Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: eXo PLF:: Commons - Commons Extension Webapp

org.exoplatform.commons:commons-extension-webapp:6.0.x-SNAPSHOT

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE Coordinates Highest Severity CVE Count CPE Confidence Evidence Count
commons-lang-2.6.jar org.netbeans.external:org-apache-commons-lang:RELEASE90    0 34
jsr250-api-1.0.jar javax.annotation:jsr250-api:1.0    0 20
jcr-1.0.1.jar cpe:/a:content_project:content:1.0.1 javax.jcr:jcr:1.0.1 Medium 1 Low 25
jsr311-api-1.1.1.jar javax.ws.rs:jsr311-api:1.1.1    0 28
chromattic.api-1.3.0.jar org.chromattic:chromattic.api:1.3.0    0 23
javaparser-1.0.8.jar com.google.code.javaparser:javaparser:1.0.8   0 20
chromattic.testgenerator-1.3.0.jar org.chromattic:chromattic.testgenerator:1.3.0    0 23
chromattic.metamodel-1.3.0.jar org.chromattic:chromattic.metamodel:1.3.0    0 23
chromattic.spi-1.3.0.jar org.chromattic:chromattic.spi:1.3.0    0 25
reflext.api-1.1.0.jar org.reflext:reflext.api:1.1.0    0 23
reflext.core-1.1.0.jar org.reflext:reflext.core:1.1.0    0 23
reflext.spi-1.1.0.jar org.reflext:reflext.spi:1.1.0    0 25
reflext.apt-1.1.0.jar cpe:/a:processing:processing:1.1.0 org.reflext:reflext.apt:1.1.0  Medium 1 Low 23
chromattic.apt-1.3.0.jar org.chromattic:chromattic.apt:1.3.0    0 23
chromattic.common-1.3.0.jar org.chromattic:chromattic.common:1.3.0    0 25
reflext.jlr-1.1.0.jar org.reflext:reflext.jlr:1.1.0    0 23
chromattic.core-1.3.0.jar org.chromattic:chromattic.core:1.3.0    0 23
portlet-api-2.0.jar javax.portlet:portlet-api:2.0    0 22
common-logging-2.2.2.Final.jar org.gatein.common:common-logging:2.2.2.Final    0 31
common-common-2.2.2.Final.jar org.gatein.common:common-common:2.2.2.Final    0 31
jboss-logging-3.3.0.Final.jar org.jboss.logging:jboss-logging:3.3.0.Final    0 44
exo.kernel.component.ext.cache.impl.infinispan.v8-6.0.x-SNAPSHOT.jar cpe:/a:infinispan:infinispan:6.0.0 org.exoplatform.kernel:exo.kernel.component.ext.cache.impl.infinispan.v8:6.0.x-SNAPSHOT Medium 3 Highest 24
exo.core.component.database-6.0.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.database:6.0.x-SNAPSHOT   0 24
staxnav.core-0.9.8.jar org.staxnav:staxnav.core:0.9.8    0 19
commons-lang3-3.3.2.jar org.apache.commons:commons-lang3:3.3.2    0 37
dom4j-1.6.1.jar cpe:/a:dom4j_project:dom4j:1.6.1 dom4j:dom4j:1.6.1  Medium 1 Highest 28
javassist-3.20.0-GA.jar org.javassist:javassist:3.20.0-GA    0 27
hibernate-jpa-2.0-api-1.0.1.Final.jar org.hibernate.javax.persistence:hibernate-jpa-2.0-api:1.0.1.Final    0 26
jboss-logging-annotations-1.2.0.Beta1.jar org.jboss.logging:jboss-logging-annotations:1.2.0.Beta1    0 30
hibernate-commons-annotations-4.0.5.Final.jar org.hibernate.common:hibernate-commons-annotations:4.0.5.Final    0 30
hibernate-entitymanager-4.2.21.Final.jar org.hibernate:hibernate-entitymanager:4.2.21.Final    0 32
liquibase-core-3.4.2.jar org.liquibase:liquibase-core:3.4.2    0 19
closure-compiler-externs-v20170910.jar com.google.javascript:closure-compiler-externs:v20170910    0 19
args4j-2.33.jar args4j:args4j:2.33    0 24
error_prone_annotations-2.0.18.jar com.google.errorprone:error_prone_annotations:2.0.18    0 23
gson-2.7.jar com.google.code.gson:gson:2.7    0 34
jsinterop-annotations-1.0.0.jar com.google.jsinterop:jsinterop-annotations:1.0.0    0 19
closure-compiler-v20170910.jar com.google.javascript:closure-compiler:v20170910    0 13
commons-webui-component-6.0.x-SNAPSHOT.jar org.exoplatform.commons:commons-webui-component:6.0.x-SNAPSHOT   0 25
commons-api-6.0.x-SNAPSHOT.jar org.exoplatform.commons:commons-api:6.0.x-SNAPSHOT   0 25
bayeux-api-3.0.8.jar org.cometd.java:bayeux-api:3.0.8    0 29
cometd-java-common-3.0.8.jar org.cometd.java:cometd-java-common:3.0.8    0 29
cometd-java-websocket-javax-server-3.0.8.jar org.cometd.java:cometd-java-websocket-javax-server:3.0.8    0 29
cometd-java-websocket-common-server-3.0.8.jar org.cometd.java:cometd-java-websocket-common-server:3.0.8    0 29
cometd-java-annotations-3.0.8.jar org.cometd.java:cometd-java-annotations:3.0.8    0 29
jetty-io-9.2.14.v20151106.jar org.eclipse.jetty:jetty-io:9.2.14.v20151106    0 35
cometd-java-client-3.0.8.jar org.cometd.java:cometd-java-client:3.0.8    0 29
cometd-java-websocket-common-client-3.0.8.jar org.cometd.java:cometd-java-websocket-common-client:3.0.8    0 29
cometd-java-websocket-javax-client-3.0.8.jar org.cometd.java:cometd-java-websocket-javax-client:3.0.8    0 29
cometd-java-oort-3.0.8.jar org.cometd.java:cometd-java-oort:3.0.8    0 29
jetty-jmx-9.2.14.v20151106.jar cpe:/a:jetty:jetty:9.2.14.v20151106
cpe:/a:eclipse:jetty:9.2.14.v20151106 		org.eclipse.jetty:jetty-jmx:9.2.14.v20151106  High 4 Low 37
cometd-java-server-3.0.8.jar org.cometd.java:cometd-java-server:3.0.8    0 29
commons-comet-service-6.0.x-SNAPSHOT.jar org.exoplatform.commons:commons-comet-service:6.0.x-SNAPSHOT   0 25
exo.kernel.component.cache-6.0.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.component.cache:6.0.x-SNAPSHOT   0 24
exo.core.component.security.core-6.0.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.security.core:6.0.x-SNAPSHOT   0 22
antlr-2.7.7.jar antlr:antlr:2.7.7    0 18
hibernate-core-4.2.21.Final.jar org.hibernate:hibernate-core:4.2.21.Final    0 32
jakarta-regexp-1.4.jar jakarta-regexp:jakarta-regexp:1.4    0 14
xpp3-1.1.6.jar org.ogce:xpp3:1.1.6    0 24
exo.core.component.organization.api-6.0.x-SNAPSHOT.jar cpe:/a:api-platform:core:6.0 org.exoplatform.core:exo.core.component.organization.api:6.0.x-SNAPSHOT   0 Low 22
commons-chain-1.2.jar commons-chain:commons-chain:1.2    0 34
commons-digester-2.1.jar commons-digester:commons-digester:2.1    0 34
exo.kernel.component.command-6.0.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.component.command:6.0.x-SNAPSHOT   0 24
commons-io-2.4.jar commons-io:commons-io:2.4    0 36
fontbox-1.8.14.jar cpe:/a:apache:pdfbox:1.8.14 org.apache.pdfbox:fontbox:1.8.14  Medium 2 Highest 37
jempbox-1.8.14.jar cpe:/a:apache:pdfbox:1.8.14 org.apache.pdfbox:jempbox:1.8.14  Medium 2 Highest 35
pdfbox-1.8.14.jar cpe:/a:apache:pdfbox:1.8.14 org.apache.pdfbox:pdfbox:1.8.14  Medium 2 Highest 35
htmllexer-2.1.jar org.htmlparser:htmllexer:2.1    0 23
htmlparser-2.1.jar org.htmlparser:htmlparser:2.1    0 23
poi-3.13.jar cpe:/a:apache:poi:3.13 org.apache.poi:poi:3.13  High 2 Highest 28
tika-core-1.5.jar cpe:/a:apache:tika:1.5 org.apache.tika:tika-core:1.5  High 8 Highest 33
vorbis-java-core-0.1-tests.jar org.gagravarr:vorbis-java-core:0.1    0 23
vorbis-java-tika-0.1.jar cpe:/a:apache:tika:0.1 org.gagravarr:vorbis-java-tika:0.1  High 6 Highest 23
netcdf-4.2-min.jar edu.ucar:netcdf:4.2-min    0 21
apache-mime4j-core-0.7.2.jar cpe:/a:apache:james:0.7.2 org.apache.james:apache-mime4j-core:0.7.2    0 Low 33
xz-1.2.jar cpe:/a:tukaani:xz:1.2 org.tukaani:xz:1.2  Medium 1 Low 27
commons-compress-1.5.jar cpe:/a:apache:commons_compress:1.5
cpe:/a:apache:commons-compress:1.5 		org.apache.commons:commons-compress:1.5    0 Low 39
bcmail-jdk15-1.45.jar cpe:/a:no-cms_project:no-cms:1.45
cpe:/a:mime_project:mime:1.45 		org.bouncycastle:bcmail-jdk15:1.45    0 Low 24
bcprov-jdk15-1.45.jar cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.45
cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.45 		org.bouncycastle:bcprov-jdk15:1.45  Medium 1 Low 24
tagsoup-1.2.1.jar org.ccil.cowan.tagsoup:tagsoup:1.2.1    0 18
asm-debug-all-4.1.jar cpe:/a:debug_project:debug:4.1 org.ow2.asm:asm-debug-all:4.1    0 Low 28
isoparser-1.0-RC-1.jar cpe:/a:boxes_project:boxes:7.x-1.0 com.googlecode.mp4parser:isoparser:1.0-RC-1  Low 1 Highest 24
xmpcore-5.1.2.jar com.adobe.xmp:xmpcore:5.1.2    0 30
xercesImpl-2.9.1.jar cpe:/a:apache:xerces2_java:2.9.1 xerces:xercesImpl:2.9.1  High 1 Low 50
metadata-extractor-2.6.2.jar com.drewnoakes:metadata-extractor:2.6.2    0 21
rome-1.0.jar rome:rome:1.0    0 32
vorbis-java-core-0.1.jar org.gagravarr:vorbis-java-core:0.1    0 21
juniversalchardet-1.0.3.jar org.zenframework.z8.dependencies.commons:juniversalchardet-1.0.3:2.0    0 26
jhighlight-1.0.jar com.uwyn:jhighlight:1.0    0 25
xmlbeans-2.6.0.jar org.apache.xmlbeans:xmlbeans:2.6.0    0 24
exo.core.component.document-6.0.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.document:6.0.x-SNAPSHOT   0 24
lucene-core-3.6.2.jar org.apache.lucene:lucene-core:3.6.2    0 26
lucene-analyzers-3.6.2.jar org.apache.lucene:lucene-analyzers:3.6.2    0 26
lucene-spellchecker-3.6.2.jar org.apache.lucene:lucene-spellchecker:3.6.2    0 26
jta-1.1.jar javax.transaction:transaction-api:1.1    0 22
concurrent-1.3.4.jar concurrent:concurrent:1.3.4    0 23
commons-collections-3.2.2.jar cpe:/a:apache:commons_collections:3.2.2 commons-collections:commons-collections:3.2.2    0 Low 40
jgroups-3.6.13.Final.jar org.jgroups:jgroups:3.6.13.Final    0 32
jbossjta-4.16.6.Final.jar org.jboss.jbossts:jbossjta:4.16.6.Final    0 22
ws-commons-util-1.0.1.jar cpe:/a:ws_project:ws:1.0.1 ws-commons-util:ws-commons-util:1.0.1  Medium 1 Low 30
jboss-common-core-2.2.22.GA.jar org.jboss:jboss-common-core:2.2.22.GA    0 30
stringtemplate-3.2.1.jar cpe:/a:string_project:string:3.2.1::~~~node.js~~ org.antlr:stringtemplate:3.2.1  Medium 1 Highest 23
antlr-runtime-3.5.jar org.antlr:antlr-runtime:3.5    0 26
jboss-marshalling-osgi-2.0.0.Beta3.jar org.jboss.marshalling:jboss-marshalling-osgi:2.0.0.Beta3    0 29
infinispan-core-8.2.6.Final.jar cpe:/a:infinispan:infinispan:8.2.6 org.infinispan:infinispan-core:8.2.6.Final  Medium 3 Highest 35
exo.jcr.component.core-6.0.x-SNAPSHOT.jar org.exoplatform.jcr:exo.jcr.component.core:6.0.x-SNAPSHOT   0 24
mime-util-2.1.3.jar cpe:/a:mime_project:mime:2.1.3 eu.medsea.mimeutil:mime-util:2.1.3    0 Low 30
jcl-over-slf4j-1.7.18.jar org.slf4j:jcl-over-slf4j:1.7.18    0 31
exo.kernel.commons-6.0.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.commons:6.0.x-SNAPSHOT   0 24
mail-1.4.7.jar cpe:/a:sun:javamail:1.4.7 javax.mail:mail:1.4.7    0 Low 38
commons-dbcp-1.4.jar commons-dbcp:commons-dbcp:1.4    0 34
commons-pool-1.6.jar commons-pool:commons-pool:1.6    0 36
exo.kernel.component.common-6.0.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.component.common:6.0.x-SNAPSHOT   0 22
javax.servlet-api-3.0.1.jar javax.servlet:javax.servlet-api:3.0.1    0 38
commons-beanutils-1.8.3.jar cpe:/a:apache:commons_beanutils:1.8.3 commons-beanutils:commons-beanutils:1.8.3  High 2 Low 34
wci-wci-6.0.x-SNAPSHOT.jar org.exoplatform.gatein.wci:wci-wci:6.0.x-SNAPSHOT   0 29
jibx-run-1.2.6.jar org.jibx:jibx-run:1.2.6    0 29
javax.inject-1.jar javax.inject:javax.inject:1    0 20
cdi-api-1.0-SP4.jar javax.enterprise:cdi-api:1.0-SP4    0 31
exo.kernel.container-6.0.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.container:6.0.x-SNAPSHOT   0 24
commons-fileupload-1.3.3.jar cpe:/a:apache:commons_fileupload:1.3.3 commons-fileupload:commons-fileupload:1.3.3    0 Low 40
exo.ws.rest.core-6.0.x-SNAPSHOT.jar cpe:/a:ws_project:ws:6.0.20191006 org.exoplatform.ws:exo.ws.rest.core:6.0.x-SNAPSHOT   0 Low 24
exo.portal.webui.core-6.0.x-SNAPSHOT.jar cpe:/a:in-portal:in-portal:6.0.20191006 org.exoplatform.gatein.portal:exo.portal.webui.core:6.0.x-SNAPSHOT   0 Low 29
log4j-1.2.17.jar cpe:/a:apache:log4j:2.0:alpha1 log4j:log4j:1.2.17  High 1 High 33
twitter4j-core-3.0.5.jar cpe:/a:twitter_project:twitter:3.0.5
cpe:/a:twitter:twitter:3.0.5 		org.twitter4j:twitter4j-core:3.0.5    0 Low 22
scribe-1.3.5.jar cpe:/a:scribe:scribe:1.3.5 org.scribe:scribe:1.3.5    0 Low 23
httpcore-4.3.3.jar org.apache.httpcomponents:httpcore:4.3.3    0 32
commons-logging-1.1.3.jar commons-logging:commons-logging:1.1.3    0 36
httpclient-4.3.6.jar cpe:/a:apache:httpclient:4.3.6 org.apache.httpcomponents:httpclient:4.3.6    0 Low 32
google-http-client-1.14.1-beta.jar cpe:/a:google_forms_project:google_forms:1.14.1.beta com.google.http-client:google-http-client:1.14.1-beta    0 Low 24
jsr305-1.3.9.jar com.google.code.findbugs:jsr305:1.3.9    0 21
google-api-client-1.14.1-beta.jar com.google.api-client:google-api-client:1.14.1-beta    0 22
jackson-core-asl-1.9.11.jar cpe:/a:fasterxml:jackson:1.9.11 org.codehaus.jackson:jackson-core-asl:1.9.11    0 Low 32
google-http-client-jackson-1.14.1-beta.jar com.google.http-client:google-http-client-jackson:1.14.1-beta    0 22
google-api-services-plus-v1-rev69-1.14.2-beta.jar com.google.apis:google-api-services-plus:v1-rev69-1.14.2-beta    0 26
google-api-services-oauth2-v2-rev36-1.14.2-beta.jar com.google.apis:google-api-services-oauth2:v2-rev36-1.14.2-beta    0 26
stax-api-1.0-2.jar javax.xml.stream:stax-api:1.0-2    0 20
activation-1.1.1.jar javax.activation:activation:1.1.1    0 24
jaxb-api-2.1.jar javax.xml.bind:jaxb-api:2.1    0 15
jaxb-impl-2.1.8.jar com.sun.xml.bind:jaxb-impl:2.1.8    0 20
picketlink-idm-core-1.4.6.Final.jar cpe:/a:picketlink:picketlink:1.4.6 org.picketlink.idm:picketlink-idm-core:1.4.6.Final  Medium 3 Low 37
mop-api-1.3.2.Final.jar org.gatein.mop:mop-api:1.3.2.Final   0 30
mop-spi-1.3.2.Final.jar org.gatein.mop:mop-spi:1.3.2.Final   0 30
mop-core-1.3.2.Final.jar org.gatein.mop:mop-core:1.3.2.Final   0 30
gatein-management-api-2.1.0.Final.jar org.gatein.management:gatein-management-api:2.1.0.Final   0 28
gatein-management-spi-2.1.0.Final.jar org.gatein.management:gatein-management-spi:2.1.0.Final   0 28
json-20070829.jar org.json:json:20070829    0 23
chromattic.ext-1.3.0.jar org.chromattic:chromattic.ext:1.3.0    0 25
pc-api-6.0.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-api:6.0.x-SNAPSHOT   0 27
pc-portlet-6.0.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-portlet:6.0.x-SNAPSHOT   0 29
pc-federation-6.0.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-federation:6.0.x-SNAPSHOT   0 29
pc-bridge-6.0.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-bridge:6.0.x-SNAPSHOT   0 27
filters-2.0.235.jar cpe:/a:image_processing_software:image_processing_software:2.0.235 com.jhlabs:filters:2.0.235  Low 1 Low 22
simplecaptcha-1.1.1.Final-gatein-4.jar org.gatein.captcha:simplecaptcha:1.1.1.Final-gatein-4   0 27
gatein-api-1.0.1.Final.jar org.gatein.api:gatein-api:1.0.1.Final    0 29
icu4j-56.1.jar cpe:/a:icu-project:international_components_for_unicode:56.1::~~~c%2fc%2b%2b~~ com.ibm.icu:icu4j:56.1  High 8 Highest 33
exo.portal.webui.portal-6.0.x-SNAPSHOT.jar cpe:/a:in-portal:in-portal:6.0 org.exoplatform.gatein.portal:exo.portal.webui.portal:6.0.x-SNAPSHOT   0 Low 27
aspectjrt-1.8.8.jar org.aspectj:aspectjrt:1.8.8    0 21
c3p0-0.9.1.1.jar cpe:/a:mchange:c3p0:0.9.1.1 c3p0:c3p0:0.9.1.1  Medium 1 Highest 23
quartz-2.2.2.jar org.quartz-scheduler:quartz:2.2.2    0 43
hamcrest-core-1.3.jar org.hamcrest:hamcrest-core:1.3    0 25
junit-4.12.jar junit:junit:4.12    0 25
jmock-1.0.1.jar jmock:jmock:1.0.1    0 14
xpp3-1.1.4c.jar xpp3:xpp3:1.1.4c    0 26
picocontainer-1.1.jar picocontainer:picocontainer:1.1    0 28
xmlpull-1.1.3.1.jar xmlpull:xmlpull:1.1.3.1    0 18
xpp3_min-1.1.4c.jar xpp3:xpp3_min:1.1.4c    0 24
xstream-1.4.10.jar cpe:/a:xstream_project:xstream:1.4.10 com.thoughtworks.xstream:xstream:1.4.10  High 2 Highest 53
guava-20.0.jar cpe:/a:google:guava:20.0 com.google.guava:guava:20.0  Medium 1 Highest 29
commons-codec-1.10.jar commons-codec:commons-codec:1.10    0 38
owasp-java-html-sanitizer-20160413.1.jar cpe:/a:owasp-java-html-sanitizer_project:owasp-java-html-sanitizer:20160413.1 com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20160413.1    0 Low 21
jrcs.diff-0.4.2.jar org.jvnet.hudson:org.suigeneris.jrcs.diff:0.4.2    0 17
ecs-1.4.2.jar ecs:ecs:1.4.2    0 14
json-simple-1.1.1.jar com.googlecode.json-simple:json-simple:1.1.1    0 23
jackson-core-2.9.8.jar cpe:/a:fasterxml:jackson:2.9.8 com.fasterxml.jackson.core:jackson-core:2.9.8    0 Low 41
jackson-databind-2.9.8.jar cpe:/a:fasterxml:jackson:2.9.8
cpe:/a:fasterxml:jackson-databind:2.9.8 		com.fasterxml.jackson.core:jackson-databind:2.9.8  High 10 Highest 41
snakeyaml-1.23.jar org.yaml:snakeyaml:1.23    0 25
jackson-dataformat-yaml-2.9.8.jar cpe:/a:fasterxml:jackson:2.9.8
cpe:/a:fasterxml:jackson-dataformat-xml:2.9.8 		com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.9.8    0 Low 41
swagger-annotations-1.5.22.jar io.swagger:swagger-annotations:1.5.22    0 24
swagger-models-1.5.22.jar io.swagger:swagger-models:1.5.22    0 24
validation-api-1.1.0.Final.jar javax.validation:validation-api:1.1.0.Final    0 22
swagger-core-1.5.22.jar io.swagger:swagger-core:1.5.22    0 24
reflections-0.9.11.jar org.reflections:reflections:0.9.11    0 25
swagger-jaxrs-1.5.22.jar io.swagger:swagger-jaxrs:1.5.22    0 24
commons-component-common-6.0.x-SNAPSHOT.jar org.exoplatform.commons:commons-component-common:6.0.x-SNAPSHOT   0 25
jtidy-r938.jar cpe:/a:html-tidy:tidy:- net.sf.jtidy:jtidy:r938    0 Low 25
exo.core.component.xml-processing-6.0.x-SNAPSHOT.jar cpe:/a:processing:processing:6.0.20191006 org.exoplatform.core:exo.core.component.xml-processing:6.0.x-SNAPSHOT   0 Low 24
groovy-all-2.4.12.jar cpe:/a:apache:groovy:2.4.12 org.codehaus.groovy:groovy-all:2.4.12    0 Low 36
exo.core.component.script.groovy-6.0.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.script.groovy:6.0.x-SNAPSHOT   0 22
exo.jcr.component.ext-6.0.x-SNAPSHOT.jar org.exoplatform.jcr:exo.jcr.component.ext:6.0.x-SNAPSHOT   0 24
platform-ui-skin-6.0.x-SNAPSHOT.war org.exoplatform.platform-ui:platform-ui-skin:6.0.x-SNAPSHOT   0 26
closure-compiler-v20170910.jar/META-INF/maven/com.google.javascript/closure-compiler/pom.xml cpe:/a:google:gmail:- com.google.javascript:closure-compiler:v20170910 Medium 1 Low 15
closure-compiler-v20170910.jar/META-INF/maven/com.google.protobuf/protobuf-java/pom.xml cpe:/a:google:protobuf:3.0.2 com.google.protobuf:protobuf-java:3.0.2 Medium 1 Highest 13
closure-compiler-v20170910.jar/META-INF/maven/com.google.code.findbugs/jsr305/pom.xml com.google.code.findbugs:jsr305:3.0.1   0 11
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling/pom.xml org.jboss.marshalling:jboss-marshalling:2.0.0.Beta3   0 13
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-river/pom.xml org.jboss.marshalling:jboss-marshalling-river:2.0.0.Beta3   0 13
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-serial/pom.xml org.jboss.marshalling:jboss-marshalling-serial:2.0.0.Beta3   0 13

Dependencies

commons-lang-2.6.jar

Description:  Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

jsr250-api-1.0.jar

Description: JSR-250 Reference Implementation by Glassfish

License:

COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: /home/ciagent/.m2/repository/javax/annotation/jsr250-api/1.0/jsr250-api-1.0.jar
MD5: 4cd56b2e4977e541186de69f5126b4a6
SHA1: 5025422767732a1ab45d93abfea846513d742dcf
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

jcr-1.0.1.jar

Description: Content Repository for Java technology API. Specifies a standard API to access content repositories in JavaTM 2 independently of implementation.

License:

Day License: http://www.day.com/maven/jsr170/licenses/day-spec-license.htm
File Path: /home/ciagent/.m2/repository/javax/jcr/jcr/1.0.1/jcr-1.0.1.jar
MD5: 4639c7b994528948dab1a4feb1f68d6f
SHA1: 567ee103cf7592e3cf036e1bf4e2e06b9f08e1a1
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

  • cpe: cpe:/a:content_project:content:1.0.1   Confidence:Low   
  • maven: javax.jcr:jcr:1.0.1   Confidence:High

CVE-2017-16111  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header.

Vulnerable Software & Versions:

jsr311-api-1.1.1.jar

License:

                CDDL License
            : http://www.opensource.org/licenses/cddl1.php
File Path: /home/ciagent/.m2/repository/javax/ws/rs/jsr311-api/1.1.1/jsr311-api-1.1.1.jar
MD5: c9803468299ec255c047a280ddec510f
SHA1: 59033da2a1afd56af1ac576750a8d0b1830d59e6
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

chromattic.api-1.3.0.jar

Description: Chromattic Framework API

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.api/1.3.0/chromattic.api-1.3.0.jar
MD5: 11f2df6e3a3b4451719710c0f4c08103
SHA1: 4f60a9585bd6e68833eaaea1f1a615c682adbe27
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

javaparser-1.0.8.jar

Description: A Java 1.5 Parser with AST generation and visitor support. The AST records the source code structure, javadoc and comments. It is also possible to change the AST nodes or create new ones to modify the source code.

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl.html
File Path: /home/ciagent/.m2/repository/com/google/code/javaparser/javaparser/1.0.8/javaparser-1.0.8.jar
MD5: 32228e53ef6cc2ebe515bc40d7c9a4f9
SHA1: 9ca2f8ef2233babc53a8c2b6bb21869d94f5fcc1
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

  • maven: com.google.code.javaparser:javaparser:1.0.8   Confidence:High

chromattic.testgenerator-1.3.0.jar

Description: Chromattic Framework generator

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.testgenerator/1.3.0/chromattic.testgenerator-1.3.0.jar
MD5: 971802dfdfdc6500f1ff0e583a7659a1
SHA1: e725269db29a0fc8c982df481e5ce09b84e5d6a8
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

chromattic.metamodel-1.3.0.jar

Description: Chromattic Framework Metamodel

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.metamodel/1.3.0/chromattic.metamodel-1.3.0.jar
MD5: 0d534975c688ebabbc232601c6bc13da
SHA1: fbaa10037faf34a2d4d8eeb4e6b5ce28c95a9455
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

chromattic.spi-1.3.0.jar

Description: Chromattic Framework SPI

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.spi/1.3.0/chromattic.spi-1.3.0.jar
MD5: e440e3f5a8e5ad38720975546ab7f06d
SHA1: 64c36f826b832acab48fea793b7c70b019a46181
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

reflext.api-1.1.0.jar

Description: The Reflext Framework API

File Path: /home/ciagent/.m2/repository/org/reflext/reflext.api/1.1.0/reflext.api-1.1.0.jar
MD5: fe732172fa2fb5ae4b63866ef15da41f
SHA1: 28374c509099736aeedc52fef3d7b8e78238c2a0
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

reflext.core-1.1.0.jar

Description: The Reflect Framework Core

File Path: /home/ciagent/.m2/repository/org/reflext/reflext.core/1.1.0/reflext.core-1.1.0.jar
MD5: cc65231f60a70dec43a57ccba5adce81
SHA1: 56316a714b99d7ac85d23d0f1a4680149c3273d6
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

reflext.spi-1.1.0.jar

Description: The Reflext Framework SPI

File Path: /home/ciagent/.m2/repository/org/reflext/reflext.spi/1.1.0/reflext.spi-1.1.0.jar
MD5: 2c967ae0c3078d23b615f8825377f304
SHA1: 4df0428c39922079c53955602bce66735f9d20a8
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

reflext.apt-1.1.0.jar

Description: The Reflext Framework Annotation Processing Tool Plugin

File Path: /home/ciagent/.m2/repository/org/reflext/reflext.apt/1.1.0/reflext.apt-1.1.0.jar
MD5: e6bb0195d6cdd15b618939c78999ea4e
SHA1: 093ab21e03197c1c7a2d2d20da4d3dd34a60ac24
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

CVE-2018-1000840  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

Processing Foundation Processing version 3.4 and earlier contains a XML External Entity (XXE) vulnerability in loadXML() function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use Processing to parse a crafted XML document.

Vulnerable Software & Versions:

chromattic.apt-1.3.0.jar

Description: Chromattic Framework APT Plugin

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.apt/1.3.0/chromattic.apt-1.3.0.jar
MD5: 5f51682435a2e2014a9bd9c5936a5cc5
SHA1: f2e219c2b8e13983a26b4c3f4e8eb54d71730b4d
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

chromattic.common-1.3.0.jar

Description: Chromattic Framework Common

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.common/1.3.0/chromattic.common-1.3.0.jar
MD5: 15bfb4cc0312aefffb25952cdf18b2cd
SHA1: 55470175c1ba46a917504acf97018e6ef2932659
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

reflext.jlr-1.1.0.jar

Description: The Reflext Framework Java Lang Reflect Plugin

File Path: /home/ciagent/.m2/repository/org/reflext/reflext.jlr/1.1.0/reflext.jlr-1.1.0.jar
MD5: 1103f3b1ed3762e0bd100cbee6e7f345
SHA1: 79ad1a5053213cbb350d37ff12d5f767243c8c46
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

chromattic.core-1.3.0.jar

Description: Chromattic Framework Core

File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.core/1.3.0/chromattic.core-1.3.0.jar
MD5: 9ece56be0e1e1b3289bbe177e8e1b4ab
SHA1: 1bc4ebc89d7b47af394b920f44a0b51409343034
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

portlet-api-2.0.jar

Description: The Java Portlet API version 2.0 developed by the Java Community Process JSR-286 Expert Group.

File Path: /home/ciagent/.m2/repository/javax/portlet/portlet-api/2.0/portlet-api-2.0.jar
MD5: 0ec08593cda1df33985391919996c740
SHA1: 1cd72f2a37fcf8ab9893a9468d7ba71c85fe2653
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

common-logging-2.2.2.Final.jar

File Path: /home/ciagent/.m2/repository/org/gatein/common/common-logging/2.2.2.Final/common-logging-2.2.2.Final.jar
MD5: 28b7108ee63899bca08636d360e7df11
SHA1: aee18008518671fb10982c0fe5f7383e98f71c47
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

common-common-2.2.2.Final.jar

File Path: /home/ciagent/.m2/repository/org/gatein/common/common-common/2.2.2.Final/common-common-2.2.2.Final.jar
MD5: 8ce16b5e3991285cd27e553740d09d1f
SHA1: 44522d899e31a5a10dbd70f7b0ca2fe5a614f740
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

jboss-logging-3.3.0.Final.jar

Description: The JBoss Logging Framework

License:

Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/jboss/logging/jboss-logging/3.3.0.Final/jboss-logging-3.3.0.Final.jar
MD5: bc11af4b8ce7138cdc79b7ba8561638c
SHA1: 3616bb87707910296e2c195dc016287080bba5af
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

exo.kernel.component.ext.cache.impl.infinispan.v8-6.0.x-SNAPSHOT.jar

Description: Infinispan Implementation of Cache Service for Exoplatform SAS 'eXo Kernel' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.component.ext.cache.impl.infinispan.v8/6.0.x-SNAPSHOT/exo.kernel.component.ext.cache.impl.infinispan.v8-6.0.x-SNAPSHOT.jar
MD5: e6f5afb88163e7a90e2e9d051f873051
SHA1: 02154b5970536c8129f7391e8e895957d57e7ce5
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

  • maven: org.exoplatform.kernel:exo.kernel.component.ext.cache.impl.infinispan.v8:6.0.x-SNAPSHOT   Confidence:High
  • cpe: cpe:/a:infinispan:infinispan:6.0.0   Confidence:Highest   

CVE-2016-0750  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.

Vulnerable Software & Versions: (show all)

CVE-2017-15089  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.

Vulnerable Software & Versions: (show all)

CVE-2017-2638  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication

It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.

Vulnerable Software & Versions: (show all)

exo.core.component.database-6.0.x-SNAPSHOT.jar

Description: Implementation of Database Service of Exoplatform SAS eXo Core' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.database/6.0.x-SNAPSHOT/exo.core.component.database-6.0.x-SNAPSHOT.jar
MD5: 14870e78a5eac97df541022f4cfe8eef
SHA1: 31ecd2bcaa90ee0ef4313a44cfb606c860e264a5
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

  • maven: org.exoplatform.core:exo.core.component.database:6.0.x-SNAPSHOT   Confidence:High

staxnav.core-0.9.8.jar

File Path: /home/ciagent/.m2/repository/org/staxnav/staxnav.core/0.9.8/staxnav.core-0.9.8.jar
MD5: 0f786e5be21df9fbe8753175564564c7
SHA1: 27bd12d4d74b0851e38de79f8299462d93ba3d7f
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

commons-lang3-3.3.2.jar

Description:  Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/commons/commons-lang3/3.3.2/commons-lang3-3.3.2.jar
MD5: 3128bf75a2549ebe38663401191bacab
SHA1: 90a3822c38ec8c996e84c16a3477ef632cbc87a3
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

dom4j-1.6.1.jar

Description: dom4j: the flexible XML framework for Java

File Path: /home/ciagent/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar
MD5: 4d8f51d3fe3900efc6e395be48030d6d
SHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

CVE-2018-1000632  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-91 XML Injection (aka Blind XPath Injection)

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

Vulnerable Software & Versions: (show all)

javassist-3.20.0-GA.jar

Description:  Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/
File Path: /home/ciagent/.m2/repository/org/javassist/javassist/3.20.0-GA/javassist-3.20.0-GA.jar
MD5: a89dd7907d76e061ec2c07e762a74256
SHA1: a9cbcdfb7e9f86fbc74d3afae65f2248bfbf82a0
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

hibernate-jpa-2.0-api-1.0.1.Final.jar

Description:  Hibernate definition of the Java Persistence 2.0 (JSR 317) API.

License:

license.txt
File Path: /home/ciagent/.m2/repository/org/hibernate/javax/persistence/hibernate-jpa-2.0-api/1.0.1.Final/hibernate-jpa-2.0-api-1.0.1.Final.jar
MD5: d7e7d8f60fc44a127ba702d43e71abec
SHA1: 3306a165afa81938fc3d8a0948e891de9f6b192b
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

jboss-logging-annotations-1.2.0.Beta1.jar

File Path: /home/ciagent/.m2/repository/org/jboss/logging/jboss-logging-annotations/1.2.0.Beta1/jboss-logging-annotations-1.2.0.Beta1.jar
MD5: 938e552e319015a8863dd91284aada54
SHA1: 2f437f37bb265d9f8f1392823dbca12d2bec06d6
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

hibernate-commons-annotations-4.0.5.Final.jar

Description: Common reflection code used in support of annotation processing

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/ciagent/.m2/repository/org/hibernate/common/hibernate-commons-annotations/4.0.5.Final/hibernate-commons-annotations-4.0.5.Final.jar
MD5: 5dadbafd7c7bc1168c10a2ba87e927a2
SHA1: 2a581b9edb8168e45060d8bad8b7f46712d2c52c
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

hibernate-entitymanager-4.2.21.Final.jar

Description: A module of the Hibernate O/RM project

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/ciagent/.m2/repository/org/hibernate/hibernate-entitymanager/4.2.21.Final/hibernate-entitymanager-4.2.21.Final.jar
MD5: 2c1a3f1c7bb83b730ab3db1fe588904e
SHA1: a6675070b4c7bb843d74d6ab3bc9440fd315dbb3
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

liquibase-core-3.4.2.jar

File Path: /home/ciagent/.m2/repository/org/liquibase/liquibase-core/3.4.2/liquibase-core-3.4.2.jar
MD5: d4ad6d5f7958b69b8fbd01a5564ae45b
SHA1: c91ccf342466857251cf6795b0cecc42509206f2
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

closure-compiler-externs-v20170910.jar

File Path: /home/ciagent/.m2/repository/com/google/javascript/closure-compiler-externs/v20170910/closure-compiler-externs-v20170910.jar
MD5: 573e49fb83760d25b675028eb612e2b2
SHA1: 036e801a929fcd121d212093923daf34986f5572
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

args4j-2.33.jar

Description: args4j : Java command line arguments parser

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /home/ciagent/.m2/repository/args4j/args4j/2.33/args4j-2.33.jar
MD5: 0a6d515f76b15d29e3cd529de9319739
SHA1: bd87a75374a6d6523de82fef51fc3cfe9baf9fc9
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

error_prone_annotations-2.0.18.jar

File Path: /home/ciagent/.m2/repository/com/google/errorprone/error_prone_annotations/2.0.18/error_prone_annotations-2.0.18.jar
MD5: 98051758c08c9b7111b3268655069432
SHA1: 5f65affce1684999e2f4024983835efc3504012e
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

gson-2.7.jar

Description: Gson JSON library

File Path: /home/ciagent/.m2/repository/com/google/code/gson/gson/2.7/gson-2.7.jar
MD5: 5134a2350f58890ffb9db0b40047195d
SHA1: 751f548c85fa49f330cecbb1875893f971b33c4e
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

jsinterop-annotations-1.0.0.jar

File Path: /home/ciagent/.m2/repository/com/google/jsinterop/jsinterop-annotations/1.0.0/jsinterop-annotations-1.0.0.jar
MD5: 93302e3d0cc146097ecd08039dc1de52
SHA1: 23c3a3c060ffe4817e67673cc8294e154b0a4a95
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

closure-compiler-v20170910.jar

File Path: /home/ciagent/.m2/repository/com/google/javascript/closure-compiler/v20170910/closure-compiler-v20170910.jar
MD5: ca8e9f88ba9aad9c5e2c0f8f937fe869
SHA1: 3b87499e9ed3f068e69889182ab95cff92de0932
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

commons-webui-component-6.0.x-SNAPSHOT.jar

File Path: /srv/ciagent/workspace/PLF/commons-develop-site/sources/commons-webui-component/target/commons-webui-component-6.0.x-SNAPSHOT.jar
MD5: 9e0d0437a8acee56ed47ea2c9982feaf
SHA1: da7b7976a134da2c2edcac5edde9b71f0e1f2826
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

  • maven: org.exoplatform.commons:commons-webui-component:6.0.x-SNAPSHOT   Confidence:High

commons-api-6.0.x-SNAPSHOT.jar

File Path: /srv/ciagent/workspace/PLF/commons-develop-site/sources/commons-api/target/commons-api-6.0.x-SNAPSHOT.jar
MD5: 332b87dddaf0be269662405ecc51a34d
SHA1: a549807a3bf40b0c82c8fd19d03c14a76dab3dd4
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

  • maven: org.exoplatform.commons:commons-api:6.0.x-SNAPSHOT   Confidence:High

bayeux-api-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/bayeux-api/3.0.8/bayeux-api-3.0.8.jar
MD5: a09842b7f274cefffa408299b5fc8dd0
SHA1: d5aceb0e7fef4a140f7e95be48338b97723d3163
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

cometd-java-common-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-common/3.0.8/cometd-java-common-3.0.8.jar
MD5: 70c7cc13ecc20634a6b357e33134d551
SHA1: 5e2134a1b3bc6e03b7e1666a74e9993d0bb52a7d
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

cometd-java-websocket-javax-server-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-websocket-javax-server/3.0.8/cometd-java-websocket-javax-server-3.0.8.jar
MD5: afa5e80138d48292a6f93b708257d2fc
SHA1: 353860f809886a58c181dd9e273ee7b79e133277
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

cometd-java-websocket-common-server-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-websocket-common-server/3.0.8/cometd-java-websocket-common-server-3.0.8.jar
MD5: 5772b2360cec4ff610e62151fb4deb62
SHA1: 61538a1231b700bf045fa197514f63509960985e
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

cometd-java-annotations-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-annotations/3.0.8/cometd-java-annotations-3.0.8.jar
MD5: 98b60697675562cf957655c3239a1ad3
SHA1: 5b56875b2ac024b5666633596abb90702ec35e81
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

jetty-io-9.2.14.v20151106.jar

Description: Administrative parent pom for Jetty modules

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: /home/ciagent/.m2/repository/org/eclipse/jetty/jetty-io/9.2.14.v20151106/jetty-io-9.2.14.v20151106.jar
MD5: 94d0e857144c7615b6fd65019cd32b59
SHA1: dfa4137371a3f08769820138ca1a2184dacda267
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

cometd-java-client-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-client/3.0.8/cometd-java-client-3.0.8.jar
MD5: 24f1367fb4d96fe70a3f07a1f48e447e
SHA1: 826d4ae9402e7c48cc98fe287389788134e4986f
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

cometd-java-websocket-common-client-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-websocket-common-client/3.0.8/cometd-java-websocket-common-client-3.0.8.jar
MD5: c17616c290c54ffc4a70dda2b901919a
SHA1: 8b75f11de5bba306d0bcb20a6c1bed89675579cd
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

cometd-java-websocket-javax-client-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-websocket-javax-client/3.0.8/cometd-java-websocket-javax-client-3.0.8.jar
MD5: 433dd449f689697bbe1a75b0ed2788f8
SHA1: b44bcf098667f0112301d75f73adb5ba3295699d
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

cometd-java-oort-3.0.8.jar

Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-oort/3.0.8/cometd-java-oort-3.0.8.jar
MD5: 62dbbecedab27927495fc9c9e0b70505
SHA1: a72695546e010c250ba65519fc91867b208fc8f9
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

jetty-jmx-9.2.14.v20151106.jar

Description: JMX management artifact for jetty.

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: /home/ciagent/.m2/repository/org/eclipse/jetty/jetty-jmx/9.2.14.v20151106/jetty-jmx-9.2.14.v20151106.jar
MD5: 5eccc25d22921cb4787812d0687a2978
SHA1: 617edc5e966b4149737811ef8b289cd94b831bab
Referenced In Project/Scope: eXo PLF:: Commons - Commons Extension Webapp:runtime

Identifiers

  • cpe: cpe:/a:jetty:jetty:9.2.14.v20151106   Confidence:Low   
  • maven: org.eclipse.jetty:jetty-jmx:9.2.14.v20151106    Confidence:Highest
  • cpe: cpe:/a:eclipse:jetty:9.2.14.v20151106   Confidence:Low   

CVE-2017-7656  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.

Vulnerable Software & Versions: (show all)

CVE-2017-7657  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-190 Integer Overflow or Wraparound

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.

Vulnerable Software & Versions: (show all)