSHOT

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE Coordinates Highest Severity CVE Count CPE Confidence Evidence Count
jcr-1.0.1.jar cpe:/a:content_project:content:1.0.1 javax.jcr:jcr:1.0.1 Medium 1 Low 25
commons-lang-2.6.jar org.netbeans.external:org-apache-commons-lang:RELEASE90    0 34
jsr250-api-1.0.jar javax.annotation:jsr250-api:1.0    0 20
jsr311-api-1.1.1.jar javax.ws.rs:jsr311-api:1.1.1    0 28
chromattic.api-1.3.0.jar org.chromattic:chromattic.api:1.3.0    0 23
javaparser-1.0.8.jar com.google.code.javaparser:javaparser:1.0.8   0 20
chromattic.testgenerator-1.3.0.jar org.chromattic:chromattic.testgenerator:1.3.0    0 23
chromattic.metamodel-1.3.0.jar org.chromattic:chromattic.metamodel:1.3.0    0 23
chromattic.spi-1.3.0.jar org.chromattic:chromattic.spi:1.3.0    0 25
reflext.api-1.1.0.jar org.reflext:reflext.api:1.1.0    0 23
reflext.core-1.1.0.jar org.reflext:reflext.core:1.1.0    0 23
reflext.spi-1.1.0.jar org.reflext:reflext.spi:1.1.0    0 25
reflext.apt-1.1.0.jar cpe:/a:processing:processing:1.1.0 org.reflext:reflext.apt:1.1.0  Medium 1 Low 23
chromattic.apt-1.3.0.jar org.chromattic:chromattic.apt:1.3.0    0 23
chromattic.common-1.3.0.jar org.chromattic:chromattic.common:1.3.0    0 25
reflext.jlr-1.1.0.jar org.reflext:reflext.jlr:1.1.0    0 23
chromattic.core-1.3.0.jar org.chromattic:chromattic.core:1.3.0    0 23
portlet-api-2.0.jar javax.portlet:portlet-api:2.0    0 22
common-common-2.2.2.Final.jar org.gatein.common:common-common:2.2.2.Final    0 31
staxnav.core-0.9.8.jar org.staxnav:staxnav.core:0.9.8    0 19
commons-lang3-3.3.2.jar org.apache.commons:commons-lang3:3.3.2    0 37
dom4j-1.6.1.jar cpe:/a:dom4j_project:dom4j:1.6.1 dom4j:dom4j:1.6.1  Medium 1 Highest 28
javassist-3.20.0-GA.jar org.javassist:javassist:3.20.0-GA    0 27
hibernate-jpa-2.0-api-1.0.1.Final.jar org.hibernate.javax.persistence:hibernate-jpa-2.0-api:1.0.1.Final    0 26
jboss-logging-annotations-1.2.0.Beta1.jar org.jboss.logging:jboss-logging-annotations:1.2.0.Beta1    0 30
hibernate-commons-annotations-4.0.5.Final.jar org.hibernate.common:hibernate-commons-annotations:4.0.5.Final    0 30
hibernate-entitymanager-4.2.21.Final.jar org.hibernate:hibernate-entitymanager:4.2.21.Final    0 32
liquibase-core-3.4.2.jar org.liquibase:liquibase-core:3.4.2    0 19
bayeux-api-3.0.8.jar org.cometd.java:bayeux-api:3.0.8    0 29
cometd-java-common-3.0.8.jar org.cometd.java:cometd-java-common:3.0.8    0 29
cometd-java-websocket-javax-server-3.0.8.jar org.cometd.java:cometd-java-websocket-javax-server:3.0.8    0 29
cometd-java-websocket-common-server-3.0.8.jar org.cometd.java:cometd-java-websocket-common-server:3.0.8    0 29
cometd-java-annotations-3.0.8.jar org.cometd.java:cometd-java-annotations:3.0.8    0 29
jetty-io-9.2.14.v20151106.jar org.eclipse.jetty:jetty-io:9.2.14.v20151106    0 35
cometd-java-client-3.0.8.jar org.cometd.java:cometd-java-client:3.0.8    0 29
cometd-java-websocket-common-client-3.0.8.jar org.cometd.java:cometd-java-websocket-common-client:3.0.8    0 29
cometd-java-websocket-javax-client-3.0.8.jar org.cometd.java:cometd-java-websocket-javax-client:3.0.8    0 29
cometd-java-oort-3.0.8.jar org.cometd.java:cometd-java-oort:3.0.8    0 29
jetty-jmx-9.2.14.v20151106.jar cpe:/a:jetty:jetty:9.2.14.v20151106
cpe:/a:eclipse:jetty:9.2.14.v20151106 		org.eclipse.jetty:jetty-jmx:9.2.14.v20151106  High 4 Low 37
cometd-java-server-3.0.8.jar org.cometd.java:cometd-java-server:3.0.8    0 29
commons-comet-service-6.0.x-SNAPSHOT.jar org.exoplatform.commons:commons-comet-service:6.0.x-SNAPSHOT   0 25
exo.kernel.component.cache-6.0.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.component.cache:6.0.x-SNAPSHOT   0 24
exo.core.component.security.core-6.0.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.security.core:6.0.x-SNAPSHOT   0 22
antlr-2.7.7.jar antlr:antlr:2.7.7    0 18
hibernate-core-4.2.21.Final.jar org.hibernate:hibernate-core:4.2.21.Final    0 32
exo.core.component.organization.api-6.0.x-SNAPSHOT.jar cpe:/a:api-platform:core:6.0 org.exoplatform.core:exo.core.component.organization.api:6.0.x-SNAPSHOT   0 Low 22
mail-1.4.7.jar cpe:/a:sun:javamail:1.4.7 javax.mail:mail:1.4.7    0 Low 38
commons-dbcp-1.4.jar commons-dbcp:commons-dbcp:1.4    0 34
commons-pool-1.6.jar commons-pool:commons-pool:1.6    0 36
exo.kernel.component.common-6.0.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.component.common:6.0.x-SNAPSHOT   0 22
commons-fileupload-1.3.3.jar cpe:/a:apache:commons_fileupload:1.3.3 commons-fileupload:commons-fileupload:1.3.3    0 Low 40
exo.ws.rest.core-6.0.x-SNAPSHOT.jar cpe:/a:ws_project:ws:6.0.20191006 org.exoplatform.ws:exo.ws.rest.core:6.0.x-SNAPSHOT   0 Low 24
exo.portal.webui.core-6.0.x-SNAPSHOT.jar cpe:/a:in-portal:in-portal:6.0.20191006 org.exoplatform.gatein.portal:exo.portal.webui.core:6.0.x-SNAPSHOT   0 Low 29
twitter4j-core-3.0.5.jar cpe:/a:twitter_project:twitter:3.0.5
cpe:/a:twitter:twitter:3.0.5 		org.twitter4j:twitter4j-core:3.0.5    0 Low 22
scribe-1.3.5.jar cpe:/a:scribe:scribe:1.3.5 org.scribe:scribe:1.3.5    0 Low 23
httpcore-4.3.3.jar org.apache.httpcomponents:httpcore:4.3.3    0 32
commons-logging-1.1.3.jar commons-logging:commons-logging:1.1.3    0 36
httpclient-4.3.6.jar cpe:/a:apache:httpclient:4.3.6 org.apache.httpcomponents:httpclient:4.3.6    0 Low 32
google-http-client-1.14.1-beta.jar cpe:/a:google_forms_project:google_forms:1.14.1.beta com.google.http-client:google-http-client:1.14.1-beta    0 Low 24
jsr305-1.3.9.jar com.google.code.findbugs:jsr305:1.3.9    0 21
google-api-client-1.14.1-beta.jar com.google.api-client:google-api-client:1.14.1-beta    0 22
jackson-core-asl-1.9.11.jar cpe:/a:fasterxml:jackson:1.9.11 org.codehaus.jackson:jackson-core-asl:1.9.11    0 Low 32
google-http-client-jackson-1.14.1-beta.jar com.google.http-client:google-http-client-jackson:1.14.1-beta    0 22
google-api-services-plus-v1-rev69-1.14.2-beta.jar com.google.apis:google-api-services-plus:v1-rev69-1.14.2-beta    0 26
google-api-services-oauth2-v2-rev36-1.14.2-beta.jar com.google.apis:google-api-services-oauth2:v2-rev36-1.14.2-beta    0 26
chromattic.ext-1.3.0.jar org.chromattic:chromattic.ext:1.3.0    0 25
pc-api-6.0.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-api:6.0.x-SNAPSHOT   0 27
pc-portlet-6.0.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-portlet:6.0.x-SNAPSHOT   0 29
pc-federation-6.0.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-federation:6.0.x-SNAPSHOT   0 29
pc-bridge-6.0.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-bridge:6.0.x-SNAPSHOT   0 27
filters-2.0.235.jar cpe:/a:image_processing_software:image_processing_software:2.0.235 com.jhlabs:filters:2.0.235  Low 1 Low 22
simplecaptcha-1.1.1.Final-gatein-4.jar org.gatein.captcha:simplecaptcha:1.1.1.Final-gatein-4   0 27
gatein-api-1.0.1.Final.jar org.gatein.api:gatein-api:1.0.1.Final    0 29
icu4j-56.1.jar cpe:/a:icu-project:international_components_for_unicode:56.1::~~~c%2fc%2b%2b~~ com.ibm.icu:icu4j:56.1  High 8 Highest 33
exo.portal.webui.portal-6.0.x-SNAPSHOT.jar cpe:/a:in-portal:in-portal:6.0 org.exoplatform.gatein.portal:exo.portal.webui.portal:6.0.x-SNAPSHOT   0 Low 27
aspectjrt-1.8.8.jar org.aspectj:aspectjrt:1.8.8    0 21
c3p0-0.9.1.1.jar cpe:/a:mchange:c3p0:0.9.1.1 c3p0:c3p0:0.9.1.1  Medium 1 Highest 23
quartz-2.2.2.jar org.quartz-scheduler:quartz:2.2.2    0 43
guava-20.0.jar cpe:/a:google:guava:20.0 com.google.guava:guava:20.0  Medium 1 Highest 29
commons-codec-1.10.jar commons-codec:commons-codec:1.10    0 38
owasp-java-html-sanitizer-20160413.1.jar cpe:/a:owasp-java-html-sanitizer_project:owasp-java-html-sanitizer:20160413.1 com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20160413.1    0 Low 21
jrcs.diff-0.4.2.jar org.jvnet.hudson:org.suigeneris.jrcs.diff:0.4.2    0 17
ecs-1.4.2.jar ecs:ecs:1.4.2    0 14
json-simple-1.1.1.jar com.googlecode.json-simple:json-simple:1.1.1    0 23
jackson-core-2.9.8.jar cpe:/a:fasterxml:jackson:2.9.8 com.fasterxml.jackson.core:jackson-core:2.9.8    0 Low 41
jackson-databind-2.9.8.jar cpe:/a:fasterxml:jackson:2.9.8
cpe:/a:fasterxml:jackson-databind:2.9.8 		com.fasterxml.jackson.core:jackson-databind:2.9.8  High 10 Highest 41
snakeyaml-1.23.jar org.yaml:snakeyaml:1.23    0 25
jackson-dataformat-yaml-2.9.8.jar cpe:/a:fasterxml:jackson:2.9.8
cpe:/a:fasterxml:jackson-dataformat-xml:2.9.8 		com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.9.8    0 Low 41
swagger-annotations-1.5.22.jar io.swagger:swagger-annotations:1.5.22    0 24
swagger-models-1.5.22.jar io.swagger:swagger-models:1.5.22    0 24
validation-api-1.1.0.Final.jar javax.validation:validation-api:1.1.0.Final    0 22
swagger-core-1.5.22.jar io.swagger:swagger-core:1.5.22    0 24
reflections-0.9.11.jar org.reflections:reflections:0.9.11    0 25
swagger-jaxrs-1.5.22.jar io.swagger:swagger-jaxrs:1.5.22    0 24
commons-component-common-6.0.x-SNAPSHOT.jar org.exoplatform.commons:commons-component-common:6.0.x-SNAPSHOT   0 25
log4j-1.2.17.jar cpe:/a:apache:log4j:2.0:alpha1 log4j:log4j:1.2.17  High 1 High 33
stax-api-1.0-2.jar javax.xml.stream:stax-api:1.0-2    0 20
activation-1.1.1.jar javax.activation:activation:1.1.1    0 24
jaxb-api-2.1.jar javax.xml.bind:jaxb-api:2.1    0 15
jaxb-impl-2.1.8.jar com.sun.xml.bind:jaxb-impl:2.1.8    0 20
picketlink-idm-core-1.4.6.Final.jar cpe:/a:picketlink:picketlink:1.4.6 org.picketlink.idm:picketlink-idm-core:1.4.6.Final  Medium 3 Low 37
common-logging-2.2.2.Final.jar org.gatein.common:common-logging:2.2.2.Final    0 31
mop-api-1.3.2.Final.jar org.gatein.mop:mop-api:1.3.2.Final   0 30
mop-spi-1.3.2.Final.jar org.gatein.mop:mop-spi:1.3.2.Final   0 30
mop-core-1.3.2.Final.jar org.gatein.mop:mop-core:1.3.2.Final   0 30
gatein-management-api-2.1.0.Final.jar org.gatein.management:gatein-management-api:2.1.0.Final   0 28
gatein-management-spi-2.1.0.Final.jar org.gatein.management:gatein-management-spi:2.1.0.Final   0 28
json-20070829.jar org.json:json:20070829    0 23
commons-component-product-6.0.x-SNAPSHOT.jar org.exoplatform.commons:commons-component-product:6.0.x-SNAPSHOT   0 27
closure-compiler-externs-v20170910.jar com.google.javascript:closure-compiler-externs:v20170910    0 19
args4j-2.33.jar args4j:args4j:2.33    0 24
error_prone_annotations-2.0.18.jar com.google.errorprone:error_prone_annotations:2.0.18    0 23
gson-2.7.jar com.google.code.gson:gson:2.7    0 34
jsinterop-annotations-1.0.0.jar com.google.jsinterop:jsinterop-annotations:1.0.0    0 19
closure-compiler-v20170910.jar com.google.javascript:closure-compiler:v20170910    0 13
commons-webui-component-6.0.x-SNAPSHOT.jar org.exoplatform.commons:commons-webui-component:6.0.x-SNAPSHOT   0 25
commons-api-6.0.x-SNAPSHOT.jar org.exoplatform.commons:commons-api:6.0.x-SNAPSHOT   0 25
commons-chain-1.2.jar commons-chain:commons-chain:1.2    0 34
commons-digester-2.1.jar commons-digester:commons-digester:2.1    0 34
exo.kernel.component.command-6.0.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.component.command:6.0.x-SNAPSHOT   0 24
commons-io-2.4.jar commons-io:commons-io:2.4    0 36
fontbox-1.8.14.jar cpe:/a:apache:pdfbox:1.8.14 org.apache.pdfbox:fontbox:1.8.14  Medium 2 Highest 37
jempbox-1.8.14.jar cpe:/a:apache:pdfbox:1.8.14 org.apache.pdfbox:jempbox:1.8.14  Medium 2 Highest 35
pdfbox-1.8.14.jar cpe:/a:apache:pdfbox:1.8.14 org.apache.pdfbox:pdfbox:1.8.14  Medium 2 Highest 35
htmllexer-2.1.jar org.htmlparser:htmllexer:2.1    0 23
htmlparser-2.1.jar org.htmlparser:htmlparser:2.1    0 23
poi-3.13.jar cpe:/a:apache:poi:3.13 org.apache.poi:poi:3.13  High 2 Highest 28
tika-core-1.5.jar cpe:/a:apache:tika:1.5 org.apache.tika:tika-core:1.5  High 8 Highest 33
vorbis-java-core-0.1-tests.jar org.gagravarr:vorbis-java-core:0.1    0 23
vorbis-java-tika-0.1.jar cpe:/a:apache:tika:0.1 org.gagravarr:vorbis-java-tika:0.1  High 6 Highest 23
netcdf-4.2-min.jar edu.ucar:netcdf:4.2-min    0 21
apache-mime4j-core-0.7.2.jar cpe:/a:apache:james:0.7.2 org.apache.james:apache-mime4j-core:0.7.2    0 Low 33
xz-1.2.jar cpe:/a:tukaani:xz:1.2 org.tukaani:xz:1.2  Medium 1 Low 27
commons-compress-1.5.jar cpe:/a:apache:commons_compress:1.5
cpe:/a:apache:commons-compress:1.5 		org.apache.commons:commons-compress:1.5    0 Low 39
bcmail-jdk15-1.45.jar cpe:/a:no-cms_project:no-cms:1.45
cpe:/a:mime_project:mime:1.45 		org.bouncycastle:bcmail-jdk15:1.45    0 Low 24
bcprov-jdk15-1.45.jar cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.45
cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.45 		org.bouncycastle:bcprov-jdk15:1.45  Medium 1 Low 24
tagsoup-1.2.1.jar org.ccil.cowan.tagsoup:tagsoup:1.2.1    0 18
asm-debug-all-4.1.jar cpe:/a:debug_project:debug:4.1 org.ow2.asm:asm-debug-all:4.1    0 Low 28
isoparser-1.0-RC-1.jar cpe:/a:boxes_project:boxes:7.x-1.0 com.googlecode.mp4parser:isoparser:1.0-RC-1  Low 1 Highest 24
xmpcore-5.1.2.jar com.adobe.xmp:xmpcore:5.1.2    0 30
xercesImpl-2.9.1.jar cpe:/a:apache:xerces2_java:2.9.1 xerces:xercesImpl:2.9.1  High 1 Low 50
metadata-extractor-2.6.2.jar com.drewnoakes:metadata-extractor:2.6.2    0 21
rome-1.0.jar rome:rome:1.0    0 32
vorbis-java-core-0.1.jar org.gagravarr:vorbis-java-core:0.1    0 21
juniversalchardet-1.0.3.jar org.zenframework.z8.dependencies.commons:juniversalchardet-1.0.3:2.0    0 26
jhighlight-1.0.jar com.uwyn:jhighlight:1.0    0 25
xmlbeans-2.6.0.jar org.apache.xmlbeans:xmlbeans:2.6.0    0 24
exo.core.component.document-6.0.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.document:6.0.x-SNAPSHOT   0 24
exo.core.component.database-6.0.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.database:6.0.x-SNAPSHOT   0 24
lucene-core-3.6.2.jar org.apache.lucene:lucene-core:3.6.2    0 26
lucene-analyzers-3.6.2.jar org.apache.lucene:lucene-analyzers:3.6.2    0 26
lucene-spellchecker-3.6.2.jar org.apache.lucene:lucene-spellchecker:3.6.2    0 26
jta-1.1.jar javax.transaction:transaction-api:1.1    0 22
concurrent-1.3.4.jar concurrent:concurrent:1.3.4    0 23
commons-collections-3.2.2.jar cpe:/a:apache:commons_collections:3.2.2 commons-collections:commons-collections:3.2.2    0 Low 40
jgroups-3.6.13.Final.jar org.jgroups:jgroups:3.6.13.Final    0 32
jbossjta-4.16.6.Final.jar org.jboss.jbossts:jbossjta:4.16.6.Final    0 22
ws-commons-util-1.0.1.jar cpe:/a:ws_project:ws:1.0.1 ws-commons-util:ws-commons-util:1.0.1  Medium 1 Low 30
jboss-common-core-2.2.22.GA.jar org.jboss:jboss-common-core:2.2.22.GA    0 30
stringtemplate-3.2.1.jar cpe:/a:string_project:string:3.2.1::~~~node.js~~ org.antlr:stringtemplate:3.2.1  Medium 1 Highest 23
antlr-runtime-3.5.jar org.antlr:antlr-runtime:3.5    0 26
exo.kernel.component.ext.cache.impl.infinispan.v8-6.0.x-SNAPSHOT.jar cpe:/a:infinispan:infinispan:6.0.0 org.exoplatform.kernel:exo.kernel.component.ext.cache.impl.infinispan.v8:6.0.x-SNAPSHOT Medium 3 Highest 24
jboss-marshalling-osgi-2.0.0.Beta3.jar org.jboss.marshalling:jboss-marshalling-osgi:2.0.0.Beta3    0 29
infinispan-core-8.2.6.Final.jar cpe:/a:infinispan:infinispan:8.2.6 org.infinispan:infinispan-core:8.2.6.Final  Medium 3 Highest 35
exo.jcr.component.core-6.0.x-SNAPSHOT.jar org.exoplatform.jcr:exo.jcr.component.core:6.0.x-SNAPSHOT   0 24
jtidy-r938.jar cpe:/a:html-tidy:tidy:- net.sf.jtidy:jtidy:r938    0 Low 25
exo.core.component.xml-processing-6.0.x-SNAPSHOT.jar cpe:/a:processing:processing:6.0.20191006 org.exoplatform.core:exo.core.component.xml-processing:6.0.x-SNAPSHOT   0 Low 24
groovy-all-2.4.12.jar cpe:/a:apache:groovy:2.4.12 org.codehaus.groovy:groovy-all:2.4.12    0 Low 36
exo.core.component.script.groovy-6.0.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.script.groovy:6.0.x-SNAPSHOT   0 22
exo.jcr.component.ext-6.0.x-SNAPSHOT.jar org.exoplatform.jcr:exo.jcr.component.ext:6.0.x-SNAPSHOT   0 24
mime-util-2.1.3.jar cpe:/a:mime_project:mime:2.1.3 eu.medsea.mimeutil:mime-util:2.1.3    0 Low 30
jakarta-regexp-1.4.jar jakarta-regexp:jakarta-regexp:1.4    0 14
xpp3-1.1.6.jar org.ogce:xpp3:1.1.6    0 24
jcl-over-slf4j-1.7.18.jar org.slf4j:jcl-over-slf4j:1.7.18    0 31
slf4j-api-1.7.18.jar org.slf4j:slf4j-api:1.7.18    0 31
exo.kernel.commons-6.0.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.commons:6.0.x-SNAPSHOT   0 24
javax.servlet-api-3.0.1.jar javax.servlet:javax.servlet-api:3.0.1    0 38
commons-beanutils-1.8.3.jar cpe:/a:apache:commons_beanutils:1.8.3 commons-beanutils:commons-beanutils:1.8.3  High 2 Low 34
wci-wci-6.0.x-SNAPSHOT.jar org.exoplatform.gatein.wci:wci-wci:6.0.x-SNAPSHOT   0 29
jibx-run-1.2.6.jar org.jibx:jibx-run:1.2.6    0 29
javax.inject-1.jar javax.inject:javax.inject:1    0 20
cdi-api-1.0-SP4.jar javax.enterprise:cdi-api:1.0-SP4    0 31
exo.kernel.container-6.0.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.container:6.0.x-SNAPSHOT   0 24
xpp3-1.1.4c.jar xpp3:xpp3:1.1.4c    0 26
picocontainer-1.1.jar picocontainer:picocontainer:1.1    0 28
xmlpull-1.1.3.1.jar xmlpull:xmlpull:1.1.3.1    0 18
xpp3_min-1.1.4c.jar xpp3:xpp3_min:1.1.4c    0 24
xstream-1.4.10.jar cpe:/a:xstream_project:xstream:1.4.10 com.thoughtworks.xstream:xstream:1.4.10  High 2 Highest 53
closure-compiler-v20170910.jar/META-INF/maven/com.google.javascript/closure-compiler/pom.xml cpe:/a:google:gmail:- com.google.javascript:closure-compiler:v20170910 Medium 1 Low 15
closure-compiler-v20170910.jar/META-INF/maven/com.google.protobuf/protobuf-java/pom.xml cpe:/a:google:protobuf:3.0.2 com.google.protobuf:protobuf-java:3.0.2 Medium 1 Highest 13
closure-compiler-v20170910.jar/META-INF/maven/com.google.code.findbugs/jsr305/pom.xml com.google.code.findbugs:jsr305:3.0.1   0 11
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling/pom.xml org.jboss.marshalling:jboss-marshalling:2.0.0.Beta3   0 13
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-river/pom.xml org.jboss.marshalling:jboss-marshalling-river:2.0.0.Beta3   0 13
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-serial/pom.xml org.jboss.marshalling:jboss-marshalling-serial:2.0.0.Beta3   0 13

Dependencies

jcr-1.0.1.jar

Description: Content Repository for Java technology API. Specifies a standard API to access content repositories in JavaTM 2 independently of implementation.

License:

Day License: http://www.day.com/maven/jsr170/licenses/day-spec-license.htm
File Path: /home/ciagent/.m2/repository/javax/jcr/jcr/1.0.1/jcr-1.0.1.jar
MD5: 4639c7b994528948dab1a4feb1f68d6f
SHA1: 567ee103cf7592e3cf036e1bf4e2e06b9f08e1a1
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

  • cpe: cpe:/a:content_project:content:1.0.1   Confidence:Low   
  • maven: javax.jcr:jcr:1.0.1   Confidence:High

CVE-2017-16111  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header.

Vulnerable Software & Versions:

commons-lang-2.6.jar

Description:  Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

jsr250-api-1.0.jar

Description: JSR-250 Reference Implementation by Glassfish

License:

COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: /home/ciagent/.m2/repository/javax/annotation/jsr250-api/1.0/jsr250-api-1.0.jar
MD5: 4cd56b2e4977e541186de69f5126b4a6
SHA1: 5025422767732a1ab45d93abfea846513d742dcf
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

jsr311-api-1.1.1.jar

License:

                CDDL License
            : http://www.opensource.org/licenses/cddl1.php
File Path: /home/ciagent/.m2/repository/javax/ws/rs/jsr311-api/1.1.1/jsr311-api-1.1.1.jar
MD5: c9803468299ec255c047a280ddec510f
SHA1: 59033da2a1afd56af1ac576750a8d0b1830d59e6
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

chromattic.api-1.3.0.jar

Description: Chromattic Framework API

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.api/1.3.0/chromattic.api-1.3.0.jar
MD5: 11f2df6e3a3b4451719710c0f4c08103
SHA1: 4f60a9585bd6e68833eaaea1f1a615c682adbe27
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

javaparser-1.0.8.jar

Description: A Java 1.5 Parser with AST generation and visitor support. The AST records the source code structure, javadoc and comments. It is also possible to change the AST nodes or create new ones to modify the source code.

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl.html
File Path: /home/ciagent/.m2/repository/com/google/code/javaparser/javaparser/1.0.8/javaparser-1.0.8.jar
MD5: 32228e53ef6cc2ebe515bc40d7c9a4f9
SHA1: 9ca2f8ef2233babc53a8c2b6bb21869d94f5fcc1
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:runtime

Identifiers

  • maven: com.google.code.javaparser:javaparser:1.0.8   Confidence:High

chromattic.testgenerator-1.3.0.jar

Description: Chromattic Framework generator

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.testgenerator/1.3.0/chromattic.testgenerator-1.3.0.jar
MD5: 971802dfdfdc6500f1ff0e583a7659a1
SHA1: e725269db29a0fc8c982df481e5ce09b84e5d6a8
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:test-compile

Identifiers

chromattic.metamodel-1.3.0.jar

Description: Chromattic Framework Metamodel

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.metamodel/1.3.0/chromattic.metamodel-1.3.0.jar
MD5: 0d534975c688ebabbc232601c6bc13da
SHA1: fbaa10037faf34a2d4d8eeb4e6b5ce28c95a9455
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

chromattic.spi-1.3.0.jar

Description: Chromattic Framework SPI

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.spi/1.3.0/chromattic.spi-1.3.0.jar
MD5: e440e3f5a8e5ad38720975546ab7f06d
SHA1: 64c36f826b832acab48fea793b7c70b019a46181
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

reflext.api-1.1.0.jar

Description: The Reflext Framework API

File Path: /home/ciagent/.m2/repository/org/reflext/reflext.api/1.1.0/reflext.api-1.1.0.jar
MD5: fe732172fa2fb5ae4b63866ef15da41f
SHA1: 28374c509099736aeedc52fef3d7b8e78238c2a0
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

reflext.core-1.1.0.jar

Description: The Reflect Framework Core

File Path: /home/ciagent/.m2/repository/org/reflext/reflext.core/1.1.0/reflext.core-1.1.0.jar
MD5: cc65231f60a70dec43a57ccba5adce81
SHA1: 56316a714b99d7ac85d23d0f1a4680149c3273d6
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

reflext.spi-1.1.0.jar

Description: The Reflext Framework SPI

File Path: /home/ciagent/.m2/repository/org/reflext/reflext.spi/1.1.0/reflext.spi-1.1.0.jar
MD5: 2c967ae0c3078d23b615f8825377f304
SHA1: 4df0428c39922079c53955602bce66735f9d20a8
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

reflext.apt-1.1.0.jar

Description: The Reflext Framework Annotation Processing Tool Plugin

File Path: /home/ciagent/.m2/repository/org/reflext/reflext.apt/1.1.0/reflext.apt-1.1.0.jar
MD5: e6bb0195d6cdd15b618939c78999ea4e
SHA1: 093ab21e03197c1c7a2d2d20da4d3dd34a60ac24
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

CVE-2018-1000840  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

Processing Foundation Processing version 3.4 and earlier contains a XML External Entity (XXE) vulnerability in loadXML() function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use Processing to parse a crafted XML document.

Vulnerable Software & Versions:

chromattic.apt-1.3.0.jar

Description: Chromattic Framework APT Plugin

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.apt/1.3.0/chromattic.apt-1.3.0.jar
MD5: 5f51682435a2e2014a9bd9c5936a5cc5
SHA1: f2e219c2b8e13983a26b4c3f4e8eb54d71730b4d
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

chromattic.common-1.3.0.jar

Description: Chromattic Framework Common

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.common/1.3.0/chromattic.common-1.3.0.jar
MD5: 15bfb4cc0312aefffb25952cdf18b2cd
SHA1: 55470175c1ba46a917504acf97018e6ef2932659
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

reflext.jlr-1.1.0.jar

Description: The Reflext Framework Java Lang Reflect Plugin

File Path: /home/ciagent/.m2/repository/org/reflext/reflext.jlr/1.1.0/reflext.jlr-1.1.0.jar
MD5: 1103f3b1ed3762e0bd100cbee6e7f345
SHA1: 79ad1a5053213cbb350d37ff12d5f767243c8c46
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

chromattic.core-1.3.0.jar

Description: Chromattic Framework Core

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.core/1.3.0/chromattic.core-1.3.0.jar
MD5: 9ece56be0e1e1b3289bbe177e8e1b4ab
SHA1: 1bc4ebc89d7b47af394b920f44a0b51409343034
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

portlet-api-2.0.jar

Description: The Java Portlet API version 2.0 developed by the Java Community Process JSR-286 Expert Group.

File Path: /home/ciagent/.m2/repository/javax/portlet/portlet-api/2.0/portlet-api-2.0.jar
MD5: 0ec08593cda1df33985391919996c740
SHA1: 1cd72f2a37fcf8ab9893a9468d7ba71c85fe2653
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

common-common-2.2.2.Final.jar

File Path: /home/ciagent/.m2/repository/org/gatein/common/common-common/2.2.2.Final/common-common-2.2.2.Final.jar
MD5: 8ce16b5e3991285cd27e553740d09d1f
SHA1: 44522d899e31a5a10dbd70f7b0ca2fe5a614f740
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

staxnav.core-0.9.8.jar

File Path: /home/ciagent/.m2/repository/org/staxnav/staxnav.core/0.9.8/staxnav.core-0.9.8.jar
MD5: 0f786e5be21df9fbe8753175564564c7
SHA1: 27bd12d4d74b0851e38de79f8299462d93ba3d7f
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

commons-lang3-3.3.2.jar

Description:  Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/commons/commons-lang3/3.3.2/commons-lang3-3.3.2.jar
MD5: 3128bf75a2549ebe38663401191bacab
SHA1: 90a3822c38ec8c996e84c16a3477ef632cbc87a3
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

dom4j-1.6.1.jar

Description: dom4j: the flexible XML framework for Java

File Path: /home/ciagent/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar
MD5: 4d8f51d3fe3900efc6e395be48030d6d
SHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

CVE-2018-1000632  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-91 XML Injection (aka Blind XPath Injection)

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

Vulnerable Software & Versions: (show all)

javassist-3.20.0-GA.jar

Description:  Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/
File Path: /home/ciagent/.m2/repository/org/javassist/javassist/3.20.0-GA/javassist-3.20.0-GA.jar
MD5: a89dd7907d76e061ec2c07e762a74256
SHA1: a9cbcdfb7e9f86fbc74d3afae65f2248bfbf82a0
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

hibernate-jpa-2.0-api-1.0.1.Final.jar

Description:  Hibernate definition of the Java Persistence 2.0 (JSR 317) API.

License:

license.txt
File Path: /home/ciagent/.m2/repository/org/hibernate/javax/persistence/hibernate-jpa-2.0-api/1.0.1.Final/hibernate-jpa-2.0-api-1.0.1.Final.jar
MD5: d7e7d8f60fc44a127ba702d43e71abec
SHA1: 3306a165afa81938fc3d8a0948e891de9f6b192b
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

jboss-logging-annotations-1.2.0.Beta1.jar

File Path: /home/ciagent/.m2/repository/org/jboss/logging/jboss-logging-annotations/1.2.0.Beta1/jboss-logging-annotations-1.2.0.Beta1.jar
MD5: 938e552e319015a8863dd91284aada54
SHA1: 2f437f37bb265d9f8f1392823dbca12d2bec06d6
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

hibernate-commons-annotations-4.0.5.Final.jar

Description: Common reflection code used in support of annotation processing

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/ciagent/.m2/repository/org/hibernate/common/hibernate-commons-annotations/4.0.5.Final/hibernate-commons-annotations-4.0.5.Final.jar
MD5: 5dadbafd7c7bc1168c10a2ba87e927a2
SHA1: 2a581b9edb8168e45060d8bad8b7f46712d2c52c
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

hibernate-entitymanager-4.2.21.Final.jar

Description: A module of the Hibernate O/RM project

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/ciagent/.m2/repository/org/hibernate/hibernate-entitymanager/4.2.21.Final/hibernate-entitymanager-4.2.21.Final.jar
MD5: 2c1a3f1c7bb83b730ab3db1fe588904e
SHA1: a6675070b4c7bb843d74d6ab3bc9440fd315dbb3
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

liquibase-core-3.4.2.jar

File Path: /home/ciagent/.m2/repository/org/liquibase/liquibase-core/3.4.2/liquibase-core-3.4.2.jar
MD5: d4ad6d5f7958b69b8fbd01a5564ae45b
SHA1: c91ccf342466857251cf6795b0cecc42509206f2
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

bayeux-api-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/bayeux-api/3.0.8/bayeux-api-3.0.8.jar
MD5: a09842b7f274cefffa408299b5fc8dd0
SHA1: d5aceb0e7fef4a140f7e95be48338b97723d3163
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

cometd-java-common-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-common/3.0.8/cometd-java-common-3.0.8.jar
MD5: 70c7cc13ecc20634a6b357e33134d551
SHA1: 5e2134a1b3bc6e03b7e1666a74e9993d0bb52a7d
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

cometd-java-websocket-javax-server-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-websocket-javax-server/3.0.8/cometd-java-websocket-javax-server-3.0.8.jar
MD5: afa5e80138d48292a6f93b708257d2fc
SHA1: 353860f809886a58c181dd9e273ee7b79e133277
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

cometd-java-websocket-common-server-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-websocket-common-server/3.0.8/cometd-java-websocket-common-server-3.0.8.jar
MD5: 5772b2360cec4ff610e62151fb4deb62
SHA1: 61538a1231b700bf045fa197514f63509960985e
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

cometd-java-annotations-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-annotations/3.0.8/cometd-java-annotations-3.0.8.jar
MD5: 98b60697675562cf957655c3239a1ad3
SHA1: 5b56875b2ac024b5666633596abb90702ec35e81
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

jetty-io-9.2.14.v20151106.jar

Description: Administrative parent pom for Jetty modules

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: /home/ciagent/.m2/repository/org/eclipse/jetty/jetty-io/9.2.14.v20151106/jetty-io-9.2.14.v20151106.jar
MD5: 94d0e857144c7615b6fd65019cd32b59
SHA1: dfa4137371a3f08769820138ca1a2184dacda267
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

cometd-java-client-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-client/3.0.8/cometd-java-client-3.0.8.jar
MD5: 24f1367fb4d96fe70a3f07a1f48e447e
SHA1: 826d4ae9402e7c48cc98fe287389788134e4986f
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

cometd-java-websocket-common-client-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-websocket-common-client/3.0.8/cometd-java-websocket-common-client-3.0.8.jar
MD5: c17616c290c54ffc4a70dda2b901919a
SHA1: 8b75f11de5bba306d0bcb20a6c1bed89675579cd
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

cometd-java-websocket-javax-client-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-websocket-javax-client/3.0.8/cometd-java-websocket-javax-client-3.0.8.jar
MD5: 433dd449f689697bbe1a75b0ed2788f8
SHA1: b44bcf098667f0112301d75f73adb5ba3295699d
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

cometd-java-oort-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-oort/3.0.8/cometd-java-oort-3.0.8.jar
MD5: 62dbbecedab27927495fc9c9e0b70505
SHA1: a72695546e010c250ba65519fc91867b208fc8f9
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

jetty-jmx-9.2.14.v20151106.jar

Description: JMX management artifact for jetty.

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: /home/ciagent/.m2/repository/org/eclipse/jetty/jetty-jmx/9.2.14.v20151106/jetty-jmx-9.2.14.v20151106.jar
MD5: 5eccc25d22921cb4787812d0687a2978
SHA1: 617edc5e966b4149737811ef8b289cd94b831bab
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

  • cpe: cpe:/a:jetty:jetty:9.2.14.v20151106   Confidence:Low   
  • maven: org.eclipse.jetty:jetty-jmx:9.2.14.v20151106    Confidence:Highest
  • cpe: cpe:/a:eclipse:jetty:9.2.14.v20151106   Confidence:Low   

CVE-2017-7656  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.

Vulnerable Software & Versions: (show all)

CVE-2017-7657  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-190 Integer Overflow or Wraparound

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.

Vulnerable Software & Versions: (show all)

CVE-2017-7658  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.

Vulnerable Software & Versions: (show all)

CVE-2017-9735  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Vulnerable Software & Versions:

cometd-java-server-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-server/3.0.8/cometd-java-server-3.0.8.jar
MD5: c55eb617762fad72683da9de856e008c
SHA1: 11d535c657bdb491abc2ccd820118f9d6a8f44e0
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

commons-comet-service-6.0.x-SNAPSHOT.jar

File Path: /srv/ciagent/workspace/PLF/commons-develop-site/sources/commons-comet-service/target/commons-comet-service-6.0.x-SNAPSHOT.jar
MD5: ef3d8aced89226dd3b3c62aa52f5c0b4
SHA1: dd9011b1b664bffc7beea124f959ff0b0130a03f
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

  • maven: org.exoplatform.commons:commons-comet-service:6.0.x-SNAPSHOT   Confidence:High

exo.kernel.component.cache-6.0.x-SNAPSHOT.jar

Description: Implementation of Cache Service of Exoplatform SAS 'eXo Kernel' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.component.cache/6.0.x-SNAPSHOT/exo.kernel.component.cache-6.0.x-SNAPSHOT.jar
MD5: 8b0d5bca7bccac22c8b49202e3af31d4
SHA1: fc7fd420984fb3a4f426029ce1353149fab42d35
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

  • maven: org.exoplatform.kernel:exo.kernel.component.cache:6.0.x-SNAPSHOT   Confidence:High

exo.core.component.security.core-6.0.x-SNAPSHOT.jar

Description: Implementation of 'eXo Security' component of Exoplatform SAS 'eXo Core' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.security.core/6.0.x-SNAPSHOT/exo.core.component.security.core-6.0.x-SNAPSHOT.jar
MD5: ed9e42743794ca109fb30bfe6543b076
SHA1: 1a774aae09ac563ecf77c7c78153a60c9c8e6bd0
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

  • maven: org.exoplatform.core:exo.core.component.security.core:6.0.x-SNAPSHOT   Confidence:High

antlr-2.7.7.jar

Description:  A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.

License:

BSD License: http://www.antlr.org/license.html
File Path: /home/ciagent/.m2/repository/antlr/antlr/2.7.7/antlr-2.7.7.jar
MD5: f8f1352c52a4c6a500b597596501fc64
SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

hibernate-core-4.2.21.Final.jar

Description: A module of the Hibernate O/RM project

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/ciagent/.m2/repository/org/hibernate/hibernate-core/4.2.21.Final/hibernate-core-4.2.21.Final.jar
MD5: 492567c1f36fb3a5968ca2d3c452edaf
SHA1: bb587d00287c13d9e4324bc76c13abbd493efa81
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

exo.core.component.organization.api-6.0.x-SNAPSHOT.jar

Description: API of Organization Service of Exoplatform SAS 'eXo Core' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.organization.api/6.0.x-SNAPSHOT/exo.core.component.organization.api-6.0.x-SNAPSHOT.jar
MD5: a7eb0f78ea4e73e5c8560e0697866970
SHA1: b5c9fa30c3833c3e0769a7bcf761c5366805a732
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

  • maven: org.exoplatform.core:exo.core.component.organization.api:6.0.x-SNAPSHOT   Confidence:High
  • cpe: cpe:/a:api-platform:core:6.0   Confidence:Low   

mail-1.4.7.jar

Description: JavaMail API (compat)

License:

http://www.sun.com/cddl, https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /home/ciagent/.m2/repository/javax/mail/mail/1.4.7/mail-1.4.7.jar
MD5: 77f53ff0c78ba43c4812ecc9f53e20f8
SHA1: 9add058589d5d85adeb625859bf2c5eeaaedf12d
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

commons-dbcp-1.4.jar

Description: Commons Database Connection Pooling

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-dbcp/commons-dbcp/1.4/commons-dbcp-1.4.jar
MD5: b004158fab904f37f5831860898b3cd9
SHA1: 30be73c965cc990b153a100aaaaafcf239f82d39
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:runtime

Identifiers

commons-pool-1.6.jar

Description: Commons Object Pooling Library

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-pool/commons-pool/1.6/commons-pool-1.6.jar
MD5: 5ca02245c829422176d23fa530e919cc
SHA1: 4572d589699f09d866a226a14b7f4323c6d8f040
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:runtime

Identifiers

exo.kernel.component.common-6.0.x-SNAPSHOT.jar

Description: Implementation of Common Service of Exoplatform SAS 'eXo Kernel' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.component.common/6.0.x-SNAPSHOT/exo.kernel.component.common-6.0.x-SNAPSHOT.jar
MD5: 7d56b2a5181e482b340b4f0e9ee5e017
SHA1: bb1382baadbd0dd13685e7cc493f37dcf551896d
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

  • maven: org.exoplatform.kernel:exo.kernel.component.common:6.0.x-SNAPSHOT   Confidence:High

commons-fileupload-1.3.3.jar

Description:  The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-fileupload/commons-fileupload/1.3.3/commons-fileupload-1.3.3.jar
MD5: dd77e787b7b5dc56f6a1cb658716d55d
SHA1: 04ff14d809195b711fd6bcc87e6777f886730ca1
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

exo.ws.rest.core-6.0.x-SNAPSHOT.jar

Description: Implementation of REST Core for Exoplatform SAS 'Web Services' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/ws/exo.ws.rest.core/6.0.x-SNAPSHOT/exo.ws.rest.core-6.0.x-SNAPSHOT.jar
MD5: 2e5bcea622faca44fa175918d5cc256b
SHA1: 486f797c093590f2fc415145bfddaa43fd5db6bf
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile

Identifiers

  • cpe: cpe:/a:ws_project:ws:6.0.20191006   Confidence:Low   
  • maven: org.exoplatform.ws:exo.ws.rest.core:6.0.x-SNAPSHOT   Confidence:High

exo.portal.webui.core-6.0.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.webui.core/6.0.x-SNAPSHOT/exo.portal.webui.core-6.0.x-SNAPSHOT.jar
MD5: 255f0ceeb865a007cc375c626ec2b6f8
SHA1: 23fea0b1174fcc20a230cf872216ea16e3834e68
Referenced In Project/Scope: eXo PLF:: Commons - Transparent Upgrade Framework:compile