Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 3.1.2
Report Generated On: Jan 20, 2019 at 09:38:40 +00:00
Dependencies Scanned: 4 (4 unique)
Vulnerable Dependencies: 0
Vulnerabilities Found: 0
Vulnerabilities Suppressed: 0
...
NVD CVE 2002: 30/11/2018 09:08:39
NVD CVE 2003: 18/12/2018 09:11:59
NVD CVE 2004: 18/01/2019 09:12:18
NVD CVE 2005: 18/01/2019 09:10:58
NVD CVE 2006: 18/01/2019 09:08:46
NVD CVE 2007: 18/01/2019 19:33:33
NVD CVE 2008: 18/01/2019 19:33:34
NVD CVE 2009: 18/01/2019 19:33:33
NVD CVE 2010: 18/01/2019 08:55:14
NVD CVE 2011: 18/01/2019 19:33:33
NVD CVE 2012: 18/01/2019 19:33:32
NVD CVE 2013: 18/01/2019 19:33:33
NVD CVE 2014: 18/01/2019 08:38:51
NVD CVE 2015: 18/01/2019 19:33:35
NVD CVE 2016: 18/01/2019 08:30:13
NVD CVE 2017: 18/01/2019 08:24:37
NVD CVE 2018: 18/01/2019 19:33:32
NVD CVE 2019: 18/01/2019 08:00:08
NVD CVE Checked: 20/01/2019 09:27:01
NVD CVE Modified: 18/01/2019 19:04:29
VersionCheckOn: 1545557199441

Display: Showing Vulnerable Dependencies (click to show all)

Dependency	Coordinates	Evidence Count
common-logging-2.2.2.Final.jar	org.gatein.common:common-logging:2.2.2.Final ✓	31
common-common-2.2.2.Final.jar	org.gatein.common:common-common:2.2.2.Final ✓	31
wci-wci-5.2.x-SNAPSHOT.jar	org.exoplatform.gatein.wci:wci-wci:5.2.x-SNAPSHOT	29
wci-tomcat8-5.2.x-SNAPSHOT.jar	org.exoplatform.gatein.wci:wci-tomcat8:5.2.x-SNAPSHOT	27

Dependencies

common-logging-2.2.2.Final.jar

File Path: /home/ciagent/.m2/repository/org/gatein/common/common-logging/2.2.2.Final/common-logging-2.2.2.Final.jar
MD5: 28b7108ee63899bca08636d360e7df11
SHA1: aee18008518671fb10982c0fe5f7383e98f71c47
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Integration WebApp:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	parent-artifactid	common-parent	Low
Vendor	Manifest	Implementation-Vendor-Id	org.gatein.common	Medium
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	pom	artifactid	common-logging	Low
Vendor	Manifest	build-timestamp	Mon, 17 Mar 2014 20:43:14 +0100	Low
Vendor	Manifest	implementation-url	www.gatein.org/common-parent/common-logging/	Low
Vendor	pom	groupid	gatein.common	Highest
Vendor	pom	parent-groupid	org.gatein.common	Medium
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	pom	name	GateIn - Common component (logging)	High
Vendor	Manifest	os-name	Linux	Medium
Vendor	central	groupid	org.gatein.common	Highest
Vendor	pom	groupid	org.gatein.common	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	file	name	common-logging	High
Product	central	artifactid	common-logging	Highest
Product	pom	artifactid	common-logging	Highest
Product	Manifest	build-timestamp	Mon, 17 Mar 2014 20:43:14 +0100	Low
Product	Manifest	implementation-url	www.gatein.org/common-parent/common-logging/	Low
Product	pom	parent-artifactid	common-parent	Medium
Product	pom	groupid	gatein.common	Low
Product	pom	name	GateIn - Common component (logging)	High
Product	Manifest	os-name	Linux	Medium
Product	Manifest	Implementation-Title	GateIn - Common component (logging)	High
Product	Manifest	specification-title	GateIn - Common component (logging)	Medium
Product	pom	parent-groupid	org.gatein.common	Low
Product	file	name	common-logging	High
Version	pom	version	2.2.2.Final	Highest
Version	file	version	2.2.2	Highest
Version	Manifest	Implementation-Version	2.2.2.Final	High
Version	central	version	2.2.2.Final	Highest

Identifiers

maven: org.gatein.common:common-logging:2.2.2.Final ✓ Confidence:Highest

common-common-2.2.2.Final.jar

File Path: /home/ciagent/.m2/repository/org/gatein/common/common-common/2.2.2.Final/common-common-2.2.2.Final.jar
MD5: 8ce16b5e3991285cd27e553740d09d1f
SHA1: 44522d899e31a5a10dbd70f7b0ca2fe5a614f740
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Integration WebApp:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	implementation-url	www.gatein.org/common-parent/common-common/	Low
Vendor	pom	parent-artifactid	common-parent	Low
Vendor	pom	name	GateIn - Common component (common)	High
Vendor	Manifest	Implementation-Vendor-Id	org.gatein.common	Medium
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	build-timestamp	Mon, 17 Mar 2014 20:43:14 +0100	Low
Vendor	pom	groupid	gatein.common	Highest
Vendor	pom	parent-groupid	org.gatein.common	Medium
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	Manifest	os-name	Linux	Medium
Vendor	pom	artifactid	common-common	Low
Vendor	central	groupid	org.gatein.common	Highest
Vendor	pom	groupid	org.gatein.common	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	file	name	common-common	High
Product	Manifest	specification-title	GateIn - Common component (common)	Medium
Product	Manifest	implementation-url	www.gatein.org/common-parent/common-common/	Low
Product	pom	artifactid	common-common	Highest
Product	pom	name	GateIn - Common component (common)	High
Product	Manifest	build-timestamp	Mon, 17 Mar 2014 20:43:14 +0100	Low
Product	pom	parent-artifactid	common-parent	Medium
Product	pom	groupid	gatein.common	Low
Product	central	artifactid	common-common	Highest
Product	Manifest	os-name	Linux	Medium
Product	pom	parent-groupid	org.gatein.common	Low
Product	Manifest	Implementation-Title	GateIn - Common component (common)	High
Product	file	name	common-common	High
Version	pom	version	2.2.2.Final	Highest
Version	file	version	2.2.2	Highest
Version	Manifest	Implementation-Version	2.2.2.Final	High
Version	central	version	2.2.2.Final	Highest

Identifiers

maven: org.gatein.common:common-common:2.2.2.Final ✓ Confidence:Highest

wci-wci-5.2.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/wci/wci-wci/5.2.x-SNAPSHOT/wci-wci-5.2.x-SNAPSHOT.jar
MD5: 9be7f8aea19a80a647423fa43a36c72b
SHA1: 7c6923487afec73cb54ed4e7cca915b5f8cba968
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Integration WebApp:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	Implementation-Vendor-Id	org.exoplatform.gatein.wci	Medium
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	pom	parent-artifactid	wci-parent	Low
Vendor	Manifest	build-timestamp	Sun, 13 Jan 2019 13:04:07 +0000	Low
Vendor	pom	groupid	org.exoplatform.gatein.wci	Highest
Vendor	file	name	wci-wci	High
Vendor	Manifest	os-name	Linux	Medium
Vendor	pom	parent-groupid	org.exoplatform.gatein.wci	Medium
Vendor	pom	artifactid	wci-wci	Low
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	pom	groupid	exoplatform.gatein.wci	Highest
Vendor	Manifest	implementation-url	www.gatein.org/wci-parent/wci-wci/	Low
Vendor	pom	name	GateIn - Web Container Integration component (wci)	High
Product	pom	artifactid	wci-wci	Highest
Product	Manifest	Implementation-Title	GateIn - Web Container Integration component (wci)	High
Product	pom	groupid	exoplatform.gatein.wci	Low
Product	Manifest	implementation-url	www.gatein.org/wci-parent/wci-wci/	Low
Product	pom	parent-groupid	org.exoplatform.gatein.wci	Low
Product	pom	name	GateIn - Web Container Integration component (wci)	High
Product	Manifest	specification-title	GateIn - Web Container Integration component (wci)	Medium
Product	Manifest	build-timestamp	Sun, 13 Jan 2019 13:04:07 +0000	Low
Product	file	name	wci-wci	High
Product	Manifest	os-name	Linux	Medium
Product	pom	parent-artifactid	wci-parent	Medium
Version	pom	version	5.2.x-20190113.130413-39	Highest
Version	file	version	5.2	Highest
Version	pom	version	5.2.x-SNAPSHOT	Highest
Version	Manifest	Implementation-Version	5.2.x-SNAPSHOT	High

Identifiers

maven: org.exoplatform.gatein.wci:wci-wci:5.2.x-SNAPSHOT Confidence:High

wci-tomcat8-5.2.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/wci/wci-tomcat8/5.2.x-SNAPSHOT/wci-tomcat8-5.2.x-SNAPSHOT.jar
MD5: 1d5e66f4b045720af801a1bddc8176fe
SHA1: ae213f27b1197c2d70d4f7f90de71c126418d4a1
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Integration WebApp:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	pom	artifactid	wci-tomcat8	Low
Vendor	Manifest	Implementation-Vendor-Id	org.exoplatform.gatein.wci	Medium
Vendor	file	name	wci-tomcat8	High
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	Manifest	implementation-url	www.gatein.org/wci-parent/wci-tomcat/wci-tomcat8/	Low
Vendor	Manifest	build-timestamp	Sun, 13 Jan 2019 13:04:07 +0000	Low
Vendor	pom	groupid	org.exoplatform.gatein.wci	Highest
Vendor	pom	parent-artifactid	wci-tomcat	Low
Vendor	Manifest	os-name	Linux	Medium
Vendor	pom	parent-groupid	org.exoplatform.gatein.wci	Medium
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	pom	groupid	exoplatform.gatein.wci	Highest
Vendor	pom	name	GateIn - WCI Tomcat 8 compatibility component	High
Product	pom	groupid	exoplatform.gatein.wci	Low
Product	Manifest	Implementation-Title	GateIn - WCI Tomcat 8 compatibility component	High
Product	pom	parent-artifactid	wci-tomcat	Medium
Product	file	name	wci-tomcat8	High
Product	pom	parent-groupid	org.exoplatform.gatein.wci	Low
Product	Manifest	specification-title	GateIn - WCI Tomcat 8 compatibility component	Medium
Product	pom	name	GateIn - WCI Tomcat 8 compatibility component	High
Product	Manifest	implementation-url	www.gatein.org/wci-parent/wci-tomcat/wci-tomcat8/	Low
Product	Manifest	build-timestamp	Sun, 13 Jan 2019 13:04:07 +0000	Low
Product	pom	artifactid	wci-tomcat8	Highest
Product	Manifest	os-name	Linux	Medium
Version	file	version	5.2	Highest
Version	Manifest	Implementation-Version	5.2.x-SNAPSHOT	High

Identifiers

maven: org.exoplatform.gatein.wci:wci-tomcat8:5.2.x-SNAPSHOT Confidence:High

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: eXo PLF:: Platform Public Distributions - Tomcat Integration WebApp

org.exoplatform.platform.distributions:plf-tomcat-integration-webapp:5.2.x-SNAPSHOT

Dependencies

common-logging-2.2.2.Final.jar

Evidence

Identifiers

common-common-2.2.2.Final.jar

Evidence

Identifiers

wci-wci-5.2.x-SNAPSHOT.jar

Evidence

Identifiers

wci-tomcat8-5.2.x-SNAPSHOT.jar

Evidence

Identifiers