Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Description: The runtime needed to execute a program using AspectJ
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: /home/ciagent/.m2/repository/org/aspectj/aspectjrt/1.8.8/aspectjrt-1.8.8.jar MD5: 2e448cd7ae0bdc357cb2b6e892ba9c9d SHA1: 7c5b26f24375685e34a50c2d765ebc40a96a5280
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
name
AspectJ runtime
High
Vendor
pom
groupid
aspectj
Highest
Vendor
manifest: org/aspectj/lang/
Implementation-Vendor
aspectj.org
Medium
Vendor
pom
groupid
org.aspectj
Highest
Vendor
pom
artifactid
aspectjrt
Low
Vendor
central
groupid
org.aspectj
Highest
Vendor
file
name
aspectjrt
High
Vendor
pom
description
The runtime needed to execute a program using AspectJ
Medium
Vendor
pom
url
http://www.aspectj.org
Highest
Product
central
artifactid
aspectjrt
Highest
Product
pom
name
AspectJ runtime
High
Product
pom
artifactid
aspectjrt
Highest
Product
manifest: org/aspectj/lang/
Implementation-Title
org.aspectj.tools
Medium
Product
file
name
aspectjrt
High
Product
manifest: org/aspectj/lang/
Specification-Title
AspectJ Runtime Classes
Medium
Product
pom
description
The runtime needed to execute a program using AspectJ
Description: Content Repository for Java technology API. Specifies a standard API to access content repositories in JavaTM 2 independently of implementation.
License:
Day License: http://www.day.com/maven/jsr170/licenses/day-spec-license.htm
File Path: /home/ciagent/.m2/repository/javax/jcr/jcr/1.0.1/jcr-1.0.1.jar MD5: 4639c7b994528948dab1a4feb1f68d6f SHA1: 567ee103cf7592e3cf036e1bf4e2e06b9f08e1a1
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
description
Content Repository for Java technology API. Specifies a standard API to access content repositories in JavaTM 2 independently of implementation.
Low
Vendor
file
name
jcr
High
Vendor
pom
groupid
javax.jcr
Highest
Vendor
Manifest
specification-vendor
Day Software Management AG
Low
Vendor
pom
organization url
http://www.day.com/
Medium
Vendor
pom
name
Content Repository for Java Technology API
High
Vendor
pom
organization name
Day Software Management AG
High
Vendor
pom
url
http://www.jcp.org/en/jsr/detail?id=170
Highest
Vendor
Manifest
Implementation-Vendor
Day Software Management AG
High
Vendor
Manifest
extension-name
jcr
Medium
Vendor
pom
artifactid
jcr
Low
Product
pom
description
Content Repository for Java technology API. Specifies a standard API to access content repositories in JavaTM 2 independently of implementation.
The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header.
File Path: /home/ciagent/.m2/repository/commons-chain/commons-chain/1.2/commons-chain-1.2.jar MD5: e18e2c87826644e4c8c08635572c154f SHA1: 744a13e8766e338bd347b6fbc28c6db12979d0c6
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
Manifest
Implementation-Vendor-Id
org.apache
Medium
Vendor
pom
parent-groupid
org.apache.commons
Medium
Vendor
pom
url
http://commons.apache.org/chain/
Highest
Vendor
central
groupid
commons-chain
Highest
Vendor
Manifest
bundle-symbolicname
org.apache.commons.chain
Medium
Vendor
pom
groupid
commons-chain
Highest
Vendor
Manifest
specification-vendor
The Apache Software Foundation
Low
Vendor
pom
parent-artifactid
commons-parent
Low
Vendor
pom
artifactid
commons-chain
Low
Vendor
pom
name
Commons Chain
High
Vendor
Manifest
Implementation-Vendor
The Apache Software Foundation
High
Vendor
file
name
commons-chain
High
Vendor
pom
description
An implementation of the GoF Chain of Responsibility pattern
Medium
Vendor
Manifest
bundle-docurl
http://commons.apache.org/chain/
Low
Vendor
manifest
Bundle-Description
An implementation of the GoF Chain of Responsibility pattern
Medium
Product
Manifest
Implementation-Title
Commons Chain
High
Product
pom
artifactid
commons-chain
Highest
Product
Manifest
bundle-symbolicname
org.apache.commons.chain
Medium
Product
Manifest
specification-title
Commons Chain
Medium
Product
pom
parent-artifactid
commons-parent
Medium
Product
pom
name
Commons Chain
High
Product
file
name
commons-chain
High
Product
pom
description
An implementation of the GoF Chain of Responsibility pattern
Medium
Product
pom
url
http://commons.apache.org/chain/
Medium
Product
central
artifactid
commons-chain
Highest
Product
Manifest
bundle-docurl
http://commons.apache.org/chain/
Low
Product
Manifest
Bundle-Name
Commons Chain
Medium
Product
pom
parent-groupid
org.apache.commons
Low
Product
manifest
Bundle-Description
An implementation of the GoF Chain of Responsibility pattern
Description:
The Digester package lets you configure an XML to Java object mapping module
which triggers certain actions called rules whenever a particular
pattern of nested XML elements is recognized.
File Path: /home/ciagent/.m2/repository/commons-digester/commons-digester/2.1/commons-digester-2.1.jar MD5: 528445033f22da28f5047b6abcd1c7c9 SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
name
Commons Digester
High
Vendor
Manifest
Implementation-Vendor-Id
org.apache
Medium
Vendor
manifest
Bundle-Description
The Digester package lets you configure an XML to Java object mapping module which triggers certain actions called rules whenever a particular pattern of nested XML elements is recognized.
Low
Vendor
pom
parent-groupid
org.apache.commons
Medium
Vendor
Manifest
bundle-symbolicname
org.apache.commons.digester
Medium
Vendor
Manifest
specification-vendor
The Apache Software Foundation
Low
Vendor
Manifest
bundle-docurl
http://commons.apache.org/digester/
Low
Vendor
pom
url
http://commons.apache.org/digester/
Highest
Vendor
pom
parent-artifactid
commons-parent
Low
Vendor
pom
groupid
commons-digester
Highest
Vendor
pom
artifactid
commons-digester
Low
Vendor
Manifest
Implementation-Vendor
The Apache Software Foundation
High
Vendor
file
name
commons-digester
High
Vendor
central
groupid
commons-digester
Highest
Vendor
pom
description
The Digester package lets you configure an XML to Java object mapping module which triggers certain actions called rules whenever a particular pattern of nested XML elements is recognized.
Low
Product
pom
name
Commons Digester
High
Product
pom
artifactid
commons-digester
Highest
Product
central
artifactid
commons-digester
Highest
Product
manifest
Bundle-Description
The Digester package lets you configure an XML to Java object mapping module which triggers certain actions called rules whenever a particular pattern of nested XML elements is recognized.
Low
Product
Manifest
bundle-symbolicname
org.apache.commons.digester
Medium
Product
Manifest
Bundle-Name
Commons Digester
Medium
Product
pom
url
http://commons.apache.org/digester/
Medium
Product
Manifest
specification-title
Commons Digester
Medium
Product
Manifest
bundle-docurl
http://commons.apache.org/digester/
Low
Product
Manifest
Implementation-Title
Commons Digester
High
Product
pom
parent-artifactid
commons-parent
Medium
Product
file
name
commons-digester
High
Product
pom
description
The Digester package lets you configure an XML to Java object mapping module which triggers certain actions called rules whenever a particular pattern of nested XML elements is recognized.
Description: Implementation of Command Service of Exoplatform SAS 'eXo Kernel' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.component.command/5.3.x-SNAPSHOT/exo.kernel.component.command-5.3.x-SNAPSHOT.jar MD5: 0e958f1e97410fcf5f569b5e7c14994b SHA1: b3c825524cc971a0bf1bf8674084cc05c409c43c
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
groupid
org.exoplatform.kernel
Highest
Vendor
pom
parent-groupid
org.exoplatform.kernel
Medium
Vendor
pom
description
Implementation of Command Service of Exoplatform SAS 'eXo Kernel' project.
Medium
Vendor
pom
parent-artifactid
kernel-parent
Low
Vendor
Manifest
Implementation-Vendor
eXo Platform SAS
High
Vendor
Manifest
specification-vendor
eXo Platform SAS
Low
Vendor
pom
artifactid
exo.kernel.component.command
Low
Vendor
file
name
exo.kernel.component.command
High
Vendor
Manifest
Implementation-Vendor-Id
org.exoplatform.kernel
Medium
Vendor
pom
name
eXo PLF:: Kernel :: Component :: Command Service
High
Vendor
pom
groupid
exoplatform.kernel
Highest
Product
pom
parent-artifactid
kernel-parent
Medium
Product
pom
groupid
exoplatform.kernel
Low
Product
pom
parent-groupid
org.exoplatform.kernel
Low
Product
Manifest
Implementation-Title
eXo PLF:: Kernel :: Component :: Command Service
High
Product
pom
description
Implementation of Command Service of Exoplatform SAS 'eXo Kernel' project.
File Path: /home/ciagent/.m2/repository/org/quartz-scheduler/quartz/2.2.2/quartz-2.2.2.jar MD5: 6acfd6ada2f4ad0abf4de916654dcaea SHA1: 6fd24da6803ab7c3a08bc519a62219a9bebeb0df
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
File Path: /home/ciagent/.m2/repository/javax/mail/mail/1.4.7/mail-1.4.7.jar MD5: 77f53ff0c78ba43c4812ecc9f53e20f8 SHA1: 9add058589d5d85adeb625859bf2c5eeaaedf12d
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
File Path: /home/ciagent/.m2/repository/commons-dbcp/commons-dbcp/1.4/commons-dbcp-1.4.jar MD5: b004158fab904f37f5831860898b3cd9 SHA1: 30be73c965cc990b153a100aaaaafcf239f82d39
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:runtime
File Path: /home/ciagent/.m2/repository/commons-pool/commons-pool/1.6/commons-pool-1.6.jar MD5: 5ca02245c829422176d23fa530e919cc SHA1: 4572d589699f09d866a226a14b7f4323c6d8f040
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:runtime
Description: Implementation of Common Service of Exoplatform SAS 'eXo Kernel' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.component.common/5.3.x-SNAPSHOT/exo.kernel.component.common-5.3.x-SNAPSHOT.jar MD5: c18d2b5e62ca094dc3af3a67ab37d2ab SHA1: 013cabbb2b566014bc2d648beafb61927ae20de6
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
groupid
org.exoplatform.kernel
Highest
Vendor
file
name
exo.kernel.component.common
High
Vendor
pom
artifactid
exo.kernel.component.common
Low
Vendor
pom
parent-groupid
org.exoplatform.kernel
Medium
Vendor
pom
description
Implementation of Common Service of Exoplatform SAS 'eXo Kernel' project.
Medium
Vendor
pom
parent-artifactid
kernel-parent
Low
Vendor
Manifest
Implementation-Vendor
eXo Platform SAS
High
Vendor
Manifest
specification-vendor
eXo Platform SAS
Low
Vendor
Manifest
Implementation-Vendor-Id
org.exoplatform.kernel
Medium
Vendor
pom
name
eXo PLF:: Kernel :: Component :: Common Service
High
Vendor
pom
groupid
exoplatform.kernel
Highest
Product
file
name
exo.kernel.component.common
High
Product
pom
parent-artifactid
kernel-parent
Medium
Product
pom
groupid
exoplatform.kernel
Low
Product
pom
parent-groupid
org.exoplatform.kernel
Low
Product
pom
description
Implementation of Common Service of Exoplatform SAS 'eXo Kernel' project.
Description: Implementation of Cache Service of Exoplatform SAS 'eXo Kernel' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.component.cache/5.3.x-SNAPSHOT/exo.kernel.component.cache-5.3.x-SNAPSHOT.jar MD5: 78754a3324778c24f0cceb9fc8e4191e SHA1: dfdab64d9571291e84d073f7819ca86ee0401e81
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
exo.kernel.component.cache
High
Vendor
pom
groupid
org.exoplatform.kernel
Highest
Vendor
pom
name
eXo PLF:: Kernel :: Component :: Cache Service
High
Vendor
pom
description
Implementation of Cache Service of Exoplatform SAS 'eXo Kernel' project.
Medium
Vendor
pom
parent-groupid
org.exoplatform.kernel
Medium
Vendor
pom
artifactid
exo.kernel.component.cache
Low
Vendor
pom
parent-artifactid
kernel-parent
Low
Vendor
Manifest
Implementation-Vendor
eXo Platform SAS
High
Vendor
Manifest
specification-vendor
eXo Platform SAS
Low
Vendor
Manifest
Implementation-Vendor-Id
org.exoplatform.kernel
Medium
Vendor
pom
groupid
exoplatform.kernel
Highest
Product
file
name
exo.kernel.component.cache
High
Product
pom
parent-artifactid
kernel-parent
Medium
Product
pom
name
eXo PLF:: Kernel :: Component :: Cache Service
High
Product
pom
groupid
exoplatform.kernel
Low
Product
pom
parent-groupid
org.exoplatform.kernel
Low
Product
pom
description
Implementation of Cache Service of Exoplatform SAS 'eXo Kernel' project.
Description: Implementation of 'eXo Security' component of Exoplatform SAS 'eXo Core' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.security.core/5.3.x-SNAPSHOT/exo.core.component.security.core-5.3.x-SNAPSHOT.jar MD5: d3be3135b452efce574996d25f748db8 SHA1: 158ef5e23b042de00c19cfc7056c85514dc2e8f1
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
Manifest
Implementation-Vendor-Id
org.exoplatform.core
Medium
Vendor
pom
description
Implementation of 'eXo Security' component of Exoplatform SAS 'eXo Core' project.
Medium
Vendor
pom
parent-artifactid
core-parent
Low
Vendor
pom
parent-groupid
org.exoplatform.core
Medium
Vendor
Manifest
Implementation-Vendor
eXo Platform SAS
High
Vendor
pom
artifactid
exo.core.component.security.core
Low
Vendor
pom
name
eXo PLF Core :: Component :: Security Service
High
Vendor
Manifest
specification-vendor
eXo Platform SAS
Low
Vendor
file
name
exo.core.component.security.core
High
Vendor
pom
groupid
exoplatform.core
Highest
Vendor
pom
groupid
org.exoplatform.core
Highest
Product
Manifest
Implementation-Title
eXo PLF Core :: Component :: Security Service
High
Product
pom
parent-artifactid
core-parent
Medium
Product
pom
description
Implementation of 'eXo Security' component of Exoplatform SAS 'eXo Core' project.
Description:
A framework for constructing recognizers, compilers,
and translators from grammatical descriptions containing
Java, C#, C++, or Python actions.
License:
BSD License: http://www.antlr.org/license.html
File Path: /home/ciagent/.m2/repository/antlr/antlr/2.7.7/antlr-2.7.7.jar MD5: f8f1352c52a4c6a500b597596501fc64 SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
artifactid
antlr
Low
Vendor
central
groupid
antlr
Highest
Vendor
jar
package name
antlr
Low
Vendor
pom
name
AntLR Parser Generator
High
Vendor
pom
groupid
antlr
Highest
Vendor
file
name
antlr
High
Vendor
pom
description
A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.
Low
Vendor
pom
url
http://www.antlr.org/
Highest
Product
pom
artifactid
antlr
Highest
Product
pom
groupid
antlr
Low
Product
pom
name
AntLR Parser Generator
High
Product
file
name
antlr
High
Product
pom
description
A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.
Description: dom4j: the flexible XML framework for Java
File Path: /home/ciagent/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar MD5: 4d8f51d3fe3900efc6e395be48030d6d SHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-91 XML Injection (aka Blind XPath Injection)
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
Description:
Hibernate definition of the Java Persistence 2.0 (JSR 317) API.
License:
license.txt
File Path: /home/ciagent/.m2/repository/org/hibernate/javax/persistence/hibernate-jpa-2.0-api/1.0.1.Final/hibernate-jpa-2.0-api-1.0.1.Final.jar MD5: d7e7d8f60fc44a127ba702d43e71abec SHA1: 3306a165afa81938fc3d8a0948e891de9f6b192b
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
groupid
hibernate.javax.persistence
Highest
Vendor
Manifest
specification-vendor
Sun Microsystems, Inc.
Low
Vendor
pom
description
Hibernate definition of the Java Persistence 2.0 (JSR 317) API.
Medium
Vendor
pom
organization url
http://hibernate.org
Medium
Vendor
pom
name
JPA 2.0 API
High
Vendor
central
groupid
org.hibernate.javax.persistence
Highest
Vendor
pom
artifactid
hibernate-jpa-2.0-api
Low
Vendor
Manifest
Implementation-Vendor
hibernate.org
High
Vendor
pom
organization name
Hibernate.org
High
Vendor
pom
url
http://hibernate.org
Highest
Vendor
pom
groupid
org.hibernate.javax.persistence
Highest
Vendor
file
name
hibernate-jpa-2.0-api-1.0.1.Final
High
Product
pom
description
Hibernate definition of the Java Persistence 2.0 (JSR 317) API.
File Path: /home/ciagent/.m2/repository/org/jboss/logging/jboss-logging-annotations/1.2.0.Beta1/jboss-logging-annotations-1.2.0.Beta1.jar MD5: 938e552e319015a8863dd91284aada54 SHA1: 2f437f37bb265d9f8f1392823dbca12d2bec06d6
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Description: Common reflection code used in support of annotation processing
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/ciagent/.m2/repository/org/hibernate/common/hibernate-commons-annotations/4.0.5.Final/hibernate-commons-annotations-4.0.5.Final.jar MD5: 5dadbafd7c7bc1168c10a2ba87e927a2 SHA1: 2a581b9edb8168e45060d8bad8b7f46712d2c52c
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
hibernate-commons-annotations
High
Vendor
pom
groupid
hibernate.common
Highest
Vendor
pom
description
Common reflection code used in support of annotation processing
Description: A module of the Hibernate O/RM project
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/ciagent/.m2/repository/org/hibernate/hibernate-core/4.2.21.Final/hibernate-core-4.2.21.Final.jar MD5: 492567c1f36fb3a5968ca2d3c452edaf SHA1: bb587d00287c13d9e4324bc76c13abbd493efa81
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
File Path: /home/ciagent/.m2/repository/com/thoughtworks/xstream/xstream/1.4.10/xstream-1.4.10.jar MD5: d00eec778910f95b26201395ac64cca0 SHA1: dfecae23647abc9d9fd0416629a4213a3882b101
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
xstream
High
Vendor
Manifest
java_1_8_home
/opt/oracle-jdk-bin-1.8.0.131
Low
Vendor
Manifest
bundle-docurl
http://x-stream.github.io
Low
Vendor
Manifest
java_1_5_home
/opt/sun-jdk-1.5.0.22
Low
Vendor
pom
groupid
com.thoughtworks.xstream
Highest
Vendor
pom
groupid
thoughtworks.xstream
Highest
Vendor
pom
artifactid
xstream
Low
Vendor
Manifest
java_1_6_home
/opt/sun-jdk-1.6.0.45
Low
Vendor
pom
name
XStream Core
High
Vendor
Manifest
Implementation-Vendor
XStream
High
Vendor
Manifest
x-build-time
2017-05-23T14:28:02Z
Low
Vendor
central
groupid
com.thoughtworks.xstream
Highest
Vendor
Manifest
x-compile-target
1.5
Low
Vendor
Manifest
bundle-symbolicname
xstream
Medium
Vendor
manifest
Bundle-Description
XStream is a serialization library from Java objects to XML and back.
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)
Description: API of Organization Service of Exoplatform SAS 'eXo Core' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.organization.api/5.3.x-SNAPSHOT/exo.core.component.organization.api-5.3.x-SNAPSHOT.jar MD5: 8352b77fd298b422c45d744007590478 SHA1: 81d56dadc9a5f8ab663de0556467ccf179a08f30
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
Manifest
Implementation-Vendor-Id
org.exoplatform.core
Medium
Vendor
pom
name
eXo PLF Core :: Component :: Organization Service API
High
Vendor
pom
parent-artifactid
core-parent
Low
Vendor
pom
parent-groupid
org.exoplatform.core
Medium
Vendor
file
name
exo.core.component.organization.api
High
Vendor
Manifest
Implementation-Vendor
eXo Platform SAS
High
Vendor
Manifest
specification-vendor
eXo Platform SAS
Low
Vendor
pom
groupid
exoplatform.core
Highest
Vendor
pom
groupid
org.exoplatform.core
Highest
Vendor
pom
description
API of Organization Service of Exoplatform SAS 'eXo Core' project.
Medium
Vendor
pom
artifactid
exo.core.component.organization.api
Low
Product
pom
parent-artifactid
core-parent
Medium
Product
pom
name
eXo PLF Core :: Component :: Organization Service API
High
Product
pom
artifactid
exo.core.component.organization.api
Highest
Product
pom
groupid
exoplatform.core
Low
Product
Manifest
specification-title
exo-core
Medium
Product
file
name
exo.core.component.organization.api
High
Product
pom
parent-groupid
org.exoplatform.core
Low
Product
Manifest
Implementation-Title
eXo PLF Core :: Component :: Organization Service API
High
Product
pom
description
API of Organization Service of Exoplatform SAS 'eXo Core' project.
Description:
The Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
File Path: /home/ciagent/.m2/repository/commons-io/commons-io/2.4/commons-io-2.4.jar MD5: 7f97854dc04c119d461fed14f5d8bb96 SHA1: b1b6ea3b7e4aa4f492509a4952029cd8e48019ad
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
central
groupid
commons-io
Highest
Vendor
file
name
commons-io
High
Vendor
Manifest
Implementation-Vendor-Id
org.apache
Medium
Vendor
pom
parent-groupid
org.apache.commons
Medium
Vendor
Manifest
bundle-docurl
http://commons.apache.org/io/
Low
Vendor
pom
name
Commons IO
High
Vendor
Manifest
specification-vendor
The Apache Software Foundation
Low
Vendor
pom
url
http://commons.apache.org/io/
Highest
Vendor
pom
artifactid
commons-io
Low
Vendor
Manifest
bundle-symbolicname
org.apache.commons.io
Medium
Vendor
manifest
Bundle-Description
The Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.
Low
Vendor
pom
parent-artifactid
commons-parent
Low
Vendor
pom
description
The Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.
Low
Vendor
Manifest
implementation-build
tags/2.4-RC2@r1349569; 2012-06-12 18:18:20-0400
Low
Vendor
Manifest
Implementation-Vendor
The Apache Software Foundation
High
Vendor
pom
groupid
commons-io
Highest
Product
file
name
commons-io
High
Product
Manifest
specification-title
Commons IO
Medium
Product
Manifest
bundle-docurl
http://commons.apache.org/io/
Low
Product
pom
artifactid
commons-io
Highest
Product
pom
name
Commons IO
High
Product
pom
groupid
commons-io
Low
Product
central
artifactid
commons-io
Highest
Product
Manifest
Implementation-Title
Commons IO
High
Product
Manifest
bundle-symbolicname
org.apache.commons.io
Medium
Product
manifest
Bundle-Description
The Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.
Low
Product
pom
description
The Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.
Description:
The Apache FontBox library is an open source Java tool to obtain low level information
from font files. FontBox is a subproject of Apache PDFBox.
File Path: /home/ciagent/.m2/repository/org/apache/pdfbox/fontbox/1.8.14/fontbox-1.8.14.jar MD5: 901640f7e2bd12508ae4a7cccba3df79 SHA1: 9c7caec614a6a132bedc83f1d6d247bb96ca0df3
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
fontbox
High
Vendor
Manifest
bundle-docurl
http://pdfbox.apache.org
Low
Vendor
pom
parent-groupid
org.apache.pdfbox
Medium
Vendor
pom
name
Apache FontBox
High
Vendor
Manifest
specification-vendor
The Apache Software Foundation
Low
Vendor
pom
artifactid
fontbox
Low
Vendor
pom
groupid
org.apache.pdfbox
Highest
Vendor
pom
description
The Apache FontBox library is an open source Java tool to obtain low level information from font files. FontBox is a subproject of Apache PDFBox.
Low
Vendor
pom
url
http://pdfbox.apache.org/
Highest
Vendor
manifest
Bundle-Description
The Apache FontBox library is an open source Java tool to obtain low level information from font files. FontBox is a subproject of Apache PDFBox.
In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.
In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
Description:
The Apache JempBox library is an open source Java tool that implements Adobe's XMP(TM)
specification. JempBox is a subproject of Apache PDFBox.
File Path: /home/ciagent/.m2/repository/org/apache/pdfbox/jempbox/1.8.14/jempbox-1.8.14.jar MD5: 393135759731daf4e301903b3de2fbbb SHA1: 7f94c7cd4efc21e78729436cc4cf0c09eeea0f38
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
Manifest
bundle-docurl
http://pdfbox.apache.org
Low
Vendor
pom
parent-groupid
org.apache.pdfbox
Medium
Vendor
file
name
jempbox
High
Vendor
pom
name
Apache JempBox
High
Vendor
Manifest
specification-vendor
The Apache Software Foundation
Low
Vendor
pom
artifactid
jempbox
Low
Vendor
pom
description
The Apache JempBox library is an open source Java tool that implements Adobe's XMP(TM) specification. JempBox is a subproject of Apache PDFBox.
Low
Vendor
pom
groupid
org.apache.pdfbox
Highest
Vendor
Manifest
bundle-symbolicname
org.apache.pdfbox.jempbox
Medium
Vendor
manifest
Bundle-Description
The Apache JempBox library is an open source Java tool that implements Adobe's XMP(TM) specification. JempBox is a subproject of Apache PDFBox.
In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.
In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
File Path: /home/ciagent/.m2/repository/org/apache/pdfbox/pdfbox/1.8.14/pdfbox-1.8.14.jar MD5: c90740e185fc2f8013d1119f509ea4f3 SHA1: 7550298240c8540b721733ede6dc88fcf4fa2b0f
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
manifest
Bundle-Description
The Apache PDFBox library is an open source Java tool for working with PDF documents.
Medium
Vendor
Manifest
bundle-docurl
http://pdfbox.apache.org
Low
Vendor
pom
parent-groupid
org.apache.pdfbox
Medium
Vendor
pom
artifactid
pdfbox
Low
Vendor
Manifest
specification-vendor
The Apache Software Foundation
Low
Vendor
pom
description
The Apache PDFBox library is an open source Java tool for working with PDF documents.
In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.
In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
Description: HTML Lexer is the low level lexical analyzer.
File Path: /home/ciagent/.m2/repository/org/htmlparser/htmllexer/2.1/htmllexer-2.1.jar MD5: 1cb7184766a0c52f4d98d671bb08be19 SHA1: 2ebf2c073e649b7e674cddd0558ff102a486402f
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Description: HTML Parser is the high level syntactical analyzer.
File Path: /home/ciagent/.m2/repository/org/htmlparser/htmlparser/2.1/htmlparser-2.1.jar MD5: aa05b921026c228f92ef8b4a13c26f8d SHA1: c752e5984b7767533cbd3fdffa48cecb52fa226c
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
artifactid
htmlparser
Low
Vendor
central
groupid
org.htmlparser
Highest
Vendor
pom
description
HTML Parser is the high level syntactical analyzer.
Medium
Vendor
jar
package name
htmlparser
Low
Vendor
pom
groupid
org.htmlparser
Highest
Vendor
pom
groupid
htmlparser
Highest
Vendor
pom
url
http://htmlparser.org
Highest
Vendor
pom
parent-artifactid
HTMLParserProject
Low
Vendor
pom
name
HTML Parser Jar
High
Vendor
pom
parent-groupid
org.htmlparser
Medium
Vendor
file
name
htmlparser
High
Product
pom
url
http://htmlparser.org
Medium
Product
pom
description
HTML Parser is the high level syntactical analyzer.
Description:
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
File Path: /home/ciagent/.m2/repository/commons-codec/commons-codec/1.10/commons-codec-1.10.jar MD5: 353cf6a2bdba09595ccfa073b78c7fcb SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
Low
Vendor
pom
description
The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
Low
Product
pom
parent-groupid
org.apache.commons
Low
Product
pom
description
The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
Description: Apache POI - Java API To Access Microsoft Format Files
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/poi/poi/3.13/poi-3.13.jar MD5: 1b43f32e2211546040597a9e2d07b869 SHA1: 0f59f504ba8c521e61e25f417ec652fd485010f3
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
artifactid
poi
Low
Vendor
central
groupid
org.apache.poi
Highest
Vendor
Manifest
specification-vendor
The Apache Software Foundation
Low
Vendor
Manifest
Implementation-Vendor-Id
org.apache.poi
Medium
Vendor
pom
organization url
http://www.apache.org/
Medium
Vendor
pom
description
Apache POI - Java API To Access Microsoft Format Files
Medium
Vendor
Manifest
Implementation-Vendor
The Apache Software Foundation
High
Vendor
pom
organization name
Apache Software Foundation
High
Vendor
pom
url
http://poi.apache.org/
Highest
Vendor
pom
groupid
org.apache.poi
Highest
Vendor
pom
name
Apache POI
High
Vendor
file
name
poi
High
Vendor
pom
groupid
apache.poi
Highest
Product
pom
organization name
Apache Software Foundation
Low
Product
Manifest
Implementation-Title
Apache POI
High
Product
pom
groupid
apache.poi
Low
Product
pom
organization url
http://www.apache.org/
Low
Product
pom
url
http://poi.apache.org/
Medium
Product
pom
artifactid
poi
Highest
Product
pom
description
Apache POI - Java API To Access Microsoft Format Files
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
Description: This is the core Apache Tika™ toolkit library from which all other modules inherit functionality. It also includes the core facades for the Tika API.
File Path: /home/ciagent/.m2/repository/org/apache/tika/tika-core/1.5/tika-core-1.5.jar MD5: e864bf637f51283dc525087b015d7b1a SHA1: 194ca0fb3d73b07737524806fbc3bec89063c03a
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
organization url
http://www.apache.org
Medium
Vendor
pom
description
This is the core Apache Tika™ toolkit library from which all other modules inherit functionality. It also includes the core facades for the Tika API.
Low
Vendor
central
groupid
org.apache.tika
Highest
Vendor
Manifest
bundle-symbolicname
org.apache.tika.core
Medium
Vendor
pom
name
Apache Tika core
High
Vendor
pom
groupid
apache.tika
Highest
Vendor
pom
parent-artifactid
tika-parent
Low
Vendor
pom
url
http://tika.apache.org/
Highest
Vendor
Manifest
bundle-docurl
http://tika.apache.org/
Low
Vendor
pom
organization name
The Apache Software Foundation
High
Vendor
pom
artifactid
tika-core
Low
Vendor
pom
groupid
org.apache.tika
Highest
Vendor
pom
parent-groupid
org.apache.tika
Medium
Vendor
file
name
tika-core
High
Vendor
manifest
Bundle-Description
This is the core Apache Tika™ toolkit library from which all other modules inherit functionality. It also includes the core facades for the Tika API.
Low
Product
pom
artifactid
tika-core
Highest
Product
Manifest
Bundle-Name
Apache Tika core
Medium
Product
pom
organization url
http://www.apache.org
Low
Product
pom
description
This is the core Apache Tika™ toolkit library from which all other modules inherit functionality. It also includes the core facades for the Tika API.
Low
Product
Manifest
bundle-symbolicname
org.apache.tika.core
Medium
Product
pom
name
Apache Tika core
High
Product
pom
parent-artifactid
tika-parent
Medium
Product
pom
organization name
The Apache Software Foundation
Low
Product
Manifest
bundle-docurl
http://tika.apache.org/
Low
Product
pom
parent-groupid
org.apache.tika
Low
Product
pom
url
http://tika.apache.org/
Medium
Product
pom
groupid
apache.tika
Low
Product
file
name
tika-core
High
Product
central
artifactid
tika-core
Highest
Product
manifest
Bundle-Description
This is the core Apache Tika™ toolkit library from which all other modules inherit functionality. It also includes the core facades for the Tika API.
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.
Severity:
Medium
CVSS Score: 5.8
(AV:N/AC:M/Au:N/C:N/I:P/A:P)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file.
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later.
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.
File Path: /home/ciagent/.m2/repository/org/gagravarr/vorbis-java-core/0.1/vorbis-java-core-0.1-tests.jar MD5: d58f076c08a917277d03f3417aa867a6 SHA1: c849979e199d8a7c3da1a00799c623c00f94efac
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:test,provided
File Path: /home/ciagent/.m2/repository/org/gagravarr/vorbis-java-tika/0.1/vorbis-java-tika-0.1.jar MD5: 1fccc6796a0924ba4f32eb1d44b8616b SHA1: 6966c8663a7f689021accb13cceaa6101f53ea3d
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later.
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.
Description: The NetCDF-Java Library is a Java interface to NetCDF files,
as well as to many other types of scientific data formats.
License:
(MIT-style) netCDF C library license.: http://www.unidata.ucar.edu/software/netcdf/copyright.html
File Path: /home/ciagent/.m2/repository/edu/ucar/netcdf/4.2-min/netcdf-4.2-min.jar MD5: eb00b40b0511f0fc1dfcfc9cb89e3c53 SHA1: 0f3c3f3db4c54483aa1fbc4497e300879ce24da1
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
groupid
edu.ucar
Highest
Vendor
file
name
netcdf
High
Vendor
Manifest
built-on
2010-11-24 05:51:29
Low
Vendor
pom
artifactid
netcdf
Low
Vendor
pom
description
The NetCDF-Java Library is a Java interface to NetCDF files, as well as to many other types of scientific data formats.
Low
Vendor
pom
name
The NetCDF-Java Library
High
Vendor
pom
url
http://www.unidata.ucar.edu/software/netcdf-java/
Highest
Vendor
Manifest
Implementation-Vendor
UCAR/Unidata
High
Vendor
central
groupid
edu.ucar
Highest
Product
central
artifactid
netcdf
Highest
Product
file
name
netcdf
High
Product
Manifest
built-on
2010-11-24 05:51:29
Low
Product
pom
groupid
edu.ucar
Low
Product
pom
description
The NetCDF-Java Library is a Java interface to NetCDF files, as well as to many other types of scientific data formats.
File Path: /home/ciagent/.m2/repository/org/apache/james/apache-mime4j-core/0.7.2/apache-mime4j-core-0.7.2.jar MD5: 88f799546eca803c53eee01a4ce5edcd SHA1: a81264fe0265ebe8fd1d8128aad06dc320de6eef
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
File Path: /home/ciagent/.m2/repository/org/tukaani/xz/1.2/xz-1.2.jar MD5: 04bd31459826c30c2a3c304e3b225ad4 SHA1: bfc66dda280a18ab341b5023248925265c00394c
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name.
Description:
Apache Commons Compress software defines an API for working with compression and archive formats.
These include: bzip2, gzip, pack200, xz and ar, cpio, jar, tar, zip, dump.
File Path: /home/ciagent/.m2/repository/org/apache/commons/commons-compress/1.5/commons-compress-1.5.jar MD5: 5e18cfcf472548c2e0b90a4ea1cedf42 SHA1: d2bd2c0bd328f1dabdf33e10b6d223ebcbe93343
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Apache Commons Compress software defines an API for working with compression and archive formats.These include: bzip2, gzip, pack200, xz and ar, cpio, jar, tar, zip, dump.
Low
Vendor
pom
name
Commons Compress
High
Vendor
Manifest
Implementation-Vendor
The Apache Software Foundation
High
Vendor
pom
url
http://commons.apache.org/compress/
Highest
Vendor
pom
description
Apache Commons Compress software defines an API for working with compression and archive formats.
These include: bzip2, gzip, pack200, xz and ar, cpio, jar, tar, zip, dump.
Apache Commons Compress software defines an API for working with compression and archive formats.These include: bzip2, gzip, pack200, xz and ar, cpio, jar, tar, zip, dump.
Low
Product
pom
name
Commons Compress
High
Product
pom
parent-artifactid
commons-parent
Medium
Product
Manifest
specification-title
Commons Compress
Medium
Product
pom
parent-groupid
org.apache.commons
Low
Product
pom
description
Apache Commons Compress software defines an API for working with compression and archive formats.
These include: bzip2, gzip, pack200, xz and ar, cpio, jar, tar, zip, dump.
Description: The Bouncy Castle Java CMS and S/MIME APIs for handling the CMS and S/MIME protocols. This jar contains CMS and S/MIME APIs for JDK 1.5. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. If the S/MIME API is used, the JavaMail API and the Java activation framework will also be needed.
File Path: /home/ciagent/.m2/repository/org/bouncycastle/bcmail-jdk15/1.45/bcmail-jdk15-1.45.jar MD5: 13321fc7eff7bcada7b4fedfb592025c SHA1: 3aed7e642dd8d39dc14ed1dec3ff79e084637148
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
Manifest
extension-name
org.bouncycastle.bcmail
Medium
Vendor
pom
description
The Bouncy Castle Java CMS and S/MIME APIs for handling the CMS and S/MIME protocols. This jar contains CMS and S/MIME APIs for JDK 1.5. The APIs can be used in conjunction with a JCE/JCA provider ...
Low
Vendor
pom
url
http://www.bouncycastle.org/java.html
Highest
Vendor
Manifest
Implementation-Vendor
BouncyCastle.org
High
Vendor
pom
artifactid
bcmail-jdk15
Low
Vendor
file
name
bcmail-jdk15
High
Vendor
central
groupid
org.bouncycastle
Highest
Vendor
pom
name
Bouncy Castle CMS and S/MIME API
High
Vendor
Manifest
Implementation-Vendor-Id
org.bouncycastle
Medium
Vendor
pom
groupid
bouncycastle
Highest
Vendor
pom
groupid
org.bouncycastle
Highest
Vendor
Manifest
specification-vendor
BouncyCastle.org
Low
Product
Manifest
extension-name
org.bouncycastle.bcmail
Medium
Product
pom
groupid
bouncycastle
Low
Product
file
name
bcmail-jdk15
High
Product
pom
description
The Bouncy Castle Java CMS and S/MIME APIs for handling the CMS and S/MIME protocols. This jar contains CMS and S/MIME APIs for JDK 1.5. The APIs can be used in conjunction with a JCE/JCA provider ...
Description: The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5.
File Path: /home/ciagent/.m2/repository/org/bouncycastle/bcprov-jdk15/1.45/bcprov-jdk15-1.45.jar MD5: 2062f8e3d15748443ea60a94b266371c SHA1: 7741883cb07b4634e8b5fd3337113b6ea770a9bb
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
bcprov-jdk15
High
Vendor
pom
url
http://www.bouncycastle.org/java.html
Highest
Vendor
Manifest
Implementation-Vendor
BouncyCastle.org
High
Vendor
pom
artifactid
bcprov-jdk15
Low
Vendor
central
groupid
org.bouncycastle
Highest
Vendor
Manifest
extension-name
org.bouncycastle.bcprovider
Medium
Vendor
Manifest
Implementation-Vendor-Id
org.bouncycastle
Medium
Vendor
pom
groupid
bouncycastle
Highest
Vendor
pom
name
Bouncy Castle Provider
High
Vendor
pom
groupid
org.bouncycastle
Highest
Vendor
Manifest
specification-vendor
BouncyCastle.org
Low
Vendor
pom
description
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5.
Low
Product
pom
groupid
bouncycastle
Low
Product
file
name
bcprov-jdk15
High
Product
Manifest
extension-name
org.bouncycastle.bcprovider
Medium
Product
pom
url
http://www.bouncycastle.org/java.html
Medium
Product
pom
name
Bouncy Castle Provider
High
Product
central
artifactid
bcprov-jdk15
Highest
Product
pom
artifactid
bcprov-jdk15
Highest
Product
pom
description
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5.
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."
Description: TagSoup is a SAX-compliant parser written in Java that, instead of parsing well-formed or valid XML, parses HTML as it is found in the wild: poor, nasty and brutish, though quite often far from short. TagSoup is designed for people who have to process this stuff using some semblance of a rational application design. By providing a SAX interface, it allows standard XML tools to be applied to even the worst HTML. TagSoup also includes a command-line processor that reads HTML files and can generate either clean HTML or well-formed XML that is a close approximation to XHTML.
File Path: /home/ciagent/.m2/repository/org/ccil/cowan/tagsoup/tagsoup/1.2.1/tagsoup-1.2.1.jar MD5: ae73a52cdcbec10cd61d9ef22fab5936 SHA1: 5584627487e984c03456266d3f8802eb85a9ce97
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
tagsoup
High
Vendor
pom
artifactid
tagsoup
Low
Vendor
central
groupid
org.ccil.cowan.tagsoup
Highest
Vendor
pom
groupid
ccil.cowan.tagsoup
Highest
Vendor
pom
groupid
org.ccil.cowan.tagsoup
Highest
Vendor
pom
description
TagSoup is a SAX-compliant parser written in Java that, instead of parsing well-formed or valid XML, parses HTML as it is found in the wild: poor, nasty and brutish, though quite often far from short. TagSoup is designed for people who have to process this stuff using some semblance of a rational application design. By providing a SAX interface, it allows standard XML tools to be applied to even the worst HTML. TagSoup also includes a command-line processor that reads HTML files and can generate either clean HTML or well-formed XML that is a close approximation to XHTML.
Low
Vendor
pom
url
http://home.ccil.org/~cowan/XML/tagsoup/
Highest
Vendor
pom
name
TagSoup
High
Product
pom
url
http://home.ccil.org/~cowan/XML/tagsoup/
Medium
Product
file
name
tagsoup
High
Product
central
artifactid
tagsoup
Highest
Product
pom
description
TagSoup is a SAX-compliant parser written in Java that, instead of parsing well-formed or valid XML, parses HTML as it is found in the wild: poor, nasty and brutish, though quite often far from short. TagSoup is designed for people who have to process this stuff using some semblance of a rational application design. By providing a SAX interface, it allows standard XML tools to be applied to even the worst HTML. TagSoup also includes a command-line processor that reads HTML files and can generate either clean HTML or well-formed XML that is a close approximation to XHTML.
File Path: /home/ciagent/.m2/repository/org/ow2/asm/asm-debug-all/4.1/asm-debug-all-4.1.jar MD5: 6c3a8842f484dd3d620002b361e3610e SHA1: dd6ba5c392d4102458494e29f54f70ac534ec2a2
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
File Path: /home/ciagent/.m2/repository/com/googlecode/mp4parser/isoparser/1.0-RC-1/isoparser-1.0-RC-1.jar MD5: b0444fde2290319c9028564c3c3ff1ab SHA1: 4a5768b1070b9488a433362d736720fd7a7b264f
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
jar
package name
boxes
Low
Vendor
pom
groupid
googlecode.mp4parser
Highest
Vendor
pom
description
A generic parser and writer for all ISO 14496 based files (MP4, Quicktime, DCF, PDCF, ...)
Medium
Vendor
pom
groupid
com.googlecode.mp4parser
Highest
Vendor
central
groupid
com.googlecode.mp4parser
Highest
Vendor
pom
artifactid
isoparser
Low
Vendor
jar
package name
coremedia
Low
Vendor
file
name
isoparser
High
Vendor
pom
name
ISO Parser
High
Vendor
pom
url
http://code.google.com/p/mp4parser/
Highest
Vendor
jar
package name
iso
Low
Product
jar
package name
boxes
Low
Product
pom
description
A generic parser and writer for all ISO 14496 based files (MP4, Quicktime, DCF, PDCF, ...)
Severity:
Low
CVSS Score: 2.1
(AV:N/AC:H/Au:S/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web script or HTML via the subject parameter.
Description:
The XMP Library for Java is based on the C++ XMPCore library
and the API is similar.
License:
The BSD License: http://www.adobe.com/devnet/xmp/library/eula-xmp-library-java.html
File Path: /home/ciagent/.m2/repository/com/adobe/xmp/xmpcore/5.1.2/xmpcore-5.1.2.jar MD5: 0b2cf2a09d32abdedd17de864e93ad25 SHA1: 55615fa2582424e38705487d1d3969af8554f637
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
xmpcore
High
Vendor
Manifest
Implementation-Vendor
Copyright 2006-2009 Adobe Systems Incorporated. All rights reserved
High
Vendor
pom
groupid
adobe.xmp
Highest
Vendor
pom
groupid
com.adobe.xmp
Highest
Vendor
Manifest
implementation-minor
1
Low
Vendor
pom
name
XMP Library for Java
High
Vendor
Manifest
implementation-major
5
Low
Vendor
pom
description
The XMP Library for Java is based on the C++ XMPCore library
and the API is similar.
Medium
Vendor
Manifest
builddate
2012 Jul 03 11:48:46-CEST
Low
Vendor
central
groupid
com.adobe.xmp
Highest
Vendor
Manifest
implementation-engbuild
003
Low
Vendor
Manifest
implementation-micro
1
Low
Vendor
pom
artifactid
xmpcore
Low
Vendor
pom
url
http://www.adobe.com/devnet/xmp.html
Highest
Product
file
name
xmpcore
High
Product
Manifest
implementation-minor
1
Low
Product
pom
name
XMP Library for Java
High
Product
Manifest
implementation-major
5
Low
Product
pom
description
The XMP Library for Java is based on the C++ XMPCore library
and the API is similar.
Description:
Xerces2 is the next generation of high performance, fully compliant XML parsers in the
Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI),
a complete framework for building parser components and configurations that is extremely
modular and easy to program.
File Path: /home/ciagent/.m2/repository/xerces/xercesImpl/2.9.1/xercesImpl-2.9.1.jar MD5: f807f86d7d9db25edbfc782aca7ca2a9 SHA1: 7bc7e49ddfe4fb5f193ed37ecc96c12292c8ceb6
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
central
groupid
xerces
Highest
Vendor
pom
url
http://xerces.apache.org/xerces2-j
Highest
Vendor
pom
artifactid
xercesImpl
Low
Vendor
pom
groupid
xerces
Highest
Vendor
manifest: javax/xml/datatype/
Implementation-Vendor
Apache Software Foundation
Medium
Vendor
manifest: org/w3c/dom/ls/
Implementation-Vendor
World Wide Web Consortium
Medium
Vendor
manifest: javax/xml/parsers/
Implementation-Vendor
Apache Software Foundation
Medium
Vendor
pom
parent-artifactid
apache
Low
Vendor
pom
description
Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.
Low
Vendor
manifest: org/w3c/dom/
Implementation-Vendor
World Wide Web Consortium
Medium
Vendor
manifest: org/xml/sax/
Implementation-Vendor
David Megginson
Medium
Vendor
file
name
xercesImpl
High
Vendor
manifest: org/apache/xerces/impl/Version.class
Implementation-Vendor
Apache Software Foundation
Medium
Vendor
pom
parent-groupid
org.apache
Medium
Vendor
manifest: org/apache/xerces/xni/
Implementation-Vendor
Apache Software Foundation
Medium
Vendor
manifest: javax/xml/validation/
Implementation-Vendor
Apache Software Foundation
Medium
Vendor
manifest: javax/xml/transform/
Implementation-Vendor
Apache Software Foundation
Medium
Vendor
manifest: javax/xml/xpath/
Implementation-Vendor
Apache Software Foundation
Medium
Vendor
pom
name
Xerces2 Java Parser
High
Product
manifest: org/w3c/dom/
Specification-Title
Document Object Model, Level 3 Core
Medium
Product
manifest: org/w3c/dom/ls/
Specification-Title
Document Object Model, Level 3 Load and Save
Medium
Product
manifest: javax/xml/validation/
Implementation-Title
javax.xml.validation
Medium
Product
manifest: org/apache/xerces/xni/
Implementation-Title
org.apache.xerces.xni
Medium
Product
manifest: javax/xml/validation/
Specification-Title
Java API for XML Processing
Medium
Product
manifest: org/w3c/dom/ls/
Implementation-Title
org.w3c.dom.ls
Medium
Product
manifest: org/w3c/dom/
Implementation-Title
org.w3c.dom
Medium
Product
manifest: javax/xml/xpath/
Implementation-Title
javax.xml.xpath
Medium
Product
manifest: javax/xml/transform/
Implementation-Title
javax.xml.transform
Medium
Product
pom
description
Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.
Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.
Description: Java library for reading metadata from image files.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/drewnoakes/metadata-extractor/2.6.2/metadata-extractor-2.6.2.jar MD5: 8f3acbee87dbd5b0cdfacee3bb3aff8b SHA1: 13930ff22d3f152bd969a63e88537d2f2adc2cd5
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
url
http://code.google.com/p/metadata-extractor/
Highest
Vendor
pom
artifactid
metadata-extractor
Low
Vendor
pom
groupid
com.drewnoakes
Highest
Vendor
file
name
metadata-extractor
High
Vendor
jar
package name
metadata
Low
Vendor
jar
package name
drew
Low
Vendor
pom
groupid
drewnoakes
Highest
Vendor
pom
name
metadata-extractor
High
Vendor
central
groupid
com.drewnoakes
Highest
Vendor
pom
description
Java library for reading metadata from image files.
Medium
Product
pom
groupid
drewnoakes
Low
Product
file
name
metadata-extractor
High
Product
central
artifactid
metadata-extractor
Highest
Product
jar
package name
metadata
Low
Product
pom
url
http://code.google.com/p/metadata-extractor/
Medium
Product
pom
name
metadata-extractor
High
Product
pom
description
Java library for reading metadata from image files.
Description: All Roads Lead to ROME. ROME is a set of Atom/RSS Java utilities that make it
easy to work in Java with most syndication formats. Today it accepts all flavors of RSS
(0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0), Atom 0.3 and Atom 1.0 feeds. Rome includes
a set of parsers and generators for the various flavors of feeds, as well as converters
to convert from one format to another. The parsers can give you back Java objects that
are either specific for the format you want to work with, or a generic normalized
SyndFeed object that lets you work on with the data without bothering about the
underlying format.
File Path: /home/ciagent/.m2/repository/rome/rome/1.0/rome-1.0.jar MD5: 53d38c030287b939f4e6d745ba1269a7 SHA1: 022b33347f315833e9348cec2751af1a5d5656e4
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
Manifest
bundle-symbolicname
rome.rome
Medium
Vendor
pom
name
ROME, RSS and atOM utilitiEs for Java
High
Vendor
file
name
rome
High
Vendor
manifest
Bundle-Description
All Roads Lead to ROME. ROME is a set of Atom/RSS Java utilities that make it easy to work in Java with most syndication formats. Today it accepts all flavors of RSS (0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0), Atom 0.3 and Atom 1.0 feeds. Rome includes a set of parsers and generators for the various flavors of feeds, as well as converters to convert from one format to another. The parsers can give you back Java objects that are either specific for the format you want to work with, or a generic normalized SyndFeed object that lets you work on with the data without bothering about the underlying format.
Low
Vendor
central
groupid
rome
Highest
Vendor
Manifest
bundle-docurl
http://java.sun.com/
Low
Vendor
pom
groupid
rome
Highest
Vendor
pom
organization url
http://java.sun.com/
Medium
Vendor
pom
url
https://rome.dev.java.net/
Highest
Vendor
pom
description
All Roads Lead to ROME. ROME is a set of Atom/RSS Java utilities that make it easy to work in Java with most syndication formats. Today it accepts all flavors of RSS (0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0), Atom 0.3 and Atom 1.0 feeds. Rome includes a set of parsers and generators for the various flavors of feeds, as well as converters to convert from one format to another. The parsers can give you back Java objects that are either specific for the format you want to work with, or a generic normalized SyndFeed object that lets you work on with the data without bothering about the underlying format.
Low
Vendor
Manifest
originally-created-by
1.6.0_10 (Sun Microsystems Inc.)
Low
Vendor
pom
artifactid
rome
Low
Vendor
Manifest
embed-directory
META-INF/lib
Low
Vendor
pom
organization name
Sun Microsystems
High
Product
Manifest
bundle-symbolicname
rome.rome
Medium
Product
pom
name
ROME, RSS and atOM utilitiEs for Java
High
Product
file
name
rome
High
Product
manifest
Bundle-Description
All Roads Lead to ROME. ROME is a set of Atom/RSS Java utilities that make it easy to work in Java with most syndication formats. Today it accepts all flavors of RSS (0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0), Atom 0.3 and Atom 1.0 feeds. Rome includes a set of parsers and generators for the various flavors of feeds, as well as converters to convert from one format to another. The parsers can give you back Java objects that are either specific for the format you want to work with, or a generic normalized SyndFeed object that lets you work on with the data without bothering about the underlying format.
Low
Product
Manifest
bundle-docurl
http://java.sun.com/
Low
Product
pom
groupid
rome
Low
Product
pom
artifactid
rome
Highest
Product
central
artifactid
rome
Highest
Product
pom
organization name
Sun Microsystems
Low
Product
pom
description
All Roads Lead to ROME. ROME is a set of Atom/RSS Java utilities that make it easy to work in Java with most syndication formats. Today it accepts all flavors of RSS (0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0), Atom 0.3 and Atom 1.0 feeds. Rome includes a set of parsers and generators for the various flavors of feeds, as well as converters to convert from one format to another. The parsers can give you back Java objects that are either specific for the format you want to work with, or a generic normalized SyndFeed object that lets you work on with the data without bothering about the underlying format.
File Path: /home/ciagent/.m2/repository/org/gagravarr/vorbis-java-core/0.1/vorbis-java-core-0.1.jar MD5: b88115be2754cb6883e652ba68ca46c8 SHA1: 662a02b94701947e6e66e7793d996043f05fad4a
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Mozilla Public License 1.1 (MPL 1.1): http://www.mozilla.org/MPL/MPL-1.1.html
File Path: /home/ciagent/.m2/repository/com/googlecode/juniversalchardet/juniversalchardet/1.0.3/juniversalchardet-1.0.3.jar MD5: d9ea0a9a275336c175b343f2e4cd8f27 SHA1: cd49678784c46aa8789c060538e0154013bb421b
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Description:
JHighlight is an embeddable pure Java syntax highlighting
library that supports Java, HTML, XHTML, XML and LZX
languages and outputs to XHTML.
It also supports RIFE templates tags and highlights them
clearly so that you can easily identify the difference
between your RIFE markup and the actual marked up source.
License:
CDDL, v1.0: http://www.opensource.org/licenses/cddl1.php
LGPL, v2.1 or later: http://www.opensource.org/licenses/lgpl-license.php
File Path: /home/ciagent/.m2/repository/com/uwyn/jhighlight/1.0/jhighlight-1.0.jar MD5: 0ad5cf1bc56657f5e9e327e5e768da0a SHA1: 0b1774029ee29472df8c25e5ba796431f7689fd6
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
groupid
uwyn
Highest
Vendor
pom
organization url
http://uwyn.com/
Medium
Vendor
central
groupid
com.uwyn
Highest
Vendor
pom
organization name
Uwyn
High
Vendor
pom
url
https://jhighlight.dev.java.net/
Highest
Vendor
jar
package name
uwyn
Low
Vendor
file
name
jhighlight
High
Vendor
pom
artifactid
jhighlight
Low
Vendor
jar
package name
jhighlight
Low
Vendor
pom
name
JHighlight
High
Vendor
pom
description
JHighlight is an embeddable pure Java syntax highlighting library that supports Java, HTML, XHTML, XML and LZX languages and outputs to XHTML. It also supports RIFE templates tags and highlights them clearly so that you can easily identify the difference between your RIFE markup and the actual marked up source.
Low
Vendor
pom
groupid
com.uwyn
Highest
Product
pom
organization url
http://uwyn.com/
Low
Product
pom
url
https://jhighlight.dev.java.net/
Medium
Product
jar
package name
jhighlight
Low
Product
pom
name
JHighlight
High
Product
pom
artifactid
jhighlight
Highest
Product
pom
organization name
Uwyn
Low
Product
pom
description
JHighlight is an embeddable pure Java syntax highlighting library that supports Java, HTML, XHTML, XML and LZX languages and outputs to XHTML. It also supports RIFE templates tags and highlights them clearly so that you can easily identify the difference between your RIFE markup and the actual marked up source.
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/xmlbeans/xmlbeans/2.6.0/xmlbeans-2.6.0.jar MD5: 6591c08682d613194dacb01e95c78c2c SHA1: 29e80d2dd51f9dcdef8f9ffaee0d4dc1c9bbfc87
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Description: Implementation of Document Service of Exoplatform SAS 'eXo Core' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.document/5.3.x-SNAPSHOT/exo.core.component.document-5.3.x-SNAPSHOT.jar MD5: ee01dc25430729534f0701d16a5c1a1c SHA1: 42544c218cc49b72afd25247fa0485e627e12019
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
Manifest
Implementation-Vendor-Id
org.exoplatform.core
Medium
Vendor
pom
name
eXo PLF Core :: Component :: Document Service
High
Vendor
pom
description
Implementation of Document Service of Exoplatform SAS 'eXo Core' project.
Medium
Vendor
pom
artifactid
exo.core.component.document
Low
Vendor
pom
parent-artifactid
core-parent
Low
Vendor
file
name
exo.core.component.document
High
Vendor
pom
parent-groupid
org.exoplatform.core
Medium
Vendor
Manifest
Implementation-Vendor
eXo Platform SAS
High
Vendor
Manifest
specification-vendor
eXo Platform SAS
Low
Vendor
pom
groupid
exoplatform.core
Highest
Vendor
pom
groupid
org.exoplatform.core
Highest
Product
pom
name
eXo PLF Core :: Component :: Document Service
High
Product
pom
parent-artifactid
core-parent
Medium
Product
pom
description
Implementation of Document Service of Exoplatform SAS 'eXo Core' project.
Description: Implementation of Database Service of Exoplatform SAS eXo Core' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.database/5.3.x-SNAPSHOT/exo.core.component.database-5.3.x-SNAPSHOT.jar MD5: bb0775e75d6424c36d565f397ac0b55a SHA1: cf3639c1b8c88f2f91fa42e067688fcc8e79eae6
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
Manifest
Implementation-Vendor-Id
org.exoplatform.core
Medium
Vendor
pom
parent-artifactid
core-parent
Low
Vendor
pom
parent-groupid
org.exoplatform.core
Medium
Vendor
pom
artifactid
exo.core.component.database
Low
Vendor
Manifest
Implementation-Vendor
eXo Platform SAS
High
Vendor
file
name
exo.core.component.database
High
Vendor
Manifest
specification-vendor
eXo Platform SAS
Low
Vendor
pom
description
Implementation of Database Service of Exoplatform SAS eXo Core' project.
Medium
Vendor
pom
groupid
exoplatform.core
Highest
Vendor
pom
name
eXo PLF Core :: Component :: Database Service
High
Vendor
pom
groupid
org.exoplatform.core
Highest
Product
pom
parent-artifactid
core-parent
Medium
Product
Manifest
Implementation-Title
eXo PLF Core :: Component :: Database Service
High
Product
pom
artifactid
exo.core.component.database
Highest
Product
pom
groupid
exoplatform.core
Low
Product
Manifest
specification-title
exo-core
Medium
Product
pom
parent-groupid
org.exoplatform.core
Low
Product
file
name
exo.core.component.database
High
Product
pom
description
Implementation of Database Service of Exoplatform SAS eXo Core' project.
File Path: /home/ciagent/.m2/repository/org/apache/lucene/lucene-core/3.6.2/lucene-core-3.6.2.jar MD5: ee396d04f5a35557b424025f5382c815 SHA1: 9ec77e2507f9cc01756964c71d91efd8154a8c47
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
File Path: /home/ciagent/.m2/repository/org/apache/lucene/lucene-analyzers/3.6.2/lucene-analyzers-3.6.2.jar MD5: 13f8241b6991bd1349c05369a7c0f002 SHA1: 3a083510dcb0d0fc67f8456cdac6f48aa0da2993
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
File Path: /home/ciagent/.m2/repository/org/apache/lucene/lucene-spellchecker/3.6.2/lucene-spellchecker-3.6.2.jar MD5: a4b684913f93aea76f5dbd7e479f19c5 SHA1: 15db0c0cfee44e275f15ad046e46b9a05910ad24
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Description:
The javax.transaction package. It is appropriate for inclusion in a classpath, and may be added to a Java 2 installation.
File Path: /home/ciagent/.m2/repository/javax/transaction/jta/1.1/jta-1.1.jar MD5: 82a10ce714f411b28f13850059de09ee SHA1: 2ca09f0b36ca7d71b762e14ea2ff09d5eac57558
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
Manifest
specification-vendor
Sun Microsystems, Inc.
Low
Vendor
Manifest
extension-name
javax.transaction
Medium
Vendor
pom
artifactid
jta
Low
Vendor
pom
description
The javax.transaction package. It is appropriate for inclusion in a classpath, and may be added to a Java 2 installation.
Low
Vendor
pom
groupid
javax.transaction
Highest
Vendor
pom
name
Java Transaction API
High
Vendor
pom
url
http://java.sun.com/products/jta
Highest
Vendor
central
groupid
javax.transaction
High
Vendor
file
name
jta
High
Product
pom
artifactid
jta
Highest
Product
pom
url
http://java.sun.com/products/jta
Medium
Product
pom
groupid
javax.transaction
Low
Product
Manifest
extension-name
javax.transaction
Medium
Product
central
artifactid
transaction-api
High
Product
pom
description
The javax.transaction package. It is appropriate for inclusion in a classpath, and may be added to a Java 2 installation.
Public domain, Sun Microsoystems: >http://gee.cs.oswego.edu/dl/classes/EDU/oswego/cs/dl/util/concurrent/intro.html
File Path: /home/ciagent/.m2/repository/concurrent/concurrent/1.3.4/concurrent-1.3.4.jar MD5: f29b9d930d3426ebc56919eba10fbd4d SHA1: 1cf394c2a388199db550cda311174a4c6a7d117c
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
File Path: /home/ciagent/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar MD5: f54a8510f834a1a57166970bfc982e94 SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
File Path: /home/ciagent/.m2/repository/org/jgroups/jgroups/3.6.13.Final/jgroups-3.6.13.Final.jar MD5: d7a4d1065e9b09e3f48bfa88ab368a0c SHA1: 1315a8a1aed98dcafc11a850957ced42dc26bf18
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
artifactid
jgroups
Low
Vendor
pom
organization name
JBoss, a division of Red Hat
High
Vendor
manifest
Bundle-Description
Ant/ivy based build.xml file for JGroups. Needs ant to run
Medium
Vendor
Manifest
bundle-requiredexecutionenvironment
JavaSE-1.7
Low
Vendor
Manifest
bundle-docurl
http://www.jboss.org
Low
Vendor
pom
groupid
org.jgroups
Highest
Vendor
pom
organization url
http://www.jboss.org
Medium
Vendor
file
name
jgroups
High
Vendor
Manifest
bundle-symbolicname
org.jgroups
Medium
Vendor
pom
groupid
jgroups
Highest
Vendor
pom
description
Reliable cluster communication toolkit
Medium
Vendor
pom
name
JGroups
High
Vendor
pom
url
http://www.jgroups.org
Highest
Vendor
central
groupid
org.jgroups
Highest
Product
Manifest
Bundle-Name
JGroups
Medium
Product
manifest
Bundle-Description
Ant/ivy based build.xml file for JGroups. Needs ant to run
File Path: /home/ciagent/.m2/repository/org/jboss/jbossts/jbossjta/4.16.6.Final/jbossjta-4.16.6.Final.jar MD5: 9e3c8d7d93b92ab97489aeb5816370c8 SHA1: 99e79e03ced180bea4e3307511d350eb2b88c91c
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Description: This is a small collection of utility classes, that allow high performance XML processing based on SAX. Basically, it is assumed, that you are using an JAXP 1.1 compliant XML parser and nothing else. In particular, no dependency on the javax.xml.transform package is introduced.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/ws/commons/ws-commons-util/1.0.1/ws-commons-util-1.0.1.jar MD5: 66919d22287ddab742a135da764c2cd6 SHA1: 126e80ff798fece634bc94e61f8be8a8da00be60
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
groupid
org.apache.ws.commons
Highest
Vendor
Manifest
specification-vendor
Apache Software Foundation
Low
Vendor
Manifest
Implementation-Vendor
Apache Software Foundation
High
Vendor
pom
groupid
apache.ws.commons
Highest
Vendor
Manifest
extension-name
ws-commons-util
Medium
Vendor
central
groupid
ws-commons-util
High
Vendor
pom
description
This is a small collection of utility classes, that allow high performance XML processing based on SAX. Basically, it is assumed, that you are using an JAXP 1.1 compliant XML parser and nothing else. In particular, no dependency on the javax.xml.transform package is introduced.
Low
Vendor
pom
organization url
http://www.apache.org/
Medium
Vendor
pom
url
http://ws.apache.org/commons/util
Highest
Vendor
file
name
ws-commons-util
High
Vendor
pom
name
Apache WebServices Common Utilities
High
Vendor
pom
artifactid
ws-commons-util
Low
Vendor
pom
organization name
Apache Software Foundation
High
Vendor
central
groupid
org.apache.ws.commons
High
Product
central
artifactid
ws-commons-util
High
Product
Manifest
extension-name
ws-commons-util
Medium
Product
pom
description
This is a small collection of utility classes, that allow high performance XML processing based on SAX. Basically, it is assumed, that you are using an JAXP 1.1 compliant XML parser and nothing else. In particular, no dependency on the javax.xml.transform package is introduced.
Low
Product
pom
artifactid
ws-commons-util
Highest
Product
pom
organization name
Apache Software Foundation
Low
Product
pom
organization url
http://www.apache.org/
Low
Product
pom
groupid
apache.ws.commons
Low
Product
file
name
ws-commons-util
High
Product
pom
name
Apache WebServices Common Utilities
High
Product
Manifest
Implementation-Title
ws-commons-util
High
Product
Manifest
specification-title
This is a small collection of utility classes, that allow high performance XML processing based on SAX. Basically, it is assumed, that you are using an JAXP 1.1 compliant XML parser and nothing else. In particular, no dependency on the javax.xml.transform package is introduced.
ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.
File Path: /home/ciagent/.m2/repository/org/jboss/jboss-common-core/2.2.22.GA/jboss-common-core-2.2.22.GA.jar MD5: 8c415e1467075a90045a7b0fd19886a3 SHA1: ae1a22412d879c4ac48e35cf00f438bb263d41c3
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Description: StringTemplate is a java template engine for generating source code,
web pages, emails, or any other formatted text output.
StringTemplate is particularly good at multi-targeted code generators,
multiple site skins, and internationalization/localization.
It evolved over years of effort developing jGuru.com.
StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org
and powers the ANTLR v3 code generator. Its distinguishing characteristic
is that unlike other engines, it strictly enforces model-view separation.
Strict separation makes websites and code generators more flexible
and maintainable; it also provides an excellent defense against malicious
template authors.
There are currently about 600 StringTemplate source downloads a month.
License:
BSD licence: http://antlr.org/license.html
File Path: /home/ciagent/.m2/repository/org/antlr/stringtemplate/3.2.1/stringtemplate-3.2.1.jar MD5: b58ca53e518a92a1991eb63b61917582 SHA1: 59ec8083721eae215c6f3caee944c410d2be34de
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
url
http://www.stringtemplate.org
Highest
Vendor
central
groupid
org.antlr
Highest
Vendor
pom
description
StringTemplate is a java template engine for generating source code,
web pages, emails, or any other formatted text output. StringTemplate is particularly good at multi-targeted code generators,
multiple site skins, and internationalization/localization. It evolved over years of effort developing jGuru.com. StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org
and powers the ANTLR v3 code generator. Its distinguishing characteristic is that un...
Low
Vendor
jar
package name
stringtemplate
Low
Vendor
file
name
stringtemplate
High
Vendor
jar
package name
language
Low
Vendor
jar
package name
antlr
Low
Vendor
pom
name
ANTLR StringTemplate
High
Vendor
pom
groupid
org.antlr
Highest
Vendor
pom
groupid
antlr
Highest
Vendor
pom
artifactid
stringtemplate
Low
Product
pom
artifactid
stringtemplate
Highest
Product
pom
description
StringTemplate is a java template engine for generating source code,
web pages, emails, or any other formatted text output. StringTemplate is particularly good at multi-targeted code generators,
multiple site skins, and internationalization/localization. It evolved over years of effort developing jGuru.com. StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org
and powers the ANTLR v3 code generator. Its distinguishing characteristic is that un...
Description: A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.
File Path: /home/ciagent/.m2/repository/org/antlr/antlr-runtime/3.5/antlr-runtime-3.5.jar MD5: aa6d7c8b425df59f5f5bc98c58cfd9fc SHA1: 0baa82bff19059401e90e1b90020beb9c96305d7
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
description
A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.
Low
Vendor
pom
parent-artifactid
antlr-master
Low
Vendor
pom
url
http://www.antlr.org
Highest
Vendor
pom
parent-groupid
org.antlr
Medium
Vendor
file
name
antlr-runtime
High
Vendor
pom
groupid
antlr
Highest
Vendor
pom
artifactid
antlr-runtime
Low
Vendor
central
groupid
org.antlr
Highest
Vendor
pom
name
ANTLR 3 Runtime
High
Vendor
pom
groupid
org.antlr
Highest
Vendor
Manifest
Implementation-Vendor-Id
org.antlr
Medium
Vendor
Manifest
Implementation-Vendor
ANTLR
High
Product
pom
description
A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.
Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/jboss/logging/jboss-logging/3.3.0.Final/jboss-logging-3.3.0.Final.jar MD5: bc11af4b8ce7138cdc79b7ba8561638c SHA1: 3616bb87707910296e2c195dc016287080bba5af
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Description:
Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
File Path: /home/ciagent/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar MD5: 4d5c1693079575b362edf41500630bbd SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
Manifest
bundle-symbolicname
org.apache.commons.lang
Medium
Vendor
Manifest
Implementation-Vendor-Id
org.apache
Medium
Vendor
pom
parent-groupid
org.apache.commons
Medium
Vendor
Manifest
specification-vendor
The Apache Software Foundation
Low
Vendor
pom
artifactid
commons-lang
Low
Vendor
central
groupid
org.netbeans.external
High
Vendor
pom
parent-artifactid
commons-parent
Low
Vendor
pom
name
Commons Lang
High
Vendor
pom
url
http://commons.apache.org/lang/
Highest
Vendor
file
name
commons-lang
High
Vendor
pom
groupid
commons-lang
Highest
Vendor
Manifest
bundle-docurl
http://commons.apache.org/lang/
Low
Vendor
Manifest
Implementation-Vendor
The Apache Software Foundation
High
Vendor
pom
description
Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.
Low
Vendor
manifest
Bundle-Description
Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.
Low
Vendor
central
groupid
commons-lang
High
Product
Manifest
bundle-symbolicname
org.apache.commons.lang
Medium
Product
pom
url
http://commons.apache.org/lang/
Medium
Product
Manifest
Implementation-Title
Commons Lang
High
Product
pom
artifactid
commons-lang
Highest
Product
pom
groupid
commons-lang
Low
Product
Manifest
specification-title
Commons Lang
Medium
Product
pom
name
Commons Lang
High
Product
central
artifactid
org-apache-commons-lang
High
Product
file
name
commons-lang
High
Product
central
artifactid
commons-lang
High
Product
pom
parent-artifactid
commons-parent
Medium
Product
Manifest
bundle-docurl
http://commons.apache.org/lang/
Low
Product
pom
description
Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.
Low
Product
Manifest
Bundle-Name
Commons Lang
Medium
Product
manifest
Bundle-Description
Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.
Description: Infinispan Implementation of Cache Service for Exoplatform SAS 'eXo Kernel' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.component.ext.cache.impl.infinispan.v8/5.3.x-SNAPSHOT/exo.kernel.component.ext.cache.impl.infinispan.v8-5.3.x-SNAPSHOT.jar MD5: 0d6e8c5fd0c6f99800b70dfda0ee9baf SHA1: fcbcfec3a05eced44cfcc8a330576ad77a8e500d
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
File Path: /home/ciagent/.m2/repository/org/jboss/marshalling/jboss-marshalling-osgi/2.0.0.Beta3/jboss-marshalling-osgi-2.0.0.Beta3.jar MD5: 7652392087f6e70312cf0309ab563a4f SHA1: a55fe6527a2d50dc48ad3f8b9093bd0cb01302b0
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
File Path: /home/ciagent/.m2/repository/org/infinispan/infinispan-core/8.2.6.Final/infinispan-core-8.2.6.Final.jar MD5: 06371c22b39aef4faf1da8d21b2102cb SHA1: 84937a866a56760b9c50bfbca10442fa14be6375
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
Description: Implementation of Core Service of Exoplatform SAS 'eXo Core' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/jcr/exo.jcr.component.core/5.3.x-SNAPSHOT/exo.jcr.component.core-5.3.x-SNAPSHOT.jar MD5: 11869345b974375ee963b2a6bafdefb4 SHA1: a62f450267c414a58595edb2e97a0e693a9d5764
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
exo.jcr.component.core
High
Vendor
pom
description
Implementation of Core Service of Exoplatform SAS 'eXo Core' project.
Medium
Vendor
pom
artifactid
exo.jcr.component.core
Low
Vendor
pom
name
eXo PLF:: JCR :: Component :: Core Service
High
Vendor
Manifest
Implementation-Vendor
eXo Platform SAS
High
Vendor
pom
parent-groupid
org.exoplatform.jcr
Medium
Vendor
Manifest
specification-vendor
eXo Platform SAS
Low
Vendor
pom
groupid
exoplatform.jcr
Highest
Vendor
Manifest
Implementation-Vendor-Id
org.exoplatform.jcr
Medium
Vendor
pom
parent-artifactid
jcr-parent
Low
Vendor
pom
groupid
org.exoplatform.jcr
Highest
Product
file
name
exo.jcr.component.core
High
Product
pom
parent-artifactid
jcr-parent
Medium
Product
pom
description
Implementation of Core Service of Exoplatform SAS 'eXo Core' project.
Description: mime-util is a simple to use, small, light weight and fast open source java utility library that can detect
MIME types from files, input streams, URL's and byte arrays.
Due to the use of regular expressions and the java.nio packages it requires at least Java 1.4.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/eu/medsea/mimeutil/mime-util/2.1.3/mime-util-2.1.3.jar MD5: 3d4f3e1a96eb79683197f1c8b182f4a6 SHA1: 0c9cfae15c74f62491d4f28def0dff1dabe52a47
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
Manifest
bundle-symbolicname
eu.medsea.mimeutil.mime-util
Medium
Vendor
pom
organization name
Medsea Business Solutions S.L.
High
Vendor
manifest
Bundle-Description
mime-util is a simple to use, small, light weight and fast open source java utility library that can detect MIME types from files, input streams, URL's and byte arrays. Due to the use of regular expressions and the java.nio packages it requires at least Java 1.4.
Low
Vendor
file
name
mime-util
High
Vendor
central
groupid
eu.medsea.mimeutil
Highest
Vendor
pom
url
http://www.medsea.eu/mime-util/
Highest
Vendor
pom
organization url
http://www.medsea.eu
Medium
Vendor
pom
name
Mime Detection Utility
High
Vendor
pom
description
mime-util is a simple to use, small, light weight and fast open source java utility library that can detect MIME types from files, input streams, URL's and byte arrays. Due to the use of regular expressions and the java.nio packages it requires at least Java 1.4.
Low
Vendor
Manifest
url
http://www.medsea.eu/mime-util/
Low
Vendor
pom
groupid
eu.medsea.mimeutil
Highest
Vendor
pom
artifactid
mime-util
Low
Vendor
Manifest
bundle-docurl
http://www.medsea.eu
Low
Product
pom
groupid
eu.medsea.mimeutil
Low
Product
Manifest
bundle-symbolicname
eu.medsea.mimeutil.mime-util
Medium
Product
manifest
Bundle-Description
mime-util is a simple to use, small, light weight and fast open source java utility library that can detect MIME types from files, input streams, URL's and byte arrays. Due to the use of regular expressions and the java.nio packages it requires at least Java 1.4.
Low
Product
pom
url
http://www.medsea.eu/mime-util/
Medium
Product
file
name
mime-util
High
Product
pom
artifactid
mime-util
Highest
Product
pom
organization name
Medsea Business Solutions S.L.
Low
Product
pom
name
Mime Detection Utility
High
Product
pom
description
mime-util is a simple to use, small, light weight and fast open source java utility library that can detect MIME types from files, input streams, URL's and byte arrays. Due to the use of regular expressions and the java.nio packages it requires at least Java 1.4.
File Path: /home/ciagent/.m2/repository/jakarta-regexp/jakarta-regexp/1.4/jakarta-regexp-1.4.jar MD5: 5d8b8c601c21b37aa6142d38f45c0297 SHA1: 0ea514a179ac1dd7e81c7e6594468b9b9910d298
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Description: XML Pull parser library developed by Extreme Computing Lab, Indiana University
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/ogce/xpp3/1.1.6/xpp3-1.1.6.jar MD5: 626a429318310e92e3466151e050bdc5 SHA1: dc87e00ddb69341b46a3eb1c331c6fcebf6c8546
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
jar
package name
v1
Low
Vendor
pom
url
http://www.extreme.indiana.edu/xpp/
Highest
Vendor
file
name
xpp3
High
Vendor
pom
groupid
ogce
Highest
Vendor
jar
package name
xmlpull
Low
Vendor
central
groupid
org.ogce
Highest
Vendor
pom
artifactid
xpp3
Low
Vendor
pom
name
XPP3
High
Vendor
jar
package name
builder
Low
Vendor
pom
groupid
org.ogce
Highest
Vendor
pom
description
XML Pull parser library developed by Extreme Computing Lab, Indiana University
Medium
Product
jar
package name
xpath
Low
Product
pom
artifactid
xpp3
Highest
Product
jar
package name
v1
Low
Product
file
name
xpp3
High
Product
central
artifactid
xpp3
Highest
Product
pom
groupid
ogce
Low
Product
pom
url
http://www.extreme.indiana.edu/xpp/
Medium
Product
pom
name
XPP3
High
Product
jar
package name
builder
Low
Product
pom
description
XML Pull parser library developed by Extreme Computing Lab, Indiana University
File Path: /home/ciagent/.m2/repository/org/slf4j/jcl-over-slf4j/1.7.18/jcl-over-slf4j-1.7.18.jar MD5: 86c8f80da62e4640564effb9dff7e003 SHA1: eca71be00af2579564e9f3a23ce0b245ca79ee5d
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
File Path: /home/ciagent/.m2/repository/org/slf4j/slf4j-api/1.7.18/slf4j-api-1.7.18.jar MD5: 1b1d1af21206ac5ae44cd79a6c04dd92 SHA1: b631d286463ced7cc42ee2171fe3beaed2836823
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Description: Implementation of Commons Utils of Exoplatform SAS 'eXo Kernel' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.commons/5.3.x-SNAPSHOT/exo.kernel.commons-5.3.x-SNAPSHOT.jar MD5: da41e6641229372fcd1dc2d95d1ba5c3 SHA1: d1970c05f4b460688a7531d478ad41d5314b554b
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
groupid
org.exoplatform.kernel
Highest
Vendor
pom
name
eXo PLF:: Kernel :: Commons Utils
High
Vendor
file
name
exo.kernel.commons
High
Vendor
pom
description
Implementation of Commons Utils of Exoplatform SAS 'eXo Kernel' project.
Medium
Vendor
pom
parent-groupid
org.exoplatform.kernel
Medium
Vendor
pom
parent-artifactid
kernel-parent
Low
Vendor
Manifest
Implementation-Vendor
eXo Platform SAS
High
Vendor
Manifest
specification-vendor
eXo Platform SAS
Low
Vendor
pom
artifactid
exo.kernel.commons
Low
Vendor
Manifest
Implementation-Vendor-Id
org.exoplatform.kernel
Medium
Vendor
pom
groupid
exoplatform.kernel
Highest
Product
pom
parent-artifactid
kernel-parent
Medium
Product
pom
groupid
exoplatform.kernel
Low
Product
pom
parent-groupid
org.exoplatform.kernel
Low
Product
pom
name
eXo PLF:: Kernel :: Commons Utils
High
Product
file
name
exo.kernel.commons
High
Product
pom
description
Implementation of Commons Utils of Exoplatform SAS 'eXo Kernel' project.
File Path: /home/ciagent/.m2/repository/commons-beanutils/commons-beanutils/1.8.3/commons-beanutils-1.8.3.jar MD5: b45be74134796c89db7126083129532f SHA1: 686ef3410bcf4ab8ce7fd0b899e832aaba5facf7
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
artifactid
commons-beanutils
Low
Vendor
Manifest
Implementation-Vendor-Id
org.apache
Medium
Vendor
pom
parent-groupid
org.apache.commons
Medium
Vendor
Manifest
specification-vendor
The Apache Software Foundation
Low
Vendor
central
groupid
commons-beanutils
Highest
Vendor
manifest
Bundle-Description
BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.
Medium
Vendor
file
name
commons-beanutils
High
Vendor
pom
parent-artifactid
commons-parent
Low
Vendor
Manifest
bundle-docurl
http://commons.apache.org/beanutils/
Low
Vendor
pom
groupid
commons-beanutils
Highest
Vendor
pom
name
Commons BeanUtils
High
Vendor
Manifest
bundle-symbolicname
org.apache.commons.beanutils
Medium
Vendor
Manifest
Implementation-Vendor
The Apache Software Foundation
High
Vendor
pom
url
http://commons.apache.org/beanutils/
Highest
Vendor
pom
description
BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.
Medium
Product
central
artifactid
commons-beanutils
Highest
Product
pom
artifactid
commons-beanutils
Highest
Product
pom
groupid
commons-beanutils
Low
Product
manifest
Bundle-Description
BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.
Medium
Product
file
name
commons-beanutils
High
Product
pom
url
http://commons.apache.org/beanutils/
Medium
Product
Manifest
bundle-docurl
http://commons.apache.org/beanutils/
Low
Product
Manifest
Bundle-Name
Commons BeanUtils
Medium
Product
pom
name
Commons BeanUtils
High
Product
pom
parent-artifactid
commons-parent
Medium
Product
Manifest
bundle-symbolicname
org.apache.commons.beanutils
Medium
Product
Manifest
Implementation-Title
Commons BeanUtils
High
Product
Manifest
specification-title
Commons BeanUtils
Medium
Product
pom
description
BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
File Path: /home/ciagent/.m2/repository/org/gatein/common/common-logging/2.2.2.Final/common-logging-2.2.2.Final.jar MD5: 28b7108ee63899bca08636d360e7df11 SHA1: aee18008518671fb10982c0fe5f7383e98f71c47
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
File Path: /home/ciagent/.m2/repository/org/gatein/common/common-common/2.2.2.Final/common-common-2.2.2.Final.jar MD5: 8ce16b5e3991285cd27e553740d09d1f SHA1: 44522d899e31a5a10dbd70f7b0ca2fe5a614f740
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/wci/wci-wci/5.3.x-SNAPSHOT/wci-wci-5.3.x-SNAPSHOT.jar MD5: 5e64b39e7c7802e83bc224b2f8746a87 SHA1: d21bdcef2b1bd2ac6a5e4e8fb4178466f2365012
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
wci-wci
High
Vendor
Manifest
implementation-url
www.gatein.org/wci-parent/wci-wci/
Low
Vendor
Manifest
os-name
Linux
Medium
Vendor
Manifest
specification-vendor
JBoss by Red Hat
Low
Vendor
pom
parent-groupid
org.exoplatform.gatein.wci
Medium
Vendor
pom
groupid
org.exoplatform.gatein.wci
Highest
Vendor
pom
name
GateIn - Web Container Integration component (wci)
High
Vendor
Manifest
Implementation-Vendor-Id
org.exoplatform.gatein.wci
Medium
Vendor
pom
artifactid
wci-wci
Low
Vendor
Manifest
java-vendor
Oracle Corporation
Medium
Vendor
Manifest
Implementation-Vendor
JBoss by Red Hat
High
Vendor
pom
groupid
exoplatform.gatein.wci
Highest
Vendor
Manifest
build-timestamp
Sun, 8 Sep 2019 12:20:21 +0000
Low
Vendor
pom
parent-artifactid
wci-parent
Low
Product
Manifest
specification-title
GateIn - Web Container Integration component (wci)
Medium
Product
file
name
wci-wci
High
Product
pom
parent-groupid
org.exoplatform.gatein.wci
Low
Product
Manifest
Implementation-Title
GateIn - Web Container Integration component (wci)
High
Product
Manifest
implementation-url
www.gatein.org/wci-parent/wci-wci/
Low
Product
Manifest
os-name
Linux
Medium
Product
pom
groupid
exoplatform.gatein.wci
Low
Product
pom
artifactid
wci-wci
Highest
Product
pom
parent-artifactid
wci-parent
Medium
Product
Manifest
build-timestamp
Sun, 8 Sep 2019 12:20:21 +0000
Low
Product
pom
name
GateIn - Web Container Integration component (wci)
File Path: /home/ciagent/.m2/repository/org/jibx/jibx-run/1.2.6/jibx-run-1.2.6.jar MD5: 4ef53e4279c8440aff2d16c0af024231 SHA1: 544f3ac7887d7eed20ca0420ee1963df6c7ecebb
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar MD5: 289075e48b909e9e74e6c915b3631d2e SHA1: 6975da39a7040257bd51d21a231b76c915872d38
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Description: JSR-250 Reference Implementation by Glassfish
License:
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: /home/ciagent/.m2/repository/javax/annotation/jsr250-api/1.0/jsr250-api-1.0.jar MD5: 4cd56b2e4977e541186de69f5126b4a6 SHA1: 5025422767732a1ab45d93abfea846513d742dcf
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
name
JSR-250 Common Annotations for the JavaTM Platform
Description: APIs for JSR-299: Contexts and Dependency Injection for Java EE
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/ciagent/.m2/repository/javax/enterprise/cdi-api/1.0-SP4/cdi-api-1.0-SP4.jar MD5: 6c1e2b4036d64b6ba1a1136a00c7cdaa SHA1: 6e38490033eb8b36c4cf1f7605163424a574dcf0
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
Manifest
specification-vendor
Seam Framework
Low
Vendor
Manifest
Implementation-Vendor
Seam Framework
High
Vendor
pom
parent-artifactid
weld-parent
Low
Vendor
pom
organization name
Seam Framework
High
Vendor
pom
description
APIs for JSR-299: Contexts and Dependency Injection for Java EE
Medium
Vendor
file
name
cdi-api
High
Vendor
pom
parent-groupid
org.jboss.weld
Medium
Vendor
pom
groupid
javax.enterprise
Highest
Vendor
pom
name
CDI APIs
High
Vendor
pom
artifactid
cdi-api
Low
Vendor
pom
organization url
http://seamframework.org
Medium
Vendor
pom
url
http://www.seamframework.org/Weld
Highest
Vendor
central
groupid
javax.enterprise
Highest
Vendor
Manifest
implementation-url
http://www.seamframework.org/Weld
Low
Product
pom
description
APIs for JSR-299: Contexts and Dependency Injection for Java EE
Description: Implementation of Container for Exoplatform SAS 'eXo Kernel' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.container/5.3.x-SNAPSHOT/exo.kernel.container-5.3.x-SNAPSHOT.jar MD5: 0998b4aaa22a19f6a0a707a6c0cc3008 SHA1: ae2830ac54989dce43509638f17cd847a45d8740
Referenced In Project/Scope:
eXo PLF:: Forum Common Statistics:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
groupid
org.exoplatform.kernel
Highest
Vendor
pom
parent-groupid
org.exoplatform.kernel
Medium
Vendor
pom
parent-artifactid
kernel-parent
Low
Vendor
pom
description
Implementation of Container for Exoplatform SAS 'eXo Kernel' project.
Medium
Vendor
Manifest
Implementation-Vendor
eXo Platform SAS
High
Vendor
Manifest
specification-vendor
eXo Platform SAS
Low
Vendor
pom
name
eXo PLF:: Kernel :: Container
High
Vendor
pom
artifactid
exo.kernel.container
Low
Vendor
file
name
exo.kernel.container
High
Vendor
Manifest
Implementation-Vendor-Id
org.exoplatform.kernel
Medium
Vendor
pom
groupid
exoplatform.kernel
Highest
Product
pom
parent-artifactid
kernel-parent
Medium
Product
pom
groupid
exoplatform.kernel
Low
Product
pom
parent-groupid
org.exoplatform.kernel
Low
Product
Manifest
Implementation-Title
eXo PLF:: Kernel :: Container
High
Product
pom
artifactid
exo.kernel.container
Highest
Product
pom
description
Implementation of Container for Exoplatform SAS 'eXo Kernel' project.