Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 3.1.2
Report Generated On : Dec 4, 2018 at 10:58:19 +00:00
Dependencies Scanned : 102 (83 unique)
Vulnerable Dependencies : 9
Vulnerabilities Found : 58
Vulnerabilities Suppressed : 0
...
NVD CVE 2002 : 30/11/2018 09:08:39
NVD CVE 2003 : 04/12/2018 09:10:59
NVD CVE 2004 : 04/12/2018 09:10:14
NVD CVE 2005 : 04/12/2018 09:16:07
NVD CVE 2006 : 04/12/2018 09:06:14
NVD CVE 2007 : 04/12/2018 09:02:21
NVD CVE 2008 : 04/12/2018 08:58:32
NVD CVE 2009 : 04/12/2018 08:54:22
NVD CVE 2010 : 04/12/2018 08:50:56
NVD CVE 2011 : 04/12/2018 09:16:39
NVD CVE 2012 : 04/12/2018 08:52:10
NVD CVE 2013 : 04/12/2018 08:52:08
NVD CVE 2014 : 04/12/2018 08:52:09
NVD CVE 2015 : 04/12/2018 08:52:09
NVD CVE 2016 : 04/12/2018 08:52:10
NVD CVE 2017 : 04/12/2018 08:19:41
NVD CVE 2018 : 04/12/2018 08:52:09
NVD CVE Checked : 04/12/2018 10:50:28
NVD CVE Modified : 04/12/2018 06:01:55
VersionCheckOn : 1543920628116
Display:
Showing Vulnerable Dependencies (click to show all)
Dependencies
spring-convert-1.0.0.jar
Description: Small but useful library providing converter APIs and default implementations for easy and reliable conversion of objects.
License:
MIT License 2.0: https://opensource.org/licenses/MIT
File Path: /home/travis/.m2/repository/com/namics/oss/spring/convert/spring-convert/1.0.0/spring-convert-1.0.0.jar
MD5: 10c17115ecd2b1e025c12133bc950411
SHA1: d46474f177f582e40b2330a49f2fbe853df6a0b2
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor pom artifactid spring-convert Low
Vendor pom groupid com.namics.oss.spring.convert Highest
Vendor hint analyzer vendor pivotal software Highest
Vendor Manifest Implementation-Vendor Namics AG High
Vendor central groupid com.namics.oss.spring.convert Highest
Vendor pom organization name Namics AG High
Vendor pom groupid namics.oss.spring.convert Highest
Vendor Manifest implementation-url https://github.com/namics/spring-convert Low
Vendor file name spring-convert High
Vendor pom name ${project.artifactId} High
Vendor pom url namics/spring-convert Highest
Vendor pom organization url http://www.namics.com/ Medium
Vendor Manifest build-timestamp 2017-11-13-UTC-14-30-36 Low
Vendor Manifest Implementation-Vendor-Id com.namics.oss.spring.convert Medium
Vendor pom description Small but useful library providing converter APIs and default implementations for easy and reliable conversion of objects. Low
Product pom artifactid spring-convert Highest
Product central artifactid spring-convert Highest
Product Manifest implementation-url https://github.com/namics/spring-convert Low
Product file name spring-convert High
Product pom organization url http://www.namics.com/ Low
Product pom name ${project.artifactId} High
Product pom url namics/spring-convert High
Product Manifest build-timestamp 2017-11-13-UTC-14-30-36 Low
Product Manifest Implementation-Title spring-convert High
Product pom groupid namics.oss.spring.convert Low
Product pom organization name Namics AG Low
Product pom description Small but useful library providing converter APIs and default implementations for easy and reliable conversion of objects. Low
Version pom version 1.0.0 Highest
Version central version 1.0.0 Highest
Version Manifest Implementation-Version 1.0.0 High
Version file version 1.0.0 Highest
Published Vulnerabilities
CVE-2016-9878 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
Vulnerable Software & Versions: (show all )
CVE-2018-1270 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-358 Improperly Implemented Security Check for Standard
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
Vulnerable Software & Versions: (show all )
CVE-2018-1271 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
Vulnerable Software & Versions: (show all )
CVE-2018-1272 suppress
Severity:
Medium
CVSS Score: 6.0
(AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
Vulnerable Software & Versions: (show all )
javax.batch-api-1.0.jar
File Path: /home/travis/.m2/repository/javax/batch/javax.batch-api/1.0/javax.batch-api-1.0.jar
MD5: d2c9b38431c46dc26a9eb722a6ff8903
SHA1: 65392d027a6eb369fd9fcd1b75cae150e25ac03c
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor central groupid javax.batch Highest
Vendor Manifest bundle-symbolicname javax.batch-api Medium
Vendor pom artifactid javax.batch-api Low
Vendor pom groupid javax.batch Highest
Vendor pom parent-artifactid jbatch Low
Vendor file name javax.batch-api High
Vendor Manifest extension-name javax.batch Medium
Product Manifest Bundle-Name javax.batch-api Medium
Product Manifest bundle-symbolicname javax.batch-api Medium
Product central artifactid javax.batch-api Highest
Product file name javax.batch-api High
Product pom groupid javax.batch Low
Product pom artifactid javax.batch-api Highest
Product Manifest extension-name javax.batch Medium
Product pom parent-artifactid jbatch Medium
Version central version 1.0 Highest
Version file version 1.0 Highest
Version Manifest Implementation-Version 1.0 High
Version pom version 1.0 Highest
jettison-1.2.jar
Description: A StAX implementation for JSON.
File Path: /home/travis/.m2/repository/org/codehaus/jettison/jettison/1.2/jettison-1.2.jar
MD5: 4661a5152aa90f104948bdc78fdf255c
SHA1: 0765a6181653f4b05c18c7a9e8f5c1f8269bf9b2
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor file name jettison High
Vendor pom groupid org.codehaus.jettison Highest
Vendor Manifest bundle-symbolicname org.codehaus.jettison.jettison Medium
Vendor pom name Jettison High
Vendor pom groupid codehaus.jettison Highest
Vendor pom artifactid jettison Low
Vendor pom description A StAX implementation for JSON. Medium
Vendor manifest Bundle-Description A StAX implementation for JSON. Medium
Vendor central groupid org.codehaus.jettison Highest
Product file name jettison High
Product Manifest Implementation-Title Jettison High
Product central artifactid jettison Highest
Product pom artifactid jettison Highest
Product Manifest bundle-symbolicname org.codehaus.jettison.jettison Medium
Product pom groupid codehaus.jettison Low
Product pom name Jettison High
Product pom description A StAX implementation for JSON. Medium
Product manifest Bundle-Description A StAX implementation for JSON. Medium
Product Manifest Bundle-Name jettison Medium
Version pom version 1.2 Highest
Version file version 1.2 Highest
Version central version 1.2 Highest
Version Manifest Implementation-Version 1.2 High
spring-retry-1.2.2.RELEASE.jar
Description: Spring Retry provides an abstraction around retrying failed operations, with an emphasis on declarative control of the process and policy-based bahaviour that is easy to extend and customize. For instance, you can configure a plain POJO operation to retry if it fails, based on the type of exception, and with a fixed or exponential backoff.
License:
Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/springframework/retry/spring-retry/1.2.2.RELEASE/spring-retry-1.2.2.RELEASE.jar
MD5: a2f54e08d880787f26f1e595a3ccb20a
SHA1: 638928732585c450e461f0a132b6834ad7cf3af0
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor jar package name retry Low
Vendor jar package name springframework Low
Vendor pom description Spring Retry provides an abstraction around retrying failed operations, with an emphasis on declarative control of the process and policy-based bahaviour that is easy to extend and customize. For instance, you can configure a plain POJO operation to retry if it fails, based on the type of exception, and with a fixed or exponential backoff. Low
Vendor pom groupid org.springframework.retry Highest
Vendor pom url http://www.springsource.org Highest
Vendor pom artifactid spring-retry Low
Vendor pom organization name SpringSource High
Vendor central groupid org.springframework.retry Highest
Vendor pom groupid springframework.retry Highest
Vendor pom name Spring Retry High
Vendor file name spring-retry High
Vendor pom organization url http://www.springsource.com Medium
Product pom organization name SpringSource Low
Product jar package name retry Low
Product pom artifactid spring-retry Highest
Product pom organization url http://www.springsource.com Low
Product pom url http://www.springsource.org Medium
Product central artifactid spring-retry Highest
Product pom description Spring Retry provides an abstraction around retrying failed operations, with an emphasis on declarative control of the process and policy-based bahaviour that is easy to extend and customize. For instance, you can configure a plain POJO operation to retry if it fails, based on the type of exception, and with a fixed or exponential backoff. Low
Product pom groupid springframework.retry Low
Product pom name Spring Retry High
Product file name spring-retry High
Version pom version 1.2.2.RELEASE Highest
Version file name spring-retry Medium
Version central version 1.2.2.RELEASE Highest
Version file version 1.2.2 Highest
spring-batch-infrastructure-4.0.1.RELEASE.jar
Description: Spring Batch Infrastructure
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/springframework/batch/spring-batch-infrastructure/4.0.1.RELEASE/spring-batch-infrastructure-4.0.1.RELEASE.jar
MD5: 4f0241db92db901e13e813bc82dec9e1
SHA1: e0f1d359cc3c91d8a0cb129f9dfed8fc018cfabd
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor pom organization name Spring High
Vendor pom groupid springframework.batch Highest
Vendor hint analyzer vendor pivotal software Highest
Vendor file name spring-batch-infrastructure High
Vendor pom url http://projects.spring.io/spring-batch/ Highest
Vendor pom name Spring Batch Infrastructure High
Vendor pom groupid org.springframework.batch Highest
Vendor pom description Spring Batch Infrastructure Medium
Vendor pom artifactid spring-batch-infrastructure Low
Vendor pom organization url http://spring.io Medium
Vendor central groupid org.springframework.batch Highest
Product pom organization url http://spring.io Low
Product pom organization name Spring Low
Product file name spring-batch-infrastructure High
Product Manifest Implementation-Title spring-batch-infrastructure High
Product pom url http://projects.spring.io/spring-batch/ Medium
Product pom artifactid spring-batch-infrastructure Highest
Product pom name Spring Batch Infrastructure High
Product pom description Spring Batch Infrastructure Medium
Product pom groupid springframework.batch Low
Product central artifactid spring-batch-infrastructure Highest
Version Manifest Implementation-Version 4.0.1.RELEASE High
Version central version 4.0.1.RELEASE Highest
Version pom version 4.0.1.RELEASE Highest
Published Vulnerabilities
CVE-2014-0225 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.
Vulnerable Software & Versions: (show all )
CVE-2014-3578 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.
Vulnerable Software & Versions: (show all )
CVE-2014-3625 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
Vulnerable Software & Versions: (show all )
CVE-2015-5211 suppress
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-20 Improper Input Validation
Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.
Vulnerable Software & Versions: (show all )
CVE-2016-5007 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
Vulnerable Software & Versions: (show all )
CVE-2018-1270 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-358 Improperly Implemented Security Check for Standard
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
Vulnerable Software & Versions: (show all )
CVE-2018-1271 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
Vulnerable Software & Versions: (show all )
CVE-2018-1272 suppress
Severity:
Medium
CVSS Score: 6.0
(AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
Vulnerable Software & Versions: (show all )
spring-batch-core-4.1.0.RC1.jar
Description: Spring Batch Core
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/springframework/batch/spring-batch-core/4.1.0.RC1/spring-batch-core-4.1.0.RC1.jar
MD5: f2c52831e19cf15eda15af3d095afbc9
SHA1: b552390988ca0a4975e7537ac0fafaf24c8f6ecd
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor pom artifactid spring-batch-core Low
Vendor pom organization name Spring High
Vendor pom groupid springframework.batch Highest
Vendor pom name Spring Batch Core High
Vendor hint analyzer vendor pivotal software Highest
Vendor pom url http://projects.spring.io/spring-batch/ Highest
Vendor pom groupid org.springframework.batch Highest
Vendor pom description Spring Batch Core Medium
Vendor file name spring-batch-core High
Vendor pom organization url http://spring.io Medium
Product pom organization url http://spring.io Low
Product pom name Spring Batch Core High
Product pom organization name Spring Low
Product pom url http://projects.spring.io/spring-batch/ Medium
Product pom artifactid spring-batch-core Highest
Product pom description Spring Batch Core Medium
Product file name spring-batch-core High
Product Manifest Implementation-Title spring-batch-core High
Product pom groupid springframework.batch Low
Version file version 4.1.0.rc1 Highest
Version Manifest Implementation-Version 4.1.0.RC1 High
Version pom version 4.1.0.RC1 Highest
cpe: cpe:/a:pivotal:spring_framework:4.1.0.rc1
Confidence :Low
suppress
maven: org.springframework.batch:spring-batch-core:4.1.0.RC1
Confidence :High
cpe: cpe:/a:pivotal_software:spring_framework:4.1.0.rc1
Confidence :Low
suppress
Published Vulnerabilities
CVE-2018-1270 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-358 Improperly Implemented Security Check for Standard
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
Vulnerable Software & Versions: (show all )
CVE-2018-1271 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
Vulnerable Software & Versions: (show all )
CVE-2018-1272 suppress
Severity:
Medium
CVSS Score: 6.0
(AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
Vulnerable Software & Versions: (show all )
spring-data-commons-2.0.6.RELEASE.jar
File Path: /home/travis/.m2/repository/org/springframework/data/spring-data-commons/2.0.6.RELEASE/spring-data-commons-2.0.6.RELEASE.jar
MD5: 13ff69d6655acfbd8dce2885c5ff3b4d
SHA1: 4d65fdcbe258961e866f4f85c87c13193bbfd18c
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor file name spring-data-commons High
Vendor pom groupid org.springframework.data Highest
Vendor pom parent-artifactid spring-data-parent Low
Vendor pom groupid springframework.data Highest
Vendor pom name Spring Data Core High
Vendor central groupid org.springframework.data Highest
Vendor Manifest automatic-module-name spring.data.commons Medium
Vendor pom parent-groupid org.springframework.data.build Medium
Vendor pom artifactid spring-data-commons Low
Product file name spring-data-commons High
Product pom groupid springframework.data Low
Product pom parent-artifactid spring-data-parent Medium
Product pom name Spring Data Core High
Product central artifactid spring-data-commons Highest
Product Manifest automatic-module-name spring.data.commons Medium
Product Manifest Implementation-Title Spring Data Core High
Product pom artifactid spring-data-commons Highest
Product pom parent-groupid org.springframework.data.build Low
Version Manifest Implementation-Version 2.0.6.RELEASE High
Version central version 2.0.6.RELEASE Highest
Version pom version 2.0.6.RELEASE Highest
javax.inject-1.jar
Description: The javax.inject API
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor pom url http://code.google.com/p/atinject/ Highest
Vendor pom artifactid javax.inject Low
Vendor jar package name javax Low
Vendor pom description The javax.inject API Medium
Vendor jar package name inject Low
Vendor central groupid javax.inject Highest
Vendor pom groupid javax.inject Highest
Vendor pom name javax.inject High
Vendor file name javax.inject-1 High
Product pom artifactid javax.inject Highest
Product pom url http://code.google.com/p/atinject/ Medium
Product pom description The javax.inject API Medium
Product jar package name inject Low
Product pom name javax.inject High
Product central artifactid javax.inject Highest
Product pom groupid javax.inject Low
Product file name javax.inject-1 High
Version file version 1 Medium
Version central version 1 Highest
Version pom version 1 Highest
slf4j-api-1.7.21.jar
Description: The slf4j API
File Path: /home/travis/.m2/repository/org/slf4j/slf4j-api/1.7.21/slf4j-api-1.7.21.jar
MD5: c9be56284a92dcb2576679282eff80bf
SHA1: 139535a69a4239db087de9bab0bee568bf8e0b70
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor manifest Bundle-Description The slf4j API Medium
Vendor pom artifactid slf4j-api Low
Vendor pom parent-artifactid slf4j-parent Low
Vendor pom name SLF4J API Module High
Vendor pom url http://www.slf4j.org Highest
Vendor central groupid org.slf4j Highest
Vendor pom parent-groupid org.slf4j Medium
Vendor pom description The slf4j API Medium
Vendor Manifest bundle-symbolicname slf4j.api Medium
Vendor pom groupid org.slf4j Highest
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor pom groupid slf4j Highest
Vendor file name slf4j-api High
Product manifest Bundle-Description The slf4j API Medium
Product pom artifactid slf4j-api Highest
Product pom name SLF4J API Module High
Product Manifest Implementation-Title slf4j-api High
Product pom parent-artifactid slf4j-parent Medium
Product pom description The slf4j API Medium
Product pom groupid slf4j Low
Product pom url http://www.slf4j.org Medium
Product Manifest bundle-symbolicname slf4j.api Medium
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product central artifactid slf4j-api Highest
Product pom parent-groupid org.slf4j Low
Product Manifest Bundle-Name slf4j-api Medium
Product file name slf4j-api High
Version Manifest Implementation-Version 1.7.21 High
Version pom version 1.7.21 Highest
Version central version 1.7.21 Highest
Version file version 1.7.21 Highest
joda-time-2.9.4.jar
Description: Date and time library to replace JDK date handling
License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/joda-time/joda-time/2.9.4/joda-time-2.9.4.jar
MD5: e255d8f6e705d3e6918198bceb5458a0
SHA1: 1c295b462f16702ebe720bbb08f62e1ba80da41b
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor pom url http://www.joda.org/joda-time/ Highest
Vendor pom description Date and time library to replace JDK date handling Medium
Vendor Manifest implementation-url http://www.joda.org/joda-time/ Low
Vendor pom organization name Joda.org High
Vendor Manifest Implementation-Vendor Joda.org High
Vendor pom artifactid joda-time Low
Vendor Manifest Implementation-Vendor-Id org.joda Medium
Vendor file name joda-time High
Vendor Manifest specification-vendor Joda.org Low
Vendor Manifest bundle-docurl http://www.joda.org/joda-time/ Low
Vendor pom groupid joda-time Highest
Vendor Manifest extension-name joda-time Medium
Vendor pom name Joda-Time High
Vendor central groupid joda-time Highest
Vendor Manifest bundle-symbolicname joda-time Medium
Vendor pom organization url http://www.joda.org Medium
Product pom artifactid joda-time Highest
Product pom url http://www.joda.org/joda-time/ Medium
Product central artifactid joda-time Highest
Product pom description Date and time library to replace JDK date handling Medium
Product Manifest Bundle-Name Joda-Time Medium
Product Manifest implementation-url http://www.joda.org/joda-time/ Low
Product pom organization url http://www.joda.org Low
Product Manifest Implementation-Title org.joda.time High
Product file name joda-time High
Product Manifest specification-title Joda-Time Medium
Product Manifest bundle-docurl http://www.joda.org/joda-time/ Low
Product pom groupid joda-time Low
Product Manifest extension-name joda-time Medium
Product pom organization name Joda.org Low
Product pom name Joda-Time High
Product Manifest bundle-symbolicname joda-time Medium
Version central version 2.9.4 Highest
Version file version 2.9.4 Highest
Version Manifest Implementation-Version 2.9.4 High
Version pom version 2.9.4 Highest
jackson-core-2.9.5.jar
Description: Core Jackson processing abstractions (aka Streaming API), implementation for JSON
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.9.5/jackson-core-2.9.5.jar
MD5: ec59f24f7f8d9acf53301c562722adf2
SHA1: a22ac51016944b06fd9ffbc9541c6e7ce5eea117
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor file name jackson-core High
Vendor pom name Jackson-core High
Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium
Vendor manifest Bundle-Description Core Jackson processing abstractions (aka Streaming API), implementation for JSON Medium
Vendor Manifest automatic-module-name com.fasterxml.jackson.core Medium
Vendor Manifest implementation-build-date 2018-03-26 15:03:46+0000 Low
Vendor pom groupid com.fasterxml.jackson.core Highest
Vendor pom groupid fasterxml.jackson.core Highest
Vendor pom parent-groupid com.fasterxml.jackson Medium
Vendor Manifest specification-vendor FasterXML Low
Vendor Manifest Implementation-Vendor FasterXML High
Vendor pom parent-artifactid jackson-base Low
Vendor pom artifactid jackson-core Low
Vendor central groupid com.fasterxml.jackson.core Highest
Vendor pom description Core Jackson processing abstractions (aka Streaming API), implementation for JSON Medium
Vendor pom url FasterXML/jackson-core Highest
Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium
Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low
Product Manifest specification-title Jackson-core Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product file name jackson-core High
Product pom name Jackson-core High
Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium
Product manifest Bundle-Description Core Jackson processing abstractions (aka Streaming API), implementation for JSON Medium
Product Manifest automatic-module-name com.fasterxml.jackson.core Medium
Product Manifest Bundle-Name Jackson-core Medium
Product central artifactid jackson-core Highest
Product pom parent-artifactid jackson-base Medium
Product pom groupid fasterxml.jackson.core Low
Product pom parent-groupid com.fasterxml.jackson Low
Product pom url FasterXML/jackson-core High
Product Manifest implementation-build-date 2018-03-26 15:03:46+0000 Low
Product Manifest Implementation-Title Jackson-core High
Product pom artifactid jackson-core Highest
Product pom description Core Jackson processing abstractions (aka Streaming API), implementation for JSON Medium
Product Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low
Version central version 2.9.5 Highest
Version file version 2.9.5 Highest
Version Manifest Implementation-Version 2.9.5 High
Version pom version 2.9.5 Highest
jackson-annotations-2.9.0.jar
Description: Core annotations used for value types, used by Jackson data binding package.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.9.0/jackson-annotations-2.9.0.jar
MD5: c09faa1b063681cf45706c6df50685b6
SHA1: 07c10d545325e3a6e72e06381afe469fd40eb701
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest implementation-build-date 2017-07-30 03:53:23+0000 Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor pom artifactid jackson-annotations Low
Vendor pom url http://github.com/FasterXML/jackson Highest
Vendor pom description Core annotations used for value types, used by Jackson data binding package.
Medium
Vendor pom name Jackson-annotations High
Vendor pom groupid com.fasterxml.jackson.core Highest
Vendor pom groupid fasterxml.jackson.core Highest
Vendor pom parent-groupid com.fasterxml.jackson Medium
Vendor Manifest specification-vendor FasterXML Low
Vendor Manifest Implementation-Vendor FasterXML High
Vendor file name jackson-annotations High
Vendor central groupid com.fasterxml.jackson.core Highest
Vendor pom parent-artifactid jackson-parent Low
Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium
Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium
Vendor manifest Bundle-Description Core annotations used for value types, used by Jackson data binding package. Medium
Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low
Product Manifest implementation-build-date 2017-07-30 03:53:23+0000 Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product pom description Core annotations used for value types, used by Jackson data binding package.
Medium
Product pom groupid fasterxml.jackson.core Low
Product pom parent-groupid com.fasterxml.jackson Low
Product Manifest Bundle-Name Jackson-annotations Medium
Product pom name Jackson-annotations High
Product Manifest Implementation-Title Jackson-annotations High
Product pom url http://github.com/FasterXML/jackson Medium
Product file name jackson-annotations High
Product pom parent-artifactid jackson-parent Medium
Product central artifactid jackson-annotations Highest
Product pom artifactid jackson-annotations Highest
Product Manifest specification-title Jackson-annotations Medium
Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium
Product manifest Bundle-Description Core annotations used for value types, used by Jackson data binding package. Medium
Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low
Version central version 2.9.0 Highest
Version file version 2.9.0 Highest
Version Manifest Implementation-Version 2.9.0 High
Version pom version 2.9.0 Highest
jackson-databind-2.9.5.jar
Description: General data-binding functionality for Jackson: works on core streaming API
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.5/jackson-databind-2.9.5.jar
MD5: 34b37affbf74f5d199be10622ddc83cd
SHA1: 3490508379d065fe3fcb80042b62f630f7588606
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor manifest Bundle-Description General data-binding functionality for Jackson: works on core streaming API Medium
Vendor pom url http://github.com/FasterXML/jackson Highest
Vendor pom groupid com.fasterxml.jackson.core Highest
Vendor pom groupid fasterxml.jackson.core Highest
Vendor pom parent-groupid com.fasterxml.jackson Medium
Vendor Manifest specification-vendor FasterXML Low
Vendor Manifest Implementation-Vendor FasterXML High
Vendor pom parent-artifactid jackson-base Low
Vendor pom name jackson-databind High
Vendor Manifest automatic-module-name com.fasterxml.jackson.databind Medium
Vendor pom description General data-binding functionality for Jackson: works on core streaming API Medium
Vendor pom artifactid jackson-databind Low
Vendor central groupid com.fasterxml.jackson.core Highest
Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium
Vendor file name jackson-databind High
Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low
Vendor Manifest implementation-build-date 2018-03-26 15:13:41+0000 Low
Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product Manifest specification-title jackson-databind Medium
Product pom artifactid jackson-databind Highest
Product manifest Bundle-Description General data-binding functionality for Jackson: works on core streaming API Medium
Product Manifest Implementation-Title jackson-databind High
Product pom parent-artifactid jackson-base Medium
Product pom groupid fasterxml.jackson.core Low
Product pom parent-groupid com.fasterxml.jackson Low
Product Manifest Bundle-Name jackson-databind Medium
Product central artifactid jackson-databind Highest
Product pom name jackson-databind High
Product Manifest automatic-module-name com.fasterxml.jackson.databind Medium
Product pom url http://github.com/FasterXML/jackson Medium
Product pom description General data-binding functionality for Jackson: works on core streaming API Medium
Product file name jackson-databind High
Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low
Product Manifest implementation-build-date 2018-03-26 15:13:41+0000 Low
Version central version 2.9.5 Highest
Version file version 2.9.5 Highest
Version Manifest Implementation-Version 2.9.5 High
Version pom version 2.9.5 Highest
spring-core-5.0.5.RELEASE.jar
Description: Spring Core
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/travis/.m2/repository/org/springframework/spring-core/5.0.5.RELEASE/spring-core-5.0.5.RELEASE.jar
MD5: 988f815ea07b27f70cc2932c4b8c8392
SHA1: 1bd9feb1d9dac6accd27f5244b6c47cfcb55045c
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor file name spring-core High
Vendor hint analyzer vendor pivotal software Highest
Vendor pom groupid springframework Highest
Vendor hint analyzer vendor pivotal software High
Vendor pom groupid org.springframework Highest
Vendor pom organization name Spring IO High
Vendor pom artifactid spring-core Low
Vendor central groupid org.springframework Highest
Vendor pom organization url http://projects.spring.io/spring-framework Medium
Vendor Manifest automatic-module-name spring.core Medium
Vendor hint analyzer vendor SpringSource High
Vendor hint analyzer vendor vmware High
Vendor pom description Spring Core Medium
Vendor pom url spring-projects/spring-framework Highest
Vendor pom name Spring Core High
Product file name spring-core High
Product pom organization name Spring IO Low
Product pom groupid springframework Low
Product hint analyzer product springsource_spring_framework High
Product pom organization url http://projects.spring.io/spring-framework Low
Product central artifactid spring-core Highest
Product pom artifactid spring-core Highest
Product Manifest automatic-module-name spring.core Medium
Product pom url spring-projects/spring-framework High
Product pom description Spring Core Medium
Product Manifest Implementation-Title spring-core High
Product pom name Spring Core High
Version Manifest Implementation-Version 5.0.5.RELEASE High
Version central version 5.0.5.RELEASE Highest
Version pom version 5.0.5.RELEASE Highest
Related Dependencies
spring-tx-5.0.5.RELEASE.jar
File Path: /home/travis/.m2/repository/org/springframework/spring-tx/5.0.5.RELEASE/spring-tx-5.0.5.RELEASE.jar
SHA1: b772fbba533da282adc89f33e2619ee8a8bba601
MD5: b30070684e5049de9a45c27ddc2cce86
cpe: cpe:/a:pivotal_software:spring_framework:5.0.5
maven: org.springframework:spring-tx:5.0.5.RELEASE ✓
spring-jcl-5.0.5.RELEASE.jar
File Path: /home/travis/.m2/repository/org/springframework/spring-jcl/5.0.5.RELEASE/spring-jcl-5.0.5.RELEASE.jar
SHA1: f4a2854b9d865e8b86717595aec16f877f8c6489
MD5: e0f5ea39bc55be9f60a12ca2d8d48ec2
cpe: cpe:/a:pivotal_software:spring_framework:5.0.5
maven: org.springframework:spring-jcl:5.0.5.RELEASE ✓
spring-webmvc-5.0.5.RELEASE.jar
File Path: /home/travis/.m2/repository/org/springframework/spring-webmvc/5.0.5.RELEASE/spring-webmvc-5.0.5.RELEASE.jar
SHA1: 0a7fd53c7ad06b0fa7dd4ff347de1b2dc508739e
MD5: 34339930599a55ee87ac9bfd08d1aca3
cpe: cpe:/a:pivotal_software:spring_framework:5.0.5
maven: org.springframework:spring-webmvc:5.0.5.RELEASE ✓
spring-orm-5.0.5.RELEASE.jar
File Path: /home/travis/.m2/repository/org/springframework/spring-orm/5.0.5.RELEASE/spring-orm-5.0.5.RELEASE.jar
SHA1: 6734f5ef4c2ebf1d00021fd4b314138f10792174
MD5: a5aa940f69ab3e8eaa74a78351e7409b
cpe: cpe:/a:pivotal_software:spring_framework:5.0.5
maven: org.springframework:spring-orm:5.0.5.RELEASE ✓
spring-context-support-5.0.5.RELEASE.jar
File Path: /home/travis/.m2/repository/org/springframework/spring-context-support/5.0.5.RELEASE/spring-context-support-5.0.5.RELEASE.jar
SHA1: 109c6bf2e869f055728219b361c78102de434158
MD5: 71a328d065455ddc7cf24b37e13b0e5e
cpe: cpe:/a:pivotal_software:spring_framework:5.0.5
maven: org.springframework:spring-context-support:5.0.5.RELEASE ✓
spring-web-5.0.5.RELEASE.jar
File Path: /home/travis/.m2/repository/org/springframework/spring-web/5.0.5.RELEASE/spring-web-5.0.5.RELEASE.jar
SHA1: d51dbb5cabe72ae02e400577bac48f7fc94088de
MD5: de6aff2fbceef7fdcafe9e1cc1245c0a
cpe: cpe:/a:pivotal_software:spring_framework:5.0.5
maven: org.springframework:spring-web:5.0.5.RELEASE ✓
spring-jdbc-5.0.5.RELEASE.jar
File Path: /home/travis/.m2/repository/org/springframework/spring-jdbc/5.0.5.RELEASE/spring-jdbc-5.0.5.RELEASE.jar
SHA1: 456bc4d2281c37aa2f2206651a3048a1d3559d2a
MD5: 20baf804148676045ef08363d638a69a
cpe: cpe:/a:pivotal_software:spring_framework:5.0.5
maven: org.springframework:spring-jdbc:5.0.5.RELEASE ✓
spring-aop-5.0.5.RELEASE.jar
File Path: /home/travis/.m2/repository/org/springframework/spring-aop/5.0.5.RELEASE/spring-aop-5.0.5.RELEASE.jar
SHA1: b11b61b94d7fb752a1c9bf3461d655c3084fae47
MD5: cadac0a0a42d54e5a94ab13e9824ee73
cpe: cpe:/a:pivotal_software:spring_framework:5.0.5
maven: org.springframework:spring-aop:5.0.5.RELEASE ✓
spring-beans-5.0.5.RELEASE.jar
File Path: /home/travis/.m2/repository/org/springframework/spring-beans/5.0.5.RELEASE/spring-beans-5.0.5.RELEASE.jar
SHA1: 984445863c0bbdaaf860615762d998b471a6bf92
MD5: 90a6ee8a8d1db99deed70a1ec2724fd7
cpe: cpe:/a:pivotal_software:spring_framework:5.0.5
maven: org.springframework:spring-beans:5.0.5.RELEASE ✓
spring-context-5.0.5.RELEASE.jar
File Path: /home/travis/.m2/repository/org/springframework/spring-context/5.0.5.RELEASE/spring-context-5.0.5.RELEASE.jar
SHA1: 9cca4bf5acb693249a01c218f471c677b951d6e2
MD5: 0b5681097790036a3244012f825b60db
cpe: cpe:/a:pivotal_software:spring_framework:5.0.5
maven: org.springframework:spring-context:5.0.5.RELEASE ✓
spring-expression-5.0.5.RELEASE.jar
File Path: /home/travis/.m2/repository/org/springframework/spring-expression/5.0.5.RELEASE/spring-expression-5.0.5.RELEASE.jar
SHA1: fc6c7a95aeb7d00f4c65c338b08d97767eb0dd99
MD5: 9677c528a2215d259d6ff0d820d1b415
cpe: cpe:/a:pivotal_software:spring_framework:5.0.5
maven: org.springframework:spring-expression:5.0.5.RELEASE ✓
Published Vulnerabilities
CVE-2018-11039 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-20 Improper Input Validation
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.
Vulnerable Software & Versions: (show all )
CVE-2018-11040 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-254 Security Features
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
Vulnerable Software & Versions: (show all )
CVE-2018-1257 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
Vulnerable Software & Versions: (show all )
CVE-2018-1258 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-285 Improper Authorization
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
Vulnerable Software & Versions:
commons-pool-1.6.jar
Description: Commons Object Pooling Library
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/commons-pool/commons-pool/1.6/commons-pool-1.6.jar
MD5: 5ca02245c829422176d23fa530e919cc
SHA1: 4572d589699f09d866a226a14b7f4323c6d8f040
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor pom artifactid commons-pool Low
Vendor pom description Commons Object Pooling Library Medium
Vendor Manifest bundle-docurl http://commons.apache.org/pool/ Low
Vendor pom name Commons Pool High
Vendor pom groupid commons-pool Highest
Vendor pom parent-groupid org.apache.commons Medium
Vendor central groupid commons-pool Highest
Vendor pom url http://commons.apache.org/pool/ Highest
Vendor pom parent-artifactid commons-parent Low
Vendor Manifest bundle-symbolicname org.apache.commons.pool Medium
Vendor file name commons-pool High
Vendor manifest Bundle-Description Commons Object Pooling Library Medium
Vendor Manifest implementation-build UNKNOWN_BRANCH@r??????; 2012-01-04 10:31:47-0500 Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Product Manifest specification-title Commons Pool Medium
Product pom description Commons Object Pooling Library Medium
Product Manifest bundle-docurl http://commons.apache.org/pool/ Low
Product pom name Commons Pool High
Product central artifactid commons-pool Highest
Product pom groupid commons-pool Low
Product pom url http://commons.apache.org/pool/ Medium
Product pom artifactid commons-pool Highest
Product Manifest Bundle-Name Commons Pool Medium
Product Manifest bundle-symbolicname org.apache.commons.pool Medium
Product Manifest Implementation-Title Commons Pool High
Product file name commons-pool High
Product manifest Bundle-Description Commons Object Pooling Library Medium
Product Manifest implementation-build UNKNOWN_BRANCH@r??????; 2012-01-04 10:31:47-0500 Low
Product pom parent-groupid org.apache.commons Low
Product pom parent-artifactid commons-parent Medium
Version Manifest Implementation-Version 1.6 High
Version pom version 1.6 Highest
Version file version 1.6 Highest
Version central version 1.6 Highest
commons-dbcp-1.4.jar
Description: Commons Database Connection Pooling
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/commons-dbcp/commons-dbcp/1.4/commons-dbcp-1.4.jar
MD5: b004158fab904f37f5831860898b3cd9
SHA1: 30be73c965cc990b153a100aaaaafcf239f82d39
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid commons-dbcp Highest
Vendor pom description Commons Database Connection Pooling Medium
Vendor pom name Commons DBCP High
Vendor file name commons-dbcp High
Vendor pom artifactid commons-dbcp Low
Vendor pom parent-groupid org.apache.commons Medium
Vendor Manifest bundle-symbolicname org.apache.commons.dbcp Medium
Vendor Manifest bundle-docurl http://commons.apache.org/dbcp/ Low
Vendor pom parent-artifactid commons-parent Low
Vendor manifest Bundle-Description Commons Database Connection Pooling Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid commons-dbcp Highest
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom url http://commons.apache.org/dbcp/ Highest
Product Manifest Bundle-Name Commons DBCP Medium
Product pom groupid commons-dbcp Low
Product pom url http://commons.apache.org/dbcp/ Medium
Product pom description Commons Database Connection Pooling Medium
Product pom name Commons DBCP High
Product file name commons-dbcp High
Product Manifest specification-title Commons DBCP Medium
Product Manifest Implementation-Title Commons DBCP High
Product Manifest bundle-symbolicname org.apache.commons.dbcp Medium
Product Manifest bundle-docurl http://commons.apache.org/dbcp/ Low
Product central artifactid commons-dbcp Highest
Product manifest Bundle-Description Commons Database Connection Pooling Medium
Product pom artifactid commons-dbcp Highest
Product pom parent-groupid org.apache.commons Low
Product pom parent-artifactid commons-parent Medium
Version central version 1.4 Highest
Version file version 1.4 Highest
Version Manifest Implementation-Version 1.4 High
Version pom version 1.4 Highest
ehcache-2.10.2.2.21.jar
Description: Ehcache is an open source, standards-based cache used to boost performance, offload the database and simplify scalability. Ehcache is robust, proven and full-featured and this has made it the most widely-used Java-based cache.
License:
src/assemble/EHCACHE-CORE-LICENSE.txt
Apache Software License, Version 2.0
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar
MD5: 11492eaf9fc8384c745f6a72a1c172bf
SHA1: a9b07e3bfb0c9f5f00b633a0c2d67cdf1dd55854
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid net.sf.ehcache Highest
Vendor Manifest terracotta-name ehcache Medium
Vendor jar package name net Low
Vendor file name ehcache High
Vendor Manifest buildinfo-url https://svn.terracotta.org/repo/ehcache/tags/ehcache-2.10.2.2.21 Low
Vendor jar package name ehcache Low
Vendor Manifest buildinfo-revision 10357 Low
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low
Vendor manifest Bundle-Description Ehcache is an open source, standards-based cache used to boost performance, offload the database and simplify scalability. Ehcache is robust, proven and full-featured and this has made it the most widely-used Java-based cache. Low
Vendor manifest terracotta-description Ehcache is an open source, standards-based cache used to boost performance, offload the database and simplify scalability. Ehcache is robust, proven and full-featured and this has made it the most widely-used Java-based cache. Low
Vendor Manifest Implementation-Vendor Terracotta, Inc. High
Vendor Manifest bundle-symbolicname net.sf.ehcache Medium
Vendor Manifest bundle-docurl http://www.terracotta.org Low
Vendor Manifest Implementation-Vendor-Id net.sf.ehcache Medium
Vendor central groupid net.sf.ehcache Highest
Vendor Manifest buildinfo-timestamp 20160601-103720 Low
Vendor jar package name sf Low
Product Manifest terracotta-name ehcache Medium
Product file name ehcache High
Product Manifest buildinfo-url https://svn.terracotta.org/repo/ehcache/tags/ehcache-2.10.2.2.21 Low
Product jar package name ehcache Low
Product Manifest Bundle-Name ehcache Medium
Product Manifest buildinfo-revision 10357 Low
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low
Product manifest Bundle-Description Ehcache is an open source, standards-based cache used to boost performance, offload the database and simplify scalability. Ehcache is robust, proven and full-featured and this has made it the most widely-used Java-based cache. Low
Product central artifactid ehcache Highest
Product manifest terracotta-description Ehcache is an open source, standards-based cache used to boost performance, offload the database and simplify scalability. Ehcache is robust, proven and full-featured and this has made it the most widely-used Java-based cache. Low
Product Manifest Implementation-Title ehcache High
Product Manifest bundle-symbolicname net.sf.ehcache Medium
Product Manifest bundle-docurl http://www.terracotta.org Low
Product Manifest buildinfo-timestamp 20160601-103720 Low
Product pom artifactid ehcache Highest
Product jar package name sf Low
Version pom version 2.10.2.2.21 Highest
Version file version 2.10.2.2.21 Highest
Version Manifest Implementation-Version 2.10.2.2.21 High
Version central version 2.10.2.2.21 Highest
jboss-logging-3.3.2.Final.jar
Description: The JBoss Logging Framework
License:
Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/jboss/logging/jboss-logging/3.3.2.Final/jboss-logging-3.3.2.Final.jar
MD5: c397132f958d7e8ac0d566b6723ca7ca
SHA1: 3789d00e859632e6c6206adc0c71625559e6e3b0
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor JBoss by Red Hat High
Vendor central groupid org.jboss.logging Highest
Vendor file name jboss-logging High
Vendor pom parent-artifactid jboss-parent Low
Vendor Manifest os-name Linux Medium
Vendor Manifest specification-vendor JBoss by Red Hat Low
Vendor manifest Bundle-Description The JBoss Logging Framework Medium
Vendor Manifest bundle-docurl http://www.jboss.org Low
Vendor Manifest automatic-module-name org.jboss.logging Medium
Vendor Manifest implementation-url http://www.jboss.org Low
Vendor pom artifactid jboss-logging Low
Vendor Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium
Vendor Manifest Implementation-Vendor-Id org.jboss.logging Medium
Vendor Manifest build-timestamp Wed, 14 Feb 2018 13:23:27 -0800 Low
Vendor pom name JBoss Logging 3 High
Vendor Manifest java-vendor Sun Microsystems Inc. Medium
Vendor pom groupid jboss.logging Highest
Vendor pom groupid org.jboss.logging Highest
Vendor pom parent-groupid org.jboss Medium
Vendor pom description The JBoss Logging Framework Medium
Vendor pom url http://www.jboss.org Highest
Product Manifest specification-title JBoss Logging 3 Medium
Product file name jboss-logging High
Product pom parent-groupid org.jboss Low
Product Manifest os-name Linux Medium
Product central artifactid jboss-logging Highest
Product manifest Bundle-Description The JBoss Logging Framework Medium
Product pom parent-artifactid jboss-parent Medium
Product pom artifactid jboss-logging Highest
Product Manifest bundle-docurl http://www.jboss.org Low
Product Manifest automatic-module-name org.jboss.logging Medium
Product Manifest implementation-url http://www.jboss.org Low
Product Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium
Product Manifest Bundle-Name JBoss Logging 3 Medium
Product Manifest build-timestamp Wed, 14 Feb 2018 13:23:27 -0800 Low
Product pom url http://www.jboss.org Medium
Product pom groupid jboss.logging Low
Product pom name JBoss Logging 3 High
Product Manifest Implementation-Title JBoss Logging 3 High
Product pom description The JBoss Logging Framework Medium
Version central version 3.3.2.Final Highest
Version file version 3.3.2 Highest
Version pom version 3.3.2.Final Highest
Version Manifest Implementation-Version 3.3.2.Final High
javassist-3.20.0-GA.jar
Description:
Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
simple. It is a class library for editing bytecodes in Java.
License:
MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/
File Path: /home/travis/.m2/repository/org/javassist/javassist/3.20.0-GA/javassist-3.20.0-GA.jar
MD5: a89dd7907d76e061ec2c07e762a74256
SHA1: a9cbcdfb7e9f86fbc74d3afae65f2248bfbf82a0
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor pom url http://www.javassist.org/ Highest
Vendor central groupid org.javassist Highest
Vendor pom name Javassist High
Vendor Manifest bundle-symbolicname javassist Medium
Vendor Manifest specification-vendor Shigeru Chiba, www.javassist.org Low
Vendor manifest Bundle-Description Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java. Low
Vendor pom groupid javassist Highest
Vendor pom description Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java. Low
Vendor pom artifactid javassist Low
Vendor pom organization name Shigeru Chiba, www.javassist.org High
Vendor file name javassist High
Vendor pom groupid org.javassist Highest
Product Manifest Bundle-Name Javassist Medium
Product pom url http://www.javassist.org/ Medium
Product pom name Javassist High
Product Manifest bundle-symbolicname javassist Medium
Product manifest Bundle-Description Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java. Low
Product pom description Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java. Low
Product pom artifactid javassist Highest
Product Manifest specification-title Javassist Medium
Product file name javassist High
Product pom organization name Shigeru Chiba, www.javassist.org Low
Product pom groupid javassist Low
Product central artifactid javassist Highest
Version file version 3.20.0 Highest
Version central version 3.20.0-GA Highest
Version pom version 3.20.0-GA Highest
antlr-2.7.7.jar
Description:
A framework for constructing recognizers, compilers,
and translators from grammatical descriptions containing
Java, C#, C++, or Python actions.
License:
BSD License: http://www.antlr.org/license.html
File Path: /home/travis/.m2/repository/antlr/antlr/2.7.7/antlr-2.7.7.jar
MD5: f8f1352c52a4c6a500b597596501fc64
SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor pom name AntLR Parser Generator High
Vendor central groupid antlr Highest
Vendor jar package name antlr Low
Vendor pom artifactid antlr Low
Vendor file name antlr High
Vendor pom groupid antlr Highest
Vendor pom description A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions. Low
Vendor pom url http://www.antlr.org/ Highest
Product pom name AntLR Parser Generator High
Product pom artifactid antlr Highest
Product pom groupid antlr Low
Product pom url http://www.antlr.org/ Medium
Product file name antlr High
Product pom description A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions. Low
Product central artifactid antlr Highest
Version file version 2.7.7 Highest
Version central version 2.7.7 Highest
Version pom version 2.7.7 Highest
geronimo-jta_1.1_spec-1.1.1.jar
Description: Provides open-source implementations of Sun specifications.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/apache/geronimo/specs/geronimo-jta_1.1_spec/1.1.1/geronimo-jta_1.1_spec-1.1.1.jar
MD5: 4aa8d50456bcec0bf6f032ceb182ad64
SHA1: aabab3165b8ea936b9360abbf448459c0d04a5a4
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor pom artifactid geronimo-jta_1.1_spec Low
Vendor pom parent-artifactid specs Low
Vendor manifest Bundle-Description Provides open-source implementations of Sun specifications. Medium
Vendor pom groupid org.apache.geronimo.specs Highest
Vendor Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-jta_1.1_spec Medium
Vendor pom parent-groupid org.apache.geronimo.specs Medium
Vendor pom groupid apache.geronimo.specs Highest
Vendor pom name JTA 1.1 High
Vendor file name geronimo-jta_1.1_spec-1.1.1 High
Vendor Manifest bundle-docurl http://www.apache.org Low
Vendor central groupid org.apache.geronimo.specs Highest
Product manifest Bundle-Description Provides open-source implementations of Sun specifications. Medium
Product Manifest Implementation-Title Apache Geronimo High
Product Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-jta_1.1_spec Medium
Product Manifest Bundle-Name geronimo-jta_1.1_spec Medium
Product pom name JTA 1.1 High
Product Manifest bundle-docurl http://www.apache.org Low
Product pom artifactid geronimo-jta_1.1_spec Highest
Product pom parent-groupid org.apache.geronimo.specs Low
Product central artifactid geronimo-jta_1.1_spec Highest
Product pom groupid apache.geronimo.specs Low
Product pom parent-artifactid specs Medium
Product file name geronimo-jta_1.1_spec-1.1.1 High
Version central version 1.1.1 Highest
Version Manifest Implementation-Version 1.1.1 High
Version pom version 1.1.1 Highest
jandex-2.0.0.Final.jar
Description: Parent POM for JBoss projects. Provides default project build configuration.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/jboss/jandex/2.0.0.Final/jandex-2.0.0.Final.jar
MD5: a76f6c70f99b5d9c6cd14180df0b6df1
SHA1: 3e899258936f94649c777193e1be846387ed54b3
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor central groupid org.jboss Highest
Vendor file name jandex High
Vendor Manifest java-vendor Oracle Corporation Medium
Vendor Manifest Implementation-Vendor JBoss by Red Hat High
Vendor manifest Bundle-Description Parent POM for JBoss projects. Provides default project build configuration. Medium
Vendor pom parent-artifactid jboss-parent Low
Vendor pom groupid jboss Highest
Vendor pom artifactid jandex Low
Vendor Manifest specification-vendor JBoss by Red Hat Low
Vendor Manifest implementation-url http://www.jboss.org/jandex Low
Vendor Manifest bundle-docurl http://www.jboss.org Low
Vendor pom name Java Annotation Indexer High
Vendor Manifest os-name Mac OS X Medium
Vendor Manifest Implementation-Vendor-Id org.jboss Medium
Vendor Manifest bundle-symbolicname org.jboss.jandex Medium
Vendor Manifest build-timestamp Fri, 2 Oct 2015 19:23:54 -0500 Low
Vendor pom groupid org.jboss Highest
Vendor pom parent-groupid org.jboss Medium
Product file name jandex High
Product manifest Bundle-Description Parent POM for JBoss projects. Provides default project build configuration. Medium
Product pom parent-groupid org.jboss Low
Product Manifest Implementation-Title Java Annotation Indexer High
Product Manifest Bundle-Name Java Annotation Indexer Medium
Product Manifest implementation-url http://www.jboss.org/jandex Low
Product Manifest specification-title Java Annotation Indexer Medium
Product pom parent-artifactid jboss-parent Medium
Product Manifest bundle-docurl http://www.jboss.org Low
Product pom name Java Annotation Indexer High
Product central artifactid jandex Highest
Product Manifest os-name Mac OS X Medium
Product Manifest bundle-symbolicname org.jboss.jandex Medium
Product pom groupid jboss Low
Product Manifest build-timestamp Fri, 2 Oct 2015 19:23:54 -0500 Low
Product pom artifactid jandex Highest
Version Manifest Implementation-Version 2.0.0.Final High
Version central version 2.0.0.Final Highest
Version file version 2.0.0 Highest
Version pom version 2.0.0.Final Highest
classmate-1.3.4.jar
Description: Library for introspecting types with full generic information
including resolving of field and method types.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/com/fasterxml/classmate/1.3.4/classmate-1.3.4.jar
MD5: 1e2e0fcc510753882683417e01895242
SHA1: 03d5f48f10bbe4eb7bd862f10c0583be2e0053c6
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor pom description Library for introspecting types with full generic information including resolving of field and method types. Low
Vendor Manifest Implementation-Vendor-Id com.fasterxml Medium
Vendor pom organization url http://fasterxml.com Medium
Vendor manifest Bundle-Description Library for introspecting types with full generic informationincluding resolving of field and method types. Low
Vendor Manifest automatic-module-name com.fasterxml.classmate Medium
Vendor Manifest Implementation-Vendor fasterxml.com High
Vendor Manifest implementation-build-date 2017-09-09 21:47:22+0000 Low
Vendor pom artifactid classmate Low
Vendor Manifest bundle-docurl http://github.com/FasterXML/java-classmate Low
Vendor pom groupid fasterxml Highest
Vendor file name classmate High
Vendor Manifest specification-vendor fasterxml.com Low
Vendor pom organization name fasterxml.com High
Vendor central groupid com.fasterxml Highest
Vendor pom name ClassMate High
Vendor pom parent-artifactid oss-parent Low
Vendor Manifest bundle-symbolicname com.fasterxml.classmate Medium
Vendor pom url http://github.com/FasterXML/java-classmate Highest
Vendor pom groupid com.fasterxml Highest
Vendor pom parent-groupid com.fasterxml Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product Manifest Implementation-Title ClassMate High
Product pom description Library for introspecting types with full generic information including resolving of field and method types. Low
Product Manifest Bundle-Name ClassMate Medium
Product central artifactid classmate Highest
Product manifest Bundle-Description Library for introspecting types with full generic informationincluding resolving of field and method types. Low
Product Manifest automatic-module-name com.fasterxml.classmate Medium
Product Manifest implementation-build-date 2017-09-09 21:47:22+0000 Low
Product Manifest bundle-docurl http://github.com/FasterXML/java-classmate Low
Product Manifest specification-title ClassMate Medium
Product pom parent-artifactid oss-parent Medium
Product file name classmate High
Product pom parent-groupid com.fasterxml Low
Product pom url http://github.com/FasterXML/java-classmate Medium
Product pom name ClassMate High
Product pom artifactid classmate Highest
Product Manifest bundle-symbolicname com.fasterxml.classmate Medium
Product pom organization name fasterxml.com Low
Product pom organization url http://fasterxml.com Low
Product pom groupid fasterxml Low
Version Manifest Implementation-Version 1.3.4 High
Version file version 1.3.4 Highest
Version central version 1.3.4 Highest
Version pom version 1.3.4 Highest
dom4j-1.6.1.jar
Description: dom4j: the flexible XML framework for Java
File Path: /home/travis/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar
MD5: 4d8f51d3fe3900efc6e395be48030d6d
SHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor file name dom4j High
Vendor pom organization url http://sourceforge.net/projects/dom4j Medium
Vendor pom description dom4j: the flexible XML framework for Java Medium
Vendor pom groupid dom4j Highest
Vendor Manifest extension-name dom4j Medium
Vendor central groupid dom4j High
Vendor pom name dom4j High
Vendor pom url http://dom4j.org Highest
Vendor Manifest Implementation-Vendor MetaStuff Ltd. High
Vendor central groupid org.zenframework.z8.dependencies.commons High
Vendor pom organization name MetaStuff Ltd. High
Vendor Manifest specification-vendor MetaStuff Ltd. Low
Vendor pom artifactid dom4j Low
Product file name dom4j High
Product pom organization url http://sourceforge.net/projects/dom4j Low
Product Manifest Implementation-Title org.dom4j High
Product pom groupid dom4j Low
Product pom description dom4j: the flexible XML framework for Java Medium
Product Manifest extension-name dom4j Medium
Product pom name dom4j High
Product pom artifactid dom4j Highest
Product pom organization name MetaStuff Ltd. Low
Product central artifactid dom4j High
Product pom url http://dom4j.org Medium
Product central artifactid dom4j-1.6.1 High
Product Manifest specification-title dom4j : XML framework for Java Medium
Version central version 2.0 High
Version pom version 1.6.1 Highest
Version Manifest Implementation-Version 1.6.1 High
Version central version 1.6.1 High
Version file version 1.6.1 Highest
Published Vulnerabilities
CVE-2018-1000632 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-91 XML Injection (aka Blind XPath Injection)
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
Vulnerable Software & Versions: (show all )
hibernate-commons-annotations-5.0.1.Final.jar
Description: Common reflection code used in support of annotation processing
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/travis/.m2/repository/org/hibernate/common/hibernate-commons-annotations/5.0.1.Final/hibernate-commons-annotations-5.0.1.Final.jar
MD5: 2a9d6f5a4ece96557bc4300ecc4486fb
SHA1: 71e1cff3fcb20d3b3af4f3363c3ddb24d33c6879
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest implementation-url http://hibernate.org Low
Vendor pom url http://hibernate.org Highest
Vendor Manifest bundle-symbolicname org.hibernate.common.hibernate-commons-annotations Medium
Vendor Manifest Implementation-Vendor Hibernate.org High
Vendor pom name Hibernate Commons Annotations High
Vendor pom organization name Hibernate.org High
Vendor pom groupid hibernate.common Highest
Vendor central groupid org.hibernate.common Highest
Vendor pom groupid org.hibernate.common Highest
Vendor file name hibernate-commons-annotations High
Vendor Manifest Implementation-Vendor-Id org.hibernate Medium
Vendor pom description Common reflection code used in support of annotation processing Medium
Vendor pom artifactid hibernate-commons-annotations Low
Vendor pom organization url http://hibernate.org Medium
Product Manifest implementation-url http://hibernate.org Low
Product Manifest Bundle-Name hibernate-commons-annotations Medium
Product central artifactid hibernate-commons-annotations Highest
Product pom organization url http://hibernate.org Low
Product pom artifactid hibernate-commons-annotations Highest
Product Manifest bundle-symbolicname org.hibernate.common.hibernate-commons-annotations Medium
Product pom name Hibernate Commons Annotations High
Product pom organization name Hibernate.org Low
Product pom groupid hibernate.common Low
Product file name hibernate-commons-annotations High
Product pom description Common reflection code used in support of annotation processing Medium
Product pom url http://hibernate.org Medium
Version Manifest Implementation-Version 5.0.1.Final High
Version central version 5.0.1.Final Highest
Version pom version 5.0.1.Final Highest
Version file version 5.0.1 Highest
el-api-2.2.jar
File Path: /home/travis/.m2/repository/javax/el/el-api/2.2/el-api-2.2.jar
MD5: 900b2de76d7c98f8dcbb43684c823113
SHA1: 42971279cc8ba864462580c7fc2199fd5715ee7f
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid javax.el Highest
Vendor file name el-api High
Vendor pom name Expression Language API (2.1 Maintenance Release) High
Vendor jar package name javax Low
Vendor pom artifactid el-api Low
Vendor pom parent-artifactid el Low
Vendor jar package name el Low
Vendor pom parent-groupid org.glassfish.web Medium
Vendor central groupid javax.el Highest
Product file name el-api High
Product pom name Expression Language API (2.1 Maintenance Release) High
Product central artifactid el-api Highest
Product pom artifactid el-api Highest
Product pom groupid javax.el Low
Product pom parent-artifactid el Medium
Product pom parent-groupid org.glassfish.web Low
Product jar package name el Low
Version central version 2.2 Highest
Version file version 2.2 Highest
Version pom version 2.2 Highest
jboss-interceptors-api_1.1_spec-1.0.0.Beta1.jar
Description:
The JavaEE Interceptors 1.1 API classes from JSR 318.
File Path: /home/travis/.m2/repository/org/jboss/spec/javax/interceptor/jboss-interceptors-api_1.1_spec/1.0.0.Beta1/jboss-interceptors-api_1.1_spec-1.0.0.Beta1.jar
MD5: 73f030d09865c924162588fe75c0d8e0
SHA1: 8cb388fd3b4912373da7a18e199bb55aa52aa5c1
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.jboss.spec Medium
Vendor central groupid org.jboss.spec.javax.interceptor Highest
Vendor pom artifactid jboss-interceptors-api_1.1_spec Low
Vendor pom groupid org.jboss.spec.javax.interceptor Highest
Vendor Manifest implementation-url http://www.jboss.org/jboss-interceptors-api_1.1_spec Low
Vendor Manifest specification-vendor JBoss, a division of Red Hat, Inc. Low
Vendor Manifest Implementation-Vendor-Id org.jboss.spec.javax.interceptor Medium
Vendor pom description
The JavaEE Interceptors 1.1 API classes from JSR 318.
Medium
Vendor file name jboss-interceptors-api_1.1_spec-1.0.0.Beta1 High
Vendor Manifest Implementation-Vendor JBoss, a division of Red Hat, Inc. High
Vendor pom groupid jboss.spec.javax.interceptor Highest
Vendor pom parent-artifactid jboss-specs-parent Low
Vendor pom name Interceptors 1.1 API High
Product pom parent-artifactid jboss-specs-parent Medium
Product pom artifactid jboss-interceptors-api_1.1_spec Highest
Product pom parent-groupid org.jboss.spec Low
Product pom description
The JavaEE Interceptors 1.1 API classes from JSR 318.
Medium
Product Manifest Implementation-Title Interceptors 1.1 API High
Product file name jboss-interceptors-api_1.1_spec-1.0.0.Beta1 High
Product Manifest implementation-url http://www.jboss.org/jboss-interceptors-api_1.1_spec Low
Product central artifactid jboss-interceptors-api_1.1_spec Highest
Product pom groupid jboss.spec.javax.interceptor Low
Product Manifest specification-title Interceptors 1.1 API Medium
Product pom name Interceptors 1.1 API High
Version pom version 1.0.0.Beta1 Highest
Version Manifest Implementation-Version 1.0.0.Beta1 High
Version central version 1.0.0.Beta1 Highest
jsr250-api-1.0.jar
Description: JSR-250 Reference Implementation by Glassfish
License:
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: /home/travis/.m2/repository/javax/annotation/jsr250-api/1.0/jsr250-api-1.0.jar
MD5: 4cd56b2e4977e541186de69f5126b4a6
SHA1: 5025422767732a1ab45d93abfea846513d742dcf
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor pom artifactid jsr250-api Low
Vendor pom url http://jcp.org/aboutJava/communityprocess/final/jsr250/index.html Highest
Vendor central groupid javax.annotation Highest
Vendor jar package name javax Low
Vendor file name jsr250-api High
Vendor pom name JSR-250 Common Annotations for the JavaTM Platform High
Vendor pom description JSR-250 Reference Implementation by Glassfish Medium
Vendor jar package name annotation Low
Vendor pom groupid javax.annotation Highest
Product pom artifactid jsr250-api Highest
Product pom url http://jcp.org/aboutJava/communityprocess/final/jsr250/index.html Medium
Product file name jsr250-api High
Product pom name JSR-250 Common Annotations for the JavaTM Platform High
Product pom description JSR-250 Reference Implementation by Glassfish Medium
Product jar package name annotation Low
Product central artifactid jsr250-api Highest
Product pom groupid javax.annotation Low
Version central version 1.0 Highest
Version file version 1.0 Highest
Version pom version 1.0 Highest
cdi-api-1.1.jar
Description: APIs for CDI (Contexts and Dependency Injection for Java EE)
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/travis/.m2/repository/javax/enterprise/cdi-api/1.1/cdi-api-1.1.jar
MD5: 1c13ca2534b69efc26222c8c6e12cbc7
SHA1: 78b1feee99b05a78575fb2fd79fb77be5e74420d
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest implementation-url http://www.seamframework.org/Weld Low
Vendor pom url http://www.seamframework.org/Weld Highest
Vendor pom groupid javax.enterprise Highest
Vendor pom description APIs for CDI (Contexts and Dependency Injection for Java EE) Medium
Vendor pom artifactid cdi-api Low
Vendor file name cdi-api High
Vendor Manifest specification-vendor JBoss by Red Hat, Inc. Low
Vendor pom name CDI APIs High
Vendor pom organization url http://jboss.org Medium
Vendor Manifest Implementation-Vendor JBoss by Red Hat, Inc. High
Vendor pom parent-groupid org.jboss.weld Medium
Vendor pom parent-artifactid weld-parent Low
Vendor pom organization name JBoss by Red Hat, Inc. High
Vendor central groupid javax.enterprise Highest
Product Manifest implementation-url http://www.seamframework.org/Weld Low
Product Manifest Implementation-Title CDI APIs High
Product pom parent-artifactid weld-parent Medium
Product pom description APIs for CDI (Contexts and Dependency Injection for Java EE) Medium
Product file name cdi-api High
Product Manifest specification-title CDI APIs Medium
Product pom url http://www.seamframework.org/Weld Medium
Product pom name CDI APIs High
Product pom artifactid cdi-api Highest
Product pom parent-groupid org.jboss.weld Low
Product central artifactid cdi-api Highest
Product pom organization name JBoss by Red Hat, Inc. Low
Product pom groupid javax.enterprise Low
Product pom organization url http://jboss.org Low
Version pom version 1.1 Highest
Version central version 1.1 Highest
Version file version 1.1 Highest
hibernate-core-5.2.3.Final.jar
Description: The core O/RM functionality as provided by Hibernate
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/travis/.m2/repository/org/hibernate/hibernate-core/5.2.3.Final/hibernate-core-5.2.3.Final.jar
MD5: 7960a6866122fa3e18f9b81566f4aeb4
SHA1: 2903cfef064e2d4c650ece5a5dceefad826e4b26
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest implementation-url http://hibernate.org Low
Vendor Manifest bundle-symbolicname org.hibernate.core Medium
Vendor pom groupid hibernate Highest
Vendor pom name Core Hibernate O/RM functionality High
Vendor pom url http://hibernate.org Highest
Vendor manifest Bundle-Description A module of the Hibernate O/RM project Medium
Vendor Manifest Implementation-Vendor Hibernate.org High
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Vendor pom organization name Hibernate.org High
Vendor file name hibernate-core High
Vendor pom groupid org.hibernate Highest
Vendor central groupid org.hibernate Highest
Vendor Manifest Implementation-Vendor-Id org.hibernate Medium
Vendor pom description The core O/RM functionality as provided by Hibernate Medium
Vendor Manifest specification-vendor Hibernate.org Low
Vendor pom artifactid hibernate-core Low
Vendor pom organization url http://hibernate.org Medium
Product Manifest Implementation-Title hibernate-core High
Product Manifest implementation-url http://hibernate.org Low
Product pom groupid hibernate Low
Product central artifactid hibernate-core Highest
Product Manifest bundle-symbolicname org.hibernate.core Medium
Product Manifest Bundle-Name hibernate-core Medium
Product pom organization url http://hibernate.org Low
Product pom name Core Hibernate O/RM functionality High
Product manifest Bundle-Description A module of the Hibernate O/RM project Medium
Product pom artifactid hibernate-core Highest
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Product file name hibernate-core High
Product Manifest specification-title hibernate-core Medium
Product pom organization name Hibernate.org Low
Product pom description The core O/RM functionality as provided by Hibernate Medium
Product pom url http://hibernate.org Medium
Version file version 5.2.3 Highest
Version Manifest Implementation-Version 5.2.3.Final High
Version central version 5.2.3.Final Highest
Version pom version 5.2.3.Final Highest
hibernate-entitymanager-5.2.3.Final.jar
Description: (deprecated - use hibernate-core instead) Hibernate O/RM implementation of the JPA specification
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/travis/.m2/repository/org/hibernate/hibernate-entitymanager/5.2.3.Final/hibernate-entitymanager-5.2.3.Final.jar
MD5: 66460e7fc36589fc21a8b64bd9c6904b
SHA1: 7afbca082945eca8c6f244477304d43a7fc65250
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor file name hibernate-entitymanager High
Vendor pom groupid hibernate Highest
Vendor pom artifactid hibernate-entitymanager Low
Vendor pom url http://hibernate.org Highest
Vendor pom groupid org.hibernate Highest
Vendor central groupid org.hibernate Highest
Vendor pom organization name Hibernate.org High
Vendor pom name (deprecated - use hibernate-core instead) Hibernate JPA Support High
Vendor pom description (deprecated - use hibernate-core instead) Hibernate O/RM implementation of the JPA specification Medium
Vendor pom organization url http://hibernate.org Medium
Product pom groupid hibernate Low
Product file name hibernate-entitymanager High
Product pom organization url http://hibernate.org Low
Product pom artifactid hibernate-entitymanager Highest
Product pom organization name Hibernate.org Low
Product pom name (deprecated - use hibernate-core instead) Hibernate JPA Support High
Product pom description (deprecated - use hibernate-core instead) Hibernate O/RM implementation of the JPA specification Medium
Product pom url http://hibernate.org Medium
Product central artifactid hibernate-entitymanager Highest
Version file version 5.2.3 Highest
Version central version 5.2.3.Final Highest
Version pom version 5.2.3.Final Highest
hibernate-jpa-2.1-api-1.0.0.Final.jar
Description: Clean-room definition of JPA APIs intended for use in developing Hibernate JPA implementation. See README.md for details
License:
Eclipse Public License (EPL), Version 1.0: http://www.eclipse.org/legal/epl-v10.html
Eclipse Distribution License (EDL), Version 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /home/travis/.m2/repository/org/hibernate/javax/persistence/hibernate-jpa-2.1-api/1.0.0.Final/hibernate-jpa-2.1-api-1.0.0.Final.jar
MD5: 01b091825023c97fdfd6d2bceebe03ff
SHA1: 5e731d961297e5a07290bfaf3db1fbc8bbbf405a
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor pom groupid hibernate.javax.persistence Highest
Vendor pom description Clean-room definition of JPA APIs intended for use in developing Hibernate JPA implementation. See README.md for details Low
Vendor file name hibernate-jpa-2.1-api-1.0.0.Final High
Vendor pom url http://hibernate.org Highest
Vendor pom groupid org.hibernate.javax.persistence Highest
Vendor Manifest Implementation-Vendor hibernate.org High
Vendor pom artifactid hibernate-jpa-2.1-api Low
Vendor pom name Java Persistence API, Version 2.1 High
Vendor Manifest bundle-symbolicname org.hibernate.javax.persistence.hibernate-jpa-2.1-api Medium
Vendor central groupid org.hibernate.javax.persistence Highest
Product Manifest Bundle-Name hibernate-jpa-2.1-api Medium
Product pom description Clean-room definition of JPA APIs intended for use in developing Hibernate JPA implementation. See README.md for details Low
Product file name hibernate-jpa-2.1-api-1.0.0.Final High
Product Manifest specification-title Java Persistence API, Version 2.1 Medium
Product central artifactid hibernate-jpa-2.1-api Highest
Product Manifest Implementation-Title Java Persistence API High
Product pom artifactid hibernate-jpa-2.1-api Highest
Product pom name Java Persistence API, Version 2.1 High
Product Manifest bundle-symbolicname org.hibernate.javax.persistence.hibernate-jpa-2.1-api Medium
Product pom url http://hibernate.org Medium
Product pom groupid hibernate.javax.persistence Low
Version central version 1.0.0.Final Highest
Version Manifest Implementation-Version 1.0.0.Final High
Version pom version 1.0.0.Final Highest
hibernate-jpamodelgen-5.2.3.Final.jar
Description: Annotation Processor to generate JPA 2 static metamodel classes
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/travis/.m2/repository/org/hibernate/hibernate-jpamodelgen/5.2.3.Final/hibernate-jpamodelgen-5.2.3.Final.jar
MD5: 063bda0164960a297f8510c2f043f4dd
SHA1: f6b1ba04e2cf380cde5c1b12baa95ab0b0c642ac
Referenced In Project/Scope:
spring-batch-support-samples-web:provided
Evidence
Type Source Name Value Confidence
Vendor Manifest implementation-url http://hibernate.org Low
Vendor pom description Annotation Processor to generate JPA 2 static metamodel classes Medium
Vendor pom groupid hibernate Highest
Vendor pom url http://hibernate.org Highest
Vendor manifest Bundle-Description A module of the Hibernate O/RM project Medium
Vendor Manifest Implementation-Vendor Hibernate.org High
Vendor pom name Hibernate JPA 2 Metamodel Generator High
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Vendor pom organization name Hibernate.org High
Vendor pom groupid org.hibernate Highest
Vendor Manifest bundle-symbolicname org.hibernate.jpamodelgen Medium
Vendor central groupid org.hibernate Highest
Vendor Manifest Implementation-Vendor-Id org.hibernate Medium
Vendor file name hibernate-jpamodelgen High
Vendor Manifest specification-vendor Hibernate.org Low
Vendor pom artifactid hibernate-jpamodelgen Low
Vendor pom organization url http://hibernate.org Medium
Product Manifest implementation-url http://hibernate.org Low
Product pom groupid hibernate Low
Product pom description Annotation Processor to generate JPA 2 static metamodel classes Medium
Product pom organization url http://hibernate.org Low
Product pom artifactid hibernate-jpamodelgen Highest
Product manifest Bundle-Description A module of the Hibernate O/RM project Medium
Product pom name Hibernate JPA 2 Metamodel Generator High
Product Manifest specification-title hibernate-jpamodelgen Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Product Manifest Implementation-Title hibernate-jpamodelgen High
Product Manifest Bundle-Name hibernate-jpamodelgen Medium
Product pom organization name Hibernate.org Low
Product central artifactid hibernate-jpamodelgen Highest
Product Manifest bundle-symbolicname org.hibernate.jpamodelgen Medium
Product file name hibernate-jpamodelgen High
Product pom url http://hibernate.org Medium
Version file version 5.2.3 Highest
Version Manifest Implementation-Version 5.2.3.Final High
Version central version 5.2.3.Final Highest
Version pom version 5.2.3.Final Highest
validation-api-2.0.1.Final.jar
Description:
Bean Validation API
License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/javax/validation/validation-api/2.0.1.Final/validation-api-2.0.1.Final.jar
MD5: 5d02c034034a7a16725ceff787e191d6
SHA1: cb855558e6271b1b32e716d24cb85c7f583ce09e
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor manifest Bundle-Description Bean Validation API Medium
Vendor pom artifactid validation-api Low
Vendor Manifest bundle-symbolicname javax.validation.api Medium
Vendor pom groupid javax.validation Highest
Vendor file name validation-api High
Vendor Manifest automatic-module-name java.validation Medium
Vendor pom name Bean Validation API High
Vendor pom description
Bean Validation API
Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Vendor pom url http://beanvalidation.org Highest
Vendor central groupid javax.validation Highest
Product pom url http://beanvalidation.org Medium
Product manifest Bundle-Description Bean Validation API Medium
Product Manifest bundle-symbolicname javax.validation.api Medium
Product file name validation-api High
Product pom groupid javax.validation Low
Product pom description
Bean Validation API
Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Product pom artifactid validation-api Highest
Product central artifactid validation-api Highest
Product Manifest automatic-module-name java.validation Medium
Product pom name Bean Validation API High
Product Manifest Bundle-Name Bean Validation API Medium
Version file version 2.0.1 Highest
Version pom version 2.0.1.Final Highest
Version central version 2.0.1.Final Highest
hibernate-validator-5.3.0.Final.jar
Description: Hibernate's Bean Validation (JSR-303) reference implementation.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/hibernate/hibernate-validator/5.3.0.Final/hibernate-validator-5.3.0.Final.jar
MD5: adbb3e8dea7d248cebe1c85495f1ae92
SHA1: fe2600d905fc7ca8294044310c3b2a72e98ec27e
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor pom groupid hibernate Highest
Vendor Manifest implementation-url http://hibernate.org/validator/ Low
Vendor pom parent-groupid org.hibernate Medium
Vendor manifest Bundle-Description Hibernate's Bean Validation (JSR-303) reference implementation. Medium
Vendor pom artifactid hibernate-validator Low
Vendor pom name Hibernate Validator Engine High
Vendor pom parent-artifactid hibernate-validator-parent Low
Vendor file name hibernate-validator High
Vendor Manifest bundle-symbolicname org.hibernate.validator Medium
Vendor Manifest Implementation-Vendor org.hibernate High
Vendor pom groupid org.hibernate Highest
Vendor central groupid org.hibernate Highest
Vendor Manifest Implementation-Vendor-Id org.hibernate Medium
Vendor pom description Hibernate's Bean Validation (JSR-303) reference implementation. Medium
Product pom groupid hibernate Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product central artifactid hibernate-validator Highest
Product pom artifactid hibernate-validator Highest
Product Manifest implementation-url http://hibernate.org/validator/ Low
Product Manifest specification-title Bean Validation Medium
Product manifest Bundle-Description Hibernate's Bean Validation (JSR-303) reference implementation. Medium
Product Manifest Bundle-Name Hibernate Validator Engine Medium
Product pom name Hibernate Validator Engine High
Product pom parent-groupid org.hibernate Low
Product file name hibernate-validator High
Product Manifest bundle-symbolicname org.hibernate.validator Medium
Product pom parent-artifactid hibernate-validator-parent Medium
Product pom description Hibernate's Bean Validation (JSR-303) reference implementation. Medium
Product Manifest Implementation-Title hibernate-validator High
Version file version 5.3.0 Highest
Version central version 5.3.0.Final Highest
Version pom version 5.3.0.Final Highest
Version Manifest Implementation-Version 5.3.0.Final High
mysql-connector-java-6.0.4.jar
Description: MySQL JDBC Type 4 driver
License:
The GNU General Public License, Version 2: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
File Path: /home/travis/.m2/repository/mysql/mysql-connector-java/6.0.4/mysql-connector-java-6.0.4.jar
MD5: 0ec0098028df28058bbf3fd058e2dd5e
SHA1: 20efb52fc39f60debcbc96a688f8c4e70654ef6b
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor file name mysql-connector-java High
Vendor pom organization name Oracle Corporation High
Vendor central groupid mysql Highest
Vendor hint analyzer vendor oracle Highest
Vendor pom description MySQL JDBC Type 4 driver Medium
Vendor Manifest bundle-symbolicname com.mysql.cj Medium
Vendor Manifest specification-vendor Oracle Corporation Low
Vendor pom name MySQL Connector/J High
Vendor Manifest (hint) Implementation-Vendor sun High
Vendor pom url http://dev.mysql.com/doc/connector-j/en/ Highest
Vendor Manifest Implementation-Vendor-Id com.mysql Medium
Vendor Manifest Implementation-Vendor Oracle High
Vendor pom groupid mysql Highest
Vendor hint analyzer (hint) vendor sun Highest
Vendor pom organization url http://www.oracle.com Medium
Vendor pom artifactid mysql-connector-java Low
Product file name mysql-connector-java High
Product pom organization name Oracle Corporation Low
Product Manifest Implementation-Title MySQL Connector Java High
Product pom description MySQL JDBC Type 4 driver Medium
Product hint analyzer product mysql_connector/j Highest
Product Manifest bundle-symbolicname com.mysql.cj Medium
Product Manifest specification-title JDBC Medium
Product pom organization url http://www.oracle.com Low
Product Manifest Bundle-Name Oracle Corporation's JDBC Driver for MySQL Medium
Product pom name MySQL Connector/J High
Product hint analyzer product mysql_connectors Highest
Product pom groupid mysql Low
Product pom artifactid mysql-connector-java Highest
Product hint analyzer product mysql_connector_j Highest
Product central artifactid mysql-connector-java Highest
Product pom url http://dev.mysql.com/doc/connector-j/en/ Medium
Version Manifest Implementation-Version 6.0.4 High
Version file version 6.0.4 Highest
Version pom version 6.0.4 Highest
Version central version 6.0.4 Highest
cpe: cpe:/a:oracle:mysql_connector/j:6.0.4
Confidence :Low
suppress
maven: mysql:mysql-connector-java:6.0.4 ✓
Confidence :Highest
cpe: cpe:/a:oracle:mysql:6.0.4
Confidence :Low
suppress
cpe: cpe:/a:oracle:mysql_connectors:6.0.4
Confidence :Low
suppress
cpe: cpe:/a:oracle:connector/j:6.0.4
Confidence :Low
suppress
cpe: cpe:/a:mysql:mysql:6.0.4
Confidence :Highest
suppress
Published Vulnerabilities
CVE-2018-3054 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions: (show all )
CVE-2018-3056 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
Vulnerable Software & Versions: (show all )
CVE-2018-3060 suppress
Severity:
Medium
CVSS Score: 5.5
(AV:N/AC:L/Au:S/C:N/I:P/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).
Vulnerable Software & Versions: (show all )
CVE-2018-3062 suppress
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions: (show all )
CVE-2018-3064 suppress
Severity:
Medium
CVSS Score: 5.5
(AV:N/AC:L/Au:S/C:N/I:P/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).
Vulnerable Software & Versions: (show all )
CVE-2018-3065 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions: (show all )
CVE-2018-3067 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
CVE-2018-3073 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
CVE-2018-3074 suppress
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
CVE-2018-3075 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
CVE-2018-3077 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions: (show all )
CVE-2018-3078 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
CVE-2018-3079 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
CVE-2018-3080 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
CVE-2018-3081 suppress
Severity:
Medium
CVSS Score: 4.9
(AV:N/AC:M/Au:S/C:N/I:P/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).
Vulnerable Software & Versions: (show all )
CVE-2018-3082 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).
Vulnerable Software & Versions:
CVE-2018-3084 suppress
Severity:
Low
CVSS Score: 1.9
(AV:L/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Core / Client). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 2.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L).
Vulnerable Software & Versions:
CVE-2018-3137 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
CVE-2018-3145 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
CVE-2018-3170 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
CVE-2018-3182 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
CVE-2018-3186 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
CVE-2018-3195 suppress
Severity:
Medium
CVSS Score: 5.5
(AV:N/AC:L/Au:S/C:N/I:P/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
Vulnerable Software & Versions:
CVE-2018-3203 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
CVE-2018-3212 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Information Schema). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
CVE-2018-3258 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Vulnerable Software & Versions: (show all )
CVE-2018-3279 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
CVE-2018-3286 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
Vulnerable Software & Versions:
h2-1.4.192.jar
Description: H2 Database Engine
License:
MPL 2.0 or EPL 1.0: http://h2database.com/html/license.html
File Path: /home/travis/.m2/repository/com/h2database/h2/1.4.192/h2-1.4.192.jar
MD5: 8e161053d21949a13e0918550cd5d2ca
SHA1: 1106492605db135523d2817881cdf029d9292afa
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor pom artifactid h2 Low
Vendor central groupid com.h2database Highest
Vendor pom groupid com.h2database Highest
Vendor Manifest implementation-url http://www.h2database.com Low
Vendor pom url http://www.h2database.com Highest
Vendor file name h2 High
Vendor Manifest bundle-symbolicname org.h2 Medium
Vendor pom description H2 Database Engine Medium
Vendor pom groupid h2database Highest
Vendor pom name H2 Database Engine High
Product Manifest implementation-url http://www.h2database.com Low
Product pom artifactid h2 Highest
Product Manifest Bundle-Name H2 Database Engine Medium
Product Manifest Implementation-Title H2 Database Engine High
Product pom groupid h2database Low
Product pom url http://www.h2database.com Medium
Product central artifactid h2 Highest
Product file name h2 High
Product Manifest bundle-symbolicname org.h2 Medium
Product pom description H2 Database Engine Medium
Product pom name H2 Database Engine High
Version file version 1.4.192 Highest
Version pom version 1.4.192 Highest
Version Manifest Implementation-Version 1.4.192 High
Version central version 1.4.192 Highest
javax.servlet-api-3.1.0.jar
Description: Java(TM) Servlet 3.1 API Design Specification
License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /home/travis/.m2/repository/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar
MD5: 79de69e9f5ed8c7fcb8342585732bbf7
SHA1: 3cd63d075497751784b2fa84be59432f4905bf7c
Referenced In Project/Scope:
spring-batch-support-samples-web:provided
Evidence
Type Source Name Value Confidence
Vendor manifest Bundle-Description Java(TM) Servlet 3.1 API Design Specification Medium
Vendor pom groupid javax.servlet Highest
Vendor Manifest bundle-symbolicname javax.servlet-api Medium
Vendor central groupid javax.servlet Highest
Vendor Manifest specification-vendor Oracle Corporation Low
Vendor Manifest bundle-docurl https://glassfish.dev.java.net Low
Vendor pom parent-groupid net.java Medium
Vendor Manifest Implementation-Vendor-Id org.glassfish Medium
Vendor Manifest extension-name javax.servlet Medium
Vendor pom organization name GlassFish Community High
Vendor pom artifactid javax.servlet-api Low
Vendor Manifest Implementation-Vendor GlassFish Community High
Vendor pom organization url https://glassfish.dev.java.net Medium
Vendor pom url http://servlet-spec.java.net Highest
Vendor pom parent-artifactid jvnet-parent Low
Vendor file name javax.servlet-api High
Vendor pom name Java Servlet API High
Product manifest Bundle-Description Java(TM) Servlet 3.1 API Design Specification Medium
Product Manifest bundle-symbolicname javax.servlet-api Medium
Product Manifest Bundle-Name Java Servlet API Medium
Product pom artifactid javax.servlet-api Highest
Product Manifest bundle-docurl https://glassfish.dev.java.net Low
Product pom parent-groupid net.java Low
Product pom organization url https://glassfish.dev.java.net Low
Product central artifactid javax.servlet-api Highest
Product pom groupid javax.servlet Low
Product pom url http://servlet-spec.java.net Medium
Product Manifest extension-name javax.servlet Medium
Product pom parent-artifactid jvnet-parent Medium
Product pom organization name GlassFish Community Low
Product file name javax.servlet-api High
Product pom name Java Servlet API High
Version file version 3.1.0 Highest
Version central version 3.1.0 Highest
Version pom version 3.1.0 Highest
Version Manifest Implementation-Version 3.1.0 High
ognl-3.1.10.jar
Description: OGNL - Object Graph Navigation Library
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/ognl/ognl/3.1.10/ognl-3.1.10.jar
MD5: 80334f0492ae3ff83f710f66190cd2d8
SHA1: f0b5388b0de908867f2c714ccd589301a15e3b2f
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor file name ognl High
Vendor pom groupid ognl Highest
Vendor pom url http://ognl.org Highest
Vendor pom artifactid ognl Low
Vendor central groupid ognl Highest
Vendor pom organization name OpenSymphony High
Vendor jar package name ognl Low
Vendor pom description OGNL - Object Graph Navigation Library Medium
Vendor pom name OGNL - Object Graph Navigation Library High
Vendor pom organization url http://www.opensymphony.com Medium
Product pom groupid ognl Low
Product file name ognl High
Product central artifactid ognl Highest
Product pom artifactid ognl Highest
Product pom organization url http://www.opensymphony.com Low
Product pom organization name OpenSymphony Low
Product pom description OGNL - Object Graph Navigation Library Medium
Product pom name OGNL - Object Graph Navigation Library High
Product pom url http://ognl.org Medium
Version pom version 3.1.10 Highest
Version central version 3.1.10 Highest
Version file version 3.1.10 Highest
cpe: cpe:/a:ognl_project:ognl:3.1.10
Confidence :Low
suppress
maven: ognl:ognl:3.1.10 ✓
Confidence :Highest
attoparser-2.0.1.RELEASE.jar
Description: Powerful, fast and easy to use HTML and XML parser for Java
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/attoparser/attoparser/2.0.1.RELEASE/attoparser-2.0.1.RELEASE.jar
MD5: 0aec87c6735aa32c65080990dfbe0027
SHA1: 3e95f3d9fa8095171d96cd4a57d6f3caa51982dc
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest specification-vendor The ATTOPARSER team Low
Vendor file name attoparser High
Vendor Manifest bundle-docurl http://www.attoparser.org Low
Vendor pom groupid attoparser Highest
Vendor manifest Bundle-Description Powerful, fast and easy to use HTML and XML parser for Java Medium
Vendor Manifest bundle-symbolicname org.attoparser Medium
Vendor pom organization name The ATTOPARSER team High
Vendor central groupid org.attoparser Highest
Vendor pom name attoparser High
Vendor Manifest Implementation-Vendor-Id org.attoparser Medium
Vendor pom groupid org.attoparser Highest
Vendor pom organization url http://www.attoparser.org Medium
Vendor pom url http://www.attoparser.org Highest
Vendor pom description Powerful, fast and easy to use HTML and XML parser for Java Medium
Vendor Manifest Implementation-Vendor The ATTOPARSER team High
Vendor pom artifactid attoparser Low
Product pom groupid attoparser Low
Product file name attoparser High
Product Manifest bundle-docurl http://www.attoparser.org Low
Product manifest Bundle-Description Powerful, fast and easy to use HTML and XML parser for Java Medium
Product Manifest bundle-symbolicname org.attoparser Medium
Product pom name attoparser High
Product pom organization name The ATTOPARSER team Low
Product pom artifactid attoparser Highest
Product Manifest specification-title attoparser Medium
Product Manifest Implementation-Title attoparser High
Product pom organization url http://www.attoparser.org Low
Product pom description Powerful, fast and easy to use HTML and XML parser for Java Medium
Product Manifest Bundle-Name attoparser Medium
Product central artifactid attoparser Highest
Product pom url http://www.attoparser.org Medium
Version central version 2.0.1.RELEASE Highest
Version Manifest Implementation-Version 2.0.1.RELEASE High
Version pom version 2.0.1.RELEASE Highest
unbescape-1.1.4.RELEASE.jar
Description: Advanced yet easy-to-use escape/unescape library for Java
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/unbescape/unbescape/1.1.4.RELEASE/unbescape-1.1.4.RELEASE.jar
MD5: 27d3d1f9aa719637066193c951d42990
SHA1: 1ef1371149efc31d72d35dc290cf16c1a4736a12
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor pom name unbescape High
Vendor pom url http://www.unbescape.org Highest
Vendor central groupid org.unbescape Highest
Vendor Manifest specification-vendor The UNBESCAPE team Low
Vendor Manifest implementation-url http://www.unbescape.org Low
Vendor pom description Advanced yet easy-to-use escape/unescape library for Java Medium
Vendor pom organization url http://www.unbescape.org Medium
Vendor file name unbescape High
Vendor Manifest bundle-docurl http://www.unbescape.org Low
Vendor pom groupid org.unbescape Highest
Vendor Manifest Implementation-Vendor-Id org.unbescape Medium
Vendor Manifest bundle-symbolicname org.unbescape Medium
Vendor manifest Bundle-Description Advanced yet easy-to-use escape/unescape library for Java Medium
Vendor pom artifactid unbescape Low
Vendor pom groupid unbescape Highest
Vendor Manifest Implementation-Vendor The UNBESCAPE team High
Vendor pom organization name The UNBESCAPE team High
Product pom name unbescape High
Product Manifest implementation-url http://www.unbescape.org Low
Product pom organization name The UNBESCAPE team Low
Product pom description Advanced yet easy-to-use escape/unescape library for Java Medium
Product pom url http://www.unbescape.org Medium
Product pom groupid unbescape Low
Product central artifactid unbescape Highest
Product file name unbescape High
Product Manifest specification-title unbescape Medium
Product Manifest bundle-docurl http://www.unbescape.org Low
Product Manifest Bundle-Name unbescape Medium
Product pom organization url http://www.unbescape.org Low
Product Manifest bundle-symbolicname org.unbescape Medium
Product pom artifactid unbescape Highest
Product manifest Bundle-Description Advanced yet easy-to-use escape/unescape library for Java Medium
Product Manifest Implementation-Title unbescape High
Version pom version 1.1.4.RELEASE Highest
Version Manifest Implementation-Version 1.1.4.RELEASE High
Version central version 1.1.4.RELEASE Highest
thymeleaf-3.0.2.RELEASE.jar
Description: XML/XHTML/HTML5 template engine for Java
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/thymeleaf/thymeleaf/3.0.2.RELEASE/thymeleaf-3.0.2.RELEASE.jar
MD5: 498a4da70b48a30d975d04fb15ed4d70
SHA1: f0758d924815a8ada59ecf3b34f9bb6c2c2441b7
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor The THYMELEAF team High
Vendor pom groupid thymeleaf Highest
Vendor Manifest Implementation-Vendor-Id org.thymeleaf Medium
Vendor pom url http://www.thymeleaf.org Highest
Vendor file name thymeleaf High
Vendor pom organization url http://www.thymeleaf.org Medium
Vendor pom artifactid thymeleaf Low
Vendor Manifest specification-vendor The THYMELEAF team Low
Vendor pom description XML/XHTML/HTML5 template engine for Java Medium
Vendor central groupid org.thymeleaf Highest
Vendor pom name thymeleaf High
Vendor pom organization name The THYMELEAF team High
Vendor pom groupid org.thymeleaf Highest
Product pom groupid thymeleaf Low
Product pom description XML/XHTML/HTML5 template engine for Java Medium
Product Manifest specification-title thymeleaf Medium
Product central artifactid thymeleaf Highest
Product pom organization url http://www.thymeleaf.org Low
Product file name thymeleaf High
Product Manifest Implementation-Title thymeleaf High
Product pom organization name The THYMELEAF team Low
Product pom name thymeleaf High
Product pom url http://www.thymeleaf.org Medium
Product pom artifactid thymeleaf Highest
Version pom version 3.0.2.RELEASE Highest
Version Manifest Implementation-Version 3.0.2.RELEASE High
Version central version 3.0.2.RELEASE Highest
thymeleaf-spring4-3.0.2.RELEASE.jar
Description: XML/XHTML/HTML5 template engine for Java
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/thymeleaf/thymeleaf-spring4/3.0.2.RELEASE/thymeleaf-spring4-3.0.2.RELEASE.jar
MD5: 8505e918bdde8d90e712242c2f47cd20
SHA1: 9e99f78f944b58e491faa930f730709f80450892
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor The THYMELEAF team High
Vendor pom groupid thymeleaf Highest
Vendor Manifest Implementation-Vendor-Id org.thymeleaf Medium
Vendor pom url http://www.thymeleaf.org Highest
Vendor pom organization url http://www.thymeleaf.org Medium
Vendor Manifest specification-vendor The THYMELEAF team Low
Vendor pom name thymeleaf-spring4 High
Vendor pom description XML/XHTML/HTML5 template engine for Java Medium
Vendor pom artifactid thymeleaf-spring4 Low
Vendor file name thymeleaf-spring4 High
Vendor central groupid org.thymeleaf Highest
Vendor pom organization name The THYMELEAF team High
Vendor pom groupid org.thymeleaf Highest
Product pom groupid thymeleaf Low
Product pom description XML/XHTML/HTML5 template engine for Java Medium
Product central artifactid thymeleaf-spring4 Highest
Product pom organization url http://www.thymeleaf.org Low
Product file name thymeleaf-spring4 High
Product Manifest Implementation-Title thymeleaf-spring4 High
Product pom organization name The THYMELEAF team Low
Product pom artifactid thymeleaf-spring4 Highest
Product Manifest specification-title thymeleaf-spring4 Medium
Product pom url http://www.thymeleaf.org Medium
Product pom name thymeleaf-spring4 High
Version pom version 3.0.2.RELEASE Highest
Version Manifest Implementation-Version 3.0.2.RELEASE High
Version central version 3.0.2.RELEASE Highest
commons-fileupload-1.3.2.jar
Description:
The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/commons-fileupload/commons-fileupload/1.3.2/commons-fileupload-1.3.2.jar
MD5: f76891c36a08e87e3f806d3a83fcb4bc
SHA1: 5d7491ed6ebd02b6a8d2305f8e6b7fe5dbd95f72
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest implementation-url http://commons.apache.org/proper/commons-fileupload/ Low
Vendor pom url http://commons.apache.org/proper/commons-fileupload/ Highest
Vendor Manifest bundle-symbolicname org.apache.commons.fileupload Medium
Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-fileupload/ Low
Vendor pom parent-groupid org.apache.commons Medium
Vendor pom name Apache Commons FileUpload High
Vendor pom description The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Low
Vendor pom groupid commons-fileupload Highest
Vendor manifest Bundle-Description The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Low
Vendor pom parent-artifactid commons-parent Low
Vendor pom artifactid commons-fileupload Low
Vendor central groupid commons-fileupload Highest
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest implementation-build tags/FILEUPLOAD_1_3_2_RC1@r1745203; 2016-05-23 14:47:52+0000 Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor file name commons-fileupload High
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Product Manifest implementation-url http://commons.apache.org/proper/commons-fileupload/ Low
Product Manifest bundle-symbolicname org.apache.commons.fileupload Medium
Product Manifest bundle-docurl http://commons.apache.org/proper/commons-fileupload/ Low
Product pom name Apache Commons FileUpload High
Product pom description The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Low
Product Manifest specification-title Apache Commons FileUpload Medium
Product manifest Bundle-Description The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Low
Product pom artifactid commons-fileupload Highest
Product Manifest Implementation-Title Apache Commons FileUpload High
Product Manifest Bundle-Name Apache Commons FileUpload Medium
Product Manifest implementation-build tags/FILEUPLOAD_1_3_2_RC1@r1745203; 2016-05-23 14:47:52+0000 Low
Product pom url http://commons.apache.org/proper/commons-fileupload/ Medium
Product pom groupid commons-fileupload Low
Product central artifactid commons-fileupload Highest
Product file name commons-fileupload High
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Product pom parent-groupid org.apache.commons Low
Product pom parent-artifactid commons-parent Medium
Version Manifest Implementation-Version 1.3.2 High
Version pom version 1.3.2 Highest
Version central version 1.3.2 Highest
Version file version 1.3.2 Highest
Published Vulnerabilities
CVE-2016-1000031 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-284 Improper Access Control
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
Vulnerable Software & Versions:
commons-io-2.5.jar
Description:
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/commons-io/commons-io/2.5/commons-io-2.5.jar
MD5: e2d74794fba570ec2115fb9d5b05dc9b
SHA1: 2852e6e05fbb95076fc091f6d1780f1f8fe35e0f
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor Manifest bundle-symbolicname org.apache.commons.io Medium
Vendor pom description
The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more. Low
Vendor file name commons-io High
Vendor manifest Bundle-Description The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more. Low
Vendor pom parent-groupid org.apache.commons Medium
Vendor pom url http://commons.apache.org/proper/commons-io/ Highest
Vendor central groupid commons-io Highest
Vendor pom parent-artifactid commons-parent Low
Vendor pom artifactid commons-io Low
Vendor Manifest implementation-url http://commons.apache.org/proper/commons-io/ Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-io/ Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom groupid commons-io Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom name Apache Commons IO High
Vendor Manifest implementation-build tags/commons-io-2.5@r1739098; 2016-04-14 09:19:54-0400 Low
Product Manifest specification-title Apache Commons IO Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product Manifest bundle-symbolicname org.apache.commons.io Medium
Product pom description
The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more. Low
Product file name commons-io High
Product Manifest Bundle-Name Apache Commons IO Medium
Product manifest Bundle-Description The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more. Low
Product central artifactid commons-io Highest
Product pom groupid commons-io Low
Product Manifest Implementation-Title Apache Commons IO High
Product pom artifactid commons-io Highest
Product Manifest implementation-url http://commons.apache.org/proper/commons-io/ Low
Product Manifest bundle-docurl http://commons.apache.org/proper/commons-io/ Low
Product pom url http://commons.apache.org/proper/commons-io/ Medium
Product pom name Apache Commons IO High
Product Manifest implementation-build tags/commons-io-2.5@r1739098; 2016-04-14 09:19:54-0400 Low
Product pom parent-groupid org.apache.commons Low
Product pom parent-artifactid commons-parent Medium
Version pom version 2.5 Highest
Version file version 2.5 Highest
Version Manifest Implementation-Version 2.5 High
Version central version 2.5 Highest
ehcache-2.10.2.2.21.jar: sizeof-agent.jar
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/net/sf/ehcache/pool/sizeof/sizeof-agent.jar
MD5: 5ad919b3ac0516897bdca079c9a222a8
SHA1: e86399a80ae6a6c7a563717eaa0ce9ba4708571c
Referenced In Project/Scope:
spring-batch-support-samples-web:compile
Evidence
Type Source Name Value Confidence
Vendor file name sizeof-agent High
Vendor pom groupid net.sf.ehcache Highest
Vendor Manifest jenkins-project sizeof-agent_sizeof-agent-1.0.1_publisher Low
Vendor Manifest hudson-project sizeof-agent_sizeof-agent-1.0.1_publisher Low
Vendor pom parent-artifactid ehcache-parent Low
Vendor pom url http://www.ehcache.org Highest
Vendor Manifest jenkins-build-number 6 Low
Vendor pom artifactid sizeof-agent Low
Vendor Manifest hudson-build-number 6 Low
Vendor pom name Ehcache Size-Of Agent High
Product file name sizeof-agent High
Product pom parent-artifactid ehcache-parent Medium
Product pom groupid net.sf.ehcache Low
Product Manifest jenkins-project sizeof-agent_sizeof-agent-1.0.1_publisher Low
Product Manifest hudson-project sizeof-agent_sizeof-agent-1.0.1_publisher Low
Product pom url http://www.ehcache.org Medium
Product Manifest jenkins-build-number 6 Low
Product Manifest hudson-build-number 6 Low
Product pom artifactid sizeof-agent Highest
Product pom name Ehcache Size-Of Agent High
Version pom parent-version 1.0.1 Low
Version Manifest hudson-version 1.449 Medium
Version pom version 1.0.1 Highest
Version Manifest jenkins-build-number 6 Low
Version Manifest jenkins-version 1.449 Medium
Version Manifest hudson-build-number 6 Low
maven: net.sf.ehcache:sizeof-agent:1.0.1
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-annotations/pom.xml
Description: Core annotations used for value types, used by Jackson data binding package.
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-annotations/pom.xml
MD5: 920a7c797babb215595b83388a2cab1a
SHA1: bf2a064aec0f86ef110ded6b11147350cfef0bb7
Evidence
Type Source Name Value Confidence
Vendor pom description Core annotations used for value types, used by Jackson data binding package.
Medium
Vendor pom url http://wiki.fasterxml.com/JacksonHome Highest
Vendor pom name Jackson-annotations High
Vendor pom groupid fasterxml.jackson.core Highest
Vendor pom artifactid jackson-annotations Low
Vendor pom parent-artifactid oss-parent Low
Vendor pom parent-groupid com.fasterxml Medium
Product pom description Core annotations used for value types, used by Jackson data binding package.
Medium
Product pom groupid fasterxml.jackson.core Low
Product pom url http://wiki.fasterxml.com/JacksonHome Medium
Product pom parent-artifactid oss-parent Medium
Product pom name Jackson-annotations High
Product pom parent-groupid com.fasterxml Low
Product pom artifactid jackson-annotations Highest
Version pom parent-version 2.3.0 Low
Version pom version 2.3.0 Highest
cpe: cpe:/a:fasterxml:jackson:2.3.0
Confidence :Low
suppress
maven: com.fasterxml.jackson.core:jackson-annotations:2.3.0
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-core/pom.xml
Description: Core Jackson abstractions, basic JSON streaming API implementation
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-core/pom.xml
MD5: 57bca813b5307e3154e7d8eeddb5c156
SHA1: fc05676963f49f5c338cdc115b4ff74dfe041c4f
Evidence
Type Source Name Value Confidence
Vendor pom url http://wiki.fasterxml.com/JacksonHome Highest
Vendor pom groupid fasterxml.jackson.core Highest
Vendor pom artifactid jackson-core Low
Vendor pom description Core Jackson abstractions, basic JSON streaming API implementation
Medium
Vendor pom name Jackson-core High
Vendor pom parent-artifactid oss-parent Low
Vendor pom parent-groupid com.fasterxml Medium
Product pom groupid fasterxml.jackson.core Low
Product pom url http://wiki.fasterxml.com/JacksonHome Medium
Product pom parent-artifactid oss-parent Medium
Product pom parent-groupid com.fasterxml Low
Product pom artifactid jackson-core Highest
Product pom description Core Jackson abstractions, basic JSON streaming API implementation
Medium
Product pom name Jackson-core High
Version pom parent-version 2.3.3 Low
Version pom version 2.3.3 Highest
Related Dependencies
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider/pom.xml
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider/pom.xml
SHA1: 2f4b8921cc1693827f46dbedcdfd2c1afe6e0928
MD5: 8cb8dfac80c2beada46f76493632c0b0
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations/pom.xml
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations/pom.xml
SHA1: 63e7293b8a7ebc035133c91da4fcdfdc8d35fa56
MD5: 0e4ffd3552d53012977f4aa7e8631139
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base/pom.xml
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base/pom.xml
SHA1: c3eba3468d5971c45c981c803efa776508a5c63d
MD5: a0b035a5188c067e32cc6e16b0deab19
maven: com.fasterxml.jackson.core:jackson-core:2.3.3
Confidence :High
cpe: cpe:/a:fasterxml:jackson:2.3.3
Confidence :Low
suppress
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
Description: General data-binding functionality for Jackson: works on core streaming API
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
MD5: 04e23f17a1150e7ec1f70eeac734af7d
SHA1: fc2fa919676ab9574a7e312fd44741e5569b86a1
Evidence
Type Source Name Value Confidence
Vendor pom url http://wiki.fasterxml.com/JacksonHome Highest
Vendor pom groupid fasterxml.jackson.core Highest
Vendor pom name jackson-databind High
Vendor pom description General data-binding functionality for Jackson: works on core streaming API Medium
Vendor pom artifactid jackson-databind Low
Vendor pom parent-artifactid oss-parent Low
Vendor pom parent-groupid com.fasterxml Medium
Product pom groupid fasterxml.jackson.core Low
Product pom url http://wiki.fasterxml.com/JacksonHome Medium
Product pom parent-artifactid oss-parent Medium
Product pom parent-groupid com.fasterxml Low
Product pom name jackson-databind High
Product pom description General data-binding functionality for Jackson: works on core streaming API Medium
Product pom artifactid jackson-databind Highest
Version pom parent-version 2.3.3 Low
Version pom version 2.3.3 Highest
cpe: cpe:/a:fasterxml:jackson-databind:2.3.3
Confidence :Highest
suppress
maven: com.fasterxml.jackson.core:jackson-databind:2.3.3
Confidence :High
cpe: cpe:/a:fasterxml:jackson:2.3.3
Confidence :Low
suppress
Published Vulnerabilities
CVE-2017-15095 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
Vulnerable Software & Versions: (show all )
CVE-2017-17485 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.
Vulnerable Software & Versions: (show all )
CVE-2017-7525 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
Vulnerable Software & Versions: (show all )
CVE-2018-5968 suppress
Severity:
Medium
CVSS Score: 5.1
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
CWE: CWE-184 Incomplete Blacklist
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.
Vulnerable Software & Versions: (show all )
CVE-2018-7489 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-184 Incomplete Blacklist
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.
Vulnerable Software & Versions: (show all )
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/javax.annotation/javax.annotation-api/pom.xml
Description: Common Annotations for the JavaTM Platform API
License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/javax.annotation/javax.annotation-api/pom.xml
MD5: 11204d5fb5c6aa1ae5948f22a37a2795
SHA1: d90e6c7f83898fe30f83aeaf4d411285f970a433
Evidence
Type Source Name Value Confidence
Vendor pom organization name GlassFish Community High
Vendor pom name ${extension.name} API High
Vendor pom description Common Annotations for the JavaTM Platform API Medium
Vendor pom parent-artifactid jvnet-parent Low
Vendor pom organization url https://glassfish.java.net Medium
Vendor pom artifactid javax.annotation-api Low
Vendor pom parent-groupid net.java Medium
Vendor pom groupid javax.annotation Highest
Vendor pom url http://jcp.org/en/jsr/detail?id=250 Highest
Product pom artifactid javax.annotation-api Highest
Product pom name ${extension.name} API High
Product pom description Common Annotations for the JavaTM Platform API Medium
Product pom url http://jcp.org/en/jsr/detail?id=250 Medium
Product pom organization name GlassFish Community Low
Product pom parent-groupid net.java Low
Product pom groupid javax.annotation Low
Product pom parent-artifactid jvnet-parent Medium
Product pom organization url https://glassfish.java.net Low
Version pom version 1.2 Highest
Version pom parent-version 1.2 Low
maven: javax.annotation:javax.annotation-api:1.2
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/javax.servlet/javax.servlet-api/pom.xml
License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/javax.servlet/javax.servlet-api/pom.xml
MD5: faa665eb553f227ed989e294d09c4175
SHA1: 992273c71fb14b78cd29052188857b446aa157d5
Evidence
Type Source Name Value Confidence
Vendor pom groupid javax.servlet Highest
Vendor pom organization name GlassFish Community High
Vendor pom artifactid javax.servlet-api Low
Vendor pom organization url https://glassfish.dev.java.net Medium
Vendor pom url http://servlet-spec.java.net Highest
Vendor pom parent-artifactid jvnet-parent Low
Vendor pom parent-groupid net.java Medium
Vendor pom name Java Servlet API High
Product pom organization name GlassFish Community Low
Product pom artifactid javax.servlet-api Highest
Product pom parent-groupid net.java Low
Product pom organization url https://glassfish.dev.java.net Low
Product pom groupid javax.servlet Low
Product pom url http://servlet-spec.java.net Medium
Product pom parent-artifactid jvnet-parent Medium
Product pom name Java Servlet API High
Version pom parent-version 3.0.1 Low
Version pom version 3.0.1 Highest
maven: javax.servlet:javax.servlet-api:3.0.1
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/javax.validation/validation-api/pom.xml
Description:
Bean Validation API
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/javax.validation/validation-api/pom.xml
MD5: 392b65b1983526abcfb87d01d46973ea
SHA1: 0d2ad4d1498d1048abc6c6948fd3f835d8fdafb0
Evidence
Type Source Name Value Confidence
Vendor pom artifactid validation-api Low
Vendor pom groupid javax.validation Highest
Vendor pom name Bean Validation API High
Vendor pom description
Bean Validation API
Medium
Vendor pom url http://beanvalidation.org Highest
Product pom artifactid validation-api Highest
Product pom url http://beanvalidation.org Medium
Product pom name Bean Validation API High
Product pom groupid javax.validation Low
Product pom description
Bean Validation API
Medium
Version pom version 1.1.0.Final Highest
maven: javax.validation:validation-api:1.1.0.Final
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/javax.ws.rs/javax.ws.rs-api/pom.xml
License:
CDDL 1.1: http://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/javax.ws.rs/javax.ws.rs-api/pom.xml
MD5: ba4f047c8d5f7cfbed1b31c32989999d
SHA1: 056dfb068c761287f29c4c39ef492df23eb581c7
Evidence
Type Source Name Value Confidence
Vendor pom organization name Oracle Corporation High
Vendor pom parent-artifactid jvnet-parent Low
Vendor pom groupid javax.ws.rs Highest
Vendor pom artifactid javax.ws.rs-api Low
Vendor pom name javax.ws.rs-api High
Vendor pom parent-groupid net.java Medium
Vendor pom organization url http://www.oracle.com/ Medium
Vendor pom url http://jax-rs-spec.java.net Highest
Product pom organization name Oracle Corporation Low
Product pom groupid javax.ws.rs Low
Product pom url http://jax-rs-spec.java.net Medium
Product pom organization url http://www.oracle.com/ Low
Product pom name javax.ws.rs-api High
Product pom parent-groupid net.java Low
Product pom artifactid javax.ws.rs-api Highest
Product pom parent-artifactid jvnet-parent Medium
Version pom parent-version 2.0 Low
Version pom version 2.0 Highest
maven: javax.ws.rs:javax.ws.rs-api:2.0
Confidence :High
cpe: cpe:/a:ws_project:ws:2.0
Confidence :Low
suppress
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache.internal/ehcache-rest-agent/pom.xml
Description: Ehcache REST implementation
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache.internal/ehcache-rest-agent/pom.xml
MD5: 804f428085329ebe7bd6c7634e14a881
SHA1: 13862e53d57758ffefa0544f4a87a24fc8778c34
Evidence
Type Source Name Value Confidence
Vendor pom groupid net.sf.ehcache.internal Highest
Vendor pom artifactid ehcache-rest-agent Low
Vendor pom parent-groupid net.sf.ehcache Medium
Vendor pom parent-artifactid management-ehcache-impl-parent Low
Vendor pom description Ehcache REST implementation Medium
Vendor pom name ehcache-rest-agent High
Product pom parent-groupid net.sf.ehcache Low
Product pom parent-artifactid management-ehcache-impl-parent Medium
Product pom artifactid ehcache-rest-agent Highest
Product pom description Ehcache REST implementation Medium
Product pom groupid net.sf.ehcache.internal Low
Product pom name ehcache-rest-agent High
Version pom version 2.10.2.2.21 Highest
maven: net.sf.ehcache.internal:ehcache-rest-agent:2.10.2.2.21
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-common/pom.xml
Description: A common library shared between different management-ehcache implementation versions
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-common/pom.xml
MD5: cc6f648038f3e2dfecc65b43069a3547
SHA1: dc49037c21ab259367cfb9556e0c1878f50f11a8
Evidence
Type Source Name Value Confidence
Vendor pom groupid net.sf.ehcache Highest
Vendor pom description A common library shared between different management-ehcache implementation versions Medium
Vendor pom artifactid management-ehcache-common Low
Vendor pom parent-artifactid management-ehcache-impl-parent Low
Vendor pom name management-ehcache-common High
Product pom groupid net.sf.ehcache Low
Product pom description A common library shared between different management-ehcache implementation versions Medium
Product pom parent-artifactid management-ehcache-impl-parent Medium
Product pom name management-ehcache-common High
Product pom artifactid management-ehcache-common Highest
Version pom version 2.10.2.2.21 Highest
maven: net.sf.ehcache:management-ehcache-common:2.10.2.2.21
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-impl-v1/pom.xml
Description: A product library integrating with ehcache to construct the relevant management resource entities V1
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-impl-v1/pom.xml
MD5: 10dffcbcadf9d5cb69f986398bf34b59
SHA1: e9f1ed213515c9db70a6b07f16f48344f0be58a2
Evidence
Type Source Name Value Confidence
Vendor pom groupid net.sf.ehcache Highest
Vendor pom artifactid management-ehcache-impl-v1 Low
Vendor pom name management-ehcache-impl-v1 High
Vendor pom parent-artifactid management-ehcache-impl-parent Low
Vendor pom description A product library integrating with ehcache to construct the relevant management resource entities V1 Medium
Product pom groupid net.sf.ehcache Low
Product pom name management-ehcache-impl-v1 High
Product pom artifactid management-ehcache-impl-v1 Highest
Product pom parent-artifactid management-ehcache-impl-parent Medium
Product pom description A product library integrating with ehcache to construct the relevant management resource entities V1 Medium
Version pom version 2.10.2.2.21 Highest
maven: net.sf.ehcache:management-ehcache-impl-v1:2.10.2.2.21
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-impl-v2/pom.xml
Description: A product library integrating with ehcache to construct the relevant management resource entities V1
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-impl-v2/pom.xml
MD5: 6dbf05be8b61663a23bfdc9b08574291
SHA1: db3fbf6f069fb1afdd914f78d872cc4f5c40df3e
Evidence
Type Source Name Value Confidence
Vendor pom groupid net.sf.ehcache Highest
Vendor pom name management-ehcache-impl-v2 High
Vendor pom parent-artifactid management-ehcache-impl-parent Low
Vendor pom artifactid management-ehcache-impl-v2 Low
Vendor pom description A product library integrating with ehcache to construct the relevant management resource entities V1 Medium
Product pom groupid net.sf.ehcache Low
Product pom name management-ehcache-impl-v2 High
Product pom parent-artifactid management-ehcache-impl-parent Medium
Product pom artifactid management-ehcache-impl-v2 Highest
Product pom description A product library integrating with ehcache to construct the relevant management resource entities V1 Medium
Version pom version 2.10.2.2.21 Highest
maven: net.sf.ehcache:management-ehcache-impl-v2:2.10.2.2.21
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-v1/pom.xml
Description: A library defining the ehcache management resource services and resource entities, version 1
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-v1/pom.xml
MD5: 230c85eb7f17d3e02cde1e0885294cf5
SHA1: b9e72cb8bb84d923fe591373139277e82bb58e0c
Evidence
Type Source Name Value Confidence
Vendor pom groupid net.sf.ehcache Highest
Vendor pom name management-ehcache-v1 High
Vendor pom artifactid management-ehcache-v1 Low
Vendor pom description A library defining the ehcache management resource services and resource entities, version 1 Medium
Vendor pom parent-artifactid ehcache-root Low
Product pom name management-ehcache-v1 High
Product pom groupid net.sf.ehcache Low
Product pom artifactid management-ehcache-v1 Highest
Product pom parent-artifactid ehcache-root Medium
Product pom description A library defining the ehcache management resource services and resource entities, version 1 Medium
Version pom version 2.10.2.2.21 Highest
maven: net.sf.ehcache:management-ehcache-v1:2.10.2.2.21
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-v2/pom.xml
Description: A library defining the ehcache management resource services and resource entities, version 2
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-v2/pom.xml
MD5: 82bb109d7f041d1afb3dac02df8191df
SHA1: 1f88365d45bd071ece481a852812ef4ee340597d
Evidence
Type Source Name Value Confidence
Vendor pom groupid net.sf.ehcache Highest
Vendor pom name management-ehcache-v2 High
Vendor pom parent-artifactid ehcache-root Low
Vendor pom artifactid management-ehcache-v2 Low
Vendor pom description A library defining the ehcache management resource services and resource entities, version 2 Medium
Product pom groupid net.sf.ehcache Low
Product pom parent-artifactid ehcache-root Medium
Product pom artifactid management-ehcache-v2 Highest
Product pom name management-ehcache-v2 High
Product pom description A library defining the ehcache management resource services and resource entities, version 2 Medium
Version pom version 2.10.2.2.21 Highest
maven: net.sf.ehcache:management-ehcache-v2:2.10.2.2.21
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-http/pom.xml
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-http/pom.xml
MD5: 54db4afff96d30fe1bb1761fce9d3abf
SHA1: 46ae188c5c92aadb0d9876b66270787f8af3e1ed
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.eclipse.jetty Medium
Vendor pom groupid eclipse.jetty Highest
Vendor pom url http://www.eclipse.org/jetty Highest
Vendor pom parent-artifactid jetty-project Low
Vendor pom artifactid jetty-http Low
Vendor pom name Jetty :: Http Utility High
Product pom groupid eclipse.jetty Low
Product pom parent-groupid org.eclipse.jetty Low
Product pom artifactid jetty-http Highest
Product pom parent-artifactid jetty-project Medium
Product pom name Jetty :: Http Utility High
Product pom url http://www.eclipse.org/jetty Medium
Version pom version 8.1.15.v20140411 Highest
Related Dependencies
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-security/pom.xml
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-security/pom.xml
SHA1: 2c4e9d4080e638479110b358a61b879366154a71
MD5: 128fb2a09f078fe188e52e9870fcb879
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
SHA1: 9d51ebc5999e405faa35161f03acbcee1acc25ce
MD5: f3725d11f08b8ed8672633bf06f52659
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
SHA1: fca560fd1f8438f7a1120599e25a9518532e315b
MD5: 48a57e906d4b1d9fd65ea4505684e2de
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-continuation/pom.xml
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-continuation/pom.xml
SHA1: 6985254ff36765166daa2c098eedcb37ecf14404
MD5: be93de218e005baf6aa7cbb242240e40
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
SHA1: efaf20cf56e85305c5bcb32168d80f7ad129bf66
MD5: c9c1985d6d077be13f5766f8abebe233
maven: org.eclipse.jetty:jetty-http:8.1.15.v20140411
Confidence :High
cpe: cpe:/a:jetty:jetty:8.1.15.v20140411
Confidence :Low
suppress
cpe: cpe:/a:eclipse:jetty:8.1.15.v20140411
Confidence :Low
suppress
Published Vulnerabilities
CVE-2017-7656 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.
Vulnerable Software & Versions: (show all )
CVE-2017-7657 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-190 Integer Overflow or Wraparound
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.
Vulnerable Software & Versions: (show all )
CVE-2017-7658 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-19 Data Handling
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.
Vulnerable Software & Versions: (show all )
CVE-2017-9735 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Vulnerable Software & Versions:
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-io/pom.xml
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-io/pom.xml
MD5: 5ccb45a1fb739e3c4547eb10a47b4ff7
SHA1: 8e69498dd5f7ed71790aa990f4bc1c72e5515234
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.eclipse.jetty Medium
Vendor pom groupid eclipse.jetty Highest
Vendor pom name Jetty :: IO Utility High
Vendor pom url http://www.eclipse.org/jetty Highest
Vendor pom parent-artifactid jetty-project Low
Vendor pom artifactid jetty-io Low
Product pom name Jetty :: IO Utility High
Product pom groupid eclipse.jetty Low
Product pom parent-groupid org.eclipse.jetty Low
Product pom parent-artifactid jetty-project Medium
Product pom artifactid jetty-io Highest
Product pom url http://www.eclipse.org/jetty Medium
Version pom version 8.1.15.v20140411 Highest
maven: org.eclipse.jetty:jetty-io:8.1.15.v20140411
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2.external/aopalliance-repackaged/pom.xml
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2.external/aopalliance-repackaged/pom.xml
MD5: 677e72e5876b6f3459bf8f5d7ecb14d0
SHA1: 35e3525edffb1ab7792bfbe521eff7c756e17519
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid external Low
Vendor pom artifactid aopalliance-repackaged Low
Vendor pom name aopalliance version ${aopalliance.version} repackaged as a module High
Vendor pom groupid glassfish.hk2.external Highest
Vendor pom parent-groupid org.glassfish.hk2 Medium
Product pom parent-groupid org.glassfish.hk2 Low
Product pom artifactid aopalliance-repackaged Highest
Product pom parent-artifactid external Medium
Product pom name aopalliance version ${aopalliance.version} repackaged as a module High
Product pom groupid glassfish.hk2.external Low
Version pom version 2.2.0 Highest
maven: org.glassfish.hk2.external:aopalliance-repackaged:2.2.0
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2.external/asm-all-repackaged/pom.xml
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2.external/asm-all-repackaged/pom.xml
MD5: 783be8098b6eec68967508453ba35232
SHA1: 7753d57f50fe99e22b1a548c9fde94e07d27a6d6
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid external Low
Vendor pom artifactid asm-all-repackaged Low
Vendor pom groupid glassfish.hk2.external Highest
Vendor pom name org.objectweb.asm.all version ${asm.version} repackaged as a module High
Vendor pom parent-groupid org.glassfish.hk2 Medium
Product pom parent-groupid org.glassfish.hk2 Low
Product pom parent-artifactid external Medium
Product pom groupid glassfish.hk2.external Low
Product pom name org.objectweb.asm.all version ${asm.version} repackaged as a module High
Product pom artifactid asm-all-repackaged Highest
Version pom version 2.2.0 Highest
maven: org.glassfish.hk2.external:asm-all-repackaged:2.2.0
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2.external/javax.inject/pom.xml
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2.external/javax.inject/pom.xml
MD5: 06b553f82e3c3574bcf2e2bd7eb18b22
SHA1: 2fcb1cb95f14ad221a399fe5dca453fe4268f26e
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid external Low
Vendor pom artifactid javax.inject Low
Vendor pom groupid glassfish.hk2.external Highest
Vendor pom name Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle High
Vendor pom parent-groupid org.glassfish.hk2 Medium
Product pom parent-groupid org.glassfish.hk2 Low
Product pom artifactid javax.inject Highest
Product pom parent-artifactid external Medium
Product pom groupid glassfish.hk2.external Low
Product pom name Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle High
Version pom version 2.2.0 Highest
maven: org.glassfish.hk2.external:javax.inject:2.2.0
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2/hk2-api/pom.xml
Description: ${project.name}
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2/hk2-api/pom.xml
MD5: 70a3017ce69c98e4db38406d0ac608aa
SHA1: 6eaac604d33d112a032cfd98357d82202e2ebbd0
Evidence
Type Source Name Value Confidence
Vendor pom artifactid hk2-api Low
Vendor pom description ${project.name} Medium
Vendor pom groupid glassfish.hk2 Highest
Vendor pom name HK2 API module High
Vendor pom parent-artifactid hk2-public Low
Vendor pom parent-groupid org.glassfish.hk2 Medium
Product pom parent-groupid org.glassfish.hk2 Low
Product pom description ${project.name} Medium
Product pom parent-artifactid hk2-public Medium
Product pom name HK2 API module High
Product pom groupid glassfish.hk2 Low
Product pom artifactid hk2-api Highest
Version pom version 2.2.0 Highest
maven: org.glassfish.hk2:hk2-api:2.2.0
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2/hk2-locator/pom.xml
Description: ${project.name}
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2/hk2-locator/pom.xml
MD5: e104bfee6f1062beb0ce3e01cf29167a
SHA1: 430cdc986e4b5d4e450e517d6ec7d0f6e00fade5
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid hk2-kernel-parent Low
Vendor pom name ServiceLocator Default Implementation High
Vendor pom description ${project.name} Medium
Vendor pom groupid glassfish.hk2 Highest
Vendor pom artifactid hk2-locator Low
Vendor pom parent-groupid org.glassfish.hk2 Medium
Product pom parent-groupid org.glassfish.hk2 Low
Product pom artifactid hk2-locator Highest
Product pom name ServiceLocator Default Implementation High
Product pom description ${project.name} Medium
Product pom groupid glassfish.hk2 Low
Product pom parent-artifactid hk2-kernel-parent Medium
Version pom version 2.2.0 Highest
maven: org.glassfish.hk2:hk2-locator:2.2.0
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2/hk2-utils/pom.xml
Description: ${project.name}
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2/hk2-utils/pom.xml
MD5: 9b2900d409cc3cc15b739654b27a34d0
SHA1: de0f39f77a3d1e5ee2a1620ae4a7e5f335374433
Evidence
Type Source Name Value Confidence
Vendor pom artifactid hk2-utils Low
Vendor pom description ${project.name} Medium
Vendor pom groupid glassfish.hk2 Highest
Vendor pom parent-artifactid hk2-public Low
Vendor pom parent-groupid org.glassfish.hk2 Medium
Vendor pom name HK2 Implementation Utilities High
Product pom parent-groupid org.glassfish.hk2 Low
Product pom artifactid hk2-utils Highest
Product pom description ${project.name} Medium
Product pom parent-artifactid hk2-public Medium
Product pom groupid glassfish.hk2 Low
Product pom name HK2 Implementation Utilities High
Version pom version 2.2.0 Highest
maven: org.glassfish.hk2:hk2-utils:2.2.0
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2/osgi-resource-locator/pom.xml
Description: See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2/osgi-resource-locator/pom.xml
MD5: 7830685882af91d91878333c6214adfb
SHA1: 52d2cc2460a202ba72cbd5be18905ae1b0b359fc
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid pom Low
Vendor pom name OSGi resource locator bundle - used by various API providers that rely on META-INF/services mechanism to locate providers. High
Vendor pom groupid glassfish.hk2 Highest
Vendor pom parent-groupid org.glassfish Medium
Vendor pom description See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information Medium
Vendor pom artifactid osgi-resource-locator Low
Product pom parent-artifactid pom Medium
Product pom name OSGi resource locator bundle - used by various API providers that rely on META-INF/services mechanism to locate providers. High
Product pom groupid glassfish.hk2 Low
Product pom description See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information Medium
Product pom parent-groupid org.glassfish Low
Product pom artifactid osgi-resource-locator Highest
Version pom parent-version 1.0.1 Low
Version pom version 1.0.1 Highest
maven: org.glassfish.hk2:osgi-resource-locator:1.0.1
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.bundles.repackaged/jersey-guava/pom.xml
Description: Jersey Guava Repackaged
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.bundles.repackaged/jersey-guava/pom.xml
MD5: a8fc41f3b26e8cfadd12858574dc9078
SHA1: 0708708d8d899d53122eb390d0010a06e9cf165a
Evidence
Type Source Name Value Confidence
Vendor pom groupid glassfish.jersey.bundles.repackaged Highest
Vendor pom artifactid jersey-guava Low
Vendor pom parent-groupid org.glassfish.jersey.bundles.repackaged Medium
Vendor pom parent-artifactid project Low
Vendor pom name jersey-repackaged-guava High
Vendor pom description Jersey Guava Repackaged Medium
Product pom groupid glassfish.jersey.bundles.repackaged Low
Product pom parent-artifactid project Medium
Product pom artifactid jersey-guava Highest
Product pom name jersey-repackaged-guava High
Product pom description Jersey Guava Repackaged Medium
Product pom parent-groupid org.glassfish.jersey.bundles.repackaged Low
Version pom version 2.6 Highest
maven: org.glassfish.jersey.bundles.repackaged:jersey-guava:2.6
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.containers/jersey-container-servlet-core/pom.xml
Description: Jersey core Servlet 2.x implementation
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.containers/jersey-container-servlet-core/pom.xml
MD5: a92385abeabab3929ab7869f2ce7702b
SHA1: 007c7ed57f30633ee4d4ebb0f78d1ac7dcb55f65
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid project Low
Vendor pom description Jersey core Servlet 2.x implementation Medium
Vendor pom artifactid jersey-container-servlet-core Low
Vendor pom name jersey-container-servlet-core High
Vendor pom groupid glassfish.jersey.containers Highest
Vendor pom parent-groupid org.glassfish.jersey.containers Medium
Product pom parent-artifactid project Medium
Product pom description Jersey core Servlet 2.x implementation Medium
Product pom parent-groupid org.glassfish.jersey.containers Low
Product pom groupid glassfish.jersey.containers Low
Product pom artifactid jersey-container-servlet-core Highest
Product pom name jersey-container-servlet-core High
Version pom version 2.6 Highest
maven: org.glassfish.jersey.containers:jersey-container-servlet-core:2.6
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.containers/jersey-container-servlet/pom.xml
Description: Jersey core Servlet 3.x implementation
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.containers/jersey-container-servlet/pom.xml
MD5: 0f518713e8bc61364feebe6b702edfba
SHA1: d6add865975e37545c57df3fb082ab39c9982e63
Evidence
Type Source Name Value Confidence
Vendor pom description Jersey core Servlet 3.x implementation Medium
Vendor pom parent-artifactid project Low
Vendor pom artifactid jersey-container-servlet Low
Vendor pom name jersey-container-servlet High
Vendor pom groupid glassfish.jersey.containers Highest
Vendor pom parent-groupid org.glassfish.jersey.containers Medium
Product pom parent-artifactid project Medium
Product pom description Jersey core Servlet 3.x implementation Medium
Product pom name jersey-container-servlet High
Product pom artifactid jersey-container-servlet Highest
Product pom parent-groupid org.glassfish.jersey.containers Low
Product pom groupid glassfish.jersey.containers Low
Version pom version 2.6 Highest
maven: org.glassfish.jersey.containers:jersey-container-servlet:2.6
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.core/jersey-client/pom.xml
Description: Jersey core client implementation
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.core/jersey-client/pom.xml
MD5: 9b2eacb28462852316277e0af4bb211a
SHA1: 2b610b0edff4572bdd0496dbd4c9e2cb55157290
Evidence
Type Source Name Value Confidence
Vendor pom description Jersey core client implementation Medium
Vendor pom groupid glassfish.jersey.core Highest
Vendor pom parent-artifactid project Low
Vendor pom name jersey-core-client High
Vendor pom parent-groupid org.glassfish.jersey Medium
Vendor pom artifactid jersey-client Low
Product pom parent-artifactid project Medium
Product pom description Jersey core client implementation Medium
Product pom artifactid jersey-client Highest
Product pom parent-groupid org.glassfish.jersey Low
Product pom name jersey-core-client High
Product pom groupid glassfish.jersey.core Low
Version pom version 2.6 Highest
maven: org.glassfish.jersey.core:jersey-client:2.6
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.core/jersey-common/pom.xml
Description: Jersey core common packages
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.core/jersey-common/pom.xml
MD5: 6ac51414b037b73b52dc5fc567a7c0bc
SHA1: 9463095a700df946fcb910b84c6184bc9fbab982
Evidence
Type Source Name Value Confidence
Vendor pom groupid glassfish.jersey.core Highest
Vendor pom parent-artifactid project Low
Vendor pom artifactid jersey-common Low
Vendor pom parent-groupid org.glassfish.jersey Medium
Vendor pom name jersey-core-common High
Vendor pom description Jersey core common packages Medium
Product pom parent-artifactid project Medium
Product pom parent-groupid org.glassfish.jersey Low
Product pom groupid glassfish.jersey.core Low
Product pom artifactid jersey-common Highest
Product pom name jersey-core-common High
Product pom description Jersey core common packages Medium
Version pom version 2.6 Highest
maven: org.glassfish.jersey.core:jersey-common:2.6
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.core/jersey-server/pom.xml
Description: Jersey core server implementation
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.core/jersey-server/pom.xml
MD5: 95b5ca3ecab1dd922dfc78080c4e30c7
SHA1: 5340b02c18f519e902f9380f6ec391913668347d
Evidence
Type Source Name Value Confidence
Vendor pom name jersey-core-server High
Vendor pom groupid glassfish.jersey.core Highest
Vendor pom parent-artifactid project Low
Vendor pom artifactid jersey-server Low
Vendor pom description Jersey core server implementation Medium
Vendor pom parent-groupid org.glassfish.jersey Medium
Product pom parent-artifactid project Medium
Product pom name jersey-core-server High
Product pom parent-groupid org.glassfish.jersey Low
Product pom artifactid jersey-server Highest
Product pom description Jersey core server implementation Medium
Product pom groupid glassfish.jersey.core Low
Version pom version 2.6 Highest
maven: org.glassfish.jersey.core:jersey-server:2.6
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.media/jersey-media-sse/pom.xml
Description:
Jersey Server Sent Events entity providers support module.
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.media/jersey-media-sse/pom.xml
MD5: 389235b47ad6333bbef8e21c16f403cc
SHA1: 6c57a7c5dea80a34f6ea54b9abcd4cd7ff30f2e7
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid project Low
Vendor pom groupid glassfish.jersey.media Highest
Vendor pom description
Jersey Server Sent Events entity providers support module.
Medium
Vendor pom parent-groupid org.glassfish.jersey.media Medium
Vendor pom artifactid jersey-media-sse Low
Vendor pom name jersey-media-sse High
Product pom groupid glassfish.jersey.media Low
Product pom parent-artifactid project Medium
Product pom parent-groupid org.glassfish.jersey.media Low
Product pom description
Jersey Server Sent Events entity providers support module.
Medium
Product pom artifactid jersey-media-sse Highest
Product pom name jersey-media-sse High
Version pom version 2.6 Highest
maven: org.glassfish.jersey.media:jersey-media-sse:2.6
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.javassist/javassist/pom.xml
Description:
Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
simple. It is a class library for editing bytecodes in Java.
License:
MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.javassist/javassist/pom.xml
MD5: efe57f6812fbafe121ef0806dc56b2e3
SHA1: af3b2b71de5691126a16d00e3155576dcaa1e3dc
Evidence
Type Source Name Value Confidence
Vendor pom url http://www.javassist.org/ Highest
Vendor pom description Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java. Low
Vendor pom artifactid javassist Low
Vendor pom name Javassist High
Vendor pom groupid javassist Highest
Product pom url http://www.javassist.org/ Medium
Product pom description Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java. Low
Product pom name Javassist High
Product pom artifactid javassist Highest
Product pom groupid javassist Low
Version pom version 3.18.1-GA Highest
maven: org.javassist:javassist:3.18.1-GA
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.jvnet/tiger-types/pom.xml
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.jvnet/tiger-types/pom.xml
MD5: 51329dba505e7cc4a9bc2719cf195be0
SHA1: 5855a7ee03b816073c2b448bce93319bd71f7029
Evidence
Type Source Name Value Confidence
Vendor pom name Type arithmetic library for Java5 High
Vendor pom parent-artifactid jvnet-parent Low
Vendor pom groupid jvnet Highest
Vendor pom parent-groupid net.java Medium
Vendor pom artifactid tiger-types Low
Product pom name Type arithmetic library for Java5 High
Product pom artifactid tiger-types Highest
Product pom groupid jvnet Low
Product pom parent-groupid net.java Low
Product pom parent-artifactid jvnet-parent Medium
Version pom parent-version 1.4 Low
Version pom version 1.4 Highest
maven: org.jvnet:tiger-types:1.4
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-common-resources-v1/pom.xml
Description: Common library for Terracotta management JAX RS resources, Rest API version 1
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-common-resources-v1/pom.xml
MD5: 9ee1fe31049c7a3fa457a93f0bf2e58c
SHA1: 946ef5e1aeb550df945752f78198cfa1484d46b7
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.terracotta Medium
Vendor pom parent-artifactid management-common Low
Vendor pom description Common library for Terracotta management JAX RS resources, Rest API version 1 Medium
Vendor pom groupid terracotta Highest
Vendor pom name management-common-resources-v1 High
Vendor pom artifactid management-common-resources-v1 Low
Product pom artifactid management-common-resources-v1 Highest
Product pom parent-groupid org.terracotta Low
Product pom description Common library for Terracotta management JAX RS resources, Rest API version 1 Medium
Product pom groupid terracotta Low
Product pom name management-common-resources-v1 High
Product pom parent-artifactid management-common Medium
Version pom version 2.0.15 Highest
maven: org.terracotta:management-common-resources-v1:2.0.15
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-common-resources-v2/pom.xml
Description: Common library for Terracotta management JAX RS resources, Rest API version 2
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-common-resources-v2/pom.xml
MD5: b61c6cfe0f1bf47e0e8ecd9ade661a98
SHA1: 8f2b59589ec467e26a4c9330474394b6b8720812
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.terracotta Medium
Vendor pom name management-common-resources-v2 High
Vendor pom parent-artifactid management-common Low
Vendor pom artifactid management-common-resources-v2 Low
Vendor pom groupid terracotta Highest
Vendor pom description Common library for Terracotta management JAX RS resources, Rest API version 2 Medium
Product pom name management-common-resources-v2 High
Product pom parent-groupid org.terracotta Low
Product pom groupid terracotta Low
Product pom description Common library for Terracotta management JAX RS resources, Rest API version 2 Medium
Product pom artifactid management-common-resources-v2 Highest
Product pom parent-artifactid management-common Medium
Version pom version 2.0.15 Highest
maven: org.terracotta:management-common-resources-v2:2.0.15
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-common-v1/pom.xml
Description: Common library for Terracotta management web services, Rest API version 1
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-common-v1/pom.xml
MD5: bd0b753927a8b3ddc08acd0cf802d2e2
SHA1: 8ce630b99443e5cad8d1534932130c7dabc2c779
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.terracotta Medium
Vendor pom parent-artifactid management-common Low
Vendor pom description Common library for Terracotta management web services, Rest API version 1 Medium
Vendor pom groupid terracotta Highest
Vendor pom name management-common-v1 High
Vendor pom artifactid management-common-v1 Low
Product pom parent-groupid org.terracotta Low
Product pom description Common library for Terracotta management web services, Rest API version 1 Medium
Product pom name management-common-v1 High
Product pom groupid terracotta Low
Product pom artifactid management-common-v1 Highest
Product pom parent-artifactid management-common Medium
Version pom version 2.0.15 Highest
maven: org.terracotta:management-common-v1:2.0.15
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-common-v2/pom.xml
Description: Common library for Terracotta management web services, Rest API version 2
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-common-v2/pom.xml
MD5: c7ae96d4c91a54f8c4ba7d7172ee1fc7
SHA1: 804b52aec0457581e27d85c25d2f35069f8862b4
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.terracotta Medium
Vendor pom parent-artifactid management-common Low
Vendor pom name management-common-v2 High
Vendor pom artifactid management-common-v2 Low
Vendor pom description Common library for Terracotta management web services, Rest API version 2 Medium
Vendor pom groupid terracotta Highest
Product pom artifactid management-common-v2 Highest
Product pom parent-groupid org.terracotta Low
Product pom name management-common-v2 High
Product pom description Common library for Terracotta management web services, Rest API version 2 Medium
Product pom groupid terracotta Low
Product pom parent-artifactid management-common Medium
Version pom version 2.0.15 Highest
maven: org.terracotta:management-common-v2:2.0.15
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-core-resources/pom.xml
Description: Core library for Terracotta management JAX RS resources
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-core-resources/pom.xml
MD5: 0c151448e712e6c7abf4924f7de73d0a
SHA1: 555654fe1b7d001d11c687b5e4ff0be46e9d9706
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.terracotta Medium
Vendor pom parent-artifactid management-common Low
Vendor pom name management-core-resources High
Vendor pom description Core library for Terracotta management JAX RS resources Medium
Vendor pom groupid terracotta Highest
Vendor pom artifactid management-core-resources Low
Product pom name management-core-resources High
Product pom parent-groupid org.terracotta Low
Product pom description Core library for Terracotta management JAX RS resources Medium
Product pom groupid terracotta Low
Product pom artifactid management-core-resources Highest
Product pom parent-artifactid management-common Medium
Version pom version 2.0.15 Highest
maven: org.terracotta:management-core-resources:2.0.15
Confidence :High
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-core/pom.xml
Description: Core library for Terracotta management web services
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-core/pom.xml
MD5: 1efaf18cd92a7ce6a9ff2d2ebfb9836e
SHA1: 55d1212f8bbbd8353285ff58fd13bb105515dc94
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.terracotta Medium
Vendor pom parent-artifactid management-common Low
Vendor pom description Core library for Terracotta management web services Medium
Vendor pom name management-core High
Vendor pom groupid terracotta Highest
Vendor pom artifactid management-core Low
Product pom parent-groupid org.terracotta Low
Product pom description Core library for Terracotta management web services Medium
Product pom artifactid management-core Highest
Product pom name management-core High
Product pom groupid terracotta Low
Product pom parent-artifactid management-common Medium
Version pom version 2.0.15 Highest
maven: org.terracotta:management-core:2.0.15
Confidence :High