Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 3.1.2
Report Generated On : Oct 13, 2019 at 08:43:12 +00:00
Dependencies Scanned : 173 (142 unique)
Vulnerable Dependencies : 17
Vulnerabilities Found : 44
Vulnerabilities Suppressed : 0
...
NVD CVE 2002 : 10/10/2019 09:15:36
NVD CVE 2003 : 11/10/2019 08:45:55
NVD CVE 2004 : 08/10/2019 13:32:07
NVD CVE 2005 : 11/10/2019 08:45:55
NVD CVE 2006 : 11/10/2019 08:45:55
NVD CVE 2007 : 10/10/2019 09:15:36
NVD CVE 2008 : 11/10/2019 08:45:55
NVD CVE 2009 : 11/10/2019 08:45:55
NVD CVE 2010 : 12/10/2019 08:45:35
NVD CVE 2011 : 10/10/2019 08:45:44
NVD CVE 2012 : 10/10/2019 08:45:45
NVD CVE 2013 : 11/10/2019 08:45:56
NVD CVE 2014 : 10/10/2019 08:45:45
NVD CVE 2015 : 12/10/2019 08:45:35
NVD CVE 2016 : 12/10/2019 08:15:30
NVD CVE 2017 : 12/10/2019 08:15:30
NVD CVE 2018 : 12/10/2019 07:45:35
NVD CVE 2019 : 12/10/2019 07:45:35
NVD CVE Checked : 13/10/2019 07:53:12
NVD CVE Modified : 13/10/2019 05:15:31
VersionCheckOn : 1570953192127
Display:
Showing Vulnerable Dependencies (click to show all)
Dependencies
commons-lang-2.6.jar
Description:
Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor file name commons-lang High
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor manifest Bundle-Description Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low
Vendor central groupid commons-lang High
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom parent-artifactid commons-parent Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom parent-groupid org.apache.commons Medium
Vendor Manifest bundle-symbolicname org.apache.commons.lang Medium
Vendor pom artifactid commons-lang Low
Vendor pom url http://commons.apache.org/lang/ Highest
Vendor central groupid org.netbeans.external High
Vendor pom groupid commons-lang Highest
Vendor Manifest bundle-docurl http://commons.apache.org/lang/ Low
Vendor pom description Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low
Vendor pom name Commons Lang High
Product file name commons-lang High
Product central artifactid org-apache-commons-lang High
Product Manifest specification-title Commons Lang Medium
Product Manifest Implementation-Title Commons Lang High
Product manifest Bundle-Description Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low
Product Manifest Bundle-Name Commons Lang Medium
Product pom artifactid commons-lang Highest
Product central artifactid commons-lang High
Product Manifest bundle-symbolicname org.apache.commons.lang Medium
Product pom url http://commons.apache.org/lang/ Medium
Product pom parent-groupid org.apache.commons Low
Product pom parent-artifactid commons-parent Medium
Product Manifest bundle-docurl http://commons.apache.org/lang/ Low
Product pom description Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low
Product pom groupid commons-lang Low
Product pom name Commons Lang High
Version Manifest Implementation-Version 2.6 High
Version file version 2.6 Highest
jsr250-api-1.0.jar
Description: JSR-250 Reference Implementation by Glassfish
License:
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: /home/ciagent/.m2/repository/javax/annotation/jsr250-api/1.0/jsr250-api-1.0.jar
MD5: 4cd56b2e4977e541186de69f5126b4a6
SHA1: 5025422767732a1ab45d93abfea846513d742dcf
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor file name jsr250-api High
Vendor pom url http://jcp.org/aboutJava/communityprocess/final/jsr250/index.html Highest
Vendor pom artifactid jsr250-api Low
Vendor pom name JSR-250 Common Annotations for the JavaTM Platform High
Vendor central groupid javax.annotation Highest
Vendor pom groupid javax.annotation Highest
Vendor jar package name javax Low
Vendor pom description JSR-250 Reference Implementation by Glassfish Medium
Vendor jar package name annotation Low
Product pom artifactid jsr250-api Highest
Product file name jsr250-api High
Product pom url http://jcp.org/aboutJava/communityprocess/final/jsr250/index.html Medium
Product pom name JSR-250 Common Annotations for the JavaTM Platform High
Product pom groupid javax.annotation Low
Product central artifactid jsr250-api Highest
Product pom description JSR-250 Reference Implementation by Glassfish Medium
Product jar package name annotation Low
Version central version 1.0 Highest
Version file version 1.0 Highest
Version pom version 1.0 Highest
jcr-1.0.1.jar
Description: Content Repository for Java technology API. Specifies a standard API to access content repositories in JavaTM 2 independently of implementation.
License:
Day License: http://www.day.com/maven/jsr170/licenses/day-spec-license.htm
File Path: /home/ciagent/.m2/repository/javax/jcr/jcr/1.0.1/jcr-1.0.1.jar
MD5: 4639c7b994528948dab1a4feb1f68d6f
SHA1: 567ee103cf7592e3cf036e1bf4e2e06b9f08e1a1
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor Day Software Management AG High
Vendor pom groupid javax.jcr Highest
Vendor pom organization url http://www.day.com/ Medium
Vendor Manifest specification-vendor Day Software Management AG Low
Vendor pom description Content Repository for Java technology API. Specifies a standard API to access content repositories in JavaTM 2 independently of implementation. Low
Vendor file name jcr High
Vendor pom url http://www.jcp.org/en/jsr/detail?id=170 Highest
Vendor pom artifactid jcr Low
Vendor pom name Content Repository for Java Technology API High
Vendor Manifest extension-name jcr Medium
Vendor pom organization name Day Software Management AG High
Product pom url http://www.jcp.org/en/jsr/detail?id=170 Medium
Product Manifest specification-title Content Repository for Java Technology API Medium
Product pom organization url http://www.day.com/ Low
Product pom description Content Repository for Java technology API. Specifies a standard API to access content repositories in JavaTM 2 independently of implementation. Low
Product pom artifactid jcr Highest
Product file name jcr High
Product pom groupid javax.jcr Low
Product Manifest Implementation-Title javax.jcr High
Product pom organization name Day Software Management AG Low
Product pom name Content Repository for Java Technology API High
Product Manifest extension-name jcr Medium
Version pom version 1.0.1 Highest
Version file version 1.0.1 Highest
Version Manifest Implementation-Version 1.0.1 High
cpe: cpe:/a:content_project:content:1.0.1
Confidence :Low
suppress
maven: javax.jcr:jcr:1.0.1
Confidence :High
Published Vulnerabilities
CVE-2017-16111 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header.
Vulnerable Software & Versions:
jsr311-api-1.1.1.jar
License:
CDDL License
: http://www.opensource.org/licenses/cddl1.php
File Path: /home/ciagent/.m2/repository/javax/ws/rs/jsr311-api/1.1.1/jsr311-api-1.1.1.jar
MD5: c9803468299ec255c047a280ddec510f
SHA1: 59033da2a1afd56af1ac576750a8d0b1830d59e6
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-docurl http://www.sun.com/ Low
Vendor pom artifactid jsr311-api Low
Vendor Manifest extension-name javax.ws.rs Medium
Vendor Manifest specification-vendor Sun Microsystems, Inc. Low
Vendor pom organization url http://www.sun.com/ Medium
Vendor file name jsr311-api High
Vendor pom url https://jsr311.dev.java.net Highest
Vendor Manifest bundle-symbolicname javax.ws.rs.jsr311-api Medium
Vendor pom name jsr311-api High
Vendor pom groupid javax.ws.rs Highest
Vendor pom organization name Sun Microsystems, Inc High
Vendor central groupid javax.ws.rs Highest
Product Manifest Bundle-Name jsr311-api Medium
Product Manifest specification-title JAX-RS: Java API for RESTful Web Services Medium
Product pom artifactid jsr311-api Highest
Product Manifest bundle-docurl http://www.sun.com/ Low
Product Manifest extension-name javax.ws.rs Medium
Product pom url https://jsr311.dev.java.net Medium
Product file name jsr311-api High
Product Manifest bundle-symbolicname javax.ws.rs.jsr311-api Medium
Product pom name jsr311-api High
Product pom organization url http://www.sun.com/ Low
Product central artifactid jsr311-api Highest
Product pom groupid javax.ws.rs Low
Product pom organization name Sun Microsystems, Inc Low
Version central version 1.1.1 Highest
Version file version 1.1.1 Highest
Version pom version 1.1.1 Highest
chromattic.api-1.3.0.jar
Description: Chromattic Framework API
File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.api/1.3.0/chromattic.api-1.3.0.jar
MD5: 11f2df6e3a3b4451719710c0f4c08103
SHA1: 4f60a9585bd6e68833eaaea1f1a615c682adbe27
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor file name chromattic.api High
Vendor pom parent-groupid org.chromattic Medium
Vendor jar package name api Low
Vendor pom parent-artifactid chromattic.parent Low
Vendor pom groupid chromattic Highest
Vendor pom name Chromattic Framework API High
Vendor pom description Chromattic Framework API Medium
Vendor jar package name chromattic Low
Vendor central groupid org.chromattic Highest
Vendor pom groupid org.chromattic Highest
Vendor pom artifactid chromattic.api Low
Product pom artifactid chromattic.api Highest
Product file name chromattic.api High
Product jar package name api Low
Product pom parent-groupid org.chromattic Low
Product pom name Chromattic Framework API High
Product pom description Chromattic Framework API Medium
Product pom parent-artifactid chromattic.parent Medium
Product central artifactid chromattic.api Highest
Product pom groupid chromattic Low
Version file version 1.3.0 Highest
Version pom version 1.3.0 Highest
Version central version 1.3.0 Highest
javaparser-1.0.8.jar
Description: A Java 1.5 Parser with AST generation and visitor support. The AST records the source code structure, javadoc and comments. It is also possible to change the AST nodes or create new ones to modify the source code.
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl.html
File Path: /home/ciagent/.m2/repository/com/google/code/javaparser/javaparser/1.0.8/javaparser-1.0.8.jar
MD5: 32228e53ef6cc2ebe515bc40d7c9a4f9
SHA1: 9ca2f8ef2233babc53a8c2b6bb21869d94f5fcc1
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom groupid google.code.javaparser Highest
Vendor jar package name parser Low
Vendor file name javaparser High
Vendor pom groupid com.google.code.javaparser Highest
Vendor pom url http://code.google.com/p/javaparser/ Highest
Vendor jar package name ast Low
Vendor pom name Java 1.5 Parser and AST High
Vendor jar package name japa Low
Vendor pom artifactid javaparser Low
Vendor pom description A Java 1.5 Parser with AST generation and visitor support. The AST records the source code structure, javadoc and comments. It is also possible to change the AST nodes or create new ones to modify the source code. Low
Product jar package name parser Low
Product pom artifactid javaparser Highest
Product file name javaparser High
Product pom url http://code.google.com/p/javaparser/ Medium
Product jar package name ast Low
Product pom name Java 1.5 Parser and AST High
Product pom groupid google.code.javaparser Low
Product pom description A Java 1.5 Parser with AST generation and visitor support. The AST records the source code structure, javadoc and comments. It is also possible to change the AST nodes or create new ones to modify the source code. Low
Version file version 1.0.8 Highest
Version pom version 1.0.8 Highest
maven: com.google.code.javaparser:javaparser:1.0.8
Confidence :High
chromattic.testgenerator-1.3.0.jar
Description: Chromattic Framework generator
File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.testgenerator/1.3.0/chromattic.testgenerator-1.3.0.jar
MD5: 971802dfdfdc6500f1ff0e583a7659a1
SHA1: e725269db29a0fc8c982df481e5ce09b84e5d6a8
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.chromattic Medium
Vendor pom parent-artifactid chromattic.parent Low
Vendor pom groupid chromattic Highest
Vendor pom name Chromattic Framework Test generator High
Vendor pom description Chromattic Framework generator Medium
Vendor file name chromattic.testgenerator High
Vendor jar package name testgenerator Low
Vendor jar package name chromattic Low
Vendor central groupid org.chromattic Highest
Vendor pom groupid org.chromattic Highest
Vendor pom artifactid chromattic.testgenerator Low
Product pom artifactid chromattic.testgenerator Highest
Product pom parent-groupid org.chromattic Low
Product pom name Chromattic Framework Test generator High
Product pom description Chromattic Framework generator Medium
Product file name chromattic.testgenerator High
Product pom parent-artifactid chromattic.parent Medium
Product jar package name testgenerator Low
Product central artifactid chromattic.testgenerator Highest
Product pom groupid chromattic Low
Version file version 1.3.0 Highest
Version pom version 1.3.0 Highest
Version central version 1.3.0 Highest
chromattic.metamodel-1.3.0.jar
Description: Chromattic Framework Metamodel
File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.metamodel/1.3.0/chromattic.metamodel-1.3.0.jar
MD5: 0d534975c688ebabbc232601c6bc13da
SHA1: fbaa10037faf34a2d4d8eeb4e6b5ce28c95a9455
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.chromattic Medium
Vendor pom parent-artifactid chromattic.parent Low
Vendor pom groupid chromattic Highest
Vendor file name chromattic.metamodel High
Vendor jar package name chromattic Low
Vendor central groupid org.chromattic Highest
Vendor pom name Chromattic Framework Metamodel High
Vendor pom description Chromattic Framework Metamodel Medium
Vendor pom groupid org.chromattic Highest
Vendor jar package name metamodel Low
Vendor pom artifactid chromattic.metamodel Low
Product pom artifactid chromattic.metamodel Highest
Product pom parent-groupid org.chromattic Low
Product file name chromattic.metamodel High
Product pom parent-artifactid chromattic.parent Medium
Product pom name Chromattic Framework Metamodel High
Product pom description Chromattic Framework Metamodel Medium
Product jar package name metamodel Low
Product pom groupid chromattic Low
Product central artifactid chromattic.metamodel Highest
Version file version 1.3.0 Highest
Version pom version 1.3.0 Highest
Version central version 1.3.0 Highest
chromattic.spi-1.3.0.jar
Description: Chromattic Framework SPI
File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.spi/1.3.0/chromattic.spi-1.3.0.jar
MD5: e440e3f5a8e5ad38720975546ab7f06d
SHA1: 64c36f826b832acab48fea793b7c70b019a46181
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom artifactid chromattic.spi Low
Vendor jar package name chromattic Low
Vendor pom description Chromattic Framework SPI Medium
Vendor pom parent-groupid org.chromattic Medium
Vendor pom parent-artifactid chromattic.parent Low
Vendor pom name Chromattic Framework SPI High
Vendor file name chromattic.spi High
Vendor pom groupid chromattic Highest
Vendor central groupid org.chromattic Highest
Vendor pom groupid org.chromattic Highest
Vendor jar package name spi Low
Vendor jar package name type Low
Product pom name Chromattic Framework SPI High
Product file name chromattic.spi High
Product pom parent-groupid org.chromattic Low
Product central artifactid chromattic.spi Highest
Product pom parent-artifactid chromattic.parent Medium
Product pom artifactid chromattic.spi Highest
Product pom description Chromattic Framework SPI Medium
Product jar package name spi Low
Product jar package name type Low
Product pom groupid chromattic Low
Version file version 1.3.0 Highest
Version pom version 1.3.0 Highest
Version central version 1.3.0 Highest
reflext.api-1.1.0.jar
Description: The Reflext Framework API
File Path: /home/ciagent/.m2/repository/org/reflext/reflext.api/1.1.0/reflext.api-1.1.0.jar
MD5: fe732172fa2fb5ae4b63866ef15da41f
SHA1: 28374c509099736aeedc52fef3d7b8e78238c2a0
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom groupid reflext Highest
Vendor jar package name api Low
Vendor pom groupid org.reflext Highest
Vendor pom artifactid reflext.api Low
Vendor jar package name reflext Low
Vendor pom name Reflext Framework API High
Vendor file name reflext.api High
Vendor pom description The Reflext Framework API Medium
Vendor central groupid org.reflext Highest
Vendor pom parent-groupid org.reflext Medium
Vendor pom parent-artifactid reflext.parent Low
Product pom parent-artifactid reflext.parent Medium
Product jar package name api Low
Product pom groupid reflext Low
Product central artifactid reflext.api Highest
Product pom parent-groupid org.reflext Low
Product pom name Reflext Framework API High
Product file name reflext.api High
Product pom description The Reflext Framework API Medium
Product pom artifactid reflext.api Highest
Version central version 1.1.0 Highest
Version file version 1.1.0 Highest
Version pom version 1.1.0 Highest
reflext.core-1.1.0.jar
Description: The Reflect Framework Core
File Path: /home/ciagent/.m2/repository/org/reflext/reflext.core/1.1.0/reflext.core-1.1.0.jar
MD5: cc65231f60a70dec43a57ccba5adce81
SHA1: 56316a714b99d7ac85d23d0f1a4680149c3273d6
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom groupid reflext Highest
Vendor pom description The Reflect Framework Core Medium
Vendor pom groupid org.reflext Highest
Vendor jar package name reflext Low
Vendor pom name Reflext Framework Core High
Vendor jar package name core Low
Vendor file name reflext.core High
Vendor central groupid org.reflext Highest
Vendor pom parent-groupid org.reflext Medium
Vendor pom artifactid reflext.core Low
Vendor pom parent-artifactid reflext.parent Low
Product pom parent-artifactid reflext.parent Medium
Product pom groupid reflext Low
Product pom description The Reflect Framework Core Medium
Product pom artifactid reflext.core Highest
Product pom name Reflext Framework Core High
Product pom parent-groupid org.reflext Low
Product jar package name core Low
Product file name reflext.core High
Product central artifactid reflext.core Highest
Version central version 1.1.0 Highest
Version file version 1.1.0 Highest
Version pom version 1.1.0 Highest
reflext.spi-1.1.0.jar
Description: The Reflext Framework SPI
File Path: /home/ciagent/.m2/repository/org/reflext/reflext.spi/1.1.0/reflext.spi-1.1.0.jar
MD5: 2c967ae0c3078d23b615f8825377f304
SHA1: 4df0428c39922079c53955602bce66735f9d20a8
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom name Reflext Framework SPI High
Vendor file name reflext.spi High
Vendor pom description The Reflext Framework SPI Medium
Vendor central groupid org.reflext Highest
Vendor pom parent-groupid org.reflext Medium
Vendor pom groupid reflext Highest
Vendor pom groupid org.reflext Highest
Vendor jar package name reflext Low
Vendor jar package name model Low
Vendor jar package name spi Low
Vendor pom parent-artifactid reflext.parent Low
Vendor pom artifactid reflext.spi Low
Product pom name Reflext Framework SPI High
Product pom parent-artifactid reflext.parent Medium
Product pom groupid reflext Low
Product pom artifactid reflext.spi Highest
Product file name reflext.spi High
Product pom parent-groupid org.reflext Low
Product pom description The Reflext Framework SPI Medium
Product jar package name model Low
Product jar package name spi Low
Product central artifactid reflext.spi Highest
Version central version 1.1.0 Highest
Version file version 1.1.0 Highest
Version pom version 1.1.0 Highest
reflext.apt-1.1.0.jar
Description: The Reflext Framework Annotation Processing Tool Plugin
File Path: /home/ciagent/.m2/repository/org/reflext/reflext.apt/1.1.0/reflext.apt-1.1.0.jar
MD5: e6bb0195d6cdd15b618939c78999ea4e
SHA1: 093ab21e03197c1c7a2d2d20da4d3dd34a60ac24
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom groupid reflext Highest
Vendor jar package name apt Low
Vendor pom artifactid reflext.apt Low
Vendor pom groupid org.reflext Highest
Vendor jar package name reflext Low
Vendor pom description The Reflext Framework Annotation Processing Tool Plugin Medium
Vendor pom name Reflext Framework Annotation Processing Tool Plugin High
Vendor central groupid org.reflext Highest
Vendor file name reflext.apt High
Vendor pom parent-groupid org.reflext Medium
Vendor pom parent-artifactid reflext.parent Low
Product jar package name apt Low
Product pom parent-artifactid reflext.parent Medium
Product pom groupid reflext Low
Product central artifactid reflext.apt Highest
Product pom description The Reflext Framework Annotation Processing Tool Plugin Medium
Product pom parent-groupid org.reflext Low
Product pom name Reflext Framework Annotation Processing Tool Plugin High
Product pom artifactid reflext.apt Highest
Product file name reflext.apt High
Version central version 1.1.0 Highest
Version file version 1.1.0 Highest
Version pom version 1.1.0 Highest
Published Vulnerabilities
CVE-2018-1000840 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
Processing Foundation Processing version 3.4 and earlier contains a XML External Entity (XXE) vulnerability in loadXML() function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use Processing to parse a crafted XML document.
Vulnerable Software & Versions:
chromattic.apt-1.3.0.jar
Description: Chromattic Framework APT Plugin
File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.apt/1.3.0/chromattic.apt-1.3.0.jar
MD5: 5f51682435a2e2014a9bd9c5936a5cc5
SHA1: f2e219c2b8e13983a26b4c3f4e8eb54d71730b4d
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor jar package name apt Low
Vendor pom parent-groupid org.chromattic Medium
Vendor pom parent-artifactid chromattic.parent Low
Vendor file name chromattic.apt High
Vendor pom groupid chromattic Highest
Vendor pom name Chromattic Framework APT Plugin High
Vendor pom description Chromattic Framework APT Plugin Medium
Vendor jar package name chromattic Low
Vendor central groupid org.chromattic Highest
Vendor pom groupid org.chromattic Highest
Vendor pom artifactid chromattic.apt Low
Product jar package name apt Low
Product pom artifactid chromattic.apt Highest
Product file name chromattic.apt High
Product pom name Chromattic Framework APT Plugin High
Product pom description Chromattic Framework APT Plugin Medium
Product pom parent-groupid org.chromattic Low
Product pom parent-artifactid chromattic.parent Medium
Product central artifactid chromattic.apt Highest
Product pom groupid chromattic Low
Version file version 1.3.0 Highest
Version pom version 1.3.0 Highest
Version central version 1.3.0 Highest
chromattic.common-1.3.0.jar
Description: Chromattic Framework Common
File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.common/1.3.0/chromattic.common-1.3.0.jar
MD5: 15bfb4cc0312aefffb25952cdf18b2cd
SHA1: 55470175c1ba46a917504acf97018e6ef2932659
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor jar package name chromattic Low
Vendor file name chromattic.common High
Vendor jar package name common Low
Vendor pom name Chromattic Framework Common High
Vendor pom description Chromattic Framework Common Medium
Vendor jar package name collection Low
Vendor pom parent-groupid org.chromattic Medium
Vendor pom parent-artifactid chromattic.parent Low
Vendor pom groupid chromattic Highest
Vendor pom artifactid chromattic.common Low
Vendor central groupid org.chromattic Highest
Vendor pom groupid org.chromattic Highest
Product central artifactid chromattic.common Highest
Product pom parent-groupid org.chromattic Low
Product pom parent-artifactid chromattic.parent Medium
Product pom artifactid chromattic.common Highest
Product file name chromattic.common High
Product jar package name common Low
Product pom name Chromattic Framework Common High
Product pom groupid chromattic Low
Product pom description Chromattic Framework Common Medium
Product jar package name collection Low
Version file version 1.3.0 Highest
Version pom version 1.3.0 Highest
Version central version 1.3.0 Highest
reflext.jlr-1.1.0.jar
Description: The Reflext Framework Java Lang Reflect Plugin
File Path: /home/ciagent/.m2/repository/org/reflext/reflext.jlr/1.1.0/reflext.jlr-1.1.0.jar
MD5: 1103f3b1ed3762e0bd100cbee6e7f345
SHA1: 79ad1a5053213cbb350d37ff12d5f767243c8c46
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom groupid reflext Highest
Vendor pom description The Reflext Framework Java Lang Reflect Plugin Medium
Vendor pom groupid org.reflext Highest
Vendor file name reflext.jlr High
Vendor jar package name reflext Low
Vendor pom name Reflext Framework Java Lang Reflect Plugin High
Vendor jar package name jlr Low
Vendor pom artifactid reflext.jlr Low
Vendor central groupid org.reflext Highest
Vendor pom parent-groupid org.reflext Medium
Vendor pom parent-artifactid reflext.parent Low
Product pom description The Reflext Framework Java Lang Reflect Plugin Medium
Product pom parent-artifactid reflext.parent Medium
Product pom artifactid reflext.jlr Highest
Product pom groupid reflext Low
Product central artifactid reflext.jlr Highest
Product file name reflext.jlr High
Product pom name Reflext Framework Java Lang Reflect Plugin High
Product jar package name jlr Low
Product pom parent-groupid org.reflext Low
Version central version 1.1.0 Highest
Version file version 1.1.0 Highest
Version pom version 1.1.0 Highest
chromattic.core-1.3.0.jar
Description: Chromattic Framework Core
File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.core/1.3.0/chromattic.core-1.3.0.jar
MD5: 9ece56be0e1e1b3289bbe177e8e1b4ab
SHA1: 1bc4ebc89d7b47af394b920f44a0b51409343034
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.chromattic Medium
Vendor pom parent-artifactid chromattic.parent Low
Vendor file name chromattic.core High
Vendor pom groupid chromattic Highest
Vendor pom artifactid chromattic.core Low
Vendor pom name Chromattic Framework Core High
Vendor jar package name core Low
Vendor pom description Chromattic Framework Core Medium
Vendor jar package name chromattic Low
Vendor central groupid org.chromattic Highest
Vendor pom groupid org.chromattic Highest
Product pom artifactid chromattic.core Highest
Product file name chromattic.core High
Product central artifactid chromattic.core Highest
Product pom parent-groupid org.chromattic Low
Product pom name Chromattic Framework Core High
Product jar package name core Low
Product pom parent-artifactid chromattic.parent Medium
Product pom description Chromattic Framework Core Medium
Product pom groupid chromattic Low
Version file version 1.3.0 Highest
Version pom version 1.3.0 Highest
Version central version 1.3.0 Highest
portlet-api-2.0.jar
Description: The Java Portlet API version 2.0 developed by the Java Community Process JSR-286 Expert Group.
File Path: /home/ciagent/.m2/repository/javax/portlet/portlet-api/2.0/portlet-api-2.0.jar
MD5: 0ec08593cda1df33985391919996c740
SHA1: 1cd72f2a37fcf8ab9893a9468d7ba71c85fe2653
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom groupid javax.portlet Highest
Vendor pom name Java Portlet Specification V2.0 High
Vendor Manifest bundle-docurl http://www.jcp.org/en/jsr/detail?id=286 Low
Vendor pom artifactid portlet-api Low
Vendor file name portlet-api High
Vendor Manifest bundle-symbolicname javax.portlet Medium
Vendor pom description The Java Portlet API version 2.0 developed by the Java Community Process JSR-286 Expert Group. Medium
Vendor central groupid javax.portlet Highest
Vendor pom url http://www.jcp.org/en/jsr/detail?id=286 Highest
Product pom name Java Portlet Specification V2.0 High
Product Manifest bundle-docurl http://www.jcp.org/en/jsr/detail?id=286 Low
Product central artifactid portlet-api Highest
Product pom artifactid portlet-api Highest
Product file name portlet-api High
Product Manifest bundle-symbolicname javax.portlet Medium
Product pom description The Java Portlet API version 2.0 developed by the Java Community Process JSR-286 Expert Group. Medium
Product Manifest Bundle-Name JSR 286 Medium
Product pom groupid javax.portlet Low
Product pom url http://www.jcp.org/en/jsr/detail?id=286 Medium
Version pom version 2.0 Highest
Version file version 2.0 Highest
Version central version 2.0 Highest
common-logging-2.2.2.Final.jar
File Path: /home/ciagent/.m2/repository/org/gatein/common/common-logging/2.2.2.Final/common-logging-2.2.2.Final.jar
MD5: 28b7108ee63899bca08636d360e7df11
SHA1: aee18008518671fb10982c0fe5f7383e98f71c47
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom groupid gatein.common Highest
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor file name common-logging High
Vendor pom name GateIn - Common component (logging) High
Vendor Manifest build-timestamp Mon, 17 Mar 2014 20:43:14 +0100 Low
Vendor pom parent-groupid org.gatein.common Medium
Vendor Manifest specification-vendor JBoss by Red Hat Low
Vendor Manifest implementation-url www.gatein.org/common-parent/common-logging/ Low
Vendor pom artifactid common-logging Low
Vendor pom groupid org.gatein.common Highest
Vendor Manifest Implementation-Vendor JBoss by Red Hat High
Vendor Manifest os-name Linux Medium
Vendor central groupid org.gatein.common Highest
Vendor pom parent-artifactid common-parent Low
Vendor Manifest Implementation-Vendor-Id org.gatein.common Medium
Product file name common-logging High
Product pom name GateIn - Common component (logging) High
Product pom groupid gatein.common Low
Product Manifest build-timestamp Mon, 17 Mar 2014 20:43:14 +0100 Low
Product Manifest specification-title GateIn - Common component (logging) Medium
Product Manifest Implementation-Title GateIn - Common component (logging) High
Product Manifest implementation-url www.gatein.org/common-parent/common-logging/ Low
Product central artifactid common-logging Highest
Product pom parent-artifactid common-parent Medium
Product pom artifactid common-logging Highest
Product Manifest os-name Linux Medium
Product pom parent-groupid org.gatein.common Low
Version central version 2.2.2.Final Highest
Version pom version 2.2.2.Final Highest
Version Manifest Implementation-Version 2.2.2.Final High
Version file version 2.2.2 Highest
common-common-2.2.2.Final.jar
File Path: /home/ciagent/.m2/repository/org/gatein/common/common-common/2.2.2.Final/common-common-2.2.2.Final.jar
MD5: 8ce16b5e3991285cd27e553740d09d1f
SHA1: 44522d899e31a5a10dbd70f7b0ca2fe5a614f740
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom groupid gatein.common Highest
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor Manifest build-timestamp Mon, 17 Mar 2014 20:43:14 +0100 Low
Vendor pom parent-groupid org.gatein.common Medium
Vendor pom artifactid common-common Low
Vendor Manifest specification-vendor JBoss by Red Hat Low
Vendor Manifest implementation-url www.gatein.org/common-parent/common-common/ Low
Vendor pom groupid org.gatein.common Highest
Vendor Manifest Implementation-Vendor JBoss by Red Hat High
Vendor pom name GateIn - Common component (common) High
Vendor Manifest os-name Linux Medium
Vendor central groupid org.gatein.common Highest
Vendor pom parent-artifactid common-parent Low
Vendor Manifest Implementation-Vendor-Id org.gatein.common Medium
Vendor file name common-common High
Product central artifactid common-common Highest
Product Manifest Implementation-Title GateIn - Common component (common) High
Product pom groupid gatein.common Low
Product Manifest build-timestamp Mon, 17 Mar 2014 20:43:14 +0100 Low
Product Manifest specification-title GateIn - Common component (common) Medium
Product Manifest implementation-url www.gatein.org/common-parent/common-common/ Low
Product pom artifactid common-common Highest
Product pom parent-artifactid common-parent Medium
Product pom name GateIn - Common component (common) High
Product Manifest os-name Linux Medium
Product file name common-common High
Product pom parent-groupid org.gatein.common Low
Version central version 2.2.2.Final Highest
Version pom version 2.2.2.Final Highest
Version Manifest Implementation-Version 2.2.2.Final High
Version file version 2.2.2 Highest
jboss-marshalling-osgi-2.0.0.Beta3.jar
Description: JBoss Marshalling OSGi Bundle with API and implementations
License:
http://repository.jboss.org/licenses/cc0-1.0.txt
File Path: /home/ciagent/.m2/repository/org/jboss/marshalling/jboss-marshalling-osgi/2.0.0.Beta3/jboss-marshalling-osgi-2.0.0.Beta3.jar
MD5: 7652392087f6e70312cf0309ab563a4f
SHA1: a55fe6527a2d50dc48ad3f8b9093bd0cb01302b0
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor jar package name jboss Low
Vendor Manifest specification-vendor JBoss by Red Hat Low
Vendor Manifest bundle-docurl http://jboss.org/jbossmarshalling Low
Vendor jar package name marshalling Low
Vendor file name jboss-marshalling-osgi High
Vendor Manifest Implementation-Vendor-Id org.jboss.marshalling Medium
Vendor Manifest Implementation-Vendor JBoss by Red Hat High
Vendor Manifest implementation-url http://www.jboss.org/jboss-marshalling-parent/jboss-marshalling-osgi Low
Vendor central groupid org.jboss.marshalling Highest
Vendor Manifest os-name Linux Medium
Vendor manifest Bundle-Description JBoss Marshalling OSGi Bundle with API and implementations Medium
Vendor Manifest bundle-symbolicname org.jboss.marshalling.jboss-marshalling-osgi Medium
Vendor pom groupid org.jboss.marshalling Highest
Product Manifest Implementation-Title JBoss Marshalling OSGi Bundle High
Product pom artifactid jboss-marshalling-osgi Highest
Product central artifactid jboss-marshalling-osgi Highest
Product Manifest Bundle-Name JBoss Marshalling OSGi Bundle Medium
Product Manifest bundle-docurl http://jboss.org/jbossmarshalling Low
Product jar package name marshalling Low
Product file name jboss-marshalling-osgi High
Product Manifest implementation-url http://www.jboss.org/jboss-marshalling-parent/jboss-marshalling-osgi Low
Product Manifest os-name Linux Medium
Product manifest Bundle-Description JBoss Marshalling OSGi Bundle with API and implementations Medium
Product Manifest bundle-symbolicname org.jboss.marshalling.jboss-marshalling-osgi Medium
Product Manifest specification-title JBoss Marshalling OSGi Bundle Medium
Version pom version 2.0.0.Beta3 Highest
Version central version 2.0.0.Beta3 Highest
Version Manifest Implementation-Version 2.0.0.Beta3 High
infinispan-core-8.2.6.Final.jar
Description: Infinispan core module
License:
http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/ciagent/.m2/repository/org/infinispan/infinispan-core/8.2.6.Final/infinispan-core-8.2.6.Final.jar
MD5: 06371c22b39aef4faf1da8d21b2102cb
SHA1: 84937a866a56760b9c50bfbca10442fa14be6375
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom artifactid infinispan-core Low
Vendor Manifest bundle-blueprint OSGI-INF/blueprint/blueprint.xml Low
Vendor pom parent-groupid org.infinispan Medium
Vendor pom name Infinispan Core High
Vendor manifest Bundle-Description Infinispan core module Medium
Vendor Manifest Implementation-Vendor JBoss, a division of Red Hat High
Vendor Manifest Implementation-Vendor-Id org.infinispan Medium
Vendor Manifest specification-vendor JBoss, a division of Red Hat Low
Vendor central groupid org.infinispan Highest
Vendor Manifest bundle-docurl http://www.infinispan.org/ Low
Vendor pom groupid infinispan Highest
Vendor Manifest bundle-symbolicname org.infinispan.core Medium
Vendor pom groupid org.infinispan Highest
Vendor pom description Infinispan core module Medium
Vendor file name infinispan-core High
Vendor pom parent-artifactid infinispan-parent Low
Product Manifest bundle-blueprint OSGI-INF/blueprint/blueprint.xml Low
Product pom artifactid infinispan-core Highest
Product pom groupid infinispan Low
Product pom name Infinispan Core High
Product central artifactid infinispan-core Highest
Product Manifest Bundle-Name Infinispan Core Medium
Product pom parent-groupid org.infinispan Low
Product Manifest specification-title Infinispan Core Medium
Product manifest Bundle-Description Infinispan core module Medium
Product Manifest Implementation-Title Infinispan Core High
Product pom parent-artifactid infinispan-parent Medium
Product Manifest bundle-docurl http://www.infinispan.org/ Low
Product Manifest bundle-symbolicname org.infinispan.core Medium
Product pom description Infinispan core module Medium
Product file name infinispan-core High
Version pom version 8.2.6.Final Highest
Version Manifest Implementation-Version 8.2.6.Final High
Version file version 8.2.6 Highest
Version central version 8.2.6.Final Highest
Related Dependencies
infinispan-commons-8.2.6.Final.jar
File Path: /home/ciagent/.m2/repository/org/infinispan/infinispan-commons/8.2.6.Final/infinispan-commons-8.2.6.Final.jar
SHA1: 846b3a39de5f793fb11e70fc70662e4374ffc3c2
MD5: 9da9ef6cf978bf024d377180806414db
cpe: cpe:/a:infinispan:infinispan:8.2.6
maven: org.infinispan:infinispan-commons:8.2.6.Final ✓
Published Vulnerabilities
CVE-2016-0750 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.
Vulnerable Software & Versions: (show all )
CVE-2017-15089 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
Vulnerable Software & Versions: (show all )
CVE-2017-2638 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
Vulnerable Software & Versions: (show all )
jboss-logging-3.3.0.Final.jar
Description: The JBoss Logging Framework
License:
Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/jboss/logging/jboss-logging/3.3.0.Final/jboss-logging-3.3.0.Final.jar
MD5: bc11af4b8ce7138cdc79b7ba8561638c
SHA1: 3616bb87707910296e2c195dc016287080bba5af
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom artifactid jboss-logging Low
Vendor Manifest build-timestamp Thu, 28 May 2015 09:49:28 -0700 Low
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor pom description The JBoss Logging Framework Medium
Vendor Manifest implementation-url http://www.jboss.org Low
Vendor Manifest specification-vendor JBoss by Red Hat Low
Vendor pom parent-groupid org.jboss Medium
Vendor Manifest Implementation-Vendor-Id org.jboss.logging Medium
Vendor pom name JBoss Logging 3 High
Vendor manifest Bundle-Description The JBoss Logging Framework Medium
Vendor Manifest Implementation-Vendor JBoss by Red Hat High
Vendor Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium
Vendor central groupid org.jboss.logging Highest
Vendor Manifest os-name Linux Medium
Vendor Manifest bundle-docurl http://www.jboss.org Low
Vendor pom parent-artifactid jboss-parent Low
Vendor pom groupid jboss.logging Highest
Vendor pom groupid org.jboss.logging Highest
Vendor file name jboss-logging High
Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low
Vendor pom url http://www.jboss.org Highest
Product Manifest specification-title JBoss Logging 3 Medium
Product Manifest build-timestamp Thu, 28 May 2015 09:49:28 -0700 Low
Product pom description The JBoss Logging Framework Medium
Product Manifest Implementation-Title JBoss Logging 3 High
Product Manifest implementation-url http://www.jboss.org Low
Product central artifactid jboss-logging Highest
Product Manifest Bundle-Name JBoss Logging 3 Medium
Product pom name JBoss Logging 3 High
Product pom parent-groupid org.jboss Low
Product pom artifactid jboss-logging Highest
Product manifest Bundle-Description The JBoss Logging Framework Medium
Product pom parent-artifactid jboss-parent Medium
Product Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium
Product Manifest os-name Linux Medium
Product Manifest bundle-docurl http://www.jboss.org Low
Product pom url http://www.jboss.org Medium
Product pom groupid jboss.logging Low
Product file name jboss-logging High
Product Manifest originally-created-by Apache Maven Bundle Plugin Low
Version central version 3.3.0.Final Highest
Version pom version 3.3.0.Final Highest
Version Manifest Implementation-Version 3.3.0.Final High
Version file version 3.3.0 Highest
exo.kernel.component.ext.cache.impl.infinispan.v8-6.0.x-SNAPSHOT.jar
Description: Infinispan Implementation of Cache Service for Exoplatform SAS 'eXo Kernel' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.component.ext.cache.impl.infinispan.v8/6.0.x-SNAPSHOT/exo.kernel.component.ext.cache.impl.infinispan.v8-6.0.x-SNAPSHOT.jar
MD5: e6f5afb88163e7a90e2e9d051f873051
SHA1: 02154b5970536c8129f7391e8e895957d57e7ce5
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom artifactid exo.kernel.component.ext.cache.impl.infinispan.v8 Low
Vendor pom groupid org.exoplatform.kernel Highest
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor file name exo.kernel.component.ext.cache.impl.infinispan.v8 High
Vendor pom parent-groupid org.exoplatform.kernel Medium
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom parent-artifactid kernel-parent Low
Vendor pom name eXo PLF:: Kernel :: Cache Extension :: Infinispan Implementation High
Vendor pom description Infinispan Implementation of Cache Service for Exoplatform SAS 'eXo Kernel' project. Medium
Vendor Manifest Implementation-Vendor-Id org.exoplatform.kernel Medium
Vendor pom groupid exoplatform.kernel Highest
Product pom groupid exoplatform.kernel Low
Product pom parent-artifactid kernel-parent Medium
Product file name exo.kernel.component.ext.cache.impl.infinispan.v8 High
Product Manifest specification-title exo-kernel Medium
Product pom name eXo PLF:: Kernel :: Cache Extension :: Infinispan Implementation High
Product pom parent-groupid org.exoplatform.kernel Low
Product pom artifactid exo.kernel.component.ext.cache.impl.infinispan.v8 Highest
Product Manifest Implementation-Title eXo PLF:: Kernel :: Cache Extension :: Infinispan Implementation High
Product pom description Infinispan Implementation of Cache Service for Exoplatform SAS 'eXo Kernel' project. Medium
Version pom version 6.0.x-20191006.135433-6 Highest
Version pom version 6.0.x-SNAPSHOT Highest
Version file version 6.0 Highest
Version Manifest Implementation-Version 6.0.x-SNAPSHOT High
maven: org.exoplatform.kernel:exo.kernel.component.ext.cache.impl.infinispan.v8:6.0.x-SNAPSHOT
Confidence :High
cpe: cpe:/a:infinispan:infinispan:6.0.0
Confidence :Highest
suppress
Published Vulnerabilities
CVE-2016-0750 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.
Vulnerable Software & Versions: (show all )
CVE-2017-15089 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
Vulnerable Software & Versions: (show all )
CVE-2017-2638 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
Vulnerable Software & Versions: (show all )
exo.core.component.database-6.0.x-SNAPSHOT.jar
Description: Implementation of Database Service of Exoplatform SAS eXo Core' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.database/6.0.x-SNAPSHOT/exo.core.component.database-6.0.x-SNAPSHOT.jar
MD5: 14870e78a5eac97df541022f4cfe8eef
SHA1: 31ecd2bcaa90ee0ef4313a44cfb606c860e264a5
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor-Id org.exoplatform.core Medium
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor file name exo.core.component.database High
Vendor pom parent-groupid org.exoplatform.core Medium
Vendor pom name eXo PLF Core :: Component :: Database Service High
Vendor pom description Implementation of Database Service of Exoplatform SAS eXo Core' project. Medium
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom groupid exoplatform.core Highest
Vendor pom groupid org.exoplatform.core Highest
Vendor pom artifactid exo.core.component.database Low
Vendor pom parent-artifactid core-parent Low
Product Manifest specification-title exo-core Medium
Product file name exo.core.component.database High
Product pom artifactid exo.core.component.database Highest
Product pom name eXo PLF Core :: Component :: Database Service High
Product pom parent-artifactid core-parent Medium
Product pom description Implementation of Database Service of Exoplatform SAS eXo Core' project. Medium
Product pom groupid exoplatform.core Low
Product pom parent-groupid org.exoplatform.core Low
Product Manifest Implementation-Title eXo PLF Core :: Component :: Database Service High
Version pom version 6.0.x-20191006.143710-7 Highest
Version pom version 6.0.x-SNAPSHOT Highest
Version file version 6.0 Highest
Version Manifest Implementation-Version 6.0.x-SNAPSHOT High
maven: org.exoplatform.core:exo.core.component.database:6.0.x-SNAPSHOT
Confidence :High
staxnav.core-0.9.8.jar
File Path: /home/ciagent/.m2/repository/org/staxnav/staxnav.core/0.9.8/staxnav.core-0.9.8.jar
MD5: 0f786e5be21df9fbe8753175564564c7
SHA1: 27bd12d4d74b0851e38de79f8299462d93ba3d7f
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom name Staxnav - Core High
Vendor jar package name staxnav Low
Vendor pom parent-artifactid staxnav.parent Low
Vendor pom parent-groupid org.staxnav Medium
Vendor file name staxnav.core High
Vendor central groupid org.staxnav Highest
Vendor pom artifactid staxnav.core Low
Vendor pom groupid org.staxnav Highest
Vendor pom groupid staxnav Highest
Product pom name Staxnav - Core High
Product pom artifactid staxnav.core Highest
Product pom groupid staxnav Low
Product file name staxnav.core High
Product central artifactid staxnav.core Highest
Product pom parent-artifactid staxnav.parent Medium
Product pom parent-groupid org.staxnav Low
Version file version 0.9.8 Highest
Version central version 0.9.8 Highest
Version pom version 0.9.8 Highest
commons-lang3-3.3.2.jar
Description:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/commons/commons-lang3/3.3.2/commons-lang3-3.3.2.jar
MD5: 3128bf75a2549ebe38663401191bacab
SHA1: 90a3822c38ec8c996e84c16a3477ef632cbc87a3
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor central groupid org.apache.commons Highest
Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low
Vendor pom name Apache Commons Lang High
Vendor manifest Bundle-Description Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom artifactid commons-lang3 Low
Vendor pom parent-artifactid commons-parent Low
Vendor pom description Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.
Low
Vendor Manifest bundle-symbolicname org.apache.commons.lang3 Medium
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom groupid org.apache.commons Highest
Vendor pom parent-groupid org.apache.commons Medium
Vendor Manifest implementation-build tags/LANG_3_3_2_RC1@r1585295; 2014-04-06 14:18:52+0200 Low
Vendor pom groupid apache.commons Highest
Vendor pom url http://commons.apache.org/proper/commons-lang/ Highest
Vendor file name commons-lang3 High
Product pom artifactid commons-lang3 Highest
Product Manifest specification-title Apache Commons Lang Medium
Product pom url http://commons.apache.org/proper/commons-lang/ Medium
Product Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low
Product pom name Apache Commons Lang High
Product manifest Bundle-Description Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low
Product central artifactid commons-lang3 Highest
Product pom description Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.
Low
Product Manifest bundle-symbolicname org.apache.commons.lang3 Medium
Product Manifest Bundle-Name Apache Commons Lang Medium
Product Manifest implementation-build tags/LANG_3_3_2_RC1@r1585295; 2014-04-06 14:18:52+0200 Low
Product Manifest Implementation-Title Apache Commons Lang High
Product pom groupid apache.commons Low
Product file name commons-lang3 High
Product pom parent-groupid org.apache.commons Low
Product pom parent-artifactid commons-parent Medium
Version file version 3.3.2 Highest
Version central version 3.3.2 Highest
Version pom version 3.3.2 Highest
Version Manifest Implementation-Version 3.3.2 High
dom4j-1.6.1.jar
Description: dom4j: the flexible XML framework for Java
File Path: /home/ciagent/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar
MD5: 4d8f51d3fe3900efc6e395be48030d6d
SHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor MetaStuff Ltd. High
Vendor pom artifactid dom4j Low
Vendor pom description dom4j: the flexible XML framework for Java Medium
Vendor central groupid org.zenframework.z8.dependencies.commons High
Vendor Manifest specification-vendor MetaStuff Ltd. Low
Vendor pom groupid dom4j Highest
Vendor pom organization name MetaStuff Ltd. High
Vendor pom organization url http://sourceforge.net/projects/dom4j Medium
Vendor pom url http://dom4j.org Highest
Vendor file name dom4j High
Vendor central groupid dom4j High
Vendor pom name dom4j High
Vendor Manifest extension-name dom4j Medium
Product pom organization name MetaStuff Ltd. Low
Product pom artifactid dom4j Highest
Product central artifactid dom4j High
Product pom description dom4j: the flexible XML framework for Java Medium
Product pom groupid dom4j Low
Product pom url http://dom4j.org Medium
Product file name dom4j High
Product pom organization url http://sourceforge.net/projects/dom4j Low
Product Manifest specification-title dom4j : XML framework for Java Medium
Product pom name dom4j High
Product Manifest extension-name dom4j Medium
Product central artifactid dom4j-1.6.1 High
Product Manifest Implementation-Title org.dom4j High
Version Manifest Implementation-Version 1.6.1 High
Version file version 1.6.1 Highest
Published Vulnerabilities
CVE-2018-1000632 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-91 XML Injection (aka Blind XPath Injection)
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
Vulnerable Software & Versions: (show all )
hibernate-jpa-2.0-api-1.0.1.Final.jar
Description:
Hibernate definition of the Java Persistence 2.0 (JSR 317) API.
License:
license.txt
File Path: /home/ciagent/.m2/repository/org/hibernate/javax/persistence/hibernate-jpa-2.0-api/1.0.1.Final/hibernate-jpa-2.0-api-1.0.1.Final.jar
MD5: d7e7d8f60fc44a127ba702d43e71abec
SHA1: 3306a165afa81938fc3d8a0948e891de9f6b192b
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor file name hibernate-jpa-2.0-api-1.0.1.Final High
Vendor pom groupid hibernate.javax.persistence Highest
Vendor pom organization name Hibernate.org High
Vendor pom artifactid hibernate-jpa-2.0-api Low
Vendor Manifest specification-vendor Sun Microsystems, Inc. Low
Vendor Manifest Implementation-Vendor hibernate.org High
Vendor central groupid org.hibernate.javax.persistence Highest
Vendor pom name JPA 2.0 API High
Vendor pom url http://hibernate.org Highest
Vendor pom groupid org.hibernate.javax.persistence Highest
Vendor pom organization url http://hibernate.org Medium
Vendor pom description
Hibernate definition of the Java Persistence 2.0 (JSR 317) API.
Medium
Product file name hibernate-jpa-2.0-api-1.0.1.Final High
Product Manifest specification-title Java Persistence API, Version 2.0 Medium
Product pom name JPA 2.0 API High
Product pom groupid hibernate.javax.persistence Low
Product central artifactid hibernate-jpa-2.0-api Highest
Product pom url http://hibernate.org Medium
Product pom description
Hibernate definition of the Java Persistence 2.0 (JSR 317) API.
Medium
Product pom artifactid hibernate-jpa-2.0-api Highest
Product pom organization name Hibernate.org Low
Product Manifest Implementation-Title JPA API High
Product pom organization url http://hibernate.org Low
Version central version 1.0.1.Final Highest
Version pom version 1.0.1.Final Highest
Version Manifest Implementation-Version 1.0.1.Final High
jboss-logging-annotations-1.2.0.Beta1.jar
File Path: /home/ciagent/.m2/repository/org/jboss/logging/jboss-logging-annotations/1.2.0.Beta1/jboss-logging-annotations-1.2.0.Beta1.jar
MD5: 938e552e319015a8863dd91284aada54
SHA1: 2f437f37bb265d9f8f1392823dbca12d2bec06d6
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor pom artifactid jboss-logging-annotations Low
Vendor pom parent-artifactid jboss-logging-tools-parent Low
Vendor Manifest specification-vendor JBoss by Red Hat Low
Vendor Manifest Implementation-Vendor-Id org.jboss.logging Medium
Vendor pom name JBoss Logging I18n Annotations High
Vendor Manifest implementation-url http://www.jboss.org/jboss-logging-tools-parent/jboss-logging-annotations Low
Vendor file name jboss-logging-annotations High
Vendor Manifest Implementation-Vendor JBoss by Red Hat High
Vendor central groupid org.jboss.logging Highest
Vendor Manifest os-name Linux Medium
Vendor pom parent-groupid org.jboss.logging Medium
Vendor pom groupid jboss.logging Highest
Vendor Manifest build-timestamp Tue, 18 Jun 2013 18:41:43 -0500 Low
Vendor pom groupid org.jboss.logging Highest
Product pom artifactid jboss-logging-annotations Highest
Product central artifactid jboss-logging-annotations Highest
Product pom name JBoss Logging I18n Annotations High
Product Manifest implementation-url http://www.jboss.org/jboss-logging-tools-parent/jboss-logging-annotations Low
Product pom parent-groupid org.jboss.logging Low
Product file name jboss-logging-annotations High
Product Manifest specification-title JBoss Logging I18n Annotations Medium
Product Manifest Implementation-Title JBoss Logging I18n Annotations High
Product Manifest os-name Linux Medium
Product pom groupid jboss.logging Low
Product Manifest build-timestamp Tue, 18 Jun 2013 18:41:43 -0500 Low
Product pom parent-artifactid jboss-logging-tools-parent Medium
Version pom version 1.2.0.Beta1 Highest
Version Manifest Implementation-Version 1.2.0.Beta1 High
Version central version 1.2.0.Beta1 Highest
hibernate-commons-annotations-4.0.5.Final.jar
Description: Common reflection code used in support of annotation processing
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/ciagent/.m2/repository/org/hibernate/common/hibernate-commons-annotations/4.0.5.Final/hibernate-commons-annotations-4.0.5.Final.jar
MD5: 5dadbafd7c7bc1168c10a2ba87e927a2
SHA1: 2a581b9edb8168e45060d8bad8b7f46712d2c52c
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom groupid hibernate.common Highest
Vendor pom organization name Hibernate.org High
Vendor central groupid org.hibernate.common Highest
Vendor pom groupid org.hibernate.common Highest
Vendor Manifest bundle-symbolicname org.hibernate.common.hibernate-commons-annotations Medium
Vendor pom artifactid hibernate-commons-annotations Low
Vendor pom name Hibernate Commons Annotations High
Vendor Manifest Implementation-Vendor Hibernate.org High
Vendor Manifest implementation-url http://hibernate.org Low
Vendor pom description Common reflection code used in support of annotation processing Medium
Vendor pom url http://hibernate.org Highest
Vendor pom organization url http://hibernate.org Medium
Vendor Manifest Implementation-Vendor-Id org.hibernate Medium
Vendor file name hibernate-commons-annotations High
Product Manifest bundle-symbolicname org.hibernate.common.hibernate-commons-annotations Medium
Product pom artifactid hibernate-commons-annotations Highest
Product pom name Hibernate Commons Annotations High
Product pom organization name Hibernate.org Low
Product pom organization url http://hibernate.org Low
Product Manifest implementation-url http://hibernate.org Low
Product pom description Common reflection code used in support of annotation processing Medium
Product central artifactid hibernate-commons-annotations Highest
Product pom url http://hibernate.org Medium
Product file name hibernate-commons-annotations High
Product Manifest Bundle-Name hibernate-commons-annotations Medium
Product pom groupid hibernate.common Low
Version file version 4.0.5 Highest
Version central version 4.0.5.Final Highest
Version Manifest Implementation-Version 4.0.5.Final High
Version pom version 4.0.5.Final Highest
hibernate-entitymanager-4.2.21.Final.jar
Description: A module of the Hibernate O/RM project
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/ciagent/.m2/repository/org/hibernate/hibernate-entitymanager/4.2.21.Final/hibernate-entitymanager-4.2.21.Final.jar
MD5: 2c1a3f1c7bb83b730ab3db1fe588904e
SHA1: a6675070b4c7bb843d74d6ab3bc9440fd315dbb3
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor manifest Bundle-Description Hibernate ORM JPA Entity Manager Medium
Vendor pom organization name Hibernate.org High
Vendor pom description A module of the Hibernate O/RM project Medium
Vendor pom groupid org.hibernate Highest
Vendor pom name A Hibernate O/RM Module High
Vendor Manifest Implementation-Vendor Hibernate.org High
Vendor pom artifactid hibernate-entitymanager Low
Vendor Manifest implementation-url http://hibernate.org Low
Vendor pom groupid hibernate Highest
Vendor pom url http://hibernate.org Highest
Vendor file name hibernate-entitymanager High
Vendor pom organization url http://hibernate.org Medium
Vendor Manifest bundle-symbolicname org.hibernate.entitymanager Medium
Vendor central groupid org.hibernate Highest
Vendor Manifest Implementation-Vendor-Id org.hibernate Medium
Product manifest Bundle-Description Hibernate ORM JPA Entity Manager Medium
Product pom description A module of the Hibernate O/RM project Medium
Product Manifest Bundle-Name hibernate-entitymanager Medium
Product pom artifactid hibernate-entitymanager Highest
Product pom name A Hibernate O/RM Module High
Product central artifactid hibernate-entitymanager Highest
Product pom organization name Hibernate.org Low
Product pom organization url http://hibernate.org Low
Product Manifest implementation-url http://hibernate.org Low
Product pom groupid hibernate Low
Product file name hibernate-entitymanager High
Product Manifest bundle-symbolicname org.hibernate.entitymanager Medium
Product pom url http://hibernate.org Medium
Version file version 4.2.21 Highest
Version Manifest Implementation-Version 4.2.21.Final High
Version pom version 4.2.21.Final Highest
Version central version 4.2.21.Final Highest
closure-compiler-externs-v20170910.jar
File Path: /home/ciagent/.m2/repository/com/google/javascript/closure-compiler-externs/v20170910/closure-compiler-externs-v20170910.jar
MD5: 573e49fb83760d25b675028eb612e2b2
SHA1: 036e801a929fcd121d212093923daf34986f5572
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid closure-compiler-parent Low
Vendor pom parent-groupid com.google.javascript Medium
Vendor central groupid com.google.javascript Highest
Vendor file name closure-compiler-externs-v20170910 High
Vendor pom artifactid closure-compiler-externs Low
Vendor pom name Closure Compiler Externs High
Vendor pom groupid google.javascript Highest
Vendor pom groupid com.google.javascript Highest
Product central artifactid closure-compiler-externs Highest
Product file name closure-compiler-externs-v20170910 High
Product pom groupid google.javascript Low
Product pom parent-artifactid closure-compiler-parent Medium
Product pom name Closure Compiler Externs High
Product pom artifactid closure-compiler-externs Highest
Product pom parent-groupid com.google.javascript Low
Version file version 20170910 Medium
Version file name closure-compiler-externs-v20170910 Medium
Version pom version v20170910 Highest
Version central version v20170910 Highest
args4j-2.33.jar
Description: args4j : Java command line arguments parser
License:
http://www.opensource.org/licenses/mit-license.php
File Path: /home/ciagent/.m2/repository/args4j/args4j/2.33/args4j-2.33.jar
MD5: 0a6d515f76b15d29e3cd529de9319739
SHA1: bd87a75374a6d6523de82fef51fc3cfe9baf9fc9
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor central groupid args4j Highest
Vendor Manifest bundle-symbolicname org.kohsuke.args4j Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Vendor pom name args4j High
Vendor pom artifactid args4j Low
Vendor file name args4j High
Vendor pom parent-artifactid args4j-site Low
Vendor manifest Bundle-Description args4j : Java command line arguments parser Medium
Vendor pom groupid args4j Highest
Vendor Manifest bundle-docurl http://www.kohsuke.org/ Low
Product Manifest bundle-symbolicname org.kohsuke.args4j Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Product pom parent-artifactid args4j-site Medium
Product pom name args4j High
Product Manifest Bundle-Name args4j Medium
Product pom artifactid args4j Highest
Product file name args4j High
Product pom groupid args4j Low
Product manifest Bundle-Description args4j : Java command line arguments parser Medium
Product central artifactid args4j Highest
Product Manifest bundle-docurl http://www.kohsuke.org/ Low
Version central version 2.33 Highest
Version file version 2.33 Highest
Version pom version 2.33 Highest
error_prone_annotations-2.0.18.jar
File Path: /home/ciagent/.m2/repository/com/google/errorprone/error_prone_annotations/2.0.18/error_prone_annotations-2.0.18.jar
MD5: 98051758c08c9b7111b3268655069432
SHA1: 5f65affce1684999e2f4024983835efc3504012e
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor central groupid com.google.errorprone Highest
Vendor pom groupid com.google.errorprone Highest
Vendor pom artifactid error_prone_annotations Low
Vendor pom name error-prone annotations High
Vendor pom groupid google.errorprone Highest
Vendor jar package name google Low
Vendor pom parent-artifactid error_prone_parent Low
Vendor jar package name errorprone Low
Vendor jar package name annotations Low
Vendor file name error_prone_annotations High
Vendor pom parent-groupid com.google.errorprone Medium
Product pom name error-prone annotations High
Product pom parent-groupid com.google.errorprone Low
Product pom groupid google.errorprone Low
Product pom artifactid error_prone_annotations Highest
Product jar package name errorprone Low
Product jar package name annotations Low
Product central artifactid error_prone_annotations Highest
Product file name error_prone_annotations High
Product pom parent-artifactid error_prone_parent Medium
Version pom version 2.0.18 Highest
Version file version 2.0.18 Highest
Version central version 2.0.18 Highest
jsinterop-annotations-1.0.0.jar
File Path: /home/ciagent/.m2/repository/com/google/jsinterop/jsinterop-annotations/1.0.0/jsinterop-annotations-1.0.0.jar
MD5: 93302e3d0cc146097ecd08039dc1de52
SHA1: 23c3a3c060ffe4817e67673cc8294e154b0a4a95
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom artifactid jsinterop-annotations Low
Vendor pom parent-groupid com.google.jsinterop Medium
Vendor pom parent-artifactid jsinterop Low
Vendor central groupid com.google.jsinterop Highest
Vendor jar package name annotations Low
Vendor pom groupid com.google.jsinterop Highest
Vendor file name jsinterop-annotations High
Vendor pom groupid google.jsinterop Highest
Vendor jar package name jsinterop Low
Product central artifactid jsinterop-annotations Highest
Product pom groupid google.jsinterop Low
Product jar package name annotations Low
Product pom parent-groupid com.google.jsinterop Low
Product pom artifactid jsinterop-annotations Highest
Product file name jsinterop-annotations High
Product pom parent-artifactid jsinterop Medium
Version pom version 1.0.0 Highest
Version central version 1.0.0 Highest
Version file version 1.0.0 Highest
closure-compiler-v20170910.jar
File Path: /home/ciagent/.m2/repository/com/google/javascript/closure-compiler/v20170910/closure-compiler-v20170910.jar
MD5: ca8e9f88ba9aad9c5e2c0f8f937fe869
SHA1: 3b87499e9ed3f068e69889182ab95cff92de0932
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor file name closure-compiler-v20170910 High
Vendor jar package name google Low
Vendor central groupid com.google.javascript Highest
Vendor jar package name javascript Low
Vendor pom groupid com.google.javascript Highest
Product file name closure-compiler-v20170910 High
Product central artifactid closure-compiler Highest
Product jar package name javascript Low
Product pom artifactid closure-compiler Highest
Version file version 20170910 Medium
Version file name closure-compiler-v20170910 Medium
Version pom version v20170910 Highest
Version central version v20170910 Highest
groovy-all-2.4.12.jar
Description: Groovy: A powerful, dynamic language for the JVM
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/codehaus/groovy/groovy-all/2.4.12/groovy-all-2.4.12.jar
MD5: dddb0b3d3619875fa1c538c743ae8f99
SHA1: 760afc568cbd94c09d78f801ce51aed1326710af
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom name Apache Groovy High
Vendor pom organization name Apache Software Foundation High
Vendor pom artifactid groovy-all Low
Vendor central groupid org.codehaus.groovy Highest
Vendor file name groovy-all High
Vendor pom description Groovy: A powerful, dynamic language for the JVM Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor manifest Bundle-Description Groovy Runtime Medium
Vendor pom organization url http://groovy-lang.org Medium
Vendor pom groupid codehaus.groovy Highest
Vendor pom groupid org.codehaus.groovy Highest
Vendor Manifest originally-created-by 1.8.0_131-b11 (Oracle Corporation) Low
Vendor Manifest bundle-symbolicname groovy-all Medium
Vendor pom url http://groovy-lang.org Highest
Vendor Manifest extension-name groovy Medium
Product pom name Apache Groovy High
Product pom organization url http://groovy-lang.org Low
Product Manifest Bundle-Name Groovy Runtime Medium
Product file name groovy-all High
Product pom description Groovy: A powerful, dynamic language for the JVM Medium
Product Manifest specification-title Groovy: a powerful, dynamic language for the JVM Medium
Product manifest Bundle-Description Groovy Runtime Medium
Product pom groupid codehaus.groovy Low
Product pom url http://groovy-lang.org Medium
Product Manifest Implementation-Title Groovy: a powerful, dynamic language for the JVM High
Product Manifest originally-created-by 1.8.0_131-b11 (Oracle Corporation) Low
Product Manifest bundle-symbolicname groovy-all Medium
Product central artifactid groovy-all Highest
Product pom artifactid groovy-all Highest
Product Manifest extension-name groovy Medium
Product pom organization name Apache Software Foundation Low
Version file version 2.4.12 Highest
Version central version 2.4.12 Highest
Version Manifest Implementation-Version 2.4.12 High
Version pom version 2.4.12 Highest
commons-webui-component-6.0.x-SNAPSHOT.jar
File Path: /srv/ciagent/workspace/PLF/commons-develop-site/sources/commons-webui-component/target/commons-webui-component-6.0.x-SNAPSHOT.jar
MD5: 9e0d0437a8acee56ed47ea2c9982feaf
SHA1: da7b7976a134da2c2edcac5edde9b71f0e1f2826
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor-Id org.exoplatform.commons Medium
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor pom artifactid commons-webui-component Low
Vendor pom name eXo PLF:: Commons - Commons WebUI High
Vendor Manifest date 2019-10-13T07:16:26Z Low
Vendor Manifest implementation-url https://projects.exoplatform.org/commons/commons-webui-component Low
Vendor pom parent-groupid org.exoplatform.commons Medium
Vendor file name commons-webui-component High
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom groupid exoplatform.commons Highest
Vendor pom groupid org.exoplatform.commons Highest
Vendor pom parent-artifactid commons Low
Product pom artifactid commons-webui-component Highest
Product Manifest Implementation-Title eXo PLF:: Commons - Commons WebUI High
Product pom name eXo PLF:: Commons - Commons WebUI High
Product file name commons-webui-component High
Product Manifest date 2019-10-13T07:16:26Z Low
Product pom parent-artifactid commons Medium
Product Manifest specification-title eXo PLF:: Commons - Commons WebUI Medium
Product Manifest implementation-url https://projects.exoplatform.org/commons/commons-webui-component Low
Product pom groupid exoplatform.commons Low
Product pom parent-groupid org.exoplatform.commons Low
Version pom version 6.0.x-SNAPSHOT Highest
Version file version 6.0 Highest
Version Manifest Implementation-Version 6.0.x-SNAPSHOT High
maven: org.exoplatform.commons:commons-webui-component:6.0.x-SNAPSHOT
Confidence :High
commons-api-6.0.x-SNAPSHOT.jar
File Path: /srv/ciagent/workspace/PLF/commons-develop-site/sources/commons-api/target/commons-api-6.0.x-SNAPSHOT.jar
MD5: 332b87dddaf0be269662405ecc51a34d
SHA1: a549807a3bf40b0c82c8fd19d03c14a76dab3dd4
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor-Id org.exoplatform.commons Medium
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor file name commons-api High
Vendor Manifest date 2019-10-13T07:16:26Z Low
Vendor pom parent-groupid org.exoplatform.commons Medium
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom groupid exoplatform.commons Highest
Vendor pom groupid org.exoplatform.commons Highest
Vendor Manifest implementation-url https://projects.exoplatform.org/commons/commons-api Low
Vendor pom name eXo PLF:: Commons - API High
Vendor pom artifactid commons-api Low
Vendor pom parent-artifactid commons Low
Product pom artifactid commons-api Highest
Product file name commons-api High
Product Manifest date 2019-10-13T07:16:26Z Low
Product Manifest Implementation-Title eXo PLF:: Commons - API High
Product pom parent-artifactid commons Medium
Product Manifest specification-title eXo PLF:: Commons - API Medium
Product pom groupid exoplatform.commons Low
Product pom parent-groupid org.exoplatform.commons Low
Product Manifest implementation-url https://projects.exoplatform.org/commons/commons-api Low
Product pom name eXo PLF:: Commons - API High
Version pom version 6.0.x-SNAPSHOT Highest
Version file version 6.0 Highest
Version Manifest Implementation-Version 6.0.x-SNAPSHOT High
maven: org.exoplatform.commons:commons-api:6.0.x-SNAPSHOT
Confidence :High
bayeux-api-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/bayeux-api/3.0.8/bayeux-api-3.0.8.jar
MD5: a09842b7f274cefffa408299b5fc8dd0
SHA1: d5aceb0e7fef4a140f7e95be48338b97723d3163
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.cometd.java Medium
Vendor pom artifactid bayeux-api Low
Vendor pom parent-artifactid cometd-java Low
Vendor manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Vendor pom groupid cometd.java Highest
Vendor Manifest bundle-symbolicname bayeux-api Medium
Vendor central groupid org.cometd.java Highest
Vendor pom groupid org.cometd.java Highest
Vendor Manifest bundle-contactaddress http://cometd.org/cometd-java/bayeux-api Low
Vendor Manifest bundle-docurl http://docs.cometd.org Low
Vendor file name bayeux-api High
Vendor pom name CometD :: Bayeux API High
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product pom parent-artifactid cometd-java Medium
Product Manifest Bundle-Name CometD :: Bayeux API Medium
Product manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Product pom artifactid bayeux-api Highest
Product Manifest bundle-symbolicname bayeux-api Medium
Product pom parent-groupid org.cometd.java Low
Product central artifactid bayeux-api Highest
Product Manifest bundle-contactaddress http://cometd.org/cometd-java/bayeux-api Low
Product pom groupid cometd.java Low
Product Manifest bundle-docurl http://docs.cometd.org Low
Product file name bayeux-api High
Product pom name CometD :: Bayeux API High
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Version pom version 3.0.8 Highest
Version central version 3.0.8 Highest
Version file version 3.0.8 Highest
cometd-java-common-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-common/3.0.8/cometd-java-common-3.0.8.jar
MD5: 70c7cc13ecc20634a6b357e33134d551
SHA1: 5e2134a1b3bc6e03b7e1666a74e9993d0bb52a7d
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-common Low
Vendor file name cometd-java-common High
Vendor pom parent-groupid org.cometd.java Medium
Vendor pom parent-artifactid cometd-java Low
Vendor pom name CometD :: Java :: Bayeux Common High
Vendor manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Vendor pom groupid cometd.java Highest
Vendor Manifest bundle-symbolicname cometd-java-common Medium
Vendor pom artifactid cometd-java-common Low
Vendor central groupid org.cometd.java Highest
Vendor pom groupid org.cometd.java Highest
Vendor Manifest bundle-docurl http://docs.cometd.org Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product pom parent-artifactid cometd-java Medium
Product Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-common Low
Product file name cometd-java-common High
Product pom name CometD :: Java :: Bayeux Common High
Product manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Product central artifactid cometd-java-common Highest
Product Manifest bundle-symbolicname cometd-java-common Medium
Product pom parent-groupid org.cometd.java Low
Product pom artifactid cometd-java-common Highest
Product Manifest Bundle-Name CometD :: Java :: Bayeux Common Medium
Product pom groupid cometd.java Low
Product Manifest bundle-docurl http://docs.cometd.org Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Version pom version 3.0.8 Highest
Version central version 3.0.8 Highest
Version file version 3.0.8 Highest
cometd-java-websocket-javax-server-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-websocket-javax-server/3.0.8/cometd-java-websocket-javax-server-3.0.8.jar
MD5: afa5e80138d48292a6f93b708257d2fc
SHA1: 353860f809886a58c181dd9e273ee7b79e133277
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-websocket/cometd-java-websocket-javax-server Low
Vendor pom name CometD :: Java :: WebSocket :: JSR 356 Server High
Vendor pom parent-groupid org.cometd.java Medium
Vendor manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Vendor Manifest bundle-symbolicname cometd-java-websocket-javax-server Medium
Vendor pom groupid cometd.java Highest
Vendor central groupid org.cometd.java Highest
Vendor pom groupid org.cometd.java Highest
Vendor pom artifactid cometd-java-websocket-javax-server Low
Vendor pom parent-artifactid cometd-java-websocket Low
Vendor Manifest bundle-docurl http://docs.cometd.org Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor file name cometd-java-websocket-javax-server High
Product Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-websocket/cometd-java-websocket-javax-server Low
Product pom name CometD :: Java :: WebSocket :: JSR 356 Server High
Product central artifactid cometd-java-websocket-javax-server Highest
Product pom artifactid cometd-java-websocket-javax-server Highest
Product manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Product Manifest bundle-symbolicname cometd-java-websocket-javax-server Medium
Product pom parent-artifactid cometd-java-websocket Medium
Product pom parent-groupid org.cometd.java Low
Product Manifest Bundle-Name CometD :: Java :: WebSocket :: JSR 356 Server Medium
Product pom groupid cometd.java Low
Product Manifest bundle-docurl http://docs.cometd.org Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product file name cometd-java-websocket-javax-server High
Version pom version 3.0.8 Highest
Version central version 3.0.8 Highest
Version file version 3.0.8 Highest
cometd-java-websocket-common-server-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-websocket-common-server/3.0.8/cometd-java-websocket-common-server-3.0.8.jar
MD5: 5772b2360cec4ff610e62151fb4deb62
SHA1: 61538a1231b700bf045fa197514f63509960985e
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-symbolicname cometd-java-websocket-common-server Medium
Vendor Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-websocket/cometd-java-websocket-common-server Low
Vendor pom name CometD :: Java :: WebSocket :: Common Server High
Vendor pom artifactid cometd-java-websocket-common-server Low
Vendor pom parent-groupid org.cometd.java Medium
Vendor manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Vendor pom groupid cometd.java Highest
Vendor central groupid org.cometd.java Highest
Vendor pom groupid org.cometd.java Highest
Vendor pom parent-artifactid cometd-java-websocket Low
Vendor Manifest bundle-docurl http://docs.cometd.org Low
Vendor file name cometd-java-websocket-common-server High
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product Manifest bundle-symbolicname cometd-java-websocket-common-server Medium
Product Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-websocket/cometd-java-websocket-common-server Low
Product pom name CometD :: Java :: WebSocket :: Common Server High
Product central artifactid cometd-java-websocket-common-server Highest
Product manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Product pom parent-artifactid cometd-java-websocket Medium
Product pom artifactid cometd-java-websocket-common-server Highest
Product pom parent-groupid org.cometd.java Low
Product pom groupid cometd.java Low
Product Manifest Bundle-Name CometD :: Java :: WebSocket :: Common Server Medium
Product Manifest bundle-docurl http://docs.cometd.org Low
Product file name cometd-java-websocket-common-server High
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Version pom version 3.0.8 Highest
Version central version 3.0.8 Highest
Version file version 3.0.8 Highest
cometd-java-annotations-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-annotations/3.0.8/cometd-java-annotations-3.0.8.jar
MD5: 98b60697675562cf957655c3239a1ad3
SHA1: 5b56875b2ac024b5666633596abb90702ec35e81
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.cometd.java Medium
Vendor pom parent-artifactid cometd-java Low
Vendor pom name CometD :: Java :: Annotations High
Vendor manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Vendor Manifest bundle-symbolicname cometd-java-annotations Medium
Vendor pom groupid cometd.java Highest
Vendor Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-annotations Low
Vendor central groupid org.cometd.java Highest
Vendor pom groupid org.cometd.java Highest
Vendor pom artifactid cometd-java-annotations Low
Vendor Manifest bundle-docurl http://docs.cometd.org Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor file name cometd-java-annotations High
Product pom parent-artifactid cometd-java Medium
Product central artifactid cometd-java-annotations Highest
Product pom name CometD :: Java :: Annotations High
Product pom artifactid cometd-java-annotations Highest
Product manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Product Manifest bundle-symbolicname cometd-java-annotations Medium
Product Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-annotations Low
Product pom parent-groupid org.cometd.java Low
Product pom groupid cometd.java Low
Product Manifest bundle-docurl http://docs.cometd.org Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product Manifest Bundle-Name CometD :: Java :: Annotations Medium
Product file name cometd-java-annotations High
Version pom version 3.0.8 Highest
Version central version 3.0.8 Highest
Version file version 3.0.8 Highest
jetty-io-9.2.14.v20151106.jar
Description: Administrative parent pom for Jetty modules
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: /home/ciagent/.m2/repository/org/eclipse/jetty/jetty-io/9.2.14.v20151106/jetty-io-9.2.14.v20151106.jar
MD5: 94d0e857144c7615b6fd65019cd32b59
SHA1: dfa4137371a3f08769820138ca1a2184dacda267
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.eclipse.jetty Medium
Vendor file name jetty-io High
Vendor pom groupid eclipse.jetty Highest
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low
Vendor Manifest bundle-copyright Copyright (c) 2008-2014 Mort Bay Consulting Pty. Ltd. Low
Vendor pom url http://www.eclipse.org/jetty Highest
Vendor manifest Bundle-Description Administrative parent pom for Jetty modules Medium
Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low
Vendor pom name Jetty :: IO Utility High
Vendor Manifest url http://www.eclipse.org/jetty Low
Vendor Manifest bundle-symbolicname org.eclipse.jetty.io Medium
Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High
Vendor pom artifactid jetty-io Low
Vendor pom groupid org.eclipse.jetty Highest
Vendor pom parent-artifactid jetty-project Low
Vendor central groupid org.eclipse.jetty Highest
Product pom groupid eclipse.jetty Low
Product file name jetty-io High
Product Manifest Bundle-Name Jetty :: IO Utility Medium
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low
Product Manifest bundle-copyright Copyright (c) 2008-2014 Mort Bay Consulting Pty. Ltd. Low
Product pom url http://www.eclipse.org/jetty Medium
Product pom parent-groupid org.eclipse.jetty Low
Product manifest Bundle-Description Administrative parent pom for Jetty modules Medium
Product pom artifactid jetty-io Highest
Product Manifest bundle-docurl http://www.eclipse.org/jetty Low
Product pom name Jetty :: IO Utility High
Product Manifest url http://www.eclipse.org/jetty Low
Product pom parent-artifactid jetty-project Medium
Product Manifest bundle-symbolicname org.eclipse.jetty.io Medium
Product central artifactid jetty-io Highest
Version pom version 9.2.14.v20151106 Highest
Version Manifest Implementation-Version 9.2.14.v20151106 High
Version file version 9.2.14.v20151106 Highest
Version central version 9.2.14.v20151106 Highest
cometd-java-client-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-client/3.0.8/cometd-java-client-3.0.8.jar
MD5: 24f1367fb4d96fe70a3f07a1f48e447e
SHA1: 826d4ae9402e7c48cc98fe287389788134e4986f
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom artifactid cometd-java-client Low
Vendor Manifest bundle-symbolicname cometd-java-client Medium
Vendor pom parent-groupid org.cometd.java Medium
Vendor pom parent-artifactid cometd-java Low
Vendor manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Vendor Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-client Low
Vendor pom groupid cometd.java Highest
Vendor central groupid org.cometd.java Highest
Vendor pom groupid org.cometd.java Highest
Vendor file name cometd-java-client High
Vendor Manifest bundle-docurl http://docs.cometd.org Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor pom name CometD :: Java :: Bayeux Client High
Product pom parent-artifactid cometd-java Medium
Product Manifest bundle-symbolicname cometd-java-client Medium
Product Manifest Bundle-Name CometD :: Java :: Bayeux Client Medium
Product pom artifactid cometd-java-client Highest
Product manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Product Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-client Low
Product pom parent-groupid org.cometd.java Low
Product file name cometd-java-client High
Product pom groupid cometd.java Low
Product central artifactid cometd-java-client Highest
Product Manifest bundle-docurl http://docs.cometd.org Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product pom name CometD :: Java :: Bayeux Client High
Version pom version 3.0.8 Highest
Version central version 3.0.8 Highest
Version file version 3.0.8 Highest
cometd-java-websocket-common-client-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-websocket-common-client/3.0.8/cometd-java-websocket-common-client-3.0.8.jar
MD5: c17616c290c54ffc4a70dda2b901919a
SHA1: 8b75f11de5bba306d0bcb20a6c1bed89675579cd
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor file name cometd-java-websocket-common-client High
Vendor Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-websocket/cometd-java-websocket-common-client Low
Vendor pom parent-groupid org.cometd.java Medium
Vendor manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Vendor pom groupid cometd.java Highest
Vendor Manifest bundle-symbolicname cometd-java-websocket-common-client Medium
Vendor pom artifactid cometd-java-websocket-common-client Low
Vendor central groupid org.cometd.java Highest
Vendor pom groupid org.cometd.java Highest
Vendor pom parent-artifactid cometd-java-websocket Low
Vendor Manifest bundle-docurl http://docs.cometd.org Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor pom name CometD :: Java :: WebSocket :: Common Client High
Product file name cometd-java-websocket-common-client High
Product Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-websocket/cometd-java-websocket-common-client Low
Product manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Product pom parent-artifactid cometd-java-websocket Medium
Product Manifest bundle-symbolicname cometd-java-websocket-common-client Medium
Product pom parent-groupid org.cometd.java Low
Product pom artifactid cometd-java-websocket-common-client Highest
Product Manifest Bundle-Name CometD :: Java :: WebSocket :: Common Client Medium
Product pom groupid cometd.java Low
Product Manifest bundle-docurl http://docs.cometd.org Low
Product central artifactid cometd-java-websocket-common-client Highest
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product pom name CometD :: Java :: WebSocket :: Common Client High
Version pom version 3.0.8 Highest
Version central version 3.0.8 Highest
Version file version 3.0.8 Highest
cometd-java-websocket-javax-client-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-websocket-javax-client/3.0.8/cometd-java-websocket-javax-client-3.0.8.jar
MD5: 433dd449f689697bbe1a75b0ed2788f8
SHA1: b44bcf098667f0112301d75f73adb5ba3295699d
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.cometd.java Medium
Vendor manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Vendor pom groupid cometd.java Highest
Vendor central groupid org.cometd.java Highest
Vendor pom groupid org.cometd.java Highest
Vendor pom parent-artifactid cometd-java-websocket Low
Vendor pom name CometD :: Java :: WebSocket :: JSR 356 Client High
Vendor Manifest bundle-symbolicname cometd-java-websocket-javax-client Medium
Vendor Manifest bundle-docurl http://docs.cometd.org Low
Vendor pom artifactid cometd-java-websocket-javax-client Low
Vendor file name cometd-java-websocket-javax-client High
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-websocket/cometd-java-websocket-javax-client Low
Product manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Product pom parent-artifactid cometd-java-websocket Medium
Product pom artifactid cometd-java-websocket-javax-client Highest
Product pom parent-groupid org.cometd.java Low
Product central artifactid cometd-java-websocket-javax-client Highest
Product pom name CometD :: Java :: WebSocket :: JSR 356 Client High
Product pom groupid cometd.java Low
Product Manifest bundle-symbolicname cometd-java-websocket-javax-client Medium
Product Manifest bundle-docurl http://docs.cometd.org Low
Product Manifest Bundle-Name CometD :: Java :: WebSocket :: JSR 356 Client Medium
Product file name cometd-java-websocket-javax-client High
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-websocket/cometd-java-websocket-javax-client Low
Version pom version 3.0.8 Highest
Version central version 3.0.8 Highest
Version file version 3.0.8 Highest
cometd-java-oort-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-oort/3.0.8/cometd-java-oort-3.0.8.jar
MD5: 62dbbecedab27927495fc9c9e0b70505
SHA1: a72695546e010c250ba65519fc91867b208fc8f9
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-oort Low
Vendor file name cometd-java-oort High
Vendor pom parent-groupid org.cometd.java Medium
Vendor pom parent-artifactid cometd-java Low
Vendor manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Vendor pom groupid cometd.java Highest
Vendor central groupid org.cometd.java Highest
Vendor pom groupid org.cometd.java Highest
Vendor Manifest bundle-docurl http://docs.cometd.org Low
Vendor pom name CometD :: Java :: Oort High
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor pom artifactid cometd-java-oort Low
Vendor Manifest bundle-symbolicname cometd-java-oort Medium
Product pom parent-artifactid cometd-java Medium
Product Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-oort Low
Product file name cometd-java-oort High
Product manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Product pom artifactid cometd-java-oort Highest
Product pom parent-groupid org.cometd.java Low
Product pom groupid cometd.java Low
Product Manifest bundle-docurl http://docs.cometd.org Low
Product pom name CometD :: Java :: Oort High
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product Manifest Bundle-Name CometD :: Java :: Oort Medium
Product central artifactid cometd-java-oort Highest
Product Manifest bundle-symbolicname cometd-java-oort Medium
Version pom version 3.0.8 Highest
Version central version 3.0.8 Highest
Version file version 3.0.8 Highest
jetty-jmx-9.2.14.v20151106.jar
Description: JMX management artifact for jetty.
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: /home/ciagent/.m2/repository/org/eclipse/jetty/jetty-jmx/9.2.14.v20151106/jetty-jmx-9.2.14.v20151106.jar
MD5: 5eccc25d22921cb4787812d0687a2978
SHA1: 617edc5e966b4149737811ef8b289cd94b831bab
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor file name jetty-jmx High
Vendor pom parent-groupid org.eclipse.jetty Medium
Vendor manifest Bundle-Description JMX management artifact for jetty. Medium
Vendor pom groupid eclipse.jetty Highest
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low
Vendor Manifest bundle-copyright Copyright (c) 2008-2014 Mort Bay Consulting Pty. Ltd. Low
Vendor pom url http://www.eclipse.org/jetty Highest
Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low
Vendor Manifest url http://www.eclipse.org/jetty Low
Vendor pom description JMX management artifact for jetty. Medium
Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High
Vendor pom artifactid jetty-jmx Low
Vendor pom name Jetty :: JMX Management High
Vendor pom groupid org.eclipse.jetty Highest
Vendor pom parent-artifactid jetty-project Low
Vendor Manifest bundle-symbolicname org.eclipse.jetty.jmx Medium
Vendor central groupid org.eclipse.jetty Highest
Product file name jetty-jmx High
Product pom groupid eclipse.jetty Low
Product manifest Bundle-Description JMX management artifact for jetty. Medium
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low
Product Manifest Bundle-Name Jetty :: JMX Management Medium
Product Manifest bundle-copyright Copyright (c) 2008-2014 Mort Bay Consulting Pty. Ltd. Low
Product pom url http://www.eclipse.org/jetty Medium
Product pom parent-groupid org.eclipse.jetty Low
Product Manifest bundle-docurl http://www.eclipse.org/jetty Low
Product pom artifactid jetty-jmx Highest
Product Manifest url http://www.eclipse.org/jetty Low
Product pom parent-artifactid jetty-project Medium
Product pom description JMX management artifact for jetty. Medium
Product central artifactid jetty-jmx Highest
Product pom name Jetty :: JMX Management High
Product Manifest bundle-symbolicname org.eclipse.jetty.jmx Medium
Version pom version 9.2.14.v20151106 Highest
Version Manifest Implementation-Version 9.2.14.v20151106 High
Version file version 9.2.14.v20151106 Highest
Version central version 9.2.14.v20151106 Highest
Related Dependencies
jetty-http-9.2.14.v20151106.jar
File Path: /home/ciagent/.m2/repository/org/eclipse/jetty/jetty-http/9.2.14.v20151106/jetty-http-9.2.14.v20151106.jar
SHA1: 699ad1f2fa6fb0717e1b308a8c9e1b8c69d81ef6
MD5: 2e42ff59b2a5e8525f0fa1b55351d161
maven: org.eclipse.jetty:jetty-http:9.2.14.v20151106 ✓
jetty-util-9.2.14.v20151106.jar
File Path: /home/ciagent/.m2/repository/org/eclipse/jetty/jetty-util/9.2.14.v20151106/jetty-util-9.2.14.v20151106.jar
SHA1: 0057e00b912ae0c35859ac81594a996007706a0b
MD5: 15eae2dc1689fa8c72652b156d2619d3
maven: org.eclipse.jetty:jetty-util:9.2.14.v20151106 ✓
jetty-util-ajax-9.2.14.v20151106.jar
File Path: /home/ciagent/.m2/repository/org/eclipse/jetty/jetty-util-ajax/9.2.14.v20151106/jetty-util-ajax-9.2.14.v20151106.jar
SHA1: 13470555681de54a10cfed3ab15b1554765d1171
MD5: 1623fc2d77b1bd864a2416e2da15cd9b
maven: org.eclipse.jetty:jetty-util-ajax:9.2.14.v20151106 ✓
jetty-client-9.2.14.v20151106.jar
File Path: /home/ciagent/.m2/repository/org/eclipse/jetty/jetty-client/9.2.14.v20151106/jetty-client-9.2.14.v20151106.jar
SHA1: d02985c3a5bd974dacbb4c3d7cf71169135a8e7a
MD5: c400f74ab61fc17fafd19144b548bede
maven: org.eclipse.jetty:jetty-client:9.2.14.v20151106 ✓
Published Vulnerabilities
CVE-2017-7656 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.
Vulnerable Software & Versions: (show all )
CVE-2017-7657 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-190 Integer Overflow or Wraparound
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.
Vulnerable Software & Versions: (show all )
CVE-2017-7658 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.
Vulnerable Software & Versions: (show all )
CVE-2017-9735 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Vulnerable Software & Versions:
cometd-java-server-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.html
File Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-server/3.0.8/cometd-java-server-3.0.8.jar
MD5: c55eb617762fad72683da9de856e008c
SHA1: 11d535c657bdb491abc2ccd820118f9d6a8f44e0
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor file name cometd-java-server High
Vendor Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-server Low
Vendor pom parent-groupid org.cometd.java Medium
Vendor pom parent-artifactid cometd-java Low
Vendor manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Vendor pom groupid cometd.java Highest
Vendor central groupid org.cometd.java Highest
Vendor pom groupid org.cometd.java Highest
Vendor pom artifactid cometd-java-server Low
Vendor Manifest bundle-symbolicname cometd-java-server Medium
Vendor Manifest bundle-docurl http://docs.cometd.org Low
Vendor pom name CometD :: Java :: Bayeux Server High
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product pom parent-artifactid cometd-java Medium
Product file name cometd-java-server High
Product Manifest bundle-contactaddress http://cometd.org/cometd-java/cometd-java-server Low
Product manifest Bundle-Description The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques Low
Product pom parent-groupid org.cometd.java Low
Product pom artifactid cometd-java-server Highest
Product central artifactid cometd-java-server Highest
Product Manifest bundle-symbolicname cometd-java-server Medium
Product pom groupid cometd.java Low
Product Manifest bundle-docurl http://docs.cometd.org Low
Product pom name CometD :: Java :: Bayeux Server High
Product Manifest Bundle-Name CometD :: Java :: Bayeux Server Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Version pom version 3.0.8 Highest
Version central version 3.0.8 Highest
Version file version 3.0.8 Highest
commons-comet-service-6.0.x-SNAPSHOT.jar
File Path: /srv/ciagent/workspace/PLF/commons-develop-site/sources/commons-comet-service/target/commons-comet-service-6.0.x-SNAPSHOT.jar
MD5: ef3d8aced89226dd3b3c62aa52f5c0b4
SHA1: dd9011b1b664bffc7beea124f959ff0b0130a03f
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor-Id org.exoplatform.commons Medium
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor file name commons-comet-service High
Vendor Manifest date 2019-10-13T07:16:26Z Low
Vendor Manifest implementation-url https://projects.exoplatform.org/commons/commons-comet-service Low
Vendor pom artifactid commons-comet-service Low
Vendor pom parent-groupid org.exoplatform.commons Medium
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom groupid exoplatform.commons Highest
Vendor pom groupid org.exoplatform.commons Highest
Vendor pom name eXo PLF:: Commons - Comet Services High
Vendor pom parent-artifactid commons Low
Product Manifest implementation-url https://projects.exoplatform.org/commons/commons-comet-service Low
Product Manifest specification-title eXo PLF:: Commons - Comet Services Medium
Product pom artifactid commons-comet-service Highest
Product file name commons-comet-service High
Product Manifest date 2019-10-13T07:16:26Z Low
Product pom parent-artifactid commons Medium
Product Manifest Implementation-Title eXo PLF:: Commons - Comet Services High
Product pom groupid exoplatform.commons Low
Product pom parent-groupid org.exoplatform.commons Low
Product pom name eXo PLF:: Commons - Comet Services High
Version pom version 6.0.x-SNAPSHOT Highest
Version file version 6.0 Highest
Version Manifest Implementation-Version 6.0.x-SNAPSHOT High
maven: org.exoplatform.commons:commons-comet-service:6.0.x-SNAPSHOT
Confidence :High
exo.kernel.component.cache-6.0.x-SNAPSHOT.jar
Description: Implementation of Cache Service of Exoplatform SAS 'eXo Kernel' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.component.cache/6.0.x-SNAPSHOT/exo.kernel.component.cache-6.0.x-SNAPSHOT.jar
MD5: 8b0d5bca7bccac22c8b49202e3af31d4
SHA1: fc7fd420984fb3a4f426029ce1353149fab42d35
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom groupid org.exoplatform.kernel Highest
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor pom description Implementation of Cache Service of Exoplatform SAS 'eXo Kernel' project. Medium
Vendor pom parent-groupid org.exoplatform.kernel Medium
Vendor pom artifactid exo.kernel.component.cache Low
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom parent-artifactid kernel-parent Low
Vendor pom name eXo PLF:: Kernel :: Component :: Cache Service High
Vendor file name exo.kernel.component.cache High
Vendor Manifest Implementation-Vendor-Id org.exoplatform.kernel Medium
Vendor pom groupid exoplatform.kernel Highest
Product pom groupid exoplatform.kernel Low
Product Manifest Implementation-Title eXo PLF:: Kernel :: Component :: Cache Service High
Product pom parent-artifactid kernel-parent Medium
Product pom description Implementation of Cache Service of Exoplatform SAS 'eXo Kernel' project. Medium
Product Manifest specification-title exo-kernel Medium
Product pom artifactid exo.kernel.component.cache Highest
Product pom parent-groupid org.exoplatform.kernel Low
Product pom name eXo PLF:: Kernel :: Component :: Cache Service High
Product file name exo.kernel.component.cache High
Version pom version 6.0.x-20191006.135353-6 Highest
Version pom version 6.0.x-SNAPSHOT Highest
Version file version 6.0 Highest
Version Manifest Implementation-Version 6.0.x-SNAPSHOT High
maven: org.exoplatform.kernel:exo.kernel.component.cache:6.0.x-SNAPSHOT
Confidence :High
exo.core.component.security.core-6.0.x-SNAPSHOT.jar
Description: Implementation of 'eXo Security' component of Exoplatform SAS 'eXo Core' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.security.core/6.0.x-SNAPSHOT/exo.core.component.security.core-6.0.x-SNAPSHOT.jar
MD5: ed9e42743794ca109fb30bfe6543b076
SHA1: 1a774aae09ac563ecf77c7c78153a60c9c8e6bd0
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom description Implementation of 'eXo Security' component of Exoplatform SAS 'eXo Core' project. Medium
Vendor Manifest Implementation-Vendor-Id org.exoplatform.core Medium
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor pom name eXo PLF Core :: Component :: Security Service High
Vendor pom parent-groupid org.exoplatform.core Medium
Vendor file name exo.core.component.security.core High
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom groupid exoplatform.core Highest
Vendor pom artifactid exo.core.component.security.core Low
Vendor pom groupid org.exoplatform.core Highest
Vendor pom parent-artifactid core-parent Low
Product pom description Implementation of 'eXo Security' component of Exoplatform SAS 'eXo Core' project. Medium
Product Manifest specification-title exo-core Medium
Product pom name eXo PLF Core :: Component :: Security Service High
Product pom artifactid exo.core.component.security.core Highest
Product pom parent-artifactid core-parent Medium
Product file name exo.core.component.security.core High
Product pom groupid exoplatform.core Low
Product pom parent-groupid org.exoplatform.core Low
Product Manifest Implementation-Title eXo PLF Core :: Component :: Security Service High
Version file version 6.0 Highest
Version Manifest Implementation-Version 6.0.x-SNAPSHOT High
maven: org.exoplatform.core:exo.core.component.security.core:6.0.x-SNAPSHOT
Confidence :High
antlr-2.7.7.jar
Description:
A framework for constructing recognizers, compilers,
and translators from grammatical descriptions containing
Java, C#, C++, or Python actions.
License:
BSD License: http://www.antlr.org/license.html
File Path: /home/ciagent/.m2/repository/antlr/antlr/2.7.7/antlr-2.7.7.jar
MD5: f8f1352c52a4c6a500b597596501fc64
SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor jar package name antlr Low
Vendor central groupid antlr Highest
Vendor file name antlr High
Vendor pom description A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions. Low
Vendor pom groupid antlr Highest
Vendor pom artifactid antlr Low
Vendor pom name AntLR Parser Generator High
Vendor pom url http://www.antlr.org/ Highest
Product file name antlr High
Product pom description A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions. Low
Product pom artifactid antlr Highest
Product pom groupid antlr Low
Product pom url http://www.antlr.org/ Medium
Product pom name AntLR Parser Generator High
Product central artifactid antlr Highest
Version file version 2.7.7 Highest
Version central version 2.7.7 Highest
Version pom version 2.7.7 Highest
hibernate-core-4.2.21.Final.jar
Description: A module of the Hibernate O/RM project
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/ciagent/.m2/repository/org/hibernate/hibernate-core/4.2.21.Final/hibernate-core-4.2.21.Final.jar
MD5: 492567c1f36fb3a5968ca2d3c452edaf
SHA1: bb587d00287c13d9e4324bc76c13abbd493efa81
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-symbolicname org.hibernate.core Medium
Vendor pom organization name Hibernate.org High
Vendor pom description A module of the Hibernate O/RM project Medium
Vendor pom groupid org.hibernate Highest
Vendor pom name A Hibernate O/RM Module High
Vendor Manifest Implementation-Vendor Hibernate.org High
Vendor Manifest implementation-url http://hibernate.org Low
Vendor pom groupid hibernate Highest
Vendor pom url http://hibernate.org Highest
Vendor pom organization url http://hibernate.org Medium
Vendor manifest Bundle-Description Hibernate ORM Core Medium
Vendor pom artifactid hibernate-core Low
Vendor central groupid org.hibernate Highest
Vendor Manifest Implementation-Vendor-Id org.hibernate Medium
Vendor file name hibernate-core High
Product Manifest bundle-symbolicname org.hibernate.core Medium
Product pom description A module of the Hibernate O/RM project Medium
Product pom name A Hibernate O/RM Module High
Product pom artifactid hibernate-core Highest
Product pom organization name Hibernate.org Low
Product pom organization url http://hibernate.org Low
Product Manifest implementation-url http://hibernate.org Low
Product pom groupid hibernate Low
Product central artifactid hibernate-core Highest
Product manifest Bundle-Description Hibernate ORM Core Medium
Product Manifest Bundle-Name hibernate-core Medium
Product pom url http://hibernate.org Medium
Product file name hibernate-core High
Version file version 4.2.21 Highest
Version Manifest Implementation-Version 4.2.21.Final High
Version pom version 4.2.21.Final Highest
Version central version 4.2.21.Final Highest
jakarta-regexp-1.4.jar
File Path: /home/ciagent/.m2/repository/jakarta-regexp/jakarta-regexp/1.4/jakarta-regexp-1.4.jar
MD5: 5d8b8c601c21b37aa6142d38f45c0297
SHA1: 0ea514a179ac1dd7e81c7e6594468b9b9910d298
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor jar package name regexp Low
Vendor file name jakarta-regexp High
Vendor pom artifactid jakarta-regexp Low
Vendor central groupid jakarta-regexp Highest
Vendor jar package name apache Low
Vendor pom groupid jakarta-regexp Highest
Product jar package name regexp Low
Product file name jakarta-regexp High
Product pom artifactid jakarta-regexp Highest
Product pom groupid jakarta-regexp Low
Product central artifactid jakarta-regexp Highest
Version central version 1.4 Highest
Version file version 1.4 Highest
Version pom version 1.4 Highest
xpp3-1.1.6.jar
Description: XML Pull parser library developed by Extreme Computing Lab, Indiana University
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/ogce/xpp3/1.1.6/xpp3-1.1.6.jar
MD5: 626a429318310e92e3466151e050bdc5
SHA1: dc87e00ddb69341b46a3eb1c331c6fcebf6c8546
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor file name xpp3 High
Vendor jar package name v1 Low
Vendor pom url http://www.extreme.indiana.edu/xpp/ Highest
Vendor pom artifactid xpp3 Low
Vendor pom name XPP3 High
Vendor pom groupid ogce Highest
Vendor central groupid org.ogce Highest
Vendor jar package name xmlpull Low
Vendor jar package name builder Low
Vendor pom groupid org.ogce Highest
Vendor pom description XML Pull parser library developed by Extreme Computing Lab, Indiana University Medium
Product file name xpp3 High
Product pom artifactid xpp3 Highest
Product jar package name v1 Low
Product pom name XPP3 High
Product jar package name xpath Low
Product central artifactid xpp3 Highest
Product pom url http://www.extreme.indiana.edu/xpp/ Medium
Product pom groupid ogce Low
Product jar package name builder Low
Product pom description XML Pull parser library developed by Extreme Computing Lab, Indiana University Medium
Version file version 1.1.6 Highest
Version central version 1.1.6 Highest
Version pom version 1.1.6 Highest
exo.core.component.organization.api-6.0.x-SNAPSHOT.jar
Description: API of Organization Service of Exoplatform SAS 'eXo Core' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.organization.api/6.0.x-SNAPSHOT/exo.core.component.organization.api-6.0.x-SNAPSHOT.jar
MD5: a7eb0f78ea4e73e5c8560e0697866970
SHA1: b5c9fa30c3833c3e0769a7bcf761c5366805a732
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor file name exo.core.component.organization.api High
Vendor Manifest Implementation-Vendor-Id org.exoplatform.core Medium
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor pom parent-groupid org.exoplatform.core Medium
Vendor pom artifactid exo.core.component.organization.api Low
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom name eXo PLF Core :: Component :: Organization Service API High
Vendor pom groupid exoplatform.core Highest
Vendor pom groupid org.exoplatform.core Highest
Vendor pom description API of Organization Service of Exoplatform SAS 'eXo Core' project. Medium
Vendor pom parent-artifactid core-parent Low
Product file name exo.core.component.organization.api High
Product Manifest specification-title exo-core Medium
Product pom artifactid exo.core.component.organization.api Highest
Product pom parent-artifactid core-parent Medium
Product pom groupid exoplatform.core Low
Product pom name eXo PLF Core :: Component :: Organization Service API High
Product pom parent-groupid org.exoplatform.core Low
Product pom description API of Organization Service of Exoplatform SAS 'eXo Core' project. Medium
Product Manifest Implementation-Title eXo PLF Core :: Component :: Organization Service API High
Version file version 6.0 Highest
Version Manifest Implementation-Version 6.0.x-SNAPSHOT High
maven: org.exoplatform.core:exo.core.component.organization.api:6.0.x-SNAPSHOT
Confidence :High
cpe: cpe:/a:api-platform:core:6.0
Confidence :Low
suppress
mime-util-2.1.3.jar
Description: mime-util is a simple to use, small, light weight and fast open source java utility library that can detect
MIME types from files, input streams, URL's and byte arrays.
Due to the use of regular expressions and the java.nio packages it requires at least Java 1.4.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/eu/medsea/mimeutil/mime-util/2.1.3/mime-util-2.1.3.jar
MD5: 3d4f3e1a96eb79683197f1c8b182f4a6
SHA1: 0c9cfae15c74f62491d4f28def0dff1dabe52a47
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom organization url http://www.medsea.eu Medium
Vendor Manifest url http://www.medsea.eu/mime-util/ Low
Vendor pom name Mime Detection Utility High
Vendor manifest Bundle-Description mime-util is a simple to use, small, light weight and fast open source java utility library that can detect MIME types from files, input streams, URL's and byte arrays. Due to the use of regular expressions and the java.nio packages it requires at least Java 1.4. Low
Vendor pom artifactid mime-util Low
Vendor pom organization name Medsea Business Solutions S.L. High
Vendor pom description mime-util is a simple to use, small, light weight and fast open source java utility library that can detect MIME types from files, input streams, URL's and byte arrays. Due to the use of regular expressions and the java.nio packages it requires at least Java 1.4. Low
Vendor central groupid eu.medsea.mimeutil Highest
Vendor pom url http://www.medsea.eu/mime-util/ Highest
Vendor Manifest bundle-symbolicname eu.medsea.mimeutil.mime-util Medium
Vendor pom groupid eu.medsea.mimeutil Highest
Vendor Manifest bundle-docurl http://www.medsea.eu Low
Vendor file name mime-util High
Product Manifest url http://www.medsea.eu/mime-util/ Low
Product pom name Mime Detection Utility High
Product Manifest Bundle-Name Mime Detection Utility Medium
Product manifest Bundle-Description mime-util is a simple to use, small, light weight and fast open source java utility library that can detect MIME types from files, input streams, URL's and byte arrays. Due to the use of regular expressions and the java.nio packages it requires at least Java 1.4. Low
Product pom organization name Medsea Business Solutions S.L. Low
Product pom artifactid mime-util Highest
Product pom groupid eu.medsea.mimeutil Low
Product pom description mime-util is a simple to use, small, light weight and fast open source java utility library that can detect MIME types from files, input streams, URL's and byte arrays. Due to the use of regular expressions and the java.nio packages it requires at least Java 1.4. Low
Product central artifactid mime-util Highest
Product Manifest bundle-symbolicname eu.medsea.mimeutil.mime-util Medium
Product pom organization url http://www.medsea.eu Low
Product Manifest bundle-docurl http://www.medsea.eu Low
Product pom url http://www.medsea.eu/mime-util/ Medium
Product file name mime-util High
Version pom version 2.1.3 Highest
Version central version 2.1.3 Highest
Version file version 2.1.3 Highest
exo.kernel.commons-6.0.x-SNAPSHOT.jar
Description: Implementation of Commons Utils of Exoplatform SAS 'eXo Kernel' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.commons/6.0.x-SNAPSHOT/exo.kernel.commons-6.0.x-SNAPSHOT.jar
MD5: 5c3577b09853d32650dda0412414cb4f
SHA1: 54663dc1cf7b231bc574a3388a1f817875dec4e0
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom groupid org.exoplatform.kernel Highest
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor pom description Implementation of Commons Utils of Exoplatform SAS 'eXo Kernel' project. Medium
Vendor pom parent-groupid org.exoplatform.kernel Medium
Vendor file name exo.kernel.commons High
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom name eXo PLF:: Kernel :: Commons Utils High
Vendor pom artifactid exo.kernel.commons Low
Vendor pom parent-artifactid kernel-parent Low
Vendor Manifest Implementation-Vendor-Id org.exoplatform.kernel Medium
Vendor pom groupid exoplatform.kernel Highest
Product pom groupid exoplatform.kernel Low
Product pom parent-artifactid kernel-parent Medium
Product pom description Implementation of Commons Utils of Exoplatform SAS 'eXo Kernel' project. Medium
Product Manifest Implementation-Title eXo PLF:: Kernel :: Commons Utils High
Product pom artifactid exo.kernel.commons Highest
Product file name exo.kernel.commons High
Product Manifest specification-title exo-kernel Medium
Product pom name eXo PLF:: Kernel :: Commons Utils High
Product pom parent-groupid org.exoplatform.kernel Low
Version pom version 6.0.x-20191006.134932-7 Highest
Version pom version 6.0.x-SNAPSHOT Highest
Version file version 6.0 Highest
Version Manifest Implementation-Version 6.0.x-SNAPSHOT High
maven: org.exoplatform.kernel:exo.kernel.commons:6.0.x-SNAPSHOT
Confidence :High
mail-1.4.7.jar
Description: JavaMail API (compat)
License:
http://www.sun.com/cddl, https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /home/ciagent/.m2/repository/javax/mail/mail/1.4.7/mail-1.4.7.jar
MD5: 77f53ff0c78ba43c4812ecc9f53e20f8
SHA1: 9add058589d5d85adeb625859bf2c5eeaaedf12d
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor Oracle High
Vendor file name mail High
Vendor pom parent-artifactid all Low
Vendor central groupid org.zenframework.z8.dependencies.commons High
Vendor Manifest Implementation-Vendor-Id com.sun Medium
Vendor Manifest extension-name javax.mail Medium
Vendor central groupid javax.mail High
Vendor pom parent-groupid com.sun.mail Medium
Vendor Manifest specification-vendor Oracle Low
Vendor manifest Bundle-Description JavaMail API (compat) Medium
Vendor Manifest (hint) Implementation-Vendor sun High
Vendor Manifest bundle-symbolicname javax.mail Medium
Vendor Manifest bundle-docurl http://www.oracle.com Low
Vendor pom artifactid mail Low
Vendor Manifest (hint) specification-vendor sun Low
Vendor pom name JavaMail API (compat) High
Vendor Manifest probe-provider-xml-file-names META-INF/gfprobe-provider.xml Medium
Vendor Manifest originally-created-by 1.7.0_15 (Oracle Corporation) Low
Vendor pom groupid javax.mail Highest
Product Manifest Bundle-Name JavaMail API (compat) Medium
Product file name mail High
Product Manifest extension-name javax.mail Medium
Product pom groupid javax.mail Low
Product manifest Bundle-Description JavaMail API (compat) Medium
Product Manifest bundle-symbolicname javax.mail Medium
Product Manifest specification-title JavaMail(TM) API Design Specification Medium
Product Manifest Implementation-Title javax.mail High
Product Manifest bundle-docurl http://www.oracle.com Low
Product central artifactid mail High
Product pom parent-groupid com.sun.mail Low
Product pom artifactid mail Highest
Product pom name JavaMail API (compat) High
Product Manifest probe-provider-xml-file-names META-INF/gfprobe-provider.xml Medium
Product Manifest originally-created-by 1.7.0_15 (Oracle Corporation) Low
Product pom parent-artifactid all Medium
Product central artifactid mail-1.4.7 High
Version file version 1.4.7 Highest
Version Manifest Implementation-Version 1.4.7 High
jgroups-3.6.13.Final.jar
Description:
Reliable cluster communication toolkit
License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/ciagent/.m2/repository/org/jgroups/jgroups/3.6.13.Final/jgroups-3.6.13.Final.jar
MD5: d7a4d1065e9b09e3f48bfa88ab368a0c
SHA1: 1315a8a1aed98dcafc11a850957ced42dc26bf18
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor file name jgroups High
Vendor pom organization url http://www.jboss.org Medium
Vendor pom name JGroups High
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low
Vendor pom organization name JBoss, a division of Red Hat High
Vendor pom groupid org.jgroups Highest
Vendor Manifest bundle-docurl http://www.jboss.org Low
Vendor pom description
Reliable cluster communication toolkit
Medium
Vendor Manifest bundle-symbolicname org.jgroups Medium
Vendor pom artifactid jgroups Low
Vendor manifest Bundle-Description Ant/ivy based build.xml file for JGroups. Needs ant to run Medium
Vendor pom groupid jgroups Highest
Vendor pom url http://www.jgroups.org Highest
Vendor central groupid org.jgroups Highest
Product file name jgroups High
Product pom organization url http://www.jboss.org Low
Product pom name JGroups High
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low
Product pom organization name JBoss, a division of Red Hat Low
Product Manifest Bundle-Name JGroups Medium
Product Manifest bundle-docurl http://www.jboss.org Low
Product pom description
Reliable cluster communication toolkit
Medium
Product Manifest bundle-symbolicname org.jgroups Medium
Product central artifactid jgroups Highest
Product manifest Bundle-Description Ant/ivy based build.xml file for JGroups. Needs ant to run Medium
Product pom url http://www.jgroups.org Medium
Product pom artifactid jgroups Highest
Product pom groupid jgroups Low
Version central version 3.6.13.Final Highest
Version file version 3.6.13 Highest
Version Manifest Implementation-Version 3.6.13.Final High
Version pom version 3.6.13.Final Highest
commons-dbcp-1.4.jar
Description: Commons Database Connection Pooling
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-dbcp/commons-dbcp/1.4/commons-dbcp-1.4.jar
MD5: b004158fab904f37f5831860898b3cd9
SHA1: 30be73c965cc990b153a100aaaaafcf239f82d39
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor Manifest bundle-docurl http://commons.apache.org/dbcp/ Low
Vendor pom description Commons Database Connection Pooling Medium
Vendor Manifest bundle-symbolicname org.apache.commons.dbcp Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor file name commons-dbcp High
Vendor pom parent-artifactid commons-parent Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor manifest Bundle-Description Commons Database Connection Pooling Medium
Vendor pom groupid commons-dbcp Highest
Vendor pom name Commons DBCP High
Vendor pom parent-groupid org.apache.commons Medium
Vendor pom artifactid commons-dbcp Low
Vendor central groupid commons-dbcp Highest
Vendor pom url http://commons.apache.org/dbcp/ Highest
Product Manifest bundle-docurl http://commons.apache.org/dbcp/ Low
Product pom description Commons Database Connection Pooling Medium
Product pom url http://commons.apache.org/dbcp/ Medium
Product central artifactid commons-dbcp Highest
Product Manifest Bundle-Name Commons DBCP Medium
Product Manifest bundle-symbolicname org.apache.commons.dbcp Medium
Product Manifest Implementation-Title Commons DBCP High
Product file name commons-dbcp High
Product manifest Bundle-Description Commons Database Connection Pooling Medium
Product pom name Commons DBCP High
Product pom groupid commons-dbcp Low
Product pom parent-groupid org.apache.commons Low
Product pom parent-artifactid commons-parent Medium
Product pom artifactid commons-dbcp Highest
Product Manifest specification-title Commons DBCP Medium
Version central version 1.4 Highest
Version file version 1.4 Highest
Version pom version 1.4 Highest
Version Manifest Implementation-Version 1.4 High
commons-pool-1.6.jar
Description: Commons Object Pooling Library
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-pool/commons-pool/1.6/commons-pool-1.6.jar
MD5: 5ca02245c829422176d23fa530e919cc
SHA1: 4572d589699f09d866a226a14b7f4323c6d8f040
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom description Commons Object Pooling Library Medium
Vendor pom url http://commons.apache.org/pool/ Highest
Vendor pom name Commons Pool High
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid commons-pool Highest
Vendor pom parent-artifactid commons-parent Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom artifactid commons-pool Low
Vendor Manifest bundle-symbolicname org.apache.commons.pool Medium
Vendor manifest Bundle-Description Commons Object Pooling Library Medium
Vendor pom parent-groupid org.apache.commons Medium
Vendor pom groupid commons-pool Highest
Vendor file name commons-pool High
Vendor Manifest implementation-build UNKNOWN_BRANCH@r??????; 2012-01-04 10:31:47-0500 Low
Vendor Manifest bundle-docurl http://commons.apache.org/pool/ Low
Product Manifest Implementation-Title Commons Pool High
Product pom description Commons Object Pooling Library Medium
Product Manifest Bundle-Name Commons Pool Medium
Product pom name Commons Pool High
Product central artifactid commons-pool Highest
Product Manifest specification-title Commons Pool Medium
Product pom groupid commons-pool Low
Product pom artifactid commons-pool Highest
Product Manifest bundle-symbolicname org.apache.commons.pool Medium
Product manifest Bundle-Description Commons Object Pooling Library Medium
Product pom parent-groupid org.apache.commons Low
Product pom url http://commons.apache.org/pool/ Medium
Product pom parent-artifactid commons-parent Medium
Product file name commons-pool High
Product Manifest implementation-build UNKNOWN_BRANCH@r??????; 2012-01-04 10:31:47-0500 Low
Product Manifest bundle-docurl http://commons.apache.org/pool/ Low
Version Manifest Implementation-Version 1.6 High
Version pom version 1.6 Highest
Version file version 1.6 Highest
Version central version 1.6 Highest
exo.kernel.component.common-6.0.x-SNAPSHOT.jar
Description: Implementation of Common Service of Exoplatform SAS 'eXo Kernel' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.component.common/6.0.x-SNAPSHOT/exo.kernel.component.common-6.0.x-SNAPSHOT.jar
MD5: 7d56b2a5181e482b340b4f0e9ee5e017
SHA1: bb1382baadbd0dd13685e7cc493f37dcf551896d
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom groupid org.exoplatform.kernel Highest
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor pom parent-groupid org.exoplatform.kernel Medium
Vendor pom name eXo PLF:: Kernel :: Component :: Common Service High
Vendor pom description Implementation of Common Service of Exoplatform SAS 'eXo Kernel' project. Medium
Vendor file name exo.kernel.component.common High
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom parent-artifactid kernel-parent Low
Vendor pom artifactid exo.kernel.component.common Low
Vendor Manifest Implementation-Vendor-Id org.exoplatform.kernel Medium
Vendor pom groupid exoplatform.kernel Highest
Product pom groupid exoplatform.kernel Low
Product pom parent-artifactid kernel-parent Medium
Product pom name eXo PLF:: Kernel :: Component :: Common Service High
Product pom artifactid exo.kernel.component.common Highest
Product pom description Implementation of Common Service of Exoplatform SAS 'eXo Kernel' project. Medium
Product file name exo.kernel.component.common High
Product Manifest specification-title exo-kernel Medium
Product Manifest Implementation-Title eXo PLF:: Kernel :: Component :: Common Service High
Product pom parent-groupid org.exoplatform.kernel Low
Version file version 6.0 Highest
Version Manifest Implementation-Version 6.0.x-SNAPSHOT High
maven: org.exoplatform.kernel:exo.kernel.component.common:6.0.x-SNAPSHOT
Confidence :High
javax.servlet-api-3.0.1.jar
Description: Java.net - The Source for Java Technology Collaboration
License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /home/ciagent/.m2/repository/javax/servlet/javax.servlet-api/3.0.1/javax.servlet-api-3.0.1.jar
MD5: 3ef236ac4c24850cd54abff60be25f35
SHA1: 6bf0ebb7efd993e222fc1112377b5e92a13b38dd
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor GlassFish Community High
Vendor manifest Bundle-Description Java.net - The Source for Java Technology Collaboration Medium
Vendor pom parent-groupid net.java Medium
Vendor pom organization name GlassFish Community High
Vendor pom artifactid javax.servlet-api Low
Vendor pom url http://servlet-spec.java.net Highest
Vendor Manifest Implementation-Vendor-Id org.glassfish Medium
Vendor Manifest bundle-symbolicname javax.servlet-api Medium
Vendor Manifest specification-vendor Oracle Low
Vendor pom organization url https://glassfish.dev.java.net Medium
Vendor pom groupid javax.servlet Highest
Vendor central groupid javax.servlet Highest
Vendor Manifest (hint) specification-vendor sun Low
Vendor Manifest extension-name javax.servlet Medium
Vendor pom name Java Servlet API High
Vendor Manifest bundle-docurl https://glassfish.dev.java.net Low
Vendor file name javax.servlet-api High
Vendor pom parent-artifactid jvnet-parent Low
Product Manifest Bundle-Name Java Servlet API Medium
Product manifest Bundle-Description Java.net - The Source for Java Technology Collaboration Medium
Product Manifest specification-title Java(TM) Servlet API Design Specification Medium
Product pom artifactid javax.servlet-api Highest
Product Manifest bundle-symbolicname javax.servlet-api Medium
Product pom groupid javax.servlet Low
Product central artifactid javax.servlet-api Highest
Product pom organization name GlassFish Community Low
Product pom url http://servlet-spec.java.net Medium
Product Manifest extension-name javax.servlet Medium
Product pom parent-artifactid jvnet-parent Medium
Product pom name Java Servlet API High
Product pom organization url https://glassfish.dev.java.net Low
Product pom parent-groupid net.java Low
Product Manifest bundle-docurl https://glassfish.dev.java.net Low
Product file name javax.servlet-api High
Version central version 3.0.1 Highest
Version file version 3.0.1 Highest
Version pom version 3.0.1 Highest
Version Manifest Implementation-Version 3.0.1 High
commons-beanutils-1.8.3.jar
Description: BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-beanutils/commons-beanutils/1.8.3/commons-beanutils-1.8.3.jar
MD5: b45be74134796c89db7126083129532f
SHA1: 686ef3410bcf4ab8ce7fd0b899e832aaba5facf7
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor Manifest bundle-docurl http://commons.apache.org/beanutils/ Low
Vendor pom name Commons BeanUtils High
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest bundle-symbolicname org.apache.commons.beanutils Medium
Vendor central groupid commons-beanutils Highest
Vendor pom parent-artifactid commons-parent Low
Vendor pom description BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. Medium
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom parent-groupid org.apache.commons Medium
Vendor pom groupid commons-beanutils Highest
Vendor pom artifactid commons-beanutils Low
Vendor file name commons-beanutils High
Vendor pom url http://commons.apache.org/beanutils/ Highest
Vendor manifest Bundle-Description BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. Medium
Product Manifest Implementation-Title Commons BeanUtils High
Product Manifest bundle-docurl http://commons.apache.org/beanutils/ Low
Product pom url http://commons.apache.org/beanutils/ Medium
Product central artifactid commons-beanutils Highest
Product Manifest Bundle-Name Commons BeanUtils Medium
Product pom name Commons BeanUtils High
Product pom artifactid commons-beanutils Highest
Product Manifest specification-title Commons BeanUtils Medium
Product pom groupid commons-beanutils Low
Product Manifest bundle-symbolicname org.apache.commons.beanutils Medium
Product pom description BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. Medium
Product pom parent-groupid org.apache.commons Low
Product pom parent-artifactid commons-parent Medium
Product file name commons-beanutils High
Product manifest Bundle-Description BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. Medium
Version central version 1.8.3 Highest
Version file version 1.8.3 Highest
Version Manifest Implementation-Version 1.8.3 High
Version pom version 1.8.3 Highest
Published Vulnerabilities
CVE-2014-0114 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
Vulnerable Software & Versions: (show all )
CVE-2019-10086 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
Vulnerable Software & Versions:
wci-wci-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/wci/wci-wci/6.0.x-SNAPSHOT/wci-wci-6.0.x-SNAPSHOT.jar
MD5: 07e6bc22ee34629793d7f236bc178790
SHA1: ba1b3c6ef37118a93dd9c81a92029cc0c9aea0a9
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor pom name GateIn - Web Container Integration component (wci) High
Vendor file name wci-wci High
Vendor Manifest specification-vendor JBoss by Red Hat Low
Vendor pom groupid org.exoplatform.gatein.wci Highest
Vendor Manifest implementation-url www.gatein.org/wci-parent/wci-wci/ Low
Vendor Manifest Implementation-Vendor JBoss by Red Hat High
Vendor pom parent-artifactid wci-parent Low
Vendor Manifest build-timestamp Sun, 6 Oct 2019 12:45:07 +0000 Low
Vendor Manifest os-name Linux Medium
Vendor pom parent-groupid org.exoplatform.gatein.wci Medium
Vendor pom artifactid wci-wci Low
Vendor pom groupid exoplatform.gatein.wci Highest
Vendor Manifest Implementation-Vendor-Id org.exoplatform.gatein.wci Medium
Product Manifest specification-title GateIn - Web Container Integration component (wci) Medium
Product Manifest build-timestamp Sun, 6 Oct 2019 12:45:07 +0000 Low
Product Manifest os-name Linux Medium
Product pom name GateIn - Web Container Integration component (wci) High
Product pom artifactid wci-wci Highest
Product file name wci-wci High
Product pom groupid exoplatform.gatein.wci Low
Product pom parent-artifactid wci-parent Medium
Product Manifest Implementation-Title GateIn - Web Container Integration component (wci) High
Product Manifest implementation-url www.gatein.org/wci-parent/wci-wci/ Low
Product pom parent-groupid org.exoplatform.gatein.wci Low
Version pom version 6.0.x-20191006.124516-5 Highest
Version pom version 6.0.x-SNAPSHOT Highest
Version file version 6.0 Highest
Version Manifest Implementation-Version 6.0.x-SNAPSHOT High
maven: org.exoplatform.gatein.wci:wci-wci:6.0.x-SNAPSHOT
Confidence :High
jibx-run-1.2.6.jar
Description: JiBX runtime code
License:
http://jibx.sourceforge.net/jibx-license.html
File Path: /home/ciagent/.m2/repository/org/jibx/jibx-run/1.2.6/jibx-run-1.2.6.jar
MD5: 4ef53e4279c8440aff2d16c0af024231
SHA1: 544f3ac7887d7eed20ca0420ee1963df6c7ecebb
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-docurl http://www.jibx.org Low
Vendor pom parent-artifactid main-reactor Low
Vendor manifest Bundle-Description JiBX runtime code Medium
Vendor pom groupid org.jibx Highest
Vendor pom artifactid jibx-run Low
Vendor Manifest bundle-symbolicname jibx-run Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Vendor pom parent-groupid org.jibx.config Medium
Vendor central groupid org.jibx Highest
Vendor pom groupid jibx Highest
Vendor pom name jibx-run - JiBX runtime High
Vendor pom description JiBX runtime code Medium
Vendor file name jibx-run High
Product Manifest bundle-docurl http://www.jibx.org Low
Product central artifactid jibx-run Highest
Product manifest Bundle-Description JiBX runtime code Medium
Product pom parent-artifactid main-reactor Medium
Product pom artifactid jibx-run Highest
Product Manifest bundle-symbolicname jibx-run Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Product pom groupid jibx Low
Product pom name jibx-run - JiBX runtime High
Product pom description JiBX runtime code Medium
Product file name jibx-run High
Product Manifest Bundle-Name jibx-run - JiBX runtime Medium
Product pom parent-groupid org.jibx.config Low
Version file version 1.2.6 Highest
Version central version 1.2.6 Highest
Version pom version 1.2.6 Highest
javax.inject-1.jar
Description: The javax.inject API
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor file name javax.inject-1 High
Vendor pom url http://code.google.com/p/atinject/ Highest
Vendor jar package name inject Low
Vendor central groupid javax.inject Highest
Vendor pom groupid javax.inject Highest
Vendor pom name javax.inject High
Vendor pom artifactid javax.inject Low
Vendor jar package name javax Low
Vendor pom description The javax.inject API Medium
Product file name javax.inject-1 High
Product pom groupid javax.inject Low
Product pom artifactid javax.inject Highest
Product pom url http://code.google.com/p/atinject/ Medium
Product jar package name inject Low
Product pom name javax.inject High
Product central artifactid javax.inject Highest
Product pom description The javax.inject API Medium
Version file version 1 Medium
Version central version 1 Highest
Version pom version 1 Highest
cdi-api-1.0-SP4.jar
Description: APIs for JSR-299: Contexts and Dependency Injection for Java EE
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/ciagent/.m2/repository/javax/enterprise/cdi-api/1.0-SP4/cdi-api-1.0-SP4.jar
MD5: 6c1e2b4036d64b6ba1a1136a00c7cdaa
SHA1: 6e38490033eb8b36c4cf1f7605163424a574dcf0
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom artifactid cdi-api Low
Vendor pom name CDI APIs High
Vendor pom groupid javax.enterprise Highest
Vendor Manifest Implementation-Vendor Seam Framework High
Vendor pom organization name Seam Framework High
Vendor file name cdi-api High
Vendor Manifest specification-vendor Seam Framework Low
Vendor pom description APIs for JSR-299: Contexts and Dependency Injection for Java EE Medium
Vendor pom parent-artifactid weld-parent Low
Vendor pom url http://www.seamframework.org/Weld Highest
Vendor pom parent-groupid org.jboss.weld Medium
Vendor pom organization url http://seamframework.org Medium
Vendor central groupid javax.enterprise Highest
Vendor Manifest implementation-url http://www.seamframework.org/Weld Low
Product pom parent-groupid org.jboss.weld Low
Product pom artifactid cdi-api Highest
Product pom organization url http://seamframework.org Low
Product central artifactid cdi-api Highest
Product Manifest specification-title CDI APIs Medium
Product pom url http://www.seamframework.org/Weld Medium
Product pom name CDI APIs High
Product pom organization name Seam Framework Low
Product pom parent-artifactid weld-parent Medium
Product Manifest Implementation-Title CDI APIs High
Product file name cdi-api High
Product pom description APIs for JSR-299: Contexts and Dependency Injection for Java EE Medium
Product pom groupid javax.enterprise Low
Product Manifest implementation-url http://www.seamframework.org/Weld Low
Version pom version 1.0-SP4 Highest
Version file version 1.0.sp4 Highest
Version central version 1.0-SP4 Highest
exo.kernel.container-6.0.x-SNAPSHOT.jar
Description: Implementation of Container for Exoplatform SAS 'eXo Kernel' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.container/6.0.x-SNAPSHOT/exo.kernel.container-6.0.x-SNAPSHOT.jar
MD5: 5ccfd8aac148ce1e486a3b2e11e44a0c
SHA1: 6c40e6b14e5a8acc22c1626be5b236bd61359eb2
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom name eXo PLF:: Kernel :: Container High
Vendor pom groupid org.exoplatform.kernel Highest
Vendor file name exo.kernel.container High
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor pom parent-groupid org.exoplatform.kernel Medium
Vendor pom description Implementation of Container for Exoplatform SAS 'eXo Kernel' project. Medium
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom parent-artifactid kernel-parent Low
Vendor pom artifactid exo.kernel.container Low
Vendor Manifest Implementation-Vendor-Id org.exoplatform.kernel Medium
Vendor pom groupid exoplatform.kernel Highest
Product pom groupid exoplatform.kernel Low
Product pom name eXo PLF:: Kernel :: Container High
Product file name exo.kernel.container High
Product pom parent-artifactid kernel-parent Medium
Product pom description Implementation of Container for Exoplatform SAS 'eXo Kernel' project. Medium
Product pom artifactid exo.kernel.container Highest
Product Manifest Implementation-Title eXo PLF:: Kernel :: Container High
Product Manifest specification-title exo-kernel Medium
Product pom parent-groupid org.exoplatform.kernel Low
Version pom version 6.0.x-20191006.135022-6 Highest
Version pom version 6.0.x-SNAPSHOT Highest
Version file version 6.0 Highest
Version Manifest Implementation-Version 6.0.x-SNAPSHOT High
maven: org.exoplatform.kernel:exo.kernel.container:6.0.x-SNAPSHOT
Confidence :High
commons-fileupload-1.3.3.jar
Description:
The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-fileupload/commons-fileupload/1.3.3/commons-fileupload-1.3.3.jar
MD5: dd77e787b7b5dc56f6a1cb658716d55d
SHA1: 04ff14d809195b711fd6bcc87e6777f886730ca1
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor central groupid commons-fileupload Highest
Vendor manifest Bundle-Description The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Low
Vendor pom name Apache Commons FileUpload High
Vendor Manifest implementation-build UNKNOWN@r18734e9f77a267ebc82ff2ffce6d96e82a34260f; 2017-06-09 22:59:50+0000 Low
Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-fileupload/ Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom groupid commons-fileupload Highest
Vendor Manifest bundle-symbolicname org.apache.commons.fileupload Medium
Vendor pom parent-artifactid commons-parent Low
Vendor file name commons-fileupload High
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Vendor Manifest implementation-url http://commons.apache.org/proper/commons-fileupload/ Low
Vendor pom parent-groupid org.apache.commons Medium
Vendor pom description The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Low
Vendor pom url http://commons.apache.org/proper/commons-fileupload/ Highest
Vendor pom artifactid commons-fileupload Low
Product pom artifactid commons-fileupload Highest
Product Manifest specification-title Apache Commons FileUpload Medium
Product manifest Bundle-Description The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Low
Product pom name Apache Commons FileUpload High
Product Manifest implementation-build UNKNOWN@r18734e9f77a267ebc82ff2ffce6d96e82a34260f; 2017-06-09 22:59:50+0000 Low
Product Manifest bundle-docurl http://commons.apache.org/proper/commons-fileupload/ Low
Product Manifest Implementation-Title Apache Commons FileUpload High
Product Manifest bundle-symbolicname org.apache.commons.fileupload Medium
Product file name commons-fileupload High
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Product Manifest implementation-url http://commons.apache.org/proper/commons-fileupload/ Low
Product pom description The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Low
Product pom groupid commons-fileupload Low
Product pom parent-groupid org.apache.commons Low
Product pom parent-artifactid commons-parent Medium
Product pom url http://commons.apache.org/proper/commons-fileupload/ Medium
Product central artifactid commons-fileupload Highest
Product Manifest Bundle-Name Apache Commons FileUpload Medium
Version Manifest Implementation-Version 1.3.3 High
Version central version 1.3.3 Highest
Version file version 1.3.3 Highest
Version pom version 1.3.3 Highest
exo.ws.rest.core-6.0.x-SNAPSHOT.jar
Description: Implementation of REST Core for Exoplatform SAS 'Web Services' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/ws/exo.ws.rest.core/6.0.x-SNAPSHOT/exo.ws.rest.core-6.0.x-SNAPSHOT.jar
MD5: 2e5bcea622faca44fa175918d5cc256b
SHA1: 486f797c093590f2fc415145bfddaa43fd5db6bf
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor Manifest Implementation-Vendor-Id org.exoplatform.ws Medium
Vendor pom parent-groupid org.exoplatform.ws Medium
Vendor pom artifactid exo.ws.rest.core Low
Vendor pom groupid exoplatform.ws Highest
Vendor pom name eXo PLF:: WS :: REST :: Core High
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom parent-artifactid ws-parent Low
Vendor pom groupid org.exoplatform.ws Highest
Vendor file name exo.ws.rest.core High
Vendor pom description Implementation of REST Core for Exoplatform SAS 'Web Services' project. Medium
Product pom groupid exoplatform.ws Low
Product pom parent-artifactid ws-parent Medium
Product Manifest specification-title exo-ws Medium
Product pom name eXo PLF:: WS :: REST :: Core High
Product pom artifactid exo.ws.rest.core Highest
Product file name exo.ws.rest.core High
Product Manifest Implementation-Title eXo PLF:: WS :: REST :: Core High
Product pom parent-groupid org.exoplatform.ws Low
Product pom description Implementation of REST Core for Exoplatform SAS 'Web Services' project. Medium
Version pom version 6.0.x-20191006.150752-8 Highest
Version pom version 6.0.x-SNAPSHOT Highest
Version file version 6.0 Highest
Version Manifest Implementation-Version 6.0.x-SNAPSHOT High
Related Dependencies
exo.ws.frameworks.json-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/ws/exo.ws.frameworks.json/6.0.x-SNAPSHOT/exo.ws.frameworks.json-6.0.x-SNAPSHOT.jar
SHA1: f913e841d6cfe481e1c84a6e06bf6123c3b1340d
MD5: 346a577c1e9d5c14a5f9f1519dbf6aa1
exo.ws.commons-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/ws/exo.ws.commons/6.0.x-SNAPSHOT/exo.ws.commons-6.0.x-SNAPSHOT.jar
SHA1: abc7cac84f235b75f1df0aeaca136259aa27b099
MD5: a452c3d0a0e39fafbc3fde51e49f16fa
cpe: cpe:/a:ws_project:ws:6.0.20191006
Confidence :Low
suppress
maven: org.exoplatform.ws:exo.ws.rest.core:6.0.x-SNAPSHOT
Confidence :High
exo.portal.webui.core-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.webui.core/6.0.x-SNAPSHOT/exo.portal.webui.core-6.0.x-SNAPSHOT.jar
MD5: 255f0ceeb865a007cc375c626ec2b6f8
SHA1: 23fea0b1174fcc20a230cf872216ea16e3834e68
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor pom name GateIn Portal WebUI Core High
Vendor Manifest specification-vendor JBoss by Red Hat Low
Vendor pom parent-groupid org.exoplatform.gatein.portal Medium
Vendor pom parent-artifactid exo.portal.webui Low
Vendor pom artifactid exo.portal.webui.core Low
Vendor Manifest Implementation-Vendor JBoss by Red Hat High
Vendor Manifest implementation-url www.gatein.org/exo.portal.parent/exo.portal.webui/exo.portal.webui.core/ Low
Vendor pom groupid org.exoplatform.gatein.portal Highest
Vendor Manifest Implementation-Vendor-Id org.exoplatform.gatein.portal Medium
Vendor Manifest os-name Linux Medium
Vendor file name exo.portal.webui.core High
Vendor Manifest build-timestamp Sun, 6 Oct 2019 16:52:28 +0000 Low
Vendor pom groupid exoplatform.gatein.portal Highest
Product pom parent-groupid org.exoplatform.gatein.portal Low
Product pom parent-artifactid exo.portal.webui Medium
Product Manifest Implementation-Title GateIn Portal WebUI Core High
Product Manifest implementation-url www.gatein.org/exo.portal.parent/exo.portal.webui/exo.portal.webui.core/ Low
Product pom artifactid exo.portal.webui.core Highest
Product Manifest os-name Linux Medium
Product file name exo.portal.webui.core High
Product Manifest specification-title GateIn Portal WebUI Core Medium
Product Manifest build-timestamp Sun, 6 Oct 2019 16:52:28 +0000 Low
Product pom name GateIn Portal WebUI Core High
Product pom groupid exoplatform.gatein.portal Low
Version pom version 6.0.x-20191006.171955-10 Highest
Version pom version 6.0.x-SNAPSHOT Highest
Version file version 6.0 Highest
Version Manifest Implementation-Version 6.0.x-SNAPSHOT High
Related Dependencies
exo.portal.component.api-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.api/6.0.x-SNAPSHOT/exo.portal.component.api-6.0.x-SNAPSHOT.jar
SHA1: a2ac552286a4c070ec6d5a61a7e057e695647244
MD5: 73c00f8211a1437ff1732aef29db0a2d
exo.portal.component.application-registry-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.application-registry/6.0.x-SNAPSHOT/exo.portal.component.application-registry-6.0.x-SNAPSHOT.jar
SHA1: 6f10f78024575fffec1e18a473abdf89c8a522d3
MD5: caaf87f813cff3555d5c62bca8d3cb4a
exo.portal.component.web.server-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.web.server/6.0.x-SNAPSHOT/exo.portal.component.web.server-6.0.x-SNAPSHOT.jar
SHA1: 651980cfed67a0ee1aab125bc719423b0be21830
MD5: fdf7cb765110d5798747f5eeff5c4475
exo.portal.component.resources-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.resources/6.0.x-SNAPSHOT/exo.portal.component.resources-6.0.x-SNAPSHOT.jar
SHA1: f0ac06a7d27d2dddfac87997a5bfd77926dff436
MD5: 7de8a398ed7482c3ebd43bfaec806bfc
exo.portal.webui.eXo-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.webui.eXo/6.0.x-SNAPSHOT/exo.portal.webui.eXo-6.0.x-SNAPSHOT.jar
SHA1: 1c73e0ce1d0c714f899d1ac673cdf47aa403b65d
MD5: 18a3afd61e22eb938ccd289ae5f6845f
exo.portal.component.web.oauth-common-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.web.oauth-common/6.0.x-SNAPSHOT/exo.portal.component.web.oauth-common-6.0.x-SNAPSHOT.jar
SHA1: c3a29c37e68a7106748c3b6588db6951d9de3585
MD5: b3970deebcb2eafd65d993b6758198ab
exo.portal.component.web.controller-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.web.controller/6.0.x-SNAPSHOT/exo.portal.component.web.controller-6.0.x-SNAPSHOT.jar
SHA1: a2f2c8fd8e9e3df0e2aa32a400031e995d3a2991
MD5: 5408d3ab2dfc0dddaf0ee801139400ec
exo.portal.component.scripting-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.scripting/6.0.x-SNAPSHOT/exo.portal.component.scripting-6.0.x-SNAPSHOT.jar
SHA1: a5d568063b31f42715b64338abe5bbbd3cfa97f3
MD5: f7f3444b6fa1553aedbb8f391432e3d4
exo.portal.component.portal-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.portal/6.0.x-SNAPSHOT/exo.portal.component.portal-6.0.x-SNAPSHOT.jar
SHA1: 003cb67f4a82ab3b1f506a3a1b99c3081986539e
MD5: 95eb494ad9773e09909949c470d75882
exo.portal.component.common-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.common/6.0.x-SNAPSHOT/exo.portal.component.common-6.0.x-SNAPSHOT.jar
SHA1: dc58b8500db66cca45ab9f5e9ec81e51261502d8
MD5: 02be2d3735823871b20ad5a4389db951
exo.portal.component.web.resources-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.web.resources/6.0.x-SNAPSHOT/exo.portal.component.web.resources-6.0.x-SNAPSHOT.jar
SHA1: fbbd6630c6dd380471ec80f3ab4b440f7f62261f
MD5: 60e20da06e73e03634bb5393a68ab724
exo.portal.webui.framework-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.webui.framework/6.0.x-SNAPSHOT/exo.portal.webui.framework-6.0.x-SNAPSHOT.jar
SHA1: 40d2eee7b61bfb7c38724d3acd08da7cf8e85385
MD5: 20107fad648db5256753609f7f691dbe
exo.portal.component.pc-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.pc/6.0.x-SNAPSHOT/exo.portal.component.pc-6.0.x-SNAPSHOT.jar
SHA1: 551b578ef674d8e4da3084d7b1bf7017e37c7f02
MD5: 9e7b9267949c93a84596aaa67aab6a17
cpe: cpe:/a:in-portal:in-portal:6.0.20191006
Confidence :Low
suppress
maven: org.exoplatform.gatein.portal:exo.portal.webui.core:6.0.x-SNAPSHOT
Confidence :High
log4j-1.2.17.jar
Description: Apache Log4j 1.2
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/log4j/log4j/1.2.17/log4j-1.2.17.jar
MD5: 04a41f0a068986f0f73485cf507c0f40
SHA1: 5af35056b4d257e4b64b9e8069c0746e8b08629f
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom groupid log4j Highest
Vendor pom organization name Apache Software Foundation High
Vendor central groupid log4j High
Vendor central groupid org.zenframework.z8.dependencies.commons High
Vendor pom artifactid log4j Low
Vendor pom description Apache Log4j 1.2 Medium
Vendor pom url http://logging.apache.org/log4j/1.2/ Highest
Vendor Manifest bundle-symbolicname log4j Medium
Vendor Manifest bundle-docurl http://logging.apache.org/log4j/1.2 Low
Vendor pom organization url http://www.apache.org Medium
Vendor file name log4j High
Vendor manifest Bundle-Description Apache Log4j 1.2 Medium
Vendor manifest: org.apache.log4j Implementation-Vendor "Apache Software Foundation" Medium
Vendor pom name Apache Log4j High
Product Manifest Bundle-Name Apache Log4j Medium
Product pom url http://logging.apache.org/log4j/1.2/ Medium
Product central artifactid log4j-1.2.17 High
Product pom description Apache Log4j 1.2 Medium
Product Manifest bundle-symbolicname log4j Medium
Product pom organization url http://www.apache.org Low
Product Manifest bundle-docurl http://logging.apache.org/log4j/1.2 Low
Product pom artifactid log4j Highest
Product pom groupid log4j Low
Product manifest: org.apache.log4j Implementation-Title log4j Medium
Product central artifactid log4j High
Product file name log4j High
Product manifest Bundle-Description Apache Log4j 1.2 Medium
Product pom organization name Apache Software Foundation Low
Product pom name Apache Log4j High
Version central version 1.2.17 High
Version central version 2.0 High
Version pom version 1.2.17 Highest
Version file version 1.2.17 Highest
Published Vulnerabilities
CVE-2017-5645 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
Vulnerable Software & Versions: (show all )
twitter4j-core-3.0.5.jar
Description: A Java library for the Twitter API
License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/ciagent/.m2/repository/org/twitter4j/twitter4j-core/3.0.5/twitter4j-core-3.0.5.jar
MD5: e6c8d2b10c621b2bbd7809bad9cedca3
SHA1: c38ad47bc8ba5991886ce2c0e0acd76d0fdd6e6d
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom groupid twitter4j Highest
Vendor pom url http://twitter4j.org/ Highest
Vendor pom groupid org.twitter4j Highest
Vendor Manifest Implementation-Vendor-Id org.twitter4j Medium
Vendor pom description A Java library for the Twitter API Medium
Vendor pom name twitter4j-core High
Vendor pom artifactid twitter4j-core Low
Vendor file name twitter4j-core High
Vendor central groupid org.twitter4j Highest
Product pom url http://twitter4j.org/ Medium
Product Manifest specification-title twitter4j-core Medium
Product central artifactid twitter4j-core Highest
Product pom groupid twitter4j Low
Product pom description A Java library for the Twitter API Medium
Product pom name twitter4j-core High
Product pom artifactid twitter4j-core Highest
Product file name twitter4j-core High
Product Manifest Implementation-Title twitter4j-core High
Version central version 3.0.5 Highest
Version file version 3.0.5 Highest
Version pom version 3.0.5 Highest
Version Manifest Implementation-Version 3.0.5 High
cpe: cpe:/a:twitter_project:twitter:3.0.5
Confidence :Low
suppress
maven: org.twitter4j:twitter4j-core:3.0.5 ✓
Confidence :Highest
cpe: cpe:/a:twitter:twitter:3.0.5
Confidence :Low
suppress
scribe-1.3.5.jar
Description: The best OAuth library out there
License:
MIT: http://github.com/fernandezpablo85/scribe-java/blob/master/LICENSE.txt
File Path: /home/ciagent/.m2/repository/org/scribe/scribe/1.3.5/scribe-1.3.5.jar
MD5: 0abb910da19741cd84aabf5520385bc2
SHA1: a3b3deded9d241d9f2c8aa9c9bcd90ad29e2581e
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom url http://github.com/fernandezpablo85/scribe-java Highest
Vendor file name scribe High
Vendor jar package name api Low
Vendor pom groupid org.scribe Highest
Vendor pom name Scribe OAuth Library High
Vendor jar package name scribe Low
Vendor pom description The best OAuth library out there Medium
Vendor jar package name builder Low
Vendor central groupid org.scribe Highest
Vendor pom artifactid scribe Low
Vendor pom groupid scribe Highest
Product file name scribe High
Product jar package name api Low
Product pom name Scribe OAuth Library High
Product pom groupid scribe Low
Product pom artifactid scribe Highest
Product pom description The best OAuth library out there Medium
Product pom url http://github.com/fernandezpablo85/scribe-java Medium
Product jar package name builder Low
Product central artifactid scribe Highest
Version file version 1.3.5 Highest
Version pom version 1.3.5 Highest
Version central version 1.3.5 Highest
google-http-client-1.14.1-beta.jar
Description:
Google HTTP Client Library for Java. Functionality that works on all supported Java platforms,
including Java 5 (or higher) desktop (SE) and web (EE), Android, and Google App Engine.
File Path: /home/ciagent/.m2/repository/com/google/http-client/google-http-client/1.14.1-beta/google-http-client-1.14.1-beta.jar
MD5: 8a3711522ebceef2531d455e2f04a639
SHA1: cb503d4021739e6bac39442ac87b4e311ec77b5e
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom description Google HTTP Client Library for Java. Functionality that works on all supported Java platforms, including Java 5 (or higher) desktop (SE) and web (EE), Android, and Google App Engine. Low
Vendor pom groupid com.google.http-client Highest
Vendor file name google-http-client High
Vendor pom groupid google.http-client Highest
Vendor central groupid com.google.http-client Highest
Vendor Manifest Implementation-Vendor Google High
Vendor pom name Google HTTP Client Library for Java High
Vendor pom parent-groupid com.google.http-client Medium
Vendor pom parent-artifactid google-http-client-parent Low
Vendor Manifest Implementation-Vendor-Id com.google.http-client Medium
Vendor pom artifactid google-http-client Low
Product Manifest Implementation-Title Google HTTP Client Library for Java High
Product pom groupid google.http-client Low
Product pom description Google HTTP Client Library for Java. Functionality that works on all supported Java platforms, including Java 5 (or higher) desktop (SE) and web (EE), Android, and Google App Engine. Low
Product file name google-http-client High
Product pom parent-groupid com.google.http-client Low
Product pom parent-artifactid google-http-client-parent Medium
Product pom artifactid google-http-client Highest
Product pom name Google HTTP Client Library for Java High
Product central artifactid google-http-client Highest
Version central version 1.14.1-beta Highest
Version file version 1.14.1.beta Highest
Version Manifest Implementation-Version 1.14.1-beta High
Version pom version 1.14.1-beta Highest
Related Dependencies
google-oauth-client-1.14.1-beta.jar
File Path: /home/ciagent/.m2/repository/com/google/oauth-client/google-oauth-client/1.14.1-beta/google-oauth-client-1.14.1-beta.jar
SHA1: 7260cd30808a6d1d4ddef6250e3d92d814aaa4cb
MD5: 71feea1d54eb7878c12855b7c47ef289
maven: com.google.oauth-client:google-oauth-client:1.14.1-beta ✓
jsr305-1.3.9.jar
Description: JSR305 Annotations for Findbugs
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/google/code/findbugs/jsr305/1.3.9/jsr305-1.3.9.jar
MD5: 1d5a772e400b04bb67a7ef4a0e0996d8
SHA1: 40719ea6961c0cb6afaeb6a921eaa1f6afd4cfdf
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom description JSR305 Annotations for Findbugs Medium
Vendor file name jsr305 High
Vendor central groupid com.google.code.findbugs Highest
Vendor pom url http://findbugs.sourceforge.net/ Highest
Vendor pom groupid google.code.findbugs Highest
Vendor pom artifactid jsr305 Low
Vendor pom name FindBugs-jsr305 High
Vendor jar package name javax Low
Vendor pom groupid com.google.code.findbugs Highest
Vendor jar package name annotation Low
Product pom description JSR305 Annotations for Findbugs Medium
Product pom groupid google.code.findbugs Low
Product pom artifactid jsr305 Highest
Product file name jsr305 High
Product pom name FindBugs-jsr305 High
Product pom url http://findbugs.sourceforge.net/ Medium
Product central artifactid jsr305 Highest
Product jar package name annotation Low
Version file version 1.3.9 Highest
Version central version 1.3.9 Highest
Version pom version 1.3.9 Highest
google-api-client-1.14.1-beta.jar
File Path: /home/ciagent/.m2/repository/com/google/api-client/google-api-client/1.14.1-beta/google-api-client-1.14.1-beta.jar
MD5: 6832804471d4d635ed74ae1fbd5d9d86
SHA1: e95d3b6e36fc67bffd7e71ef60bc5af623e73843
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom artifactid google-api-client Low
Vendor pom groupid com.google.api-client Highest
Vendor file name google-api-client High
Vendor pom groupid google.api-client Highest
Vendor pom parent-groupid com.google.api-client Medium
Vendor central groupid com.google.api-client Highest
Vendor Manifest Implementation-Vendor Google High
Vendor pom parent-artifactid google-api-client-parent Low
Vendor pom name Google APIs Client Library for Java High
Vendor Manifest Implementation-Vendor-Id com.google.api-client Medium
Product pom parent-artifactid google-api-client-parent Medium
Product file name google-api-client High
Product pom groupid google.api-client Low
Product pom artifactid google-api-client Highest
Product pom name Google APIs Client Library for Java High
Product pom parent-groupid com.google.api-client Low
Product Manifest Implementation-Title Google APIs Client Library for Java High
Product central artifactid google-api-client Highest
Version central version 1.14.1-beta Highest
Version file version 1.14.1.beta Highest
Version Manifest Implementation-Version 1.14.1-beta High
Version pom version 1.14.1-beta Highest
jackson-core-asl-1.9.11.jar
Description: Jackson is a high-performance JSON processor (parser, generator)
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/codehaus/jackson/jackson-core-asl/1.9.11/jackson-core-asl-1.9.11.jar
MD5: 49801a6d43725d5c3a1a52ca021d7dc5
SHA1: e32303ef8bd18a5c9272780d49b81c95e05ddf43
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom organization name FasterXML High
Vendor central groupid org.codehaus.jackson Highest
Vendor Manifest bundle-symbolicname jackson-core-asl Medium
Vendor pom groupid codehaus.jackson Highest
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6 Low
Vendor pom artifactid jackson-core-asl Low
Vendor pom name Jackson High
Vendor pom groupid org.codehaus.jackson Highest
Vendor pom organization url http://fasterxml.com Medium
Vendor file name jackson-core-asl High
Vendor pom url http://jackson.codehaus.org Highest
Vendor Manifest specification-vendor http://www.ietf.org/rfc/rfc4627.txt Low
Vendor Manifest Implementation-Vendor http://fasterxml.com High
Vendor pom description Jackson is a high-performance JSON processor (parser, generator)
Medium
Product pom artifactid jackson-core-asl Highest
Product Manifest bundle-symbolicname jackson-core-asl Medium
Product Manifest Bundle-Name Jackson JSON processor Medium
Product pom organization name FasterXML Low
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6 Low
Product central artifactid jackson-core-asl Highest
Product pom groupid codehaus.jackson Low
Product pom name Jackson High
Product file name jackson-core-asl High
Product Manifest specification-title JSON - JavaScript Object Notation Medium
Product pom url http://jackson.codehaus.org Medium
Product pom organization url http://fasterxml.com Low
Product Manifest Implementation-Title Jackson JSON processor High
Product pom description Jackson is a high-performance JSON processor (parser, generator)
Medium
Version file version 1.9.11 Highest
Version pom version 1.9.11 Highest
Version Manifest Implementation-Version 1.9.11 High
Version central version 1.9.11 Highest
google-http-client-jackson-1.14.1-beta.jar
File Path: /home/ciagent/.m2/repository/com/google/http-client/google-http-client-jackson/1.14.1-beta/google-http-client-jackson-1.14.1-beta.jar
MD5: 85d9f42910a68e85ff22d24805688da9
SHA1: 3cfc08bf4b0f62234ff69ff2a0b3c26d7e447829
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom artifactid google-http-client-jackson Low
Vendor pom name Jackson extensions to the Google HTTP Client Library for Java. High
Vendor pom groupid com.google.http-client Highest
Vendor file name google-http-client-jackson High
Vendor pom groupid google.http-client Highest
Vendor central groupid com.google.http-client Highest
Vendor Manifest Implementation-Vendor Google High
Vendor pom parent-groupid com.google.http-client Medium
Vendor pom parent-artifactid google-http-client-parent Low
Vendor Manifest Implementation-Vendor-Id com.google.http-client Medium
Product pom groupid google.http-client Low
Product pom name Jackson extensions to the Google HTTP Client Library for Java. High
Product file name google-http-client-jackson High
Product pom parent-groupid com.google.http-client Low
Product pom parent-artifactid google-http-client-parent Medium
Product pom artifactid google-http-client-jackson Highest
Product Manifest Implementation-Title Jackson extensions to the Google HTTP Client Library for Java. High
Product central artifactid google-http-client-jackson Highest
Version central version 1.14.1-beta Highest
Version file version 1.14.1.beta Highest
Version Manifest Implementation-Version 1.14.1-beta High
Version pom version 1.14.1-beta Highest
google-api-services-plus-v1-rev69-1.14.2-beta.jar
File Path: /home/ciagent/.m2/repository/com/google/apis/google-api-services-plus/v1-rev69-1.14.2-beta/google-api-services-plus-v1-rev69-1.14.2-beta.jar
MD5: fbddf71619f41f1359f0b3abff442444
SHA1: a6c5cc69690a3bd7777025a65b0f1abe66112a5e
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor jar package name api Low
Vendor file name google-api-services-plus-v1-rev69 High
Vendor pom parent-artifactid google Low
Vendor pom parent-groupid com.google Medium
Vendor jar package name google Low
Vendor jar package name services Low
Vendor pom groupid com.google.apis Highest
Vendor pom artifactid google-api-services-plus Low
Vendor pom groupid google.apis Highest
Vendor central groupid com.google.apis Highest
Vendor pom name Google+ API v1 (revision 69) High
Product central artifactid google-api-services-plus Highest
Product jar package name api Low
Product file name google-api-services-plus-v1-rev69 High
Product jar package name services Low
Product jar package name plus Low
Product pom parent-artifactid google Medium
Product pom groupid google.apis Low
Product pom artifactid google-api-services-plus Highest
Product pom name Google+ API v1 (revision 69) High
Product pom parent-groupid com.google Low
Version pom version v1-rev69-1.14.2-beta Highest
Version file version 1.14.2.beta Highest
Version central version v1-rev69-1.14.2-beta Highest
Version pom parent-version v1-rev69-1.14.2-beta Low
Version file name google-api-services-plus-v1-rev69 Medium
google-api-services-oauth2-v2-rev36-1.14.2-beta.jar
File Path: /home/ciagent/.m2/repository/com/google/apis/google-api-services-oauth2/v2-rev36-1.14.2-beta/google-api-services-oauth2-v2-rev36-1.14.2-beta.jar
MD5: cd2ac31ad0317e53e660c2a4578749f3
SHA1: c7249e1e4832f6e6585f7b7db307585b3ae53881
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom artifactid google-api-services-oauth2 Low
Vendor jar package name api Low
Vendor pom parent-artifactid google Low
Vendor pom parent-groupid com.google Medium
Vendor jar package name google Low
Vendor jar package name services Low
Vendor pom groupid com.google.apis Highest
Vendor file name google-api-services-oauth2-v2-rev36 High
Vendor pom groupid google.apis Highest
Vendor central groupid com.google.apis Highest
Vendor pom name Google OAuth2 API v2 (revision 36) High
Product jar package name api Low
Product pom artifactid google-api-services-oauth2 Highest
Product jar package name services Low
Product central artifactid google-api-services-oauth2 Highest
Product pom parent-artifactid google Medium
Product file name google-api-services-oauth2-v2-rev36 High
Product pom groupid google.apis Low
Product pom name Google OAuth2 API v2 (revision 36) High
Product jar package name oauth2 Low
Product pom parent-groupid com.google Low
Version pom version v2-rev36-1.14.2-beta Highest
Version file version 1.14.2.beta Highest
Version file name google-api-services-oauth2-v2-rev36 Medium
Version central version v2-rev36-1.14.2-beta Highest
Version pom parent-version v2-rev36-1.14.2-beta Low
stax-api-1.0-2.jar
Description:
StAX is a standard XML processing API that allows you to stream XML data from and to your application.
License:
GNU General Public Library: http://www.gnu.org/licenses/gpl.txt
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: http://www.sun.com/cddl/cddl.html
File Path: /home/ciagent/.m2/repository/javax/xml/stream/stax-api/1.0-2/stax-api-1.0-2.jar
MD5: 7d18b63063580284c3f5734081fdc99f
SHA1: d6337b0de8b25e53e81b922352fbea9f9f57ba0b
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor jar package name stream Low
Vendor pom artifactid stax-api Low
Vendor pom description StAX is a standard XML processing API that allows you to stream XML data from and to your application. Low
Vendor file name stax-api High
Vendor jar package name xml Low
Vendor central groupid javax.xml.stream Highest
Vendor jar package name javax Low
Vendor pom groupid javax.xml.stream Highest
Vendor pom name Streaming API for XML High
Product jar package name stream Low
Product pom description StAX is a standard XML processing API that allows you to stream XML data from and to your application. Low
Product pom groupid javax.xml.stream Low
Product pom artifactid stax-api Highest
Product file name stax-api High
Product jar package name xml Low
Product central artifactid stax-api Highest
Product pom name Streaming API for XML High
Version file version 1.0.2 Highest
Version central version 1.0-2 Highest
Version pom version 1.0-2 Highest
activation-1.1.1.jar
Description: The JavaBeans(TM) Activation Framework is used by the JavaMail(TM) API to manage MIME data
License:
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: /home/ciagent/.m2/repository/javax/activation/activation/1.1.1/activation-1.1.1.jar
MD5: 46a37512971d8eca81c3fcf245bf07d2
SHA1: 485de3a253e23f645037828c07f1d7f1af40763a
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest extension-name javax.activation Medium
Vendor pom name JavaBeans(TM) Activation Framework High
Vendor Manifest Implementation-Vendor-Id com.sun Medium
Vendor Manifest Implementation-Vendor Sun Microsystems, Inc. High
Vendor pom description The JavaBeans(TM) Activation Framework is used by the JavaMail(TM) API to manage MIME data Medium
Vendor pom groupid javax.activation Highest
Vendor pom artifactid activation Low
Vendor file name activation High
Vendor Manifest specification-vendor Sun Microsystems, Inc. Low
Vendor pom url http://java.sun.com/javase/technologies/desktop/javabeans/jaf/index.jsp Highest
Vendor central groupid javax.activation Highest
Product Manifest extension-name javax.activation Medium
Product pom name JavaBeans(TM) Activation Framework High
Product pom artifactid activation Highest
Product pom description The JavaBeans(TM) Activation Framework is used by the JavaMail(TM) API to manage MIME data Medium
Product file name activation High
Product pom groupid javax.activation Low
Product Manifest specification-title JavaBeans(TM) Activation Framework Specification Medium
Product pom url http://java.sun.com/javase/technologies/desktop/javabeans/jaf/index.jsp Medium
Product central artifactid activation Highest
Version central version 1.1.1 Highest
Version file version 1.1.1 Highest
Version pom version 1.1.1 Highest
Version Manifest Implementation-Version 1.1.1 High
jaxb-api-2.1.jar
File Path: /home/ciagent/.m2/repository/javax/xml/bind/jaxb-api/2.1/jaxb-api-2.1.jar
MD5: 9534ce6506dc96bac3944423d804be30
SHA1: d68570e722cffe2000358ce9c661a0b0bf1ebe11
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom groupid javax.xml.bind Highest
Vendor Manifest extension-name javax.xml.bind Medium
Vendor pom artifactid jaxb-api Low
Vendor file name jaxb-api High
Vendor Manifest specification-vendor Sun Microsystems, Inc. Low
Vendor central groupid javax.xml.bind Highest
Product Manifest extension-name javax.xml.bind Medium
Product file name jaxb-api High
Product Manifest specification-title Java Architecture for XML Binding Medium
Product central artifactid jaxb-api Highest
Product pom artifactid jaxb-api Highest
Product pom groupid javax.xml.bind Low
Version pom version 2.1 Highest
Version file version 2.1 Highest
Version central version 2.1 Highest
jaxb-impl-2.1.8.jar
File Path: /home/ciagent/.m2/repository/com/sun/xml/bind/jaxb-impl/2.1.8/jaxb-impl-2.1.8.jar
MD5: 1340264c75ea00b3d4d83e1ba57b606a
SHA1: 41b915446cb6962f9b403d1a5da3817a95ee579e
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom groupid com.sun.xml.bind Highest
Vendor pom groupid sun.xml.bind Highest
Vendor Manifest extension-name com.sun.xml.bind Medium
Vendor pom artifactid jaxb-impl Low
Vendor central groupid com.sun.xml.bind Highest
Vendor Manifest Implementation-Vendor-Id com.sun Medium
Vendor Manifest Implementation-Vendor Sun Microsystems, Inc. High
Vendor Manifest specification-vendor Sun Microsystems, Inc. Low
Vendor file name jaxb-impl High
Product pom groupid sun.xml.bind Low
Product pom artifactid jaxb-impl Highest
Product Manifest extension-name com.sun.xml.bind Medium
Product Manifest specification-title Java Architecture for XML Binding Medium
Product central artifactid jaxb-impl Highest
Product Manifest Implementation-Title JAXB Reference Implementation High
Product file name jaxb-impl High
Version pom version 2.1.8 Highest
Version Manifest Implementation-Version 2.1.8 High
Version central version 2.1.8 Highest
Version file version 2.1.8 Highest
picketlink-idm-core-1.4.6.Final.jar
Description: PicketLink IDM IMPL contains the implementation of the API and the Identity Model.
License:
lgpl: http://repository.jboss.com/licenses/lgpl.txt
File Path: /home/ciagent/.m2/repository/org/picketlink/idm/picketlink-idm-core/1.4.6.Final/picketlink-idm-core-1.4.6.Final.jar
MD5: a5c21c2186c186bc296d9909bcb11616
SHA1: 30d4385012393e4c50a82f8b84153eb6ee301a7d
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom name PicketLink IDM Implementation High
Vendor pom organization url http://www.jboss.org Medium
Vendor Manifest java-vendor Sun Microsystems Inc. Medium
Vendor pom parent-groupid org.picketlink.idm Medium
Vendor file name picketlink-idm-core High
Vendor pom description PicketLink IDM IMPL contains the implementation of the API and the Identity Model. Medium
Vendor Manifest Implementation-Vendor-Id org.picketlink.idm Medium
Vendor pom parent-artifactid picketlink-idm-parent Low
Vendor Manifest specification-vendor JBoss Inc. Low
Vendor Manifest Implementation-Vendor JBoss Inc. High
Vendor Manifest os-name Linux Medium
Vendor Manifest build-timestamp Fri, 27 Feb 2015 09:44:09 +0100 Low
Vendor central groupid org.picketlink.idm Highest
Vendor Manifest implementation-url http://www.jboss.org/picketlink-idm-parent/picketlink-idm-core Low
Vendor pom groupid picketlink.idm Highest
Vendor pom artifactid picketlink-idm-core Low
Vendor pom groupid org.picketlink.idm Highest
Vendor pom organization name JBoss Inc. High
Product pom name PicketLink IDM Implementation High
Product pom organization url http://www.jboss.org Low
Product Manifest Implementation-Title PicketLink IDM Implementation High
Product file name picketlink-idm-core High
Product pom description PicketLink IDM IMPL contains the implementation of the API and the Identity Model. Medium
Product pom parent-groupid org.picketlink.idm Low
Product pom parent-artifactid picketlink-idm-parent Medium
Product Manifest os-name Linux Medium
Product Manifest build-timestamp Fri, 27 Feb 2015 09:44:09 +0100 Low
Product pom artifactid picketlink-idm-core Highest
Product Manifest implementation-url http://www.jboss.org/picketlink-idm-parent/picketlink-idm-core Low
Product pom organization name JBoss Inc. Low
Product central artifactid picketlink-idm-core Highest
Product Manifest specification-title PicketLink IDM Implementation Medium
Product pom groupid picketlink.idm Low
Version central version 1.4.6.Final Highest
Version Manifest Implementation-Version 1.4.6.Final High
Version pom version 1.4.6.Final Highest
Version file version 1.4.6 Highest
Related Dependencies
picketlink-idm-api-1.4.6.Final.jar
File Path: /home/ciagent/.m2/repository/org/picketlink/idm/picketlink-idm-api/1.4.6.Final/picketlink-idm-api-1.4.6.Final.jar
SHA1: 6af0f6f08add632a442a6a415907460f9e8a9913
MD5: b85343ae7bcc7162b42ed3aaac08322a
maven: org.picketlink.idm:picketlink-idm-api:1.4.6.Final ✓
picketlink-idm-hibernate-1.4.6.Final.jar
File Path: /home/ciagent/.m2/repository/org/picketlink/idm/picketlink-idm-hibernate/1.4.6.Final/picketlink-idm-hibernate-1.4.6.Final.jar
SHA1: 4cd6d4e7bc818d5d89e06d268302908903cd3447
MD5: 4e80873b893295bab629a5764c40b345
maven: org.picketlink.idm:picketlink-idm-hibernate:1.4.6.Final ✓
picketlink-idm-ldap-1.4.6.Final.jar
File Path: /home/ciagent/.m2/repository/org/picketlink/idm/picketlink-idm-ldap/1.4.6.Final/picketlink-idm-ldap-1.4.6.Final.jar
SHA1: b52fefb76b4f2d047422f4ff5caff9c7a18001f3
MD5: 7da4240664f237384cd33b35939ff153
maven: org.picketlink.idm:picketlink-idm-ldap:1.4.6.Final ✓
picketlink-idm-spi-1.4.6.Final.jar
File Path: /home/ciagent/.m2/repository/org/picketlink/idm/picketlink-idm-spi/1.4.6.Final/picketlink-idm-spi-1.4.6.Final.jar
SHA1: 0804a3a34b7d031cc8daab4f4a8cbac1c00e98dd
MD5: 7289815e139890cb98b0f5a80e7b7a59
maven: org.picketlink.idm:picketlink-idm-spi:1.4.6.Final ✓
picketlink-idm-common-1.4.6.Final.jar
File Path: /home/ciagent/.m2/repository/org/picketlink/idm/picketlink-idm-common/1.4.6.Final/picketlink-idm-common-1.4.6.Final.jar
SHA1: 37c1309fd376db4f4ff969fb0df4f8c388e2022c
MD5: 1ad4f8384e856abf4696895d7647dabf
maven: org.picketlink.idm:picketlink-idm-common:1.4.6.Final ✓
Published Vulnerabilities
CVE-2015-0277 suppress
Severity:
Medium
CVSS Score: 6.0
(AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-284 Improper Access Control
The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6254 for lack of validation for the Destination attribute in a Response element in a SAML assertion.
Vulnerable Software & Versions:
CVE-2015-3158 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) direct request or (2) request through an SP initiated flow.
Vulnerable Software & Versions:
CVE-2015-6254 suppress
Severity:
Medium
CVSS Score: 6.0
(AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-17 Code
The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-0277 per ADT2 due to different vulnerability types.
Vulnerable Software & Versions:
mop-api-1.3.2.Final.jar
Description: API of the Object Model for Portal
File Path: /home/ciagent/.m2/repository/org/gatein/mop/mop-api/1.3.2.Final/mop-api-1.3.2.Final.jar
MD5: 4f2c10678f3c5850bb85c25514469e2e
SHA1: 78f9c03a23ec1c3564e827d3927ce53eca6d919d
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor pom groupid gatein.mop Highest
Vendor pom parent-artifactid mop-parent Low
Vendor Manifest implementation-url www.gatein.org/mop-parent/mop-api/ Low
Vendor pom groupid org.gatein.mop Highest
Vendor Manifest specification-vendor JBoss by Red Hat Low
Vendor Manifest Implementation-Vendor-Id org.gatein.mop Medium
Vendor pom parent-groupid org.gatein.mop Medium
Vendor pom description API of the Object Model for Portal Medium
Vendor Manifest build-timestamp Mon, 14 Apr 2014 17:58:13 +0200 Low
Vendor Manifest os-name Mac OS X Medium
Vendor Manifest Implementation-Vendor JBoss by Red Hat High
Vendor pom artifactid mop-api Low
Vendor pom name MOP API High
Vendor file name mop-api High
Product Manifest Implementation-Title MOP API High
Product pom groupid gatein.mop Low
Product Manifest implementation-url www.gatein.org/mop-parent/mop-api/ Low
Product pom parent-groupid org.gatein.mop Low
Product pom parent-artifactid mop-parent Medium
Product pom artifactid mop-api Highest
Product pom description API of the Object Model for Portal Medium
Product Manifest build-timestamp Mon, 14 Apr 2014 17:58:13 +0200 Low
Product Manifest os-name Mac OS X Medium
Product pom name MOP API High
Product Manifest specification-title MOP API Medium
Product file name mop-api High
Version file version 1.3.2 Highest
Version pom version 1.3.2.Final Highest
Version Manifest Implementation-Version 1.3.2.Final High
maven: org.gatein.mop:mop-api:1.3.2.Final
Confidence :High
mop-spi-1.3.2.Final.jar
Description: SPI of the Object Model for Portal
File Path: /home/ciagent/.m2/repository/org/gatein/mop/mop-spi/1.3.2.Final/mop-spi-1.3.2.Final.jar
MD5: 6ef18d761e625d923ec01c6e5283026e
SHA1: 4fe3a673d58c85d2f6c9ad4446b90229f46c8987
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor pom groupid gatein.mop Highest
Vendor pom parent-artifactid mop-parent Low
Vendor pom groupid org.gatein.mop Highest
Vendor file name mop-spi High
Vendor Manifest specification-vendor JBoss by Red Hat Low
Vendor Manifest Implementation-Vendor-Id org.gatein.mop Medium
Vendor pom parent-groupid org.gatein.mop Medium
Vendor Manifest build-timestamp Mon, 14 Apr 2014 17:58:13 +0200 Low
Vendor Manifest os-name Mac OS X Medium
Vendor Manifest Implementation-Vendor JBoss by Red Hat High
Vendor pom artifactid mop-spi Low
Vendor pom name MOP SPI High
Vendor Manifest implementation-url www.gatein.org/mop-parent/mop-spi/ Low
Vendor pom description SPI of the Object Model for Portal Medium
Product pom groupid gatein.mop Low
Product pom parent-groupid org.gatein.mop Low
Product file name mop-spi High
Product Manifest Implementation-Title MOP SPI High
Product pom parent-artifactid mop-parent Medium
Product Manifest specification-title MOP SPI Medium
Product Manifest build-timestamp Mon, 14 Apr 2014 17:58:13 +0200 Low
Product Manifest os-name Mac OS X Medium
Product pom name MOP SPI High
Product Manifest implementation-url www.gatein.org/mop-parent/mop-spi/ Low
Product pom artifactid mop-spi Highest
Product pom description SPI of the Object Model for Portal Medium
Version file version 1.3.2 Highest
Version pom version 1.3.2.Final Highest
Version Manifest Implementation-Version 1.3.2.Final High
maven: org.gatein.mop:mop-spi:1.3.2.Final
Confidence :High
mop-core-1.3.2.Final.jar
Description: Model Object for Portal Core
File Path: /home/ciagent/.m2/repository/org/gatein/mop/mop-core/1.3.2.Final/mop-core-1.3.2.Final.jar
MD5: 7d5eb7a5c2ed2d88362f9d8a9413a475
SHA1: d27e4c960aefd919f7c25049b72a9bc225cd6548
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor pom groupid gatein.mop Highest
Vendor pom parent-artifactid mop-parent Low
Vendor pom groupid org.gatein.mop Highest
Vendor file name mop-core High
Vendor Manifest specification-vendor JBoss by Red Hat Low
Vendor Manifest Implementation-Vendor-Id org.gatein.mop Medium
Vendor pom artifactid mop-core Low
Vendor pom parent-groupid org.gatein.mop Medium
Vendor Manifest build-timestamp Mon, 14 Apr 2014 17:58:13 +0200 Low
Vendor Manifest os-name Mac OS X Medium
Vendor Manifest Implementation-Vendor JBoss by Red Hat High
Vendor pom name MOP Core High
Vendor Manifest implementation-url www.gatein.org/mop-parent/mop-core/ Low
Vendor pom description Model Object for Portal Core Medium
Product pom groupid gatein.mop Low
Product pom parent-groupid org.gatein.mop Low
Product file name mop-core High
Product pom parent-artifactid mop-parent Medium
Product Manifest build-timestamp Mon, 14 Apr 2014 17:58:13 +0200 Low
Product Manifest os-name Mac OS X Medium
Product pom name MOP Core High
Product Manifest specification-title MOP Core Medium
Product pom artifactid mop-core Highest
Product Manifest Implementation-Title MOP Core High
Product Manifest implementation-url www.gatein.org/mop-parent/mop-core/ Low
Product pom description Model Object for Portal Core Medium
Version file version 1.3.2 Highest
Version pom version 1.3.2.Final Highest
Version Manifest Implementation-Version 1.3.2.Final High
maven: org.gatein.mop:mop-core:1.3.2.Final
Confidence :High
gatein-management-api-2.1.0.Final.jar
File Path: /home/ciagent/.m2/repository/org/gatein/management/gatein-management-api/2.1.0.Final/gatein-management-api-2.1.0.Final.jar
MD5: dde253e45fefd580cab7a4ee75c6d92e
SHA1: 5c73b152fe9497eb37386052f86bfa7ee7d33b87
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor-Id org.gatein.management Medium
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor pom groupid org.gatein.management Highest
Vendor Manifest specification-vendor JBoss by Red Hat Low
Vendor Manifest implementation-url www.gatein.org/gatein-management-parent/gatein-management-api/ Low
Vendor file name gatein-management-api High
Vendor Manifest Implementation-Vendor JBoss by Red Hat High
Vendor Manifest build-timestamp Mon, 17 Mar 2014 21:15:40 +0100 Low
Vendor Manifest os-name Linux Medium
Vendor pom parent-groupid org.gatein.management Medium
Vendor pom parent-artifactid gatein-management-parent Low
Vendor pom name GateIn Management - API High
Vendor pom groupid gatein.management Highest
Vendor pom artifactid gatein-management-api Low
Product pom parent-artifactid gatein-management-parent Medium
Product pom groupid gatein.management Low
Product Manifest build-timestamp Mon, 17 Mar 2014 21:15:40 +0100 Low
Product Manifest os-name Linux Medium
Product pom artifactid gatein-management-api Highest
Product Manifest Implementation-Title GateIn Management - API High
Product Manifest implementation-url www.gatein.org/gatein-management-parent/gatein-management-api/ Low
Product pom name GateIn Management - API High
Product file name gatein-management-api High
Product pom parent-groupid org.gatein.management Low
Product Manifest specification-title GateIn Management - API Medium
Version file version 2.1.0 Highest
Version Manifest Implementation-Version 2.1.0.Final High
Version pom version 2.1.0.Final Highest
maven: org.gatein.management:gatein-management-api:2.1.0.Final
Confidence :High
gatein-management-spi-2.1.0.Final.jar
File Path: /home/ciagent/.m2/repository/org/gatein/management/gatein-management-spi/2.1.0.Final/gatein-management-spi-2.1.0.Final.jar
MD5: 4e10565858662ec9eea75cfbd3544ba1
SHA1: 79670b2dd849b49e145b7122cbff4ef83116157f
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor-Id org.gatein.management Medium
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor Manifest implementation-url www.gatein.org/gatein-management-parent/gatein-management-spi/ Low
Vendor pom name GateIn Management - SPI High
Vendor pom groupid org.gatein.management Highest
Vendor Manifest specification-vendor JBoss by Red Hat Low
Vendor Manifest Implementation-Vendor JBoss by Red Hat High
Vendor Manifest build-timestamp Mon, 17 Mar 2014 21:15:40 +0100 Low
Vendor Manifest os-name Linux Medium
Vendor pom parent-groupid org.gatein.management Medium
Vendor pom artifactid gatein-management-spi Low
Vendor pom parent-artifactid gatein-management-parent Low
Vendor pom groupid gatein.management Highest
Vendor file name gatein-management-spi High
Product pom parent-artifactid gatein-management-parent Medium
Product Manifest implementation-url www.gatein.org/gatein-management-parent/gatein-management-spi/ Low
Product pom groupid gatein.management Low
Product Manifest build-timestamp Mon, 17 Mar 2014 21:15:40 +0100 Low
Product Manifest os-name Linux Medium
Product Manifest specification-title GateIn Management - SPI Medium
Product pom name GateIn Management - SPI High
Product pom artifactid gatein-management-spi Highest
Product file name gatein-management-spi High
Product pom parent-groupid org.gatein.management Low
Product Manifest Implementation-Title GateIn Management - SPI High
Version file version 2.1.0 Highest
Version Manifest Implementation-Version 2.1.0.Final High
Version pom version 2.1.0.Final Highest
maven: org.gatein.management:gatein-management-spi:2.1.0.Final
Confidence :High
json-20070829.jar
Description:
JSON (JavaScript Object Notation) is a lightweight data-interchange format.
It is easy for humans to read and write. It is easy for machines to parse and generate.
It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition
- December 1999. JSON is a text format that is completely language independent but uses
conventions that are familiar to programmers of the C-family of languages, including C, C++, C#,
Java, JavaScript, Perl, Python, and many others.
These properties make JSON an ideal data-interchange language.
File Path: /home/ciagent/.m2/repository/org/json/json/20070829/json-20070829.jar
MD5: 4a913140f9099519dfc0212fa5d9a457
SHA1: 89190ff77b57203c3417555f32226998da97ff38
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom description JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but... Low
Vendor pom url http://www.json.org/java/index.html Highest
Vendor pom artifactid json Low
Vendor pom groupid json Highest
Vendor pom organization name JSON High
Vendor central groupid org.json Highest
Vendor pom groupid org.json Highest
Vendor pom name JSON (JavaScript Object Notation) High
Vendor jar package name json Low
Vendor file name json-20070829 High
Vendor pom organization url http://json.org/ Medium
Product pom description JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but... Low
Product pom artifactid json Highest
Product central artifactid json Highest
Product pom organization url http://json.org/ Low
Product pom organization name JSON Low
Product pom name JSON (JavaScript Object Notation) High
Product pom groupid json Low
Product pom url http://www.json.org/java/index.html Medium
Product file name json-20070829 High
Version pom version 20070829 Highest
Version central version 20070829 Highest
Version file version 20070829 Medium
chromattic.ext-1.3.0.jar
Description: Chromattic Framework Extensions
File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.ext/1.3.0/chromattic.ext-1.3.0.jar
MD5: a8482bb9fe7572e77a58627251740ee1
SHA1: ea3bd25892c827d9b830aea768de69e200a93165
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor jar package name ext Low
Vendor pom description Chromattic Framework Extensions Medium
Vendor file name chromattic.ext High
Vendor jar package name ntdef Low
Vendor jar package name chromattic Low
Vendor pom parent-groupid org.chromattic Medium
Vendor pom parent-artifactid chromattic.parent Low
Vendor pom groupid chromattic Highest
Vendor pom artifactid chromattic.ext Low
Vendor central groupid org.chromattic Highest
Vendor pom groupid org.chromattic Highest
Vendor pom name Chromattic Framework Extensions High
Product jar package name ext Low
Product pom artifactid chromattic.ext Highest
Product pom description Chromattic Framework Extensions Medium
Product file name chromattic.ext High
Product jar package name ntdef Low
Product central artifactid chromattic.ext Highest
Product pom parent-groupid org.chromattic Low
Product pom parent-artifactid chromattic.parent Medium
Product pom name Chromattic Framework Extensions High
Product pom groupid chromattic Low
Version file version 1.3.0 Highest
Version pom version 1.3.0 Highest
Version central version 1.3.0 Highest
pc-api-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/pc/pc-api/6.0.x-SNAPSHOT/pc-api-6.0.x-SNAPSHOT.jar
MD5: 7bd34ec7a2eeb98e8ddd85727ebb1153
SHA1: 9e24562c5dff144389d7c62b80c41b25a7c2be1b
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid pc-parent Low
Vendor pom groupid org.exoplatform.gatein.pc Highest
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor pom artifactid pc-api Low
Vendor Manifest specification-vendor GateIn Low
Vendor pom name GateIn - Portlet Container (api) High
Vendor file name pc-api High
Vendor Manifest os-name Linux Medium
Vendor Manifest build-timestamp Sun, 6 Oct 2019 16:22:45 +0000 Low
Vendor Manifest Implementation-Vendor GateIn High
Vendor Manifest implementation-url http://www.jboss.org/gatein/portletcontainer.html/pc-api Low
Vendor pom groupid exoplatform.gatein.pc Highest
Vendor Manifest Implementation-Vendor-Id org.exoplatform.gatein.pc Medium
Vendor pom parent-groupid org.exoplatform.gatein.pc Medium
Product Manifest Implementation-Title GateIn - Portlet Container (api) High
Product file name pc-api High
Product Manifest os-name Linux Medium
Product pom parent-groupid org.exoplatform.gatein.pc Low
Product Manifest build-timestamp Sun, 6 Oct 2019 16:22:45 +0000 Low
Product Manifest implementation-url http://www.jboss.org/gatein/portletcontainer.html/pc-api Low
Product pom parent-artifactid pc-parent Medium
Product pom groupid exoplatform.gatein.pc Low
Product pom artifactid pc-api Highest
Product Manifest specification-title GateIn - Portlet Container (api) Medium
Product pom name GateIn - Portlet Container (api) High
Version file version 6.0 Highest
Version Manifest Implementation-Version 6.0.x-SNAPSHOT High
maven: org.exoplatform.gatein.pc:pc-api:6.0.x-SNAPSHOT
Confidence :High
pc-portlet-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/pc/pc-portlet/6.0.x-SNAPSHOT/pc-portlet-6.0.x-SNAPSHOT.jar
MD5: a6cf52cebde52a792c4dc24b697db040
SHA1: 6a545cac66ad5f2bb0d6722ff7d091523a078661
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid pc-parent Low
Vendor pom groupid org.exoplatform.gatein.pc Highest
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor pom artifactid pc-portlet Low
Vendor Manifest specification-vendor GateIn Low
Vendor file name pc-portlet High
Vendor Manifest os-name Linux Medium
Vendor Manifest build-timestamp Sun, 6 Oct 2019 16:22:45 +0000 Low
Vendor Manifest Implementation-Vendor GateIn High
Vendor pom name GateIn - Portlet Container (pc) High
Vendor pom groupid exoplatform.gatein.pc Highest
Vendor Manifest Implementation-Vendor-Id org.exoplatform.gatein.pc Medium
Vendor pom parent-groupid org.exoplatform.gatein.pc Medium
Vendor Manifest implementation-url http://www.jboss.org/gatein/portletcontainer.html/pc-portlet Low
Product pom artifactid pc-portlet Highest
Product file name pc-portlet High
Product Manifest os-name Linux Medium
Product pom parent-groupid org.exoplatform.gatein.pc Low
Product Manifest build-timestamp Sun, 6 Oct 2019 16:22:45 +0000 Low
Product pom name GateIn - Portlet Container (pc) High
Product Manifest specification-title GateIn - Portlet Container (pc) Medium
Product pom parent-artifactid pc-parent Medium
Product pom groupid exoplatform.gatein.pc Low
Product Manifest Implementation-Title GateIn - Portlet Container (pc) High
Product Manifest implementation-url http://www.jboss.org/gatein/portletcontainer.html/pc-portlet Low
Version pom version 6.0.x-20191006.162315-9 Highest
Version pom version 6.0.x-SNAPSHOT Highest
Version file version 6.0 Highest
Version Manifest Implementation-Version 6.0.x-SNAPSHOT High
maven: org.exoplatform.gatein.pc:pc-portlet:6.0.x-SNAPSHOT
Confidence :High
pc-federation-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/pc/pc-federation/6.0.x-SNAPSHOT/pc-federation-6.0.x-SNAPSHOT.jar
MD5: e486edc3afa0885b7ee730226710085b
SHA1: 4e44af441a793de975537dd37ad3aea5d3c165f7
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid pc-parent Low
Vendor pom groupid org.exoplatform.gatein.pc Highest
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor pom artifactid pc-federation Low
Vendor Manifest specification-vendor GateIn Low
Vendor file name pc-federation High
Vendor Manifest os-name Linux Medium
Vendor Manifest implementation-url http://www.jboss.org/gatein/portletcontainer.html/pc-federation Low
Vendor Manifest build-timestamp Sun, 6 Oct 2019 16:22:45 +0000 Low
Vendor Manifest Implementation-Vendor GateIn High
Vendor pom name GateIn - Portlet Container (federation) High
Vendor pom groupid exoplatform.gatein.pc Highest
Vendor Manifest Implementation-Vendor-Id org.exoplatform.gatein.pc Medium
Vendor pom parent-groupid org.exoplatform.gatein.pc Medium
Product Manifest Implementation-Title GateIn - Portlet Container (federation) High
Product file name pc-federation High
Product Manifest os-name Linux Medium
Product Manifest implementation-url http://www.jboss.org/gatein/portletcontainer.html/pc-federation Low
Product pom parent-groupid org.exoplatform.gatein.pc Low
Product Manifest specification-title GateIn - Portlet Container (federation) Medium
Product Manifest build-timestamp Sun, 6 Oct 2019 16:22:45 +0000 Low
Product pom parent-artifactid pc-parent Medium
Product pom name GateIn - Portlet Container (federation) High
Product pom groupid exoplatform.gatein.pc Low
Product pom artifactid pc-federation Highest
Version pom version 6.0.x-20191006.162417-9 Highest
Version pom version 6.0.x-SNAPSHOT Highest
Version file version 6.0 Highest
Version Manifest Implementation-Version 6.0.x-SNAPSHOT High
maven: org.exoplatform.gatein.pc:pc-federation:6.0.x-SNAPSHOT
Confidence :High
pc-bridge-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/pc/pc-bridge/6.0.x-SNAPSHOT/pc-bridge-6.0.x-SNAPSHOT.jar
MD5: 49448827a48d2294bc7b5130910dd272
SHA1: 3475a9882ac76290baac597c0d6d52b7e753abf8
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom artifactid pc-bridge Low
Vendor pom parent-artifactid pc-parent Low
Vendor pom groupid org.exoplatform.gatein.pc Highest
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor pom name GateIn - Portlet Container (bridge) High
Vendor Manifest specification-vendor GateIn Low
Vendor Manifest os-name Linux Medium
Vendor file name pc-bridge High
Vendor Manifest implementation-url http://www.jboss.org/gatein/portletcontainer.html/pc-bridge Low
Vendor Manifest build-timestamp Sun, 6 Oct 2019 16:22:45 +0000 Low
Vendor Manifest Implementation-Vendor GateIn High
Vendor pom groupid exoplatform.gatein.pc Highest
Vendor Manifest Implementation-Vendor-Id org.exoplatform.gatein.pc Medium
Vendor pom parent-groupid org.exoplatform.gatein.pc Medium
Product Manifest Implementation-Title GateIn - Portlet Container (bridge) High
Product pom artifactid pc-bridge Highest
Product Manifest os-name Linux Medium
Product pom parent-groupid org.exoplatform.gatein.pc Low
Product file name pc-bridge High
Product Manifest implementation-url http://www.jboss.org/gatein/portletcontainer.html/pc-bridge Low
Product Manifest build-timestamp Sun, 6 Oct 2019 16:22:45 +0000 Low
Product Manifest specification-title GateIn - Portlet Container (bridge) Medium
Product pom name GateIn - Portlet Container (bridge) High
Product pom parent-artifactid pc-parent Medium
Product pom groupid exoplatform.gatein.pc Low
Version file version 6.0 Highest
Version Manifest Implementation-Version 6.0.x-SNAPSHOT High
maven: org.exoplatform.gatein.pc:pc-bridge:6.0.x-SNAPSHOT
Confidence :High
filters-2.0.235.jar
Description: A collection of image processing filters.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/ciagent/.m2/repository/com/jhlabs/filters/2.0.235/filters-2.0.235.jar
MD5: d91073d6b28e2505e96620709626495f
SHA1: af6a2dfefef70f1ab2d7a8d1f8173f67e276b3f4
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom url http://www.jhlabs.com/ip/index.html Highest
Vendor Manifest Implementation-Vendor-Id com.jhlabs Medium
Vendor pom groupid jhlabs Highest
Vendor pom artifactid filters Low
Vendor pom description A collection of image processing filters. Medium
Vendor pom groupid com.jhlabs Highest
Vendor central groupid com.jhlabs Highest
Vendor file name filters High
Vendor pom name JHLabs Image Processing Filters High
Product Manifest Implementation-Title JHLabs Image Processing Filters High
Product pom description A collection of image processing filters. Medium
Product pom url http://www.jhlabs.com/ip/index.html Medium
Product central artifactid filters Highest
Product pom artifactid filters Highest
Product file name filters High
Product pom groupid jhlabs Low
Product Manifest specification-title JHLabs Image Processing Filters Medium
Product pom name JHLabs Image Processing Filters High
Version file version 2.0.235 Highest
Version central version 2.0.235 Highest
Version pom version 2.0.235 Highest
Version Manifest Implementation-Version 2.0.235 High
Published Vulnerabilities
CVE-2005-0406 suppress
Severity:
Low
CVSS Score: 2.1
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.
Vulnerable Software & Versions:
simplecaptcha-1.1.1.Final-gatein-4.jar
File Path: /home/ciagent/.m2/repository/org/gatein/captcha/simplecaptcha/1.1.1.Final-gatein-4/simplecaptcha-1.1.1.Final-gatein-4.jar
MD5: a8b83c67e6fd04cd02d8ebcfd47348c1
SHA1: 964c53fedc87745494c5f8f2cd62b2548dbdeff5
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest build-timestamp Mon, 17 Jun 2013 09:04:01 +0200 Low
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor Manifest implementation-url www.gatein.org/simplecaptcha/ Low
Vendor pom parent-artifactid gatein-parent Low
Vendor file name simplecaptcha High
Vendor Manifest specification-vendor JBoss by Red Hat Low
Vendor pom parent-groupid org.gatein Medium
Vendor pom groupid org.gatein.captcha Highest
Vendor Manifest Implementation-Vendor JBoss by Red Hat High
Vendor pom groupid gatein.captcha Highest
Vendor Manifest os-name Linux Medium
Vendor pom name GateIn SimpleCaptcha High
Vendor pom artifactid simplecaptcha Low
Vendor Manifest Implementation-Vendor-Id org.gatein.captcha Medium
Product Manifest build-timestamp Mon, 17 Jun 2013 09:04:01 +0200 Low
Product Manifest os-name Linux Medium
Product Manifest implementation-url www.gatein.org/simplecaptcha/ Low
Product pom name GateIn SimpleCaptcha High
Product Manifest specification-title GateIn SimpleCaptcha Medium
Product pom parent-groupid org.gatein Low
Product file name simplecaptcha High
Product pom artifactid simplecaptcha Highest
Product pom groupid gatein.captcha Low
Product Manifest Implementation-Title GateIn SimpleCaptcha High
Product pom parent-artifactid gatein-parent Medium
Version Manifest Implementation-Version 1.1.1.Final-gatein-4 High
Version pom version 1.1.1.Final-gatein-4 Highest
maven: org.gatein.captcha:simplecaptcha:1.1.1.Final-gatein-4
Confidence :High
gatein-api-1.0.1.Final.jar
File Path: /home/ciagent/.m2/repository/org/gatein/api/gatein-api/1.0.1.Final/gatein-api-1.0.1.Final.jar
MD5: 04d51eb4e2734df16f83e514b7110000
SHA1: b67727b03994e6081e2e411804c25bd5d0d919a6
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor Manifest implementation-url www.gatein.org/gatein-api/ Low
Vendor pom parent-artifactid gatein-parent Low
Vendor Manifest specification-vendor JBoss by Red Hat Low
Vendor pom artifactid gatein-api Low
Vendor pom groupid org.gatein.api Highest
Vendor pom parent-groupid org.gatein Medium
Vendor Manifest Implementation-Vendor JBoss by Red Hat High
Vendor pom groupid gatein.api Highest
Vendor Manifest build-timestamp Tue, 30 Jul 2013 09:10:07 -0400 Low
Vendor Manifest os-name Linux Medium
Vendor central groupid org.gatein.api Highest
Vendor Manifest Implementation-Vendor-Id org.gatein.api Medium
Vendor file name gatein-api High
Product Manifest specification-title gatein-api Medium
Product central artifactid gatein-api Highest
Product Manifest build-timestamp Tue, 30 Jul 2013 09:10:07 -0400 Low
Product Manifest os-name Linux Medium
Product Manifest implementation-url www.gatein.org/gatein-api/ Low
Product pom parent-groupid org.gatein Low
Product pom artifactid gatein-api Highest
Product pom groupid gatein.api Low
Product file name gatein-api High
Product Manifest Implementation-Title gatein-api High
Product pom parent-artifactid gatein-parent Medium
Version central version 1.0.1.Final Highest
Version pom version 1.0.1.Final Highest
Version Manifest Implementation-Version 1.0.1.Final High
Version file version 1.0.1 Highest
icu4j-56.1.jar
Description:
International Component for Unicode for Java (ICU4J) is a mature, widely used Java library
providing Unicode and Globalization support
License:
ICU License: http://source.icu-project.org/repos/icu/icu/trunk/license.html
File Path: /home/ciagent/.m2/repository/com/ibm/icu/icu4j/56.1/icu4j-56.1.jar
MD5: 7bd1a7a1295868726f991c7593dce442
SHA1: 8dd6671f52165a0419e6de5e1016400875a90fa9
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom description International Component for Unicode for Java (ICU4J) is a mature, widely used Java library providing Unicode and Globalization support Low
Vendor pom artifactid icu4j Low
Vendor Manifest Implementation-Vendor IBM Corporation High
Vendor Manifest Implementation-Vendor-Id com.ibm Medium
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor pom groupid com.ibm.icu Highest
Vendor pom groupid ibm.icu Highest
Vendor file name icu4j High
Vendor manifest Bundle-Description International Components for Unicode for Java Medium
Vendor Manifest bundle-copyright Copyright 2000-2015, International Business Machines Corporation and others. All Rights Reserved. Low
Vendor pom url http://icu-project.org/ Highest
Vendor central groupid com.ibm.icu Highest
Vendor pom name ICU4J High
Vendor Manifest bundle-symbolicname com.ibm.icu Medium
Vendor Manifest specification-vendor icu-project.org Low
Product Manifest specification-title International Components for Unicode for Java Medium
Product pom description International Component for Unicode for Java (ICU4J) is a mature, widely used Java library providing Unicode and Globalization support Low
Product pom artifactid icu4j Highest
Product Manifest Bundle-Name ICU4J Medium
Product pom url http://icu-project.org/ Medium
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product pom groupid ibm.icu Low
Product file name icu4j High
Product manifest Bundle-Description International Components for Unicode for Java Medium
Product Manifest bundle-copyright Copyright 2000-2015, International Business Machines Corporation and others. All Rights Reserved. Low
Product pom name ICU4J High
Product central artifactid icu4j Highest
Product Manifest bundle-symbolicname com.ibm.icu Medium
Product Manifest Implementation-Title International Components for Unicode for Java High
Version central version 56.1 Highest
Version pom version 56.1 Highest
Version Manifest Implementation-Version 56.1 High
Version file version 56.1 Highest
Published Vulnerabilities
CVE-2016-6293 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument.
Vulnerable Software & Versions:
CVE-2016-7415 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string.
Vulnerable Software & Versions:
CVE-2017-14952 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-415 Double Free
Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue.
Vulnerable Software & Versions:
CVE-2017-15396 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Vulnerable Software & Versions: (show all )
CVE-2017-15422 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-190 Integer Overflow or Wraparound
Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Vulnerable Software & Versions: (show all )
CVE-2017-17484 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC.
Vulnerable Software & Versions:
CVE-2017-7867 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-787 Out-of-bounds Write
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.
Vulnerable Software & Versions:
CVE-2017-7868 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-787 Out-of-bounds Write
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.
Vulnerable Software & Versions:
exo.portal.webui.portal-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.webui.portal/6.0.x-SNAPSHOT/exo.portal.webui.portal-6.0.x-SNAPSHOT.jar
MD5: ab4893dec417c57bf7c29428c2295140
SHA1: a984af59ccf1d6adfc1909adbf351b8a5db9f9e6
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor Manifest specification-vendor JBoss by Red Hat Low
Vendor pom parent-groupid org.exoplatform.gatein.portal Medium
Vendor pom parent-artifactid exo.portal.webui Low
Vendor Manifest Implementation-Vendor JBoss by Red Hat High
Vendor pom groupid org.exoplatform.gatein.portal Highest
Vendor Manifest Implementation-Vendor-Id org.exoplatform.gatein.portal Medium
Vendor Manifest os-name Linux Medium
Vendor Manifest implementation-url www.gatein.org/exo.portal.parent/exo.portal.webui/exo.portal.webui.portal/ Low
Vendor file name exo.portal.webui.portal High
Vendor Manifest build-timestamp Sun, 6 Oct 2019 16:52:28 +0000 Low
Vendor pom name GateIn Portal WebUI Portal High
Vendor pom groupid exoplatform.gatein.portal Highest
Vendor pom artifactid exo.portal.webui.portal Low
Product Manifest Implementation-Title GateIn Portal WebUI Portal High
Product pom parent-groupid org.exoplatform.gatein.portal Low
Product pom parent-artifactid exo.portal.webui Medium
Product pom artifactid exo.portal.webui.portal Highest
Product Manifest specification-title GateIn Portal WebUI Portal Medium
Product Manifest os-name Linux Medium
Product Manifest implementation-url www.gatein.org/exo.portal.parent/exo.portal.webui/exo.portal.webui.portal/ Low
Product file name exo.portal.webui.portal High
Product Manifest build-timestamp Sun, 6 Oct 2019 16:52:28 +0000 Low
Product pom name GateIn Portal WebUI Portal High
Product pom groupid exoplatform.gatein.portal Low
Version file version 6.0 Highest
Version Manifest Implementation-Version 6.0.x-SNAPSHOT High
Related Dependencies
exo.portal.component.web.security-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.web.security/6.0.x-SNAPSHOT/exo.portal.component.web.security-6.0.x-SNAPSHOT.jar
SHA1: a692df1b21eb122341b745e2ed57f7abc8be4866
MD5: c7369465131a6130b75fce4f3761a785
exo.portal.webui.portlet-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.webui.portlet/6.0.x-SNAPSHOT/exo.portal.webui.portlet-6.0.x-SNAPSHOT.jar
SHA1: 03972b21f6d4030e1160cc0e7122afcff57bdaa7
MD5: 3c3b58e392d103b381b65b7e585918ae
exo.portal.component.identity-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.identity/6.0.x-SNAPSHOT/exo.portal.component.identity-6.0.x-SNAPSHOT.jar
SHA1: 5a3c56198ea203c257534d52ed47c27a8684bffa
MD5: 30bb33ebb948486597be6c6fa8eb4e7f
exo.portal.component.web.api-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.web.api/6.0.x-SNAPSHOT/exo.portal.component.web.api-6.0.x-SNAPSHOT.jar
SHA1: a8ba7117f7f0cf43f4a0440c2300b469f1aa3a41
MD5: 9803178ac12ab4a4778dad55c92a2c74
exo.portal.component.file-storage-6.0.x-SNAPSHOT.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.component.file-storage/6.0.x-SNAPSHOT/exo.portal.component.file-storage-6.0.x-SNAPSHOT.jar
SHA1: cf5e082322893481ab2f30a1dcb7aee7fae46897
MD5: 05d14e7f165adadbc050ea9992ca4a90
maven: org.exoplatform.gatein.portal:exo.portal.webui.portal:6.0.x-SNAPSHOT
Confidence :High
cpe: cpe:/a:in-portal:in-portal:6.0
Confidence :Low
suppress
aspectjrt-1.8.8.jar
Description: The runtime needed to execute a program using AspectJ
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: /home/ciagent/.m2/repository/org/aspectj/aspectjrt/1.8.8/aspectjrt-1.8.8.jar
MD5: 2e448cd7ae0bdc357cb2b6e892ba9c9d
SHA1: 7c5b26f24375685e34a50c2d765ebc40a96a5280
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor file name aspectjrt High
Vendor manifest: org/aspectj/lang/ Implementation-Vendor aspectj.org Medium
Vendor pom groupid aspectj Highest
Vendor pom groupid org.aspectj Highest
Vendor pom artifactid aspectjrt Low
Vendor pom name AspectJ runtime High
Vendor central groupid org.aspectj Highest
Vendor pom description The runtime needed to execute a program using AspectJ Medium
Vendor pom url http://www.aspectj.org Highest
Product central artifactid aspectjrt Highest
Product pom artifactid aspectjrt Highest
Product file name aspectjrt High
Product pom url http://www.aspectj.org Medium
Product pom name AspectJ runtime High
Product manifest: org/aspectj/lang/ Implementation-Title org.aspectj.tools Medium
Product pom groupid aspectj Low
Product pom description The runtime needed to execute a program using AspectJ Medium
Product manifest: org/aspectj/lang/ Specification-Title AspectJ Runtime Classes Medium
Version central version 1.8.8 Highest
Version file version 1.8.8 Highest
Version pom version 1.8.8 Highest
c3p0-0.9.1.1.jar
Description:
c3p0 is an easy-to-use library for augmenting traditional (DriverManager-based) JDBC drivers with JNDI-bindable DataSources,
including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 std extension.
License:
GNU LESSER GENERAL PUBLIC LICENSE: http://www.gnu.org/licenses/lgpl.txt
File Path: /home/ciagent/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar
MD5: 640c58226e7bb6beacc8ac3f6bb533d1
SHA1: 302704f30c6e7abb7a0457f7771739e03c973e80
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor-Id com.mchange Medium
Vendor pom groupid c3p0 Highest
Vendor Manifest extension-name com.mchange.v2.c3p0 Medium
Vendor pom name c3p0:JDBC DataSources/Resource Pools High
Vendor pom url http://c3p0.sourceforge.net Highest
Vendor pom description c3p0 is an easy-to-use library for augmenting traditional (DriverManager-based) JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 std extension. Low
Vendor Manifest specification-vendor Machinery For Change, Inc. Low
Vendor pom artifactid c3p0 Low
Vendor central groupid c3p0 Highest
Vendor Manifest Implementation-Vendor Machinery For Change, Inc. High
Vendor file name c3p0 High
Product central artifactid c3p0 Highest
Product Manifest extension-name com.mchange.v2.c3p0 Medium
Product pom groupid c3p0 Low
Product pom name c3p0:JDBC DataSources/Resource Pools High
Product pom description c3p0 is an easy-to-use library for augmenting traditional (DriverManager-based) JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 std extension. Low
Product pom url http://c3p0.sourceforge.net Medium
Product pom artifactid c3p0 Highest
Product file name c3p0 High
Version file version 0.9.1.1 Highest
Version central version 0.9.1.1 Highest
Version pom version 0.9.1.1 Highest
Version Manifest Implementation-Version 0.9.1.1 High
Published Vulnerabilities
CVE-2019-5427 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
Vulnerable Software & Versions: (show all )
quartz-2.2.2.jar
Description: Enterprise Job Scheduler
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
Apache Software License, Version 2.0
File Path: /home/ciagent/.m2/repository/org/quartz-scheduler/quartz/2.2.2/quartz-2.2.2.jar
MD5: 6acfd6ada2f4ad0abf4de916654dcaea
SHA1: 6fd24da6803ab7c3a08bc519a62219a9bebeb0df
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest terracotta-name quartz Medium
Vendor central groupid org.quartz-scheduler Highest
Vendor Manifest buildinfo-url https://svn.terracotta.org/repo/quartz/tags/quartz-2.2.2 Low
Vendor Manifest buildinfo-timestamp 20151012-045213 Low
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low
Vendor pom groupid quartz-scheduler Highest
Vendor pom description Enterprise Job Scheduler Medium
Vendor pom parent-artifactid quartz-parent Low
Vendor Manifest buildinfo-revision 2464 Low
Vendor file name quartz High
Vendor pom parent-groupid org.quartz-scheduler Medium
Vendor pom groupid org.quartz-scheduler Highest
Vendor manifest terracotta-description Enterprise Job Scheduler Medium
Vendor manifest Bundle-Description Enterprise Job Scheduler Medium
Vendor Manifest bundle-symbolicname org.quartz-scheduler.quartz Medium
Vendor Manifest bundle-docurl http://www.terracotta.org Low
Vendor Manifest buildinfo-user jenkins-slave Low
Vendor pom artifactid quartz Low
Vendor Manifest buildinfo-host tc-c65-jenkins-slave-001.eur.ad.sag Low
Vendor pom name quartz High
Product Manifest terracotta-name quartz Medium
Product Manifest buildinfo-url https://svn.terracotta.org/repo/quartz/tags/quartz-2.2.2 Low
Product Manifest buildinfo-timestamp 20151012-045213 Low
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low
Product pom parent-groupid org.quartz-scheduler Low
Product pom description Enterprise Job Scheduler Medium
Product Manifest buildinfo-revision 2464 Low
Product file name quartz High
Product pom groupid quartz-scheduler Low
Product manifest terracotta-description Enterprise Job Scheduler Medium
Product Manifest Bundle-Name quartz Medium
Product manifest Bundle-Description Enterprise Job Scheduler Medium
Product Manifest bundle-symbolicname org.quartz-scheduler.quartz Medium
Product pom artifactid quartz Highest
Product Manifest bundle-docurl http://www.terracotta.org Low
Product Manifest buildinfo-user jenkins-slave Low
Product central artifactid quartz Highest
Product pom parent-artifactid quartz-parent Medium
Product Manifest buildinfo-host tc-c65-jenkins-slave-001.eur.ad.sag Low
Product pom name quartz High
Version pom version 2.2.2 Highest
Version central version 2.2.2 Highest
Version file version 2.2.2 Highest
jmock-1.0.1.jar
File Path: /home/ciagent/.m2/repository/jmock/jmock/1.0.1/jmock-1.0.1.jar
MD5: d45c5ca4c1063d508ca8df00538decc1
SHA1: 87a39d1a62ea94be5453ecdbb97cd81c978622d3
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor file name jmock High
Vendor jar package name jmock Low
Vendor pom artifactid jmock Low
Vendor jar package name core Low
Vendor central groupid jmock Highest
Vendor pom groupid jmock Highest
Product pom groupid jmock Low
Product central artifactid jmock Highest
Product pom artifactid jmock Highest
Product file name jmock High
Product jar package name core Low
Version central version 1.0.1 Highest
Version pom version 1.0.1 Highest
Version file version 1.0.1 Highest
xpp3-1.1.4c.jar
Description: MXP1 is a stable XmlPull parsing engine that is based on ideas from XPP and in particular XPP2 but completely revised and rewritten to take the best advantage of latest JIT JVMs such as Hotspot in JDK 1.4+.
License:
Indiana University Extreme! Lab Software License, vesion 1.1.1: http://www.extreme.indiana.edu/viewcvs/~checkout~/XPP3/java/LICENSE.txt
Public Domain: http://creativecommons.org/licenses/publicdomain
Apache Software License, version 1.1: http://www.apache.org/licenses/LICENSE-1.1
File Path: /home/ciagent/.m2/repository/xpp3/xpp3/1.1.4c/xpp3-1.1.4c.jar
MD5: 6e3c39f391e4994888b7d0030f775804
SHA1: 9b988ea84b9e4e9f1874e390ce099b8ac12cfff5
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom artifactid xpp3 Low
Vendor pom description MXP1 is a stable XmlPull parsing engine that is based on ideas from XPP and in particular XPP2 but completely revised and rewritten to take the best advantage of latest JIT JVMs ... Low
Vendor pom organization name Extreme! Lab, Indiana University High
Vendor file name xpp3 High
Vendor pom organization url http://www.extreme.indiana.edu/ Medium
Vendor pom url http://www.extreme.indiana.edu/xgws/xsoap/xpp/mxp1/ Highest
Vendor jar package name v1 Low
Vendor pom name MXP1: Xml Pull Parser 3rd Edition (XPP3) High
Vendor pom groupid xpp3 Highest
Vendor jar package name xmlpull Low
Vendor central groupid xpp3 Highest
Vendor jar package name builder Low
Product file name xpp3 High
Product pom artifactid xpp3 Highest
Product pom organization name Extreme! Lab, Indiana University Low
Product jar package name v1 Low
Product pom name MXP1: Xml Pull Parser 3rd Edition (XPP3) High
Product central artifactid xpp3 Highest
Product pom organization url http://www.extreme.indiana.edu/ Low
Product pom groupid xpp3 Low
Product pom description MXP1 is a stable XmlPull parsing engine that is based on ideas from XPP and in particular XPP2 but completely revised and rewritten to take the best advantage of latest JIT JVMs ... Low
Product pom url http://www.extreme.indiana.edu/xgws/xsoap/xpp/mxp1/ Medium
Product jar package name builder Low
Version pom version 1.1.4c Highest
Version file version 1.1.4c Highest
Version central version 1.1.4c Highest
picocontainer-1.1.jar
Description: Please refer to the main website for documentation.
File Path: /home/ciagent/.m2/repository/picocontainer/picocontainer/1.1/picocontainer-1.1.jar
MD5: 98f476491eed3b106b9a015f15bf5fda
SHA1: a2babe80a3af3a3672095341625e4a9ba4278c1b
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest extension-name picocontainer Medium
Vendor pom artifactid picocontainer Low
Vendor central groupid picocontainer Highest
Vendor pom groupid picocontainer Highest
Vendor pom organization url http://codehaus.org/ Medium
Vendor file name picocontainer High
Vendor pom description Please refer to the main website for documentation. Medium
Vendor pom url http://www.picocontainer.org/ Highest
Vendor pom name PicoContainer High
Vendor Manifest specification-vendor Codehaus Low
Vendor pom organization name Codehaus High
Vendor Manifest Implementation-Vendor Codehaus High
Product Manifest extension-name picocontainer Medium
Product Manifest specification-title Small footprint Dependency Injection container Medium
Product file name picocontainer High
Product pom description Please refer to the main website for documentation. Medium
Product pom organization url http://codehaus.org/ Low
Product pom name PicoContainer High
Product pom url http://www.picocontainer.org/ Medium
Product pom groupid picocontainer Low
Product central artifactid picocontainer Highest
Product pom artifactid picocontainer Highest
Product pom organization name Codehaus Low
Product Manifest Implementation-Title org.picocontainer High
Version pom version 1.1 Highest
Version Manifest Implementation-Version 1.1 High
Version central version 1.1 Highest
Version file version 1.1 Highest
xmlpull-1.1.3.1.jar
License:
Public Domain: http://www.xmlpull.org/v1/download/unpacked/LICENSE.txt
File Path: /home/ciagent/.m2/repository/xmlpull/xmlpull/1.1.3.1/xmlpull-1.1.3.1.jar
MD5: cc57dacc720eca721a50e78934b822d2
SHA1: 2b8e230d2ab644e4ecaa94db7cdedbc40c805dfa
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom name XML Pull Parsing API High
Vendor jar package name v1 Low
Vendor file name xmlpull High
Vendor central groupid xmlpull Highest
Vendor pom url http://www.xmlpull.org Highest
Vendor jar package name xmlpull Low
Vendor pom groupid xmlpull Highest
Vendor pom artifactid xmlpull Low
Product pom name XML Pull Parsing API High
Product jar package name v1 Low
Product file name xmlpull High
Product pom artifactid xmlpull Highest
Product pom groupid xmlpull Low
Product pom url http://www.xmlpull.org Medium
Product central artifactid xmlpull Highest
Version pom version 1.1.3.1 Highest
Version central version 1.1.3.1 Highest
Version file version 1.1.3.1 Highest
xpp3_min-1.1.4c.jar
Description: MXP1 is a stable XmlPull parsing engine that is based on ideas from XPP and in particular XPP2 but completely revised and rewritten to take the best advantage of latest JIT JVMs such as Hotspot in JDK 1.4+.
License:
Indiana University Extreme! Lab Software License, vesion 1.1.1: http://www.extreme.indiana.edu/viewcvs/~checkout~/XPP3/java/LICENSE.txt
Public Domain: http://creativecommons.org/licenses/publicdomain
File Path: /home/ciagent/.m2/repository/xpp3/xpp3_min/1.1.4c/xpp3_min-1.1.4c.jar
MD5: dcd95bcb84b09897b2b66d4684c040da
SHA1: 19d4e90b43059058f6e056f794f0ea4030d60b86
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor pom organization url http://www.extreme.indiana.edu/ Medium
Vendor pom url http://www.extreme.indiana.edu/xgws/xsoap/xpp/mxp1/ Highest
Vendor jar package name v1 Low
Vendor pom artifactid xpp3_min Low
Vendor pom name MXP1: Xml Pull Parser 3rd Edition (XPP3) High
Vendor pom groupid xpp3 Highest
Vendor jar package name xmlpull Low
Vendor pom description MXP1 is a stable XmlPull parsing engine that is based on ideas from XPP and in particular XPP2 but completely revised and rewritten to take the best advantage of latest JIT JVMs ... Low
Vendor central groupid xpp3 Highest
Vendor pom organization name Extreme! Lab, Indiana University High
Vendor file name xpp3_min High
Product pom artifactid xpp3_min Highest
Product pom organization name Extreme! Lab, Indiana University Low
Product jar package name v1 Low
Product central artifactid xpp3_min Highest
Product pom name MXP1: Xml Pull Parser 3rd Edition (XPP3) High
Product pom organization url http://www.extreme.indiana.edu/ Low
Product pom groupid xpp3 Low
Product pom description MXP1 is a stable XmlPull parsing engine that is based on ideas from XPP and in particular XPP2 but completely revised and rewritten to take the best advantage of latest JIT JVMs ... Low
Product pom url http://www.extreme.indiana.edu/xgws/xsoap/xpp/mxp1/ Medium
Product file name xpp3_min High
Version pom version 1.1.4c Highest
Version file version 1.1.4c Highest
Version central version 1.1.4c Highest
xstream-1.4.10.jar
Description: XStream is a serialization library from Java objects to XML and back.
License:
http://x-stream.github.io/license.html
File Path: /home/ciagent/.m2/repository/com/thoughtworks/xstream/xstream/1.4.10/xstream-1.4.10.jar
MD5: d00eec778910f95b26201395ac64cca0
SHA1: dfecae23647abc9d9fd0416629a4213a3882b101
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest x-builder Maven 3.3.9 Low
Vendor Manifest Implementation-Vendor XStream High
Vendor Manifest specification-vendor XStream Low
Vendor Manifest bundle-docurl http://x-stream.github.io Low
Vendor Manifest x-compile-target 1.5 Low
Vendor Manifest java_1_8_home /opt/oracle-jdk-bin-1.8.0.131 Low
Vendor Manifest java_1_7_home /opt/oracle-jdk-bin-1.7.0.80 Low
Vendor pom name XStream Core High
Vendor Manifest java_1_5_home /opt/sun-jdk-1.5.0.22 Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Vendor pom parent-artifactid xstream-parent Low
Vendor Manifest Implementation-Vendor-Id com.thoughtworks.xstream Medium
Vendor Manifest x-build-time 2017-05-23T14:28:02Z Low
Vendor manifest Bundle-Description XStream is a serialization library from Java objects to XML and back. Medium
Vendor pom parent-groupid com.thoughtworks.xstream Medium
Vendor pom artifactid xstream Low
Vendor Manifest bundle-symbolicname xstream Medium
Vendor Manifest x-compile-source 1.5 Low
Vendor Manifest java_1_4_home /opt/blackdown-jdk-1.4.2.03 Low
Vendor file name xstream High
Vendor Manifest java_1_6_home /opt/sun-jdk-1.6.0.45 Low
Vendor Manifest java_1_9_home /opt/oracle-jdk-bin-1.9.0.0_beta167 Low
Vendor pom groupid com.thoughtworks.xstream Highest
Vendor pom groupid thoughtworks.xstream Highest
Vendor central groupid com.thoughtworks.xstream Highest
Product Manifest x-builder Maven 3.3.9 Low
Product Manifest bundle-docurl http://x-stream.github.io Low
Product Manifest x-compile-target 1.5 Low
Product Manifest java_1_8_home /opt/oracle-jdk-bin-1.8.0.131 Low
Product Manifest java_1_7_home /opt/oracle-jdk-bin-1.7.0.80 Low
Product pom parent-artifactid xstream-parent Medium
Product pom groupid thoughtworks.xstream Low
Product pom name XStream Core High
Product Manifest java_1_5_home /opt/sun-jdk-1.5.0.22 Low
Product pom parent-groupid com.thoughtworks.xstream Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Product Manifest x-build-time 2017-05-23T14:28:02Z Low
Product manifest Bundle-Description XStream is a serialization library from Java objects to XML and back. Medium
Product Manifest bundle-symbolicname xstream Medium
Product Manifest Implementation-Title XStream Core High
Product Manifest Bundle-Name XStream Core Medium
Product Manifest x-compile-source 1.5 Low
Product Manifest java_1_4_home /opt/blackdown-jdk-1.4.2.03 Low
Product file name xstream High
Product Manifest java_1_6_home /opt/sun-jdk-1.6.0.45 Low
Product Manifest java_1_9_home /opt/oracle-jdk-bin-1.9.0.0_beta167 Low
Product Manifest specification-title XStream Core Medium
Product pom artifactid xstream Highest
Product central artifactid xstream Highest
Version central version 1.4.10 Highest
Version file version 1.4.10 Highest
Version pom version 1.4.10 Highest
Version Manifest Implementation-Version 1.4.10 High
Published Vulnerabilities
CVE-2013-7285 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.
Vulnerable Software & Versions: (show all )
CVE-2019-10173 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)
Vulnerable Software & Versions:
owasp-java-html-sanitizer-20160413.1.jar
File Path: /home/ciagent/.m2/repository/com/googlecode/owasp-java-html-sanitizer/owasp-java-html-sanitizer/20160413.1/owasp-java-html-sanitizer-20160413.1.jar
MD5: f2dbfedbd7bea844cedc1fc1e95fca80
SHA1: 61780b5d65c39013d733b70b2d2968f72f83aa0a
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor jar package name html Low
Vendor central groupid com.googlecode.owasp-java-html-sanitizer Highest
Vendor pom parent-artifactid parent Low
Vendor pom groupid googlecode.owasp-java-html-sanitizer Highest
Vendor file name owasp-java-html-sanitizer High
Vendor jar package name owasp Low
Vendor pom parent-groupid com.googlecode.owasp-java-html-sanitizer Medium
Vendor pom artifactid owasp-java-html-sanitizer Low
Vendor pom name OWASP Java HTML Sanitizer High
Vendor pom groupid com.googlecode.owasp-java-html-sanitizer Highest
Product jar package name html Low
Product pom groupid googlecode.owasp-java-html-sanitizer Low
Product pom artifactid owasp-java-html-sanitizer Highest
Product file name owasp-java-html-sanitizer High
Product pom parent-artifactid parent Medium
Product central artifactid owasp-java-html-sanitizer Highest
Product pom name OWASP Java HTML Sanitizer High
Product pom parent-groupid com.googlecode.owasp-java-html-sanitizer Low
Version pom version 20160413.1 Highest
Version central version 20160413.1 Highest
Version file version 20160413.1 Highest
jrcs.diff-0.4.2.jar
File Path: /home/ciagent/.m2/repository/org/suigeneris/jrcs.diff/0.4.2/jrcs.diff-0.4.2.jar
MD5: a05e71b59b7099da7844fd3b5f38e299
SHA1: 6e8eea2281426cd791a64b348c0932c88b966f39
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor file name jrcs.diff High
Vendor pom groupid suigeneris Highest
Vendor pom artifactid jrcs.diff Low
Vendor jar package name diff Low
Vendor jar package name suigeneris Low
Vendor jar package name jrcs Low
Vendor pom groupid org.suigeneris Highest
Vendor central groupid org.jvnet.hudson Highest
Product file name jrcs.diff High
Product pom artifactid jrcs.diff Highest
Product jar package name diff Low
Product jar package name jrcs Low
Product central artifactid org.suigeneris.jrcs.diff Highest
Product pom groupid suigeneris Low
Version pom version 0.4.2 Highest
Version central version 0.4.2 Highest
Version file version 0.4.2 Highest
ecs-1.4.2.jar
File Path: /home/ciagent/.m2/repository/ecs/ecs/1.4.2/ecs-1.4.2.jar
MD5: 62d53be190ca9cbfe01bec9fc3396934
SHA1: f9bc5fdde56d60876c1785087ce2a301b4e4a676
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor file name ecs High
Vendor pom artifactid ecs Low
Vendor central groupid ecs Highest
Vendor pom groupid ecs Highest
Vendor jar package name apache Low
Vendor jar package name ecs Low
Product file name ecs High
Product pom artifactid ecs Highest
Product pom groupid ecs Low
Product central artifactid ecs Highest
Product jar package name ecs Low
Version central version 1.4.2 Highest
Version file version 1.4.2 Highest
Version pom version 1.4.2 Highest
commons-component-common-6.0.x-SNAPSHOT.jar
File Path: /srv/ciagent/workspace/PLF/commons-develop-site/sources/commons-component-common/target/commons-component-common-6.0.x-SNAPSHOT.jar
MD5: 5b738aea4d875d91f3681398a2b1ef33
SHA1: 484a6a093386ba982e800878f85bed5764cd84f3
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor-Id org.exoplatform.commons Medium
Vendor Manifest Implementation-Vendor eXo Platform SAS High
Vendor Manifest date 2019-10-13T07:16:26Z Low
Vendor file name commons-component-common High
Vendor Manifest implementation-url https://projects.exoplatform.org/commons/commons-component-common Low
Vendor pom parent-groupid org.exoplatform.commons Medium
Vendor Manifest specification-vendor eXo Platform SAS Low
Vendor pom groupid exoplatform.commons Highest
Vendor pom artifactid commons-component-common Low
Vendor pom groupid org.exoplatform.commons Highest
Vendor pom name eXo PLF:: Commons - Common Services High
Vendor pom parent-artifactid commons Low
Product Manifest implementation-url https://projects.exoplatform.org/commons/commons-component-common Low
Product Manifest specification-title eXo PLF:: Commons - Common Services Medium
Product Manifest Implementation-Title eXo PLF:: Commons - Common Services High
Product Manifest date 2019-10-13T07:16:26Z Low
Product pom parent-artifactid commons Medium
Product pom groupid exoplatform.commons Low
Product pom parent-groupid org.exoplatform.commons Low
Product pom artifactid commons-component-common Highest
Product pom name eXo PLF:: Commons - Common Services High
Product file name commons-component-common High
Version pom version 6.0.x-SNAPSHOT Highest
Version file version 6.0 Highest
Version Manifest Implementation-Version 6.0.x-SNAPSHOT High
maven: org.exoplatform.commons:commons-component-common:6.0.x-SNAPSHOT
Confidence :High
json-simple-1.1.1.jar
Description: A simple Java toolkit for JSON
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/googlecode/json-simple/json-simple/1.1.1/json-simple-1.1.1.jar
MD5: 5cc2c478d73e8454b4c369cee66c5bc7
SHA1: c9ad4a0850ab676c5c64461a05ca524cdfff59f1
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:compile
Evidence
Type Source Name Value Confidence
Vendor central groupid com.googlecode.json-simple Highest
Vendor Manifest bundle-symbolicname com.googlecode.json-simple Medium
Vendor pom groupid com.googlecode.json-simple Highest
Vendor pom url http://code.google.com/p/json-simple/ Highest
Vendor file name json-simple High
Vendor pom groupid googlecode.json-simple Highest
Vendor pom name JSON.simple High
Vendor pom artifactid json-simple Low
Vendor pom description A simple Java toolkit for JSON Medium
Vendor manifest Bundle-Description A simple Java toolkit for JSON Medium
Product central artifactid json-simple Highest
Product Manifest bundle-symbolicname com.googlecode.json-simple Medium
Product pom artifactid json-simple Highest
Product file name json-simple High
Product pom name JSON.simple High
Product pom url http://code.google.com/p/json-simple/ Medium
Product pom description A simple Java toolkit for JSON Medium
Product manifest Bundle-Description A simple Java toolkit for JSON Medium
Product Manifest Bundle-Name JSON.simple Medium
Product pom groupid googlecode.json-simple Low
Version central version 1.1.1 Highest
Version file version 1.1.1 Highest
Version pom version 1.1.1 Highest
commons-codec-1.10.jar
Description:
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-codec/commons-codec/1.10/commons-codec-1.10.jar
MD5: 353cf6a2bdba09595ccfa073b78c7fcb
SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor Manifest implementation-build trunk@r1637108; 2014-11-06 14:14:12+0000 Low
Vendor pom groupid commons-codec Highest
Vendor manifest Bundle-Description The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. Low
Vendor pom name Apache Commons Codec High
Vendor central groupid commons-codec Highest
Vendor file name commons-codec High
Vendor pom artifactid commons-codec Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-codec/ Low
Vendor pom parent-artifactid commons-parent Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom parent-groupid org.apache.commons Medium
Vendor pom description The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. Low
Vendor pom url http://commons.apache.org/proper/commons-codec/ Highest
Vendor Manifest bundle-symbolicname org.apache.commons.codec Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product Manifest implementation-build trunk@r1637108; 2014-11-06 14:14:12+0000 Low
Product manifest Bundle-Description The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. Low
Product pom groupid commons-codec Low
Product pom name Apache Commons Codec High
Product pom url http://commons.apache.org/proper/commons-codec/ Medium
Product file name commons-codec High
Product Manifest specification-title Apache Commons Codec Medium
Product Manifest Implementation-Title Apache Commons Codec High
Product Manifest bundle-docurl http://commons.apache.org/proper/commons-codec/ Low
Product Manifest Bundle-Name Apache Commons Codec Medium
Product pom description The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. Low
Product central artifactid commons-codec Highest
Product pom parent-groupid org.apache.commons Low
Product pom parent-artifactid commons-parent Medium
Product pom artifactid commons-codec Highest
Product Manifest bundle-symbolicname org.apache.commons.codec Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Version file version 1.10 Highest
Version central version 1.10 Highest
Version Manifest Implementation-Version 1.10 High
Version pom version 1.10 Highest
commons-httpclient-3.1.jar
Description: The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.
License:
Apache License: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/ciagent/.m2/repository/commons-httpclient/commons-httpclient/3.1/commons-httpclient-3.1.jar
MD5: 8ad8c9229ef2d59ab9f59f7050e846a5
SHA1: 964cd74171f427720480efdec40a7c7f6e58426a
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:compile
Evidence
Type Source Name Value Confidence
Vendor file name commons-httpclient High
Vendor pom artifactid commons-httpclient Low
Vendor pom organization name Apache Software Foundation High
Vendor pom url http://jakarta.apache.org/httpcomponents/httpclient-3.x/ Highest
Vendor manifest: org/apache/commons/httpclient Implementation-Vendor Apache Software Foundation Medium
Vendor pom organization url http://jakarta.apache.org/ Medium
Vendor pom description The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily. Low
Vendor pom groupid commons-httpclient Highest
Vendor pom name HttpClient High
Vendor central groupid commons-httpclient Highest
Product pom artifactid commons-httpclient Highest
Product file name commons-httpclient High
Product pom organization url http://jakarta.apache.org/ Low
Product pom url http://jakarta.apache.org/httpcomponents/httpclient-3.x/ Medium
Product manifest: org/apache/commons/httpclient Specification-Title Jakarta Commons HttpClient Medium
Product central artifactid commons-httpclient Highest
Product manifest: org/apache/commons/httpclient Implementation-Title org.apache.commons.httpclient Medium
Product pom description The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily. Low
Product pom name HttpClient High
Product pom groupid commons-httpclient Low
Product pom organization name Apache Software Foundation Low
Version central version 3.1 Highest
Version file version 3.1 Highest
Version pom version 3.1 Highest
httpcore-4.3.3.jar
Description:
HttpComponents Core (blocking I/O)
File Path: /home/ciagent/.m2/repository/org/apache/httpcomponents/httpcore/4.3.3/httpcore-4.3.3.jar
MD5: c26171852f9810cd3d2416604a387e71
SHA1: f91b7a4aadc5cf486df6e4634748d7dd7a73f06d
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom description
HttpComponents Core (blocking I/O)
Medium
Vendor Manifest url http://hc.apache.org/httpcomponents-core-ga Low
Vendor Manifest implementation-build tags/4.3.3-RC1/httpcore@r1632770; 2014-10-18 13:50:12+0200 Low
Vendor pom artifactid httpcore Low
Vendor file name httpcore High
Vendor pom groupid apache.httpcomponents Highest
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom groupid org.apache.httpcomponents Highest
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom url http://hc.apache.org/httpcomponents-core-ga Highest
Vendor pom parent-groupid org.apache.httpcomponents Medium
Vendor pom name Apache HttpCore High
Vendor pom parent-artifactid httpcomponents-core Low
Vendor central groupid org.apache.httpcomponents Highest
Product pom parent-artifactid httpcomponents-core Medium
Product pom description
HttpComponents Core (blocking I/O)
Medium
Product Manifest url http://hc.apache.org/httpcomponents-core-ga Low
Product Manifest implementation-build tags/4.3.3-RC1/httpcore@r1632770; 2014-10-18 13:50:12+0200 Low
Product file name httpcore High
Product pom url http://hc.apache.org/httpcomponents-core-ga Medium
Product pom groupid apache.httpcomponents Low
Product Manifest specification-title HttpComponents Apache HttpCore Medium
Product pom parent-groupid org.apache.httpcomponents Low
Product central artifactid httpcore Highest
Product pom name Apache HttpCore High
Product Manifest Implementation-Title HttpComponents Apache HttpCore High
Product pom artifactid httpcore Highest
Version file version 4.3.3 Highest
Version central version 4.3.3 Highest
Version pom version 4.3.3 Highest
Version Manifest Implementation-Version 4.3.3 High
httpclient-4.3.6.jar
Description:
HttpComponents Client
File Path: /home/ciagent/.m2/repository/org/apache/httpcomponents/httpclient/4.3.6/httpclient-4.3.6.jar
MD5: 2d29a27bb6c6b44bc8a608a0e5d09735
SHA1: 4c47155e3e6c9a41a28db36680b828ced53b8af4
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-artifactid httpcomponents-client Low
Vendor pom url http://hc.apache.org/httpcomponents-client Highest
Vendor pom artifactid httpclient Low
Vendor pom groupid apache.httpcomponents Highest
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom groupid org.apache.httpcomponents Highest
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest url http://hc.apache.org/httpcomponents-client Low
Vendor pom description
HttpComponents Client
Medium
Vendor Manifest implementation-build tags/4.3.6-RC1/httpclient@r1636012; 2014-11-02 14:45:03+0100 Low
Vendor pom parent-groupid org.apache.httpcomponents Medium
Vendor pom name Apache HttpClient High
Vendor central groupid org.apache.httpcomponents Highest
Vendor file name httpclient High
Product central artifactid httpclient Highest
Product pom parent-artifactid httpcomponents-client Medium
Product pom artifactid httpclient Highest
Product pom groupid apache.httpcomponents Low
Product Manifest Implementation-Title HttpComponents Apache HttpClient High
Product Manifest url http://hc.apache.org/httpcomponents-client Low
Product pom description
HttpComponents Client
Medium
Product pom parent-groupid org.apache.httpcomponents Low
Product Manifest implementation-build tags/4.3.6-RC1/httpclient@r1636012; 2014-11-02 14:45:03+0100 Low
Product Manifest specification-title HttpComponents Apache HttpClient Medium
Product pom name Apache HttpClient High
Product pom url http://hc.apache.org/httpcomponents-client Medium
Product file name httpclient High
Version Manifest Implementation-Version 4.3.6 High
Version file version 4.3.6 Highest
Version central version 4.3.6 Highest
Version pom version 4.3.6 Highest
jackson-databind-2.9.8.jar
Description: General data-binding functionality for Jackson: works on core streaming API
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.8/jackson-databind-2.9.8.jar
MD5: 39271d9bb1cb7ec563925953b1fa9ff7
SHA1: 11283f21cc480aa86c4df7a0a3243ec508372ed2
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid com.fasterxml.jackson.core Highest
Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium
Vendor Manifest Implementation-Vendor FasterXML High
Vendor pom groupid fasterxml.jackson.core Highest
Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium
Vendor manifest Bundle-Description General data-binding functionality for Jackson: works on core streaming API Medium
Vendor Manifest specification-vendor FasterXML Low
Vendor pom url http://github.com/FasterXML/jackson Highest
Vendor Manifest automatic-module-name com.fasterxml.jackson.databind Medium
Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low
Vendor pom description General data-binding functionality for Jackson: works on core streaming API Medium
Vendor Manifest implementation-build-date 2018-12-15 21:58:52+0000 Low
Vendor file name jackson-databind High
Vendor pom artifactid jackson-databind Low
Vendor central groupid com.fasterxml.jackson.core Highest
Vendor pom parent-groupid com.fasterxml.jackson Medium
Vendor pom parent-artifactid jackson-base Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor pom name jackson-databind High
Product Manifest specification-title jackson-databind Medium
Product central artifactid jackson-databind Highest
Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium
Product pom groupid fasterxml.jackson.core Low
Product pom parent-groupid com.fasterxml.jackson Low
Product Manifest Implementation-Title jackson-databind High
Product pom artifactid jackson-databind Highest
Product manifest Bundle-Description General data-binding functionality for Jackson: works on core streaming API Medium
Product Manifest automatic-module-name com.fasterxml.jackson.databind Medium
Product pom url http://github.com/FasterXML/jackson Medium
Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low
Product pom description General data-binding functionality for Jackson: works on core streaming API Medium
Product Manifest implementation-build-date 2018-12-15 21:58:52+0000 Low
Product file name jackson-databind High
Product Manifest Bundle-Name jackson-databind Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product pom parent-artifactid jackson-base Medium
Product pom name jackson-databind High
Version pom version 2.9.8 Highest
Version Manifest Implementation-Version 2.9.8 High
Version central version 2.9.8 Highest
Version file version 2.9.8 Highest
Published Vulnerabilities
CVE-2019-12086 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.
Vulnerable Software & Versions: (show all )
CVE-2019-12384 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-502 Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.
BUGTRAQ - 20191007 [SECURITY] [DSA 4542-1] jackson-databind security update
CONFIRM - https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html
CONFIRM - https://security.netapp.com/advisory/ntap-20190703-0002/
DEBIAN - DSA-4542
FEDORA - FEDORA-2019-99ff6aa32c
FEDORA - FEDORA-2019-ae6a703b8f
FEDORA - FEDORA-2019-fb23eccc03
MISC - https://blog.doyensec.com/2019/07/22/jackson-gadgets.html
MISC - https://doyensec.com/research.html
MISC - https://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aad
MLIST - [cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities
MLIST - [geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix
MLIST - [struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
REDHAT - RHSA-2019:1820
REDHAT - RHSA-2019:2720
REDHAT - RHSA-2019:2858
REDHAT - RHSA-2019:2935
REDHAT - RHSA-2019:2936
REDHAT - RHSA-2019:2937
REDHAT - RHSA-2019:2938
REDHAT - RHSA-2019:2998
Vulnerable Software & Versions: (show all )
CVE-2019-12814 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.
CONFIRM - https://github.com/FasterXML/jackson-databind/issues/2341
CONFIRM - https://security.netapp.com/advisory/ntap-20190625-0006/
FEDORA - FEDORA-2019-99ff6aa32c
FEDORA - FEDORA-2019-ae6a703b8f
FEDORA - FEDORA-2019-fb23eccc03
MISC - https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
MLIST - [accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1
MLIST - [cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities
MLIST - [debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update
MLIST - [geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix
MLIST - [struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
MLIST - [zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
MLIST - [zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
MLIST - [zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
MLIST - [zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
MLIST - [zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
MLIST - [zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
MLIST - [zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
MLIST - [zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
MLIST - [zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
MLIST - [zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
MLIST - [zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
MLIST - [zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
MLIST - [zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
REDHAT - RHSA-2019:2858
REDHAT - RHSA-2019:2935
REDHAT - RHSA-2019:2936
REDHAT - RHSA-2019:2937
REDHAT - RHSA-2019:2938
Vulnerable Software & Versions: (show all )
CVE-2019-14379 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
CONFIRM - https://security.netapp.com/advisory/ntap-20190814-0001/
FEDORA - FEDORA-2019-99ff6aa32c
FEDORA - FEDORA-2019-ae6a703b8f
FEDORA - FEDORA-2019-fb23eccc03
MISC - https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2
MISC - https://github.com/FasterXML/jackson-databind/issues/2387
MLIST - [ambari-commits] 20190813 [ambari] branch branch-2.7 updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379 (#3066)
MLIST - [ambari-commits] 20190813 [ambari] branch trunk updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379(trunk) (#3067)
MLIST - [debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update
MLIST - [iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379
MLIST - [iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah opened a new pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379
MLIST - [iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue closed pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379
MLIST - [iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #533: Update Jackson to 2.9.10 for CVE-2019-14379
MLIST - [iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379
MLIST - [iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue merged pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379
MLIST - [iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue opened a new pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379
MLIST - [pulsar-commits] 20190822 [GitHub] [pulsar] massakam opened a new pull request #5011: [security] Upgrade jackson-databind
MLIST - [struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204
MLIST - [tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
REDHAT - RHBA-2019:2824
REDHAT - RHSA-2019:2743
REDHAT - RHSA-2019:2858
REDHAT - RHSA-2019:2935
REDHAT - RHSA-2019:2936
REDHAT - RHSA-2019:2937
REDHAT - RHSA-2019:2938
REDHAT - RHSA-2019:2998
Vulnerable Software & Versions: (show all )
CVE-2019-14439 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
BUGTRAQ - 20191007 [SECURITY] [DSA 4542-1] jackson-databind security update
CONFIRM - https://security.netapp.com/advisory/ntap-20190814-0001/
DEBIAN - DSA-4542
FEDORA - FEDORA-2019-ae6a703b8f
FEDORA - FEDORA-2019-fb23eccc03
MISC - https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b
MISC - https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2
MISC - https://github.com/FasterXML/jackson-databind/issues/2389
MLIST - [cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities
MLIST - [debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update
MLIST - [struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
MLIST - [tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439
Vulnerable Software & Versions: (show all )
CVE-2019-14540 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
Vulnerable Software & Versions: (show all )
CVE-2019-16335 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
Vulnerable Software & Versions: (show all )
CVE-2019-16942 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.
Vulnerable Software & Versions: (show all )
CVE-2019-16943 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.
Vulnerable Software & Versions: (show all )
CVE-2019-17267 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
Vulnerable Software & Versions: (show all )
swagger-annotations-1.5.22.jar
Description: Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/
License:
http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/ciagent/.m2/repository/io/swagger/swagger-annotations/1.5.22/swagger-annotations-1.5.22.jar
MD5: 96beab010e2b2fb1d4950990377becc5
SHA1: df523e9a80cf653af6d37c777c4b1306e56b5ae7
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-annotations Low
Vendor pom artifactid swagger-annotations Low
Vendor pom name swagger-annotations High
Vendor manifest Bundle-Description Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/ Medium
Vendor pom parent-artifactid swagger-project Low
Vendor central groupid io.swagger Highest
Vendor Manifest bundle-symbolicname io.swagger.annotations Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor pom groupid io.swagger Highest
Vendor file name swagger-annotations High
Product pom artifactid swagger-annotations Highest
Product Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-annotations Low
Product Manifest Bundle-Name swagger-annotations Medium
Product pom groupid io.swagger Low
Product pom name swagger-annotations High
Product manifest Bundle-Description Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/ Medium
Product central artifactid swagger-annotations Highest
Product Manifest bundle-symbolicname io.swagger.annotations Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product file name swagger-annotations High
Product pom parent-artifactid swagger-project Medium
Version file version 1.5.22 Highest
Version pom version 1.5.22 Highest
Version central version 1.5.22 Highest
swagger-models-1.5.22.jar
Description: Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/
License:
http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/ciagent/.m2/repository/io/swagger/swagger-models/1.5.22/swagger-models-1.5.22.jar
MD5: 9fdf1034b4bf5761a2c4240a63d31dca
SHA1: b5c0217a9056995faaadc89fe970de7e9154f3db
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:compile
Evidence
Type Source Name Value Confidence
Vendor pom artifactid swagger-models Low
Vendor file name swagger-models High
Vendor manifest Bundle-Description Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/ Medium
Vendor pom parent-artifactid swagger-project Low
Vendor central groupid io.swagger Highest
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-models Low
Vendor pom name swagger-models High
Vendor pom groupid io.swagger Highest
Vendor Manifest bundle-symbolicname io.swagger.models Medium
Product Manifest Bundle-Name swagger-models Medium
Product pom groupid io.swagger Low
Product pom artifactid swagger-models Highest
Product file name swagger-models High
Product manifest Bundle-Description Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/ Medium
Product central artifactid swagger-models Highest
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-models Low
Product pom name swagger-models High
Product Manifest bundle-symbolicname io.swagger.models Medium
Product pom parent-artifactid swagger-project Medium
Version file version 1.5.22 Highest
Version pom version 1.5.22 Highest
Version central version 1.5.22 Highest
validation-api-1.1.0.Final.jar
Description:
Bean Validation API
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/javax/validation/validation-api/1.1.0.Final/validation-api-1.1.0.Final.jar
MD5: 4c257f52462860b62ab3cdab45f53082
SHA1: 8613ae82954779d518631e05daa73a6a954817d5
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:compile
Evidence
Type Source Name Value Confidence
Vendor manifest Bundle-Description Bean Validation API Medium
Vendor pom description
Bean Validation API
Medium
Vendor pom artifactid validation-api Low
Vendor pom groupid javax.validation Highest
Vendor pom name Bean Validation API High
Vendor pom url http://beanvalidation.org Highest
Vendor file name validation-api High
Vendor Manifest bundle-symbolicname javax.validation.api Medium
Vendor central groupid javax.validation Highest
Product pom artifactid validation-api Highest
Product manifest Bundle-Description Bean Validation API Medium
Product pom description
Bean Validation API
Medium
Product central artifactid validation-api Highest
Product Manifest Bundle-Name Bean Validation API Medium
Product pom name Bean Validation API High
Product pom url http://beanvalidation.org Medium
Product file name validation-api High
Product Manifest bundle-symbolicname javax.validation.api Medium
Product pom groupid javax.validation Low
Version central version 1.1.0.Final Highest
Version file version 1.1.0 Highest
Version pom version 1.1.0.Final Highest
swagger-core-1.5.22.jar
Description: Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/
License:
http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/ciagent/.m2/repository/io/swagger/swagger-core/1.5.22/swagger-core-1.5.22.jar
MD5: 9516f1c7020f33614275e68774b5053b
SHA1: b4d972553208dc594dcf5022553c0726cb02e231
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-symbolicname io.swagger.core Medium
Vendor file name swagger-core High
Vendor Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-core Low
Vendor manifest Bundle-Description Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/ Medium
Vendor pom parent-artifactid swagger-project Low
Vendor pom artifactid swagger-core Low
Vendor pom name swagger-core High
Vendor central groupid io.swagger Highest
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor pom groupid io.swagger Highest
Product Manifest bundle-symbolicname io.swagger.core Medium
Product central artifactid swagger-core Highest
Product pom artifactid swagger-core Highest
Product file name swagger-core High
Product Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-core Low
Product pom groupid io.swagger Low
Product manifest Bundle-Description Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/ Medium
Product Manifest Bundle-Name swagger-core Medium
Product pom name swagger-core High
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product pom parent-artifactid swagger-project Medium
Version file version 1.5.22 Highest
Version pom version 1.5.22 Highest
Version central version 1.5.22 Highest
javassist-3.20.0-GA.jar
Description:
Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
simple. It is a class library for editing bytecodes in Java.
License:
MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/
File Path: /home/ciagent/.m2/repository/org/javassist/javassist/3.20.0-GA/javassist-3.20.0-GA.jar
MD5: a89dd7907d76e061ec2c07e762a74256
SHA1: a9cbcdfb7e9f86fbc74d3afae65f2248bfbf82a0
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:compile
Evidence
Type Source Name Value Confidence
Vendor pom description Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java. Low
Vendor manifest Bundle-Description Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java. Low
Vendor file name javassist High
Vendor pom groupid javassist Highest
Vendor pom name Javassist High
Vendor pom url http://www.javassist.org/ Highest
Vendor central groupid org.javassist Highest
Vendor Manifest specification-vendor Shigeru Chiba, www.javassist.org Low
Vendor pom groupid org.javassist Highest
Vendor pom artifactid javassist Low
Vendor Manifest bundle-symbolicname javassist Medium
Vendor pom organization name Shigeru Chiba, www.javassist.org High
Product pom organization name Shigeru Chiba, www.javassist.org Low
Product pom description Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java. Low
Product manifest Bundle-Description Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java. Low
Product Manifest Bundle-Name Javassist Medium
Product pom url http://www.javassist.org/ Medium
Product pom artifactid javassist Highest
Product pom groupid javassist Low
Product file name javassist High
Product pom name Javassist High
Product Manifest specification-title Javassist Medium
Product Manifest bundle-symbolicname javassist Medium
Product central artifactid javassist Highest
Version file version 3.20.0 Highest
Version central version 3.20.0-GA Highest
Version pom version 3.20.0-GA Highest
reflections-0.9.11.jar
Description: Reflections - a Java runtime metadata analysis
License:
WTFPL: http://www.wtfpl.net/
The New BSD License: http://www.opensource.org/licenses/bsd-license.html
File Path: /home/ciagent/.m2/repository/org/reflections/reflections/0.9.11/reflections-0.9.11.jar
MD5: aca303b243a6c2225685b992ceea1cb3
SHA1: 4c686033d918ec1727e329b7222fcb020152e32b
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:compile
Evidence
Type Source Name Value Confidence
Vendor file name reflections High
Vendor pom url http://github.com/ronmamo/reflections Highest
Vendor pom artifactid reflections Low
Vendor central groupid org.reflections Highest
Vendor Manifest bundle-symbolicname org.reflections Medium
Vendor pom description Reflections - a Java runtime metadata analysis Medium
Vendor manifest Bundle-Description Reflections - a Java runtime metadata analysis Medium
Vendor pom groupid reflections Highest
Vendor pom name Reflections High
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor pom groupid org.reflections Highest
Product file name reflections High
Product Manifest Bundle-Name Reflections Medium
Product pom artifactid reflections Highest
Product Manifest bundle-symbolicname org.reflections Medium
Product pom description Reflections - a Java runtime metadata analysis Medium
Product pom url http://github.com/ronmamo/reflections Medium
Product central artifactid reflections Highest
Product manifest Bundle-Description Reflections - a Java runtime metadata analysis Medium
Product pom name Reflections High
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product pom groupid reflections Low
Version pom version 0.9.11 Highest
Version central version 0.9.11 Highest
Version file version 0.9.11 Highest
swagger-jaxrs-1.5.22.jar
Description: Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/
License:
http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/ciagent/.m2/repository/io/swagger/swagger-jaxrs/1.5.22/swagger-jaxrs-1.5.22.jar
MD5: cb6444b29892967b52eaaf4788dee566
SHA1: 0ceff7bcb0d1d47d4308843989ce10a9c8ee4dc0
Referenced In Project/Scope:
eXo PLF:: Commons - Commons Search:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-jaxrs Low
Vendor file name swagger-jaxrs High
Vendor manifest Bundle-Description Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/ Medium
Vendor pom parent-artifactid swagger-project Low
Vendor pom name swagger-jaxrs High
Vendor Manifest bundle-symbolicname io.swagger.jaxrs Medium
Vendor central groupid io.swagger Highest
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor pom artifactid swagger-jaxrs Low
Vendor pom groupid io.swagger Highest
Product Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-jaxrs Low
Product Manifest Bundle-Name swagger-jaxrs Medium
Product pom groupid io.swagger Low
Product pom artifactid swagger-jaxrs Highest
Product file name swagger-jaxrs High
Product manifest Bundle-Description Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/ Medium
Product pom name swagger-jaxrs High
Product Manifest bundle-symbolicname io.swagger.jaxrs Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product central artifactid swagger-jaxrs Highest
Product pom parent-artifactid swagger-project Medium
Version file version 1.5.22 Highest
Version pom version 1.5.22 Highest
Version central version 1.5.22 Highest
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling/pom.xml
Description: JBoss Marshalling API
File Path: /home/ciagent/.m2/repository/org/jboss/marshalling/jboss-marshalling-osgi/2.0.0.Beta3/jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling/pom.xml
MD5: 2b0e9541ec4a0f19e378eaabc5e85ea0
SHA1: da91abf3554dceed9454faa89acafc48c0649df5
Evidence
Type Source Name Value Confidence
Vendor pom description JBoss Marshalling API Medium
Vendor pom name JBoss Marshalling API High
Vendor pom artifactid jboss-marshalling Low
Vendor pom groupid jboss.marshalling Highest
Vendor pom parent-groupid org.jboss.marshalling Medium
Vendor pom parent-artifactid jboss-marshalling-parent Low
Product pom parent-groupid org.jboss.marshalling Low
Product pom groupid jboss.marshalling Low
Product pom description JBoss Marshalling API Medium
Product pom parent-artifactid jboss-marshalling-parent Medium
Product pom name JBoss Marshalling API High
Product pom artifactid jboss-marshalling Highest
Version pom version 2.0.0.Beta3 Highest
maven: org.jboss.marshalling:jboss-marshalling:2.0.0.Beta3
Confidence :High
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-river/pom.xml
Description: JBoss Marshalling River Implementation
File Path: /home/ciagent/.m2/repository/org/jboss/marshalling/jboss-marshalling-osgi/2.0.0.Beta3/jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-river/pom.xml
MD5: 1dda062cdd15bd160a4ee6cf1be9f93d
SHA1: 366411529f00ec1eb4451b9b45012bfc09bde34b
Evidence
Type Source Name Value Confidence
Vendor pom artifactid jboss-marshalling-river Low
Vendor pom groupid jboss.marshalling Highest
Vendor pom description JBoss Marshalling River Implementation Medium
Vendor pom parent-groupid org.jboss.marshalling Medium
Vendor pom name JBoss Marshalling River High
Vendor pom parent-artifactid jboss-marshalling-parent Low
Product pom parent-groupid org.jboss.marshalling Low
Product pom artifactid jboss-marshalling-river Highest
Product pom groupid jboss.marshalling Low
Product pom parent-artifactid jboss-marshalling-parent Medium
Product pom description JBoss Marshalling River Implementation Medium
Product pom name JBoss Marshalling River High
Version pom version 2.0.0.Beta3 Highest
maven: org.jboss.marshalling:jboss-marshalling-river:2.0.0.Beta3
Confidence :High
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-serial/pom.xml
Description: JBoss Marshalling Serial Implementation
File Path: /home/ciagent/.m2/repository/org/jboss/marshalling/jboss-marshalling-osgi/2.0.0.Beta3/jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-serial/pom.xml
MD5: 16b74097e7ec70db37b74205776ad0a7
SHA1: cf519c8805a14e6ce20933b7a89bfe0d5a7dbf0f
Evidence
Type Source Name Value Confidence
Vendor pom name JBoss Marshalling Serial High
Vendor pom groupid jboss.marshalling Highest
Vendor pom artifactid jboss-marshalling-serial Low
Vendor pom parent-groupid org.jboss.marshalling Medium
Vendor pom description JBoss Marshalling Serial Implementation Medium
Vendor pom parent-artifactid jboss-marshalling-parent Low
Product pom parent-groupid org.jboss.marshalling Low
Product pom groupid jboss.marshalling Low
Product pom name JBoss Marshalling Serial High
Product pom parent-artifactid jboss-marshalling-parent Medium
Product pom artifactid jboss-marshalling-serial Highest
Product pom description JBoss Marshalling Serial Implementation Medium
Version pom version 2.0.0.Beta3 Highest
maven: org.jboss.marshalling:jboss-marshalling-serial:2.0.0.Beta3
Confidence :High
closure-compiler-v20170910.jar/META-INF/maven/com.google.javascript/closure-compiler/pom.xml
Description:
Closure Compiler is a JavaScript optimizing compiler. It parses your
JavaScript, analyzes it, removes dead code and rewrites and minimizes
what's left. It also checks syntax, variable references, and types, and
warns about common JavaScript pitfalls. It is used in many of Google's
JavaScript apps, including Gmail, Google Web Search, Google Maps, and
Google Docs.
File Path: /home/ciagent/.m2/repository/com/google/javascript/closure-compiler/v20170910/closure-compiler-v20170910.jar/META-INF/maven/com.google.javascript/closure-compiler/pom.xml
MD5: 1b66a934999bffadab1ef6f26b68288b
SHA1: c4f1e36254f80d8b202705a678e804bc484c1e27
Evidence
Type Source Name Value Confidence
Vendor pom description Closure Compiler is a JavaScript optimizing compiler. It parses your JavaScript, analyzes it, removes dead code and rewrites and minimizes what's left. It also checks syntax, variable references, and types, and warns about common JavaScript pitfalls. It is used in many of Google's JavaScript apps, including Gmail, Google Web Search, Google Maps, and Google Docs. Low
Vendor pom artifactid closure-compiler Low
Vendor pom parent-groupid com.google.javascript Medium
Vendor pom name Closure Compiler High
Vendor pom groupid google.javascript Highest
Vendor pom url https://developers.google.com/closure/compiler/ Highest
Vendor pom parent-artifactid closure-compiler-main Low
Product pom description Closure Compiler is a JavaScript optimizing compiler. It parses your JavaScript, analyzes it, removes dead code and rewrites and minimizes what's left. It also checks syntax, variable references, and types, and warns about common JavaScript pitfalls. It is used in many of Google's JavaScript apps, including Gmail, Google Web Search, Google Maps, and Google Docs. Low
Product pom parent-artifactid closure-compiler-main Medium
Product pom name Closure Compiler High
Product pom groupid google.javascript Low
Product pom url https://developers.google.com/closure/compiler/ Medium
Product pom artifactid closure-compiler Highest
Product pom parent-groupid com.google.javascript Low
Version pom version v20170910 Highest
maven: com.google.javascript:closure-compiler:v20170910
Confidence :High
cpe: cpe:/a:google:gmail:-
Confidence :Low
suppress
Published Vulnerabilities
CVE-2017-17689 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
Vulnerable Software & Versions: (show all )
closure-compiler-v20170910.jar/META-INF/maven/com.google.guava/guava/pom.xml
Description:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.
File Path: /home/ciagent/.m2/repository/com/google/javascript/closure-compiler/v20170910/closure-compiler-v20170910.jar/META-INF/maven/com.google.guava/guava/pom.xml
MD5: f024fd287c62f49f218990c6b57e2fdf
SHA1: 386bd381301224cac5ae8d2c7883b90a12192d79
Evidence
Type Source Name Value Confidence
Vendor pom artifactid guava Low
Vendor pom parent-groupid com.google.guava Medium
Vendor pom description Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec. Low
Vendor pom name Guava: Google Core Libraries for Java High
Vendor pom groupid google.guava Highest
Vendor pom parent-artifactid guava-parent Low
Product pom parent-artifactid guava-parent Medium
Product pom description Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec. Low
Product pom name Guava: Google Core Libraries for Java High
Product pom parent-groupid com.google.guava Low
Product pom groupid google.guava Low
Product pom artifactid guava Highest
Version pom version 20.0 Highest
Published Vulnerabilities
CVE-2018-10237 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
Vulnerable Software & Versions: (show all )
closure-compiler-v20170910.jar/META-INF/maven/com.google.protobuf/protobuf-java/pom.xml
Description:
Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an
efficient yet extensible format.
File Path: /home/ciagent/.m2/repository/com/google/javascript/closure-compiler/v20170910/closure-compiler-v20170910.jar/META-INF/maven/com.google.protobuf/protobuf-java/pom.xml
MD5: 227a8b08fa4a124831258f4c8c774092
SHA1: 5dc19d1f724edfb259119a773d951935a1d72bfd
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid com.google.protobuf Medium
Vendor pom parent-artifactid protobuf-parent Low
Vendor pom groupid google.protobuf Highest
Vendor pom name Protocol Buffers [Core] High
Vendor pom description Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Low
Vendor pom artifactid protobuf-java Low
Product pom artifactid protobuf-java Highest
Product pom parent-groupid com.google.protobuf Low
Product pom name Protocol Buffers [Core] High
Product pom parent-artifactid protobuf-parent Medium
Product pom description Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Low
Product pom groupid google.protobuf Low
Version pom version 3.0.2 Highest
Published Vulnerabilities
CVE-2015-5237 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.
Vulnerable Software & Versions: (show all )
closure-compiler-v20170910.jar/META-INF/maven/com.google.code.gson/gson/pom.xml
File Path: /home/ciagent/.m2/repository/com/google/javascript/closure-compiler/v20170910/closure-compiler-v20170910.jar/META-INF/maven/com.google.code.gson/gson/pom.xml
MD5: 7cc578f098284c4ca992c0fc71150776
SHA1: 09f9e39f9b791aeb73ba428ad30872f1a703edb3
Evidence
Type Source Name Value Confidence
Vendor pom artifactid gson Low
Vendor pom name Gson High
Vendor pom parent-groupid com.google.code.gson Medium
Vendor pom parent-artifactid gson-parent Low
Vendor pom groupid google.code.gson Highest
Product pom artifactid gson Highest
Product pom name Gson High
Product pom parent-artifactid gson-parent Medium
Product pom groupid google.code.gson Low
Product pom parent-groupid com.google.code.gson Low
Version pom version 2.7 Highest
maven: com.google.code.gson:gson:2.7
Confidence :High
closure-compiler-v20170910.jar/META-INF/maven/com.google.code.findbugs/jsr305/pom.xml
Description: JSR305 Annotations for Findbugs
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/google/javascript/closure-compiler/v20170910/closure-compiler-v20170910.jar/META-INF/maven/com.google.code.findbugs/jsr305/pom.xml
MD5: d08567d16867a0b79bc8149683918452
SHA1: d04690f71f3393e23f30998d9534365274fa5f9f
Evidence
Type Source Name Value Confidence
Vendor pom description JSR305 Annotations for Findbugs Medium
Vendor pom url http://findbugs.sourceforge.net/ Highest
Vendor pom groupid google.code.findbugs Highest
Vendor pom artifactid jsr305 Low
Vendor pom name FindBugs-jsr305 High
Product pom description JSR305 Annotations for Findbugs Medium
Product pom groupid google.code.findbugs Low
Product pom artifactid jsr305 Highest
Product pom name FindBugs-jsr305 High
Product pom url http://findbugs.sourceforge.net/ Medium
Version pom version 3.0.1 Highest
maven: com.google.code.findbugs:jsr305:3.0.1
Confidence :High