Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: eXo PLF:: Platform Public Distributions - Tomcat Resources

org.exoplatform.platform.distributions:plf-tomcat-resources:5.2.x-SNAPSHOT

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE Coordinates Highest Severity CVE Count CPE Confidence Evidence Count
logback-core-1.1.2.jar cpe:/a:logback:logback:1.1.2 ch.qos.logback:logback-core:1.1.2  High 1 Low 30
tomcat-catalina-jmx-remote-8.5.35.jar cpe:/a:apache_software_foundation:tomcat:8.5.35
cpe:/a:apache:tomcat:8.5.35
cpe:/a:apache_tomcat:apache_tomcat:8.5.35 		org.apache.tomcat:tomcat-catalina-jmx-remote:8.5.35  High 3 Low 21
commons-compiler-2.6.1.jar org.codehaus.janino:commons-compiler:2.6.1    0 18
janino-2.6.1.jar org.codehaus.janino:janino:2.6.1    0 21
plf-tomcat-integration-webapp-5.2.x-SNAPSHOT.war org.exoplatform.platform.distributions:plf-tomcat-integration-webapp:5.2.x-SNAPSHOT   0 25
common-logging-2.2.2.Final.jar org.gatein.common:common-logging:2.2.2.Final    0 31
common-common-2.2.2.Final.jar org.gatein.common:common-common:2.2.2.Final    0 31
wci-wci-5.2.x-SNAPSHOT.jar org.exoplatform.gatein.wci:wci-wci:5.2.x-SNAPSHOT   0 29
wci-tomcat8-5.2.x-SNAPSHOT.jar org.exoplatform.gatein.wci:wci-tomcat8:5.2.x-SNAPSHOT   0 27
mime-util-2.1.3.jar eu.medsea.mimeutil:mime-util:2.1.3    0 30
jakarta-regexp-1.4.jar jakarta-regexp:jakarta-regexp:1.4    0 14
xpp3-1.1.6.jar org.ogce:xpp3:1.1.6    0 24
exo.kernel.commons-5.2.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.commons:5.2.x-SNAPSHOT   0 24
commons-beanutils-1.8.3.jar cpe:/a:apache:commons_beanutils:1.8.3 commons-beanutils:commons-beanutils:1.8.3  High 1 Low 34
jibx-run-1.2.6.jar org.jibx:jibx-run:1.2.6    0 29
javax.inject-1.jar javax.inject:javax.inject:1    0 20
jsr250-api-1.0.jar javax.annotation:jsr250-api:1.0    0 20
cdi-api-1.0-SP4.jar javax.enterprise:cdi-api:1.0-SP4    0 31
exo.kernel.container-5.2.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.container:5.2.x-SNAPSHOT   0 24
plf-tomcat-pc-creator-listener-5.2.x-SNAPSHOT.jar org.exoplatform.platform.distributions:plf-tomcat-pc-creator-listener:5.2.x-SNAPSHOT   0 27
jansi-1.11.jar org.fusesource.jansi:jansi:1.11    0 24
hsqldb-2.4.0.jar org.hsqldb:hsqldb:2.4.0    0 35
jcl-over-slf4j-1.7.7.jar org.slf4j:jcl-over-slf4j:1.7.7    0 31
jul-to-slf4j-1.7.7.jar org.slf4j:jul-to-slf4j:1.7.7    0 30
log4j-over-slf4j-1.7.7.jar org.slf4j:log4j-over-slf4j:1.7.7    0 29
slf4j-api-1.7.7.jar org.slf4j:slf4j-api:1.7.7    0 31
liquibase-slf4j-2.0.0.jar cpe:/a:slf4j:slf4j-ext:2.0.0 com.mattbertolini:liquibase-slf4j:2.0.0    0 Low 24
snakeyaml-1.13.jar org.yaml:snakeyaml:1.13    0 25
jansi-1.11.jar: jansi.dll   0 2
jansi-1.11.jar: jansi.dll   0 2
addons-manager-1.4.x-SNAPSHOT.zip: addons-manager.jar cpe:/a:form_manager_project:form_manager:1.4   0 Low 15
tomcat-8.5.35.zip: taglibs-standard-impl-1.2.5.jar cpe:/a:apache:standard_taglibs:1.2.5 org.apache.taglibs:taglibs-standard-impl:1.2.5    0 Low 28
tomcat-8.5.35.zip: sample.war   0 8
tomcat-8.5.35.zip: bootstrap.jar cpe:/a:apache_software_foundation:tomcat:8.5.35
cpe:/a:apache:tomcat:8.5.35 		High 3 Low 12
tomcat-8.5.35.zip: commons-daemon.jar cpe:/a:apache:apache_commons_daemon:1.1.0 commons-daemon:commons-daemon:1.1.0    0 Low 39
tomcat-8.5.35.zip: tomcat-juli.jar cpe:/a:apache_software_foundation:tomcat:8.5.35 org.apache.tomcat:tomcat-juli:8.5.35    0 Low 22
tomcat-8.5.35.zip: websocket-api.jar cpe:/a:apache_software_foundation:tomcat:8.5.35
cpe:/a:apache:tomcat:8.5.35
cpe:/a:apache_tomcat:apache_tomcat:8.5.35 		org.apache.tomcat:tomcat-websocket-api:8.5.35  High 3 Low 21
tomcat-8.5.35.zip: annotations-api.jar cpe:/a:apache_software_foundation:tomcat:8.5.35
cpe:/a:apache:tomcat:8.5.35
cpe:/a:apache_tomcat:apache_tomcat:8.5.35 		org.apache.tomcat:tomcat-annotations-api:8.5.35  High 3 Low 21
tomcat-8.5.35.zip: jasper.jar cpe:/a:apache_software_foundation:tomcat:8.5.35
cpe:/a:apache:tomcat:8.5.35
cpe:/a:apache_tomcat:apache_tomcat:8.5.35 		org.apache.tomcat:tomcat-jasper:8.5.35  High 3 Low 24
tomcat-8.5.35.zip: ecj-4.6.3.jar org.eclipse.jdt:ecj:3.12.3    0 32
tomcat-8.5.35.zip: servlet-api.jar cpe:/a:apache_software_foundation:tomcat:8.5.35
cpe:/a:apache:tomcat:3.1
cpe:/a:apache_tomcat:apache_tomcat:8.5.35 		org.apache.tomcat:tomcat-servlet-api:8.5.35  High 34 Medium 21
tomcat-8.5.35.zip: tomcat-i18n-es.jar cpe:/a:apache_software_foundation:tomcat:8.5.35
cpe:/a:apache:tomcat:8.5.35
cpe:/a:apache_tomcat:apache_tomcat:8.5.35 		org.apache.tomcat:tomcat-i18n-es:8.5.35  High 3 Low 19
tomcat-8.5.35.zip: tomcat-jni.jar cpe:/a:apache:tomcat_native:8.5.35
cpe:/a:apache_software_foundation:tomcat:8.5.35
cpe:/a:apache:tomcat:8.5.35
cpe:/a:apache_tomcat:apache_tomcat:8.5.35 		org.apache.tomcat:tomcat-jni:8.5.35  High 3 Low 24
tomcat-8.5.35.zip: jaspic-api.jar cpe:/a:apache_software_foundation:tomcat:8.5.35
cpe:/a:apache:tomcat:8.5.35
cpe:/a:apache_tomcat:apache_tomcat:8.5.35 		org.apache.tomcat:tomcat-jaspic-api:8.5.35  High 3 Low 24
tomcat-8.5.35.zip: catalina.jar cpe:/a:apache_software_foundation:tomcat:8.5.35
cpe:/a:apache:tomcat:8.5.35
cpe:/a:apache_tomcat:apache_tomcat:8.5.35 		org.apache.tomcat:tomcat-catalina:8.5.35  High 3 Low 22
tomcat-8.5.35.zip: tomcat-coyote.jar cpe:/a:apache:coyote_http_connector:8.5.35
cpe:/a:apache_software_foundation:tomcat:8.5.35
cpe:/a:apache:tomcat:8.5.35
cpe:/a:apache:tomcat_connectors:8.5.35
cpe:/a:apache_tomcat:apache_tomcat:8.5.35 		org.apache.tomcat:tomcat-coyote:8.5.35  High 3 Low 24
tomcat-8.5.35.zip: el-api.jar cpe:/a:apache_software_foundation:tomcat:8.5.35
cpe:/a:apache:tomcat:3.0
cpe:/a:apache_tomcat:apache_tomcat:8.5.35 		org.apache.tomcat:tomcat-el-api:8.5.35  High 33 Medium 21
tomcat-8.5.35.zip: jsp-api.jar cpe:/a:apache_software_foundation:tomcat:8.5.35
cpe:/a:apache:tomcat:8.5.35
cpe:/a:apache_tomcat:apache_tomcat:8.5.35 		org.apache.tomcat:tomcat-jsp-api:8.5.35  High 3 Low 23
jansi-1.11.jar/META-INF/maven/org.fusesource.hawtjni/hawtjni-runtime/pom.xml org.fusesource.hawtjni:hawtjni-runtime:1.8   0 13
jansi-1.11.jar/META-INF/maven/org.fusesource.jansi/jansi-native/pom.xml cpe:/a:id:id-software:1.5 org.fusesource.jansi:jansi-native:1.5   0 Low 16
jansi-1.11.jar/META-INF/maven/org.fusesource.jansi/jansi/pom.xml cpe:/a:id:id-software:1.11 org.fusesource.jansi:jansi:1.11   0 Low 13
addons-manager-1.4.x-SNAPSHOT.zip: addons-manager.jar/META-INF/maven/com.beust/jcommander/pom.xml com.beust:jcommander:1.35   0 11
addons-manager-1.4.x-SNAPSHOT.zip: addons-manager.jar/META-INF/maven/jline/jline/pom.xml jline:jline:2.12   0 7
addons-manager-1.4.x-SNAPSHOT.zip: addons-manager.jar/META-INF/maven/org.eclipse.aether/aether-api/pom.xml org.eclipse.aether:aether-api:1.1.0   0 13
addons-manager-1.4.x-SNAPSHOT.zip: addons-manager.jar/META-INF/maven/org.eclipse.aether/aether-util/pom.xml org.eclipse.aether:aether-util:1.1.0   0 13

Dependencies

logback-core-1.1.2.jar

Description: logback-core module

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html
GNU Lesser General Public License: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /home/ciagent/.m2/repository/ch/qos/logback/logback-core/1.1.2/logback-core-1.1.2.jar
MD5: ae3b1f69540d87c5bb68260818764fe3
SHA1: 2d23694879c2c12f125dac5076bdfd5d771cc4cb
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

CVE-2017-5929  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.

Vulnerable Software & Versions:

tomcat-catalina-jmx-remote-8.5.35.jar

Description: Tomcat Remote JMX listener

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat-catalina-jmx-remote/8.5.35/tomcat-catalina-jmx-remote-8.5.35.jar
MD5: 768800849b0f32c50fce24cc8674e884
SHA1: 37a100c47c8ecca4ff78ca279a95adeefe53889d
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

commons-compiler-2.6.1.jar

File Path: /home/ciagent/.m2/repository/org/codehaus/janino/commons-compiler/2.6.1/commons-compiler-2.6.1.jar
MD5: 502720f1e3cb359c54f794b718cc8b73
SHA1: f81764c6e9199c3ba1b2c525408734c45e772494
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

janino-2.6.1.jar

File Path: /home/ciagent/.m2/repository/org/codehaus/janino/janino/2.6.1/janino-2.6.1.jar
MD5: 88f965703a684a89f42094bfc20113eb
SHA1: 454255eb300ab38db19dd23c1f7ba5168bb646ab
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

plf-tomcat-integration-webapp-5.2.x-SNAPSHOT.war

File Path: /srv/ciagent/workspace/PLF/platform-public-distributions-develop-site/sources/plf-tomcat-integration-webapp/target/plf-tomcat-integration-webapp-5.2.x-SNAPSHOT.war
MD5: 039204309a08555a6bdfd8b08e59a959
SHA1: 693fe650d24786aa98fb36bc40f27c6d850b917b
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

  • maven: org.exoplatform.platform.distributions:plf-tomcat-integration-webapp:5.2.x-SNAPSHOT   Confidence:High

common-logging-2.2.2.Final.jar

File Path: /home/ciagent/.m2/repository/org/gatein/common/common-logging/2.2.2.Final/common-logging-2.2.2.Final.jar
MD5: 28b7108ee63899bca08636d360e7df11
SHA1: aee18008518671fb10982c0fe5f7383e98f71c47
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

common-common-2.2.2.Final.jar

File Path: /home/ciagent/.m2/repository/org/gatein/common/common-common/2.2.2.Final/common-common-2.2.2.Final.jar
MD5: 8ce16b5e3991285cd27e553740d09d1f
SHA1: 44522d899e31a5a10dbd70f7b0ca2fe5a614f740
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

wci-wci-5.2.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/wci/wci-wci/5.2.x-SNAPSHOT/wci-wci-5.2.x-SNAPSHOT.jar
MD5: 9be7f8aea19a80a647423fa43a36c72b
SHA1: 7c6923487afec73cb54ed4e7cca915b5f8cba968
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

  • maven: org.exoplatform.gatein.wci:wci-wci:5.2.x-SNAPSHOT   Confidence:High

wci-tomcat8-5.2.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/wci/wci-tomcat8/5.2.x-SNAPSHOT/wci-tomcat8-5.2.x-SNAPSHOT.jar
MD5: 1d5e66f4b045720af801a1bddc8176fe
SHA1: ae213f27b1197c2d70d4f7f90de71c126418d4a1
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

  • maven: org.exoplatform.gatein.wci:wci-tomcat8:5.2.x-SNAPSHOT   Confidence:High

mime-util-2.1.3.jar

Description: mime-util is a simple to use, small, light weight and fast open source java utility library that can detect MIME types from files, input streams, URL's and byte arrays. Due to the use of regular expressions and the java.nio packages it requires at least Java 1.4.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/eu/medsea/mimeutil/mime-util/2.1.3/mime-util-2.1.3.jar
MD5: 3d4f3e1a96eb79683197f1c8b182f4a6
SHA1: 0c9cfae15c74f62491d4f28def0dff1dabe52a47
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

jakarta-regexp-1.4.jar

File Path: /home/ciagent/.m2/repository/jakarta-regexp/jakarta-regexp/1.4/jakarta-regexp-1.4.jar
MD5: 5d8b8c601c21b37aa6142d38f45c0297
SHA1: 0ea514a179ac1dd7e81c7e6594468b9b9910d298
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

xpp3-1.1.6.jar

Description: XML Pull parser library developed by Extreme Computing Lab, Indiana University

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/ogce/xpp3/1.1.6/xpp3-1.1.6.jar
MD5: 626a429318310e92e3466151e050bdc5
SHA1: dc87e00ddb69341b46a3eb1c331c6fcebf6c8546
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

exo.kernel.commons-5.2.x-SNAPSHOT.jar

Description: Implementation of Commons Utils of Exoplatform SAS 'eXo Kernel' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.commons/5.2.x-SNAPSHOT/exo.kernel.commons-5.2.x-SNAPSHOT.jar
MD5: 32f3e3030115ff5f49339f43cbf27eae
SHA1: c0ea42d7a974d853aaf2ed2124e90c84431dc2ae
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

  • maven: org.exoplatform.kernel:exo.kernel.commons:5.2.x-SNAPSHOT   Confidence:High

commons-beanutils-1.8.3.jar

Description: BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-beanutils/commons-beanutils/1.8.3/commons-beanutils-1.8.3.jar
MD5: b45be74134796c89db7126083129532f
SHA1: 686ef3410bcf4ab8ce7fd0b899e832aaba5facf7
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

CVE-2014-0114  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Vulnerable Software & Versions: (show all)

jibx-run-1.2.6.jar

Description: JiBX runtime code

License:

http://jibx.sourceforge.net/jibx-license.html
File Path: /home/ciagent/.m2/repository/org/jibx/jibx-run/1.2.6/jibx-run-1.2.6.jar
MD5: 4ef53e4279c8440aff2d16c0af024231
SHA1: 544f3ac7887d7eed20ca0420ee1963df6c7ecebb
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

javax.inject-1.jar

Description: The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

jsr250-api-1.0.jar

Description: JSR-250 Reference Implementation by Glassfish

License:

COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: /home/ciagent/.m2/repository/javax/annotation/jsr250-api/1.0/jsr250-api-1.0.jar
MD5: 4cd56b2e4977e541186de69f5126b4a6
SHA1: 5025422767732a1ab45d93abfea846513d742dcf
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

cdi-api-1.0-SP4.jar

Description: APIs for JSR-299: Contexts and Dependency Injection for Java EE

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/ciagent/.m2/repository/javax/enterprise/cdi-api/1.0-SP4/cdi-api-1.0-SP4.jar
MD5: 6c1e2b4036d64b6ba1a1136a00c7cdaa
SHA1: 6e38490033eb8b36c4cf1f7605163424a574dcf0
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

exo.kernel.container-5.2.x-SNAPSHOT.jar

Description: Implementation of Container for Exoplatform SAS 'eXo Kernel' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.container/5.2.x-SNAPSHOT/exo.kernel.container-5.2.x-SNAPSHOT.jar
MD5: 08b5875655d3b9b61dea9bf5723988a9
SHA1: a1de9405ed33efea83d23e1c3119997978803814
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

  • maven: org.exoplatform.kernel:exo.kernel.container:5.2.x-SNAPSHOT   Confidence:High

plf-tomcat-pc-creator-listener-5.2.x-SNAPSHOT.jar

Description: This module defines a LifecycleListener to attach to a Tomcat host to create all portal containers.

File Path: /srv/ciagent/workspace/PLF/platform-public-distributions-develop-site/sources/plf-tomcat-pc-creator-listener/target/plf-tomcat-pc-creator-listener-5.2.x-SNAPSHOT.jar
MD5: 47ccfd971a05950654abe00ad86a9aa6
SHA1: 97a0f41d3d21bdecad6a149e65f6880b9070fcf0
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

  • maven: org.exoplatform.platform.distributions:plf-tomcat-pc-creator-listener:5.2.x-SNAPSHOT   Confidence:High

jansi-1.11.jar

Description: Jansi is a java library for generating and interpreting ANSI escape sequences.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/fusesource/jansi/jansi/1.11/jansi-1.11.jar
MD5: e8bd19df14afe8a0f4e2a44d57c0cd8b
SHA1: 655c643309c2f45a56a747fda70e3fadf57e9f11
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

hsqldb-2.4.0.jar

Description: HSQLDB - Lightweight 100% Java SQL Database Engine

License:

HSQLDB License, a BSD open source license: http://hsqldb.org/web/hsqlLicense.html
File Path: /home/ciagent/.m2/repository/org/hsqldb/hsqldb/2.4.0/hsqldb-2.4.0.jar
MD5: 72cae1d3ef411edc74bc3ff4d12bd47c
SHA1: 195957160ed990dbc798207c0d577280d9919208
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

jcl-over-slf4j-1.7.7.jar

Description: JCL 1.1.1 implemented over SLF4J

File Path: /home/ciagent/.m2/repository/org/slf4j/jcl-over-slf4j/1.7.7/jcl-over-slf4j-1.7.7.jar
MD5: 32ad130f946ef0460af416397b7fc7b7
SHA1: 56003dcd0a31deea6391b9e2ef2f2dc90b205a92
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

jul-to-slf4j-1.7.7.jar

Description: JUL to SLF4J bridge

File Path: /home/ciagent/.m2/repository/org/slf4j/jul-to-slf4j/1.7.7/jul-to-slf4j-1.7.7.jar
MD5: 151a2a6f7f3fff8f5e5324659f6ccdbb
SHA1: def21bc1a6e648ee40b41a84f1db443132913105
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

log4j-over-slf4j-1.7.7.jar

Description: Log4j implemented over SLF4J

License:

Apache Software Licenses: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/slf4j/log4j-over-slf4j/1.7.7/log4j-over-slf4j-1.7.7.jar
MD5: 93ab42a5216afd683c35988c6b6fc3d8
SHA1: d521cb26a9c4407caafcec302e7804b048b07cea
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

slf4j-api-1.7.7.jar

Description: The slf4j API

File Path: /home/ciagent/.m2/repository/org/slf4j/slf4j-api/1.7.7/slf4j-api-1.7.7.jar
MD5: ca4280bf93d64367723ae5c8d42dd0b9
SHA1: 2b8019b6249bb05d81d3a3094e468753e2b21311
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

liquibase-slf4j-2.0.0.jar

Description: Liquibase SLF4J Logger

License:

MIT License: http://www.opensource.org/licenses/mit-license.html
File Path: /home/ciagent/.m2/repository/com/mattbertolini/liquibase-slf4j/2.0.0/liquibase-slf4j-2.0.0.jar
MD5: c0de626cfee6e91f2fe3f28aca48a6f9
SHA1: 15d0d15b546ef66caf3385a3c13aeb75663b3ba4
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

snakeyaml-1.13.jar

Description: YAML 1.1 parser and emitter for Java

License:

Apache License Version 2.0: LICENSE.txt
File Path: /home/ciagent/.m2/repository/org/yaml/snakeyaml/1.13/snakeyaml-1.13.jar
MD5: 88e239ab48632e2eab576ee86f56c47e
SHA1: 73cbb494a912866c4c831a178c3a2a9169f4eaad
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

jansi-1.11.jar: jansi.dll

File Path: /home/ciagent/.m2/repository/org/fusesource/jansi/jansi/1.11/jansi-1.11.jar/META-INF/native/windows64/jansi.dll
MD5: fd3a20891286c958103f3ea07174cd3c
SHA1: 829195c9e338d5725cf304ae33fc209db53884eb
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

  • None

jansi-1.11.jar: jansi.dll

File Path: /home/ciagent/.m2/repository/org/fusesource/jansi/jansi/1.11/jansi-1.11.jar/META-INF/native/windows32/jansi.dll
MD5: 1e56641bb68937f8e2020cbff5d04a08
SHA1: 97f6e12599bb5848867b9762184d055ed918ab2a
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

  • None

addons-manager-1.4.x-SNAPSHOT.zip: addons-manager.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/addons-manager/1.4.x-SNAPSHOT/addons-manager-1.4.x-SNAPSHOT.zip/addons/addons-manager.jar
MD5: 5aa69e6ed0bc5b6154ae6b91999abe10
SHA1: 678049cf38abee0b149e5052b9d93b87a083cc4a
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

  • cpe: cpe:/a:form_manager_project:form_manager:1.4   Confidence:Low   

tomcat-8.5.35.zip: taglibs-standard-impl-1.2.5.jar

Description:  An implementation of the JSP Standard Tag Library (JSTL).

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/webapps/examples/WEB-INF/lib/taglibs-standard-impl-1.2.5.jar
MD5: 8e5c8db242fbef3db1acfcbb3bc8ec8b
SHA1: 9b9783ccb2a323383e6e20e36d368f8997b71967
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

tomcat-8.5.35.zip: sample.war

File Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/webapps/docs/appdev/sample/sample.war
MD5: 570f196c4a1025a717269d16d11d6f37
SHA1: 80f5053b166c69d81697ba21113c673f8372aca0
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

  • None

tomcat-8.5.35.zip: bootstrap.jar

File Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/bin/bootstrap.jar
MD5: f3940fdc1b7cf81fee43d6963a4d3740
SHA1: 394ae5d3d92b3c7717c26d529729145c53149a22
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

  • cpe: cpe:/a:apache_software_foundation:tomcat:8.5.35   Confidence:Low   
  • cpe: cpe:/a:apache:tomcat:8.5.35   Confidence:Low   

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

tomcat-8.5.35.zip: commons-daemon.jar

Description:  Apache Commons Daemon software provides an alternative invocation mechanism for unix-daemon-like Java code.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/bin/commons-daemon.jar
MD5: 6c64006960a9b6b449c32e6ad1b39b1e
SHA1: 96f07daacf0a3c832c47ac6b4052363fe43db9a1
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

tomcat-8.5.35.zip: tomcat-juli.jar

Description: Tomcat Core Logging Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/bin/tomcat-juli.jar
MD5: c3b6b2bc241e6572ada480e972702800
SHA1: 69d0606072b31b57ba706d1ffc102064ad8f694b
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

tomcat-8.5.35.zip: websocket-api.jar

Description: WebSocket (JSR356) API

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/lib/websocket-api.jar
MD5: 90dd0ad5e70b145083eee93eadf4c85d
SHA1: b5054013b7683c51e3843d4825b0ebebceb01360
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

tomcat-8.5.35.zip: annotations-api.jar

Description: Annotations Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/lib/annotations-api.jar
MD5: 1f1b4bd07c4255c6d7f3dcffac2eac71
SHA1: 5e03d5b26a8cdf7368831d35baa323aaae3213b4
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

tomcat-8.5.35.zip: jasper.jar

Description: Tomcats JSP Parser

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/lib/jasper.jar
MD5: d961549ca96e11902a2906581744cb8d
SHA1: 40f8bea78fd54a3b9ce828b95c2247be4a8fbb64
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

tomcat-8.5.35.zip: ecj-4.6.3.jar

Description: Eclipse Compiler for Java(TM)

License:

Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html
File Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/lib/ecj-4.6.3.jar
MD5: 33e190a0f0745306de54fba90f381fc3
SHA1: ade950992eb3caf6ab4f1a88706c755f0bf213d9
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

tomcat-8.5.35.zip: servlet-api.jar

Description: javax.servlet package

License:

        Apache License, Version 2.0 and
        Common Development And Distribution License (CDDL) Version 1.0
      : 
        http://www.apache.org/licenses/LICENSE-2.0.txt and
        http://www.opensource.org/licenses/cddl1.txt
File Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/lib/servlet-api.jar
MD5: 2f9ec32baeaba61caaf1441825844dba
SHA1: 39f8dd9a5815b150e7a3ab2a87d5c070b0f3c635
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

CVE-2000-0672  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.

Vulnerable Software & Versions: (show all)

CVE-2000-0759  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)

Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.

Vulnerable Software & Versions:

CVE-2000-0760  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)

The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.

Vulnerable Software & Versions: (show all)

CVE-2000-1210  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.

Vulnerable Software & Versions:

CVE-2001-0590  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).

Vulnerable Software & Versions:

CVE-2002-0493  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-254 Security Features

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

Vulnerable Software & Versions:

CVE-2002-1148  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.

Vulnerable Software & Versions: (show all)

CVE-2002-2006  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.

Vulnerable Software & Versions: (show all)

CVE-2003-0042  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.

Vulnerable Software & Versions: (show all)

CVE-2003-0043  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.

Vulnerable Software & Versions: (show all)

CVE-2003-0044  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.

Vulnerable Software & Versions: (show all)

CVE-2003-0045  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.

Vulnerable Software & Versions: (show all)

CVE-2005-0808  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.

Vulnerable Software & Versions: (show all)

CVE-2005-4838  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.

Vulnerable Software & Versions:

CVE-2006-7196  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.

Vulnerable Software & Versions: (show all)

CVE-2007-1358  

Severity: Low
CVSS Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".

Vulnerable Software & Versions: (show all)

CVE-2007-2449  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.

Vulnerable Software & Versions: (show all)

CVE-2008-0128  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-16 Configuration

The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Vulnerable Software & Versions:

CVE-2009-2696  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.

Vulnerable Software & Versions:

CVE-2009-3548  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-255 Credentials Management

The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.

Vulnerable Software & Versions: (show all)

CVE-2012-5568  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-16 Configuration

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

Vulnerable Software & Versions: (show all)

CVE-2013-2185  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.

Vulnerable Software & Versions: (show all)

CVE-2013-4286  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.

Vulnerable Software & Versions: (show all)

CVE-2013-4322  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

Vulnerable Software & Versions: (show all)

CVE-2013-4444  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.

Vulnerable Software & Versions: (show all)

CVE-2013-4590  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2013-6357  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352

** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator."

Vulnerable Software & Versions: (show all)

CVE-2014-0075  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.

Vulnerable Software & Versions: (show all)

CVE-2014-0096  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2014-0099  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-189 Numeric Errors

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

Vulnerable Software & Versions: (show all)

CVE-2014-0119  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.

Vulnerable Software & Versions: (show all)

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

tomcat-8.5.35.zip: tomcat-i18n-es.jar

Description: Spanish translations

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/lib/tomcat-i18n-es.jar
MD5: a0a64b439607e1a968e11f99d8b67e39
SHA1: 3405338c33fc1c345a1528b760b3a2271d937fb4
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

tomcat-8.5.35.zip: tomcat-jni.jar

Description: Interface code to the native connector

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/lib/tomcat-jni.jar
MD5: 8fb29c42b9ff472d8fc78d9f3c320215
SHA1: 23dfd85acc1bccf73a0b1e7822fd1b898c4719a6
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

  • maven: org.apache.tomcat:tomcat-jni:8.5.35    Confidence:Highest
  • cpe: cpe:/a:apache:tomcat_native:8.5.35   Confidence:Low   
  • cpe: cpe:/a:apache_software_foundation:tomcat:8.5.35   Confidence:Low   
  • cpe: cpe:/a:apache:tomcat:8.5.35   Confidence:Low   
  • cpe: cpe:/a:apache_tomcat:apache_tomcat:8.5.35   Confidence:Low   

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

tomcat-8.5.35.zip: jaspic-api.jar

Description: javax.security.auth.message package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/lib/jaspic-api.jar
MD5: f22760c7d43b93cac2bd65b5e5f97378
SHA1: e467215cba84c11e9b0b72d60f433c6b0b466098
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

tomcat-8.5.35.zip: catalina.jar

Description: Tomcat Servlet Engine Core Classes and Standard implementations

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/lib/catalina.jar
MD5: 382a49c251429f5d9d9f3d92222cb625
SHA1: c871d21a7687eb609f0d42087d8b8a69561195e0
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

tomcat-8.5.35.zip: tomcat-coyote.jar

Description: Tomcat Connectors and HTTP parser

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/lib/tomcat-coyote.jar
MD5: 53791305852201a76cb079c2f49918f5
SHA1: da94c8aa9c321d79372657103693da3c1729dbee
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

  • maven: org.apache.tomcat:tomcat-coyote:8.5.35    Confidence:Highest
  • cpe: cpe:/a:apache:coyote_http_connector:8.5.35   Confidence:Low   
  • cpe: cpe:/a:apache_software_foundation:tomcat:8.5.35   Confidence:Low   
  • cpe: cpe:/a:apache:tomcat:8.5.35   Confidence:Low   
  • cpe: cpe:/a:apache:tomcat_connectors:8.5.35   Confidence:Low   
  • cpe: cpe:/a:apache_tomcat:apache_tomcat:8.5.35   Confidence:Low   

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

tomcat-8.5.35.zip: el-api.jar

Description: Expression language package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/lib/el-api.jar
MD5: d5c47f9c6038ea2b4acfb355f52ec93c
SHA1: 1ba528480619dfb3ccf3e80759ee225163238872
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

CVE-2000-0672  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.

Vulnerable Software & Versions: (show all)

CVE-2000-0760  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)

The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.

Vulnerable Software & Versions: (show all)

CVE-2000-1210  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.

Vulnerable Software & Versions:

CVE-2001-0590  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).

Vulnerable Software & Versions:

CVE-2002-0493  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-254 Security Features

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

Vulnerable Software & Versions:

CVE-2002-1148  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.

Vulnerable Software & Versions: (show all)

CVE-2002-2006  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.

Vulnerable Software & Versions: (show all)

CVE-2003-0042  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.

Vulnerable Software & Versions: (show all)

CVE-2003-0043  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.

Vulnerable Software & Versions: (show all)

CVE-2003-0044  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.

Vulnerable Software & Versions: (show all)

CVE-2003-0045  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.

Vulnerable Software & Versions: (show all)

CVE-2005-0808  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.

Vulnerable Software & Versions: (show all)

CVE-2005-4838  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.

Vulnerable Software & Versions:

CVE-2006-7196  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.

Vulnerable Software & Versions: (show all)

CVE-2007-1358  

Severity: Low
CVSS Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".

Vulnerable Software & Versions: (show all)

CVE-2007-2449  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.

Vulnerable Software & Versions: (show all)

CVE-2008-0128  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-16 Configuration

The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Vulnerable Software & Versions:

CVE-2009-2696  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.

Vulnerable Software & Versions:

CVE-2009-3548  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-255 Credentials Management

The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.

Vulnerable Software & Versions: (show all)

CVE-2012-5568  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-16 Configuration

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

Vulnerable Software & Versions: (show all)

CVE-2013-2185  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.

Vulnerable Software & Versions: (show all)

CVE-2013-4286  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.

Vulnerable Software & Versions: (show all)

CVE-2013-4322  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

Vulnerable Software & Versions: (show all)

CVE-2013-4444  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.

Vulnerable Software & Versions: (show all)

CVE-2013-4590  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2013-6357  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352

** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator."

Vulnerable Software & Versions: (show all)

CVE-2014-0075  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.

Vulnerable Software & Versions: (show all)

CVE-2014-0096  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2014-0099  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-189 Numeric Errors

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

Vulnerable Software & Versions: (show all)

CVE-2014-0119  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.

Vulnerable Software & Versions: (show all)

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

tomcat-8.5.35.zip: jsp-api.jar

Description: JSP package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/lib/jsp-api.jar
MD5: 9883f07cc987802e29cd867377d30d17
SHA1: e4ed0de27118645d1e6949939707fe92b19178fd
Referenced In Project/Scope: eXo PLF:: Platform Public Distributions - Tomcat Resources:compile

Identifiers

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

jansi-1.11.jar/META-INF/maven/org.fusesource.hawtjni/hawtjni-runtime/pom.xml

Description: The API that projects using HawtJNI should build against.

File Path: /home/ciagent/.m2/repository/org/fusesource/jansi/jansi/1.11/jansi-1.11.jar/META-INF/maven/org.fusesource.hawtjni/hawtjni-runtime/pom.xml
MD5: 9343dc158b5894310f26732ebb2b73ee
SHA1: 14df4655274e472909050661f8e9ed98a28b6721

Identifiers

  • maven: org.fusesource.hawtjni:hawtjni-runtime:1.8   Confidence:High

jansi-1.11.jar/META-INF/maven/org.fusesource.jansi/jansi-native/pom.xml

Description: Jansi is a java library for generating and interpreting ANSI escape sequences.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/fusesource/jansi/jansi/1.11/jansi-1.11.jar/META-INF/maven/org.fusesource.jansi/jansi-native/pom.xml
MD5: 1bbb551ce034727cd799619954437ab5
SHA1: 0177ae5fbf3b24c3e9adb94d98e29213259a8bc6

Identifiers

  • cpe: cpe:/a:id:id-software:1.5   Confidence:Low   
  • maven: org.fusesource.jansi:jansi-native:1.5   Confidence:High

jansi-1.11.jar/META-INF/maven/org.fusesource.jansi/jansi/pom.xml

Description: Jansi is a java library for generating and interpreting ANSI escape sequences.

File Path: /home/ciagent/.m2/repository/org/fusesource/jansi/jansi/1.11/jansi-1.11.jar/META-INF/maven/org.fusesource.jansi/jansi/pom.xml
MD5: 18c6eba91ac7aa1a27324b482dca06d5
SHA1: 3aea48c5e47064eec9903f4a14e5acee8fe345d8

Identifiers

  • maven: org.fusesource.jansi:jansi:1.11   Confidence:High
  • cpe: cpe:/a:id:id-software:1.11   Confidence:Low   

addons-manager-1.4.x-SNAPSHOT.zip: addons-manager.jar/META-INF/maven/com.beust/jcommander/pom.xml

Description: A Java framework to parse command line options with annotations.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/addons-manager/1.4.x-SNAPSHOT/addons-manager-1.4.x-SNAPSHOT.zip/addons/addons-manager.jar/META-INF/maven/com.beust/jcommander/pom.xml
MD5: 476d9301d9a9ba636a79e1e127cb201d
SHA1: 643abcc29f656bfd9ff6b0c720264642bc10017f

Identifiers

  • maven: com.beust:jcommander:1.35   Confidence:High

addons-manager-1.4.x-SNAPSHOT.zip: addons-manager.jar/META-INF/maven/jline/jline/pom.xml

License:

The BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/addons-manager/1.4.x-SNAPSHOT/addons-manager-1.4.x-SNAPSHOT.zip/addons/addons-manager.jar/META-INF/maven/jline/jline/pom.xml
MD5: c115487107302a4d8b15dfe918a3ee92
SHA1: c360defa993e6b59531e23966a89415c3db54848

Identifiers

  • maven: jline:jline:2.12   Confidence:High

addons-manager-1.4.x-SNAPSHOT.zip: addons-manager.jar/META-INF/maven/org.eclipse.aether/aether-api/pom.xml

Description:  The application programming interface for the repository system.

File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/addons-manager/1.4.x-SNAPSHOT/addons-manager-1.4.x-SNAPSHOT.zip/addons/addons-manager.jar/META-INF/maven/org.eclipse.aether/aether-api/pom.xml
MD5: fc000d7bc8dbb2b892a953bc3c9ab822
SHA1: ea104d5d0d8d6e495088cc49c71ae3a5b9c04634

Identifiers

  • maven: org.eclipse.aether:aether-api:1.1.0   Confidence:High

addons-manager-1.4.x-SNAPSHOT.zip: addons-manager.jar/META-INF/maven/org.eclipse.aether/aether-util/pom.xml

Description:  A collection of utility classes to ease usage of the repository system.

File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/addons-manager/1.4.x-SNAPSHOT/addons-manager-1.4.x-SNAPSHOT.zip/addons/addons-manager.jar/META-INF/maven/org.eclipse.aether/aether-util/pom.xml
MD5: cfb325be4744f65098b66ee34e265322
SHA1: 2648fa8032a1428718a58b53fb9badae64643dd0

Identifiers

  • maven: org.eclipse.aether:aether-util:1.1.0   Confidence:High


This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the Node Security Platform.