Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: spring-batch-support-samples-web

com.namics.oss.spring.support.batch:spring-batch-support-samples-web:1.1.1

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE Coordinates Highest Severity CVE Count CPE Confidence Evidence Count
spring-convert-1.0.0.jar cpe:/a:pivotal_software:spring_framework:1.0.0
cpe:/a:pivotal:spring_framework:1.0.0 		com.namics.oss.spring.convert:spring-convert:1.0.0  High 4 Low 31
javax.batch-api-1.0.jar javax.batch:javax.batch-api:1.0    0 19
jettison-1.2.jar org.codehaus.jettison:jettison:1.2    0 23
spring-retry-1.2.2.RELEASE.jar org.springframework.retry:spring-retry:1.2.2.RELEASE    0 26
spring-batch-infrastructure-4.0.1.RELEASE.jar cpe:/a:pivotal_software:spring_framework:4.0.1
cpe:/a:pivotal:spring_framework:4.0.1 		org.springframework.batch:spring-batch-infrastructure:4.0.1.RELEASE  High 8 Highest 24
spring-batch-core-4.1.0.RC1.jar cpe:/a:pivotal:spring_framework:4.1.0.rc1
cpe:/a:pivotal_software:spring_framework:4.1.0.rc1 		org.springframework.batch:spring-batch-core:4.1.0.RC1 High 3 Low 22
spring-data-commons-2.0.6.RELEASE.jar org.springframework.data:spring-data-commons:2.0.6.RELEASE    0 21
javax.inject-1.jar javax.inject:javax.inject:1    0 20
slf4j-api-1.7.21.jar cpe:/a:slf4j:slf4j:1.7.21 org.slf4j:slf4j-api:1.7.21    0 Low 31
joda-time-2.9.4.jar joda-time:joda-time:2.9.4    0 36
jackson-core-2.9.5.jar cpe:/a:fasterxml:jackson:2.9.5 com.fasterxml.jackson.core:jackson-core:2.9.5    0 Low 41
jackson-annotations-2.9.0.jar cpe:/a:fasterxml:jackson:2.9.0 com.fasterxml.jackson.core:jackson-annotations:2.9.0    0 Low 39
jackson-databind-2.9.5.jar cpe:/a:fasterxml:jackson:2.9.5
cpe:/a:fasterxml:jackson-databind:2.9.5 		com.fasterxml.jackson.core:jackson-databind:2.9.5    0 Low 41
spring-core-5.0.5.RELEASE.jar cpe:/a:pivotal_software:spring_framework:5.0.5
cpe:/a:pivotal:spring_framework:5.0.5 		org.springframework:spring-core:5.0.5.RELEASE  Medium 4 Highest 30
commons-pool-1.6.jar commons-pool:commons-pool:1.6    0 36
commons-dbcp-1.4.jar commons-dbcp:commons-dbcp:1.4    0 34
ehcache-2.10.2.2.21.jar net.sf.ehcache:ehcache:2.10.2.2.21    0 37
jboss-logging-3.3.2.Final.jar org.jboss.logging:jboss-logging:3.3.2.Final    0 44
javassist-3.20.0-GA.jar org.javassist:javassist:3.20.0-GA    0 27
antlr-2.7.7.jar antlr:antlr:2.7.7    0 18
geronimo-jta_1.1_spec-1.1.1.jar org.apache.geronimo.specs:geronimo-jta_1.1_spec:1.1.1    0 26
jandex-2.0.0.Final.jar org.jboss:jandex:2.0.0.Final    0 38
classmate-1.3.4.jar com.fasterxml:classmate:1.3.4    0 45
dom4j-1.6.1.jar cpe:/a:dom4j_project:dom4j:1.6.1 dom4j:dom4j:1.6.1  Medium 1 Highest 31
hibernate-commons-annotations-5.0.1.Final.jar org.hibernate.common:hibernate-commons-annotations:5.0.1.Final    0 30
el-api-2.2.jar javax.el:el-api:2.2    0 20
jboss-interceptors-api_1.1_spec-1.0.0.Beta1.jar org.jboss.spec.javax.interceptor:jboss-interceptors-api_1.1_spec:1.0.0.Beta1    0 27
jsr250-api-1.0.jar javax.annotation:jsr250-api:1.0    0 20
cdi-api-1.1.jar javax.enterprise:cdi-api:1.1    0 31
hibernate-core-5.2.3.Final.jar org.hibernate:hibernate-core:5.2.3.Final    0 37
hibernate-entitymanager-5.2.3.Final.jar org.hibernate:hibernate-entitymanager:5.2.3.Final    0 22
hibernate-jpa-2.1-api-1.0.0.Final.jar org.hibernate.javax.persistence:hibernate-jpa-2.1-api:1.0.0.Final    0 24
hibernate-jpamodelgen-5.2.3.Final.jar org.hibernate:hibernate-jpamodelgen:5.2.3.Final    0 37
validation-api-2.0.1.Final.jar javax.validation:validation-api:2.0.1.Final    0 26
hibernate-validator-5.3.0.Final.jar cpe:/a:hibernate:hibernate_validator:5.3.0 org.hibernate:hibernate-validator:5.3.0.Final    0 Low 34
mysql-connector-java-6.0.4.jar cpe:/a:oracle:mysql_connector/j:6.0.4
cpe:/a:oracle:mysql:6.0.4
cpe:/a:oracle:mysql_connectors:6.0.4
cpe:/a:oracle:connector/j:6.0.4
cpe:/a:mysql:mysql:6.0.4 		mysql:mysql-connector-java:6.0.4  Medium 28 Highest 36
h2-1.4.192.jar cpe:/a:h2database:h2:1.4.192 com.h2database:h2:1.4.192    0 Low 25
javax.servlet-api-3.1.0.jar javax.servlet:javax.servlet-api:3.1.0    0 36
ognl-3.1.10.jar cpe:/a:ognl_project:ognl:3.1.10 ognl:ognl:3.1.10    0 Low 22
attoparser-2.0.1.RELEASE.jar org.attoparser:attoparser:2.0.1.RELEASE    0 34
unbescape-1.1.4.RELEASE.jar org.unbescape:unbescape:1.1.4.RELEASE    0 36
thymeleaf-3.0.2.RELEASE.jar org.thymeleaf:thymeleaf:3.0.2.RELEASE    0 27
thymeleaf-spring4-3.0.2.RELEASE.jar org.thymeleaf:thymeleaf-spring4:3.0.2.RELEASE    0 27
commons-fileupload-1.3.2.jar cpe:/a:apache:commons_fileupload:1.3.2 commons-fileupload:commons-fileupload:1.3.2  High 1 Highest 40
commons-io-2.5.jar commons-io:commons-io:2.5    0 40
ehcache-2.10.2.2.21.jar: sizeof-agent.jar net.sf.ehcache:sizeof-agent:1.0.1   0 26
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-annotations/pom.xml cpe:/a:fasterxml:jackson:2.3.0 com.fasterxml.jackson.core:jackson-annotations:2.3.0   0 Low 16
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-core/pom.xml cpe:/a:fasterxml:jackson:2.3.3 com.fasterxml.jackson.core:jackson-core:2.3.3   0 Low 16
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml cpe:/a:fasterxml:jackson-databind:2.3.3
cpe:/a:fasterxml:jackson:2.3.3 		com.fasterxml.jackson.core:jackson-databind:2.3.3 High 5 Highest 16
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/javax.annotation/javax.annotation-api/pom.xml javax.annotation:javax.annotation-api:1.2   0 20
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/javax.servlet/javax.servlet-api/pom.xml javax.servlet:javax.servlet-api:3.0.1   0 18
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/javax.validation/validation-api/pom.xml javax.validation:validation-api:1.1.0.Final   0 11
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/javax.ws.rs/javax.ws.rs-api/pom.xml cpe:/a:ws_project:ws:2.0 javax.ws.rs:javax.ws.rs-api:2.0   0 Low 18
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache.internal/ehcache-rest-agent/pom.xml net.sf.ehcache.internal:ehcache-rest-agent:2.10.2.2.21   0 13
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-common/pom.xml net.sf.ehcache:management-ehcache-common:2.10.2.2.21   0 11
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-impl-v1/pom.xml net.sf.ehcache:management-ehcache-impl-v1:2.10.2.2.21   0 11
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-impl-v2/pom.xml net.sf.ehcache:management-ehcache-impl-v2:2.10.2.2.21   0 11
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-v1/pom.xml net.sf.ehcache:management-ehcache-v1:2.10.2.2.21   0 11
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-v2/pom.xml net.sf.ehcache:management-ehcache-v2:2.10.2.2.21   0 11
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-http/pom.xml cpe:/a:jetty:jetty:8.1.15.v20140411
cpe:/a:eclipse:jetty:8.1.15.v20140411 		org.eclipse.jetty:jetty-http:8.1.15.v20140411 High 4 Low 13
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-io/pom.xml org.eclipse.jetty:jetty-io:8.1.15.v20140411   0 13
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2.external/aopalliance-repackaged/pom.xml org.glassfish.hk2.external:aopalliance-repackaged:2.2.0   0 11
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2.external/asm-all-repackaged/pom.xml org.glassfish.hk2.external:asm-all-repackaged:2.2.0   0 11
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2.external/javax.inject/pom.xml org.glassfish.hk2.external:javax.inject:2.2.0   0 11
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2/hk2-api/pom.xml org.glassfish.hk2:hk2-api:2.2.0   0 13
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2/hk2-locator/pom.xml org.glassfish.hk2:hk2-locator:2.2.0   0 13
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2/hk2-utils/pom.xml org.glassfish.hk2:hk2-utils:2.2.0   0 13
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2/osgi-resource-locator/pom.xml org.glassfish.hk2:osgi-resource-locator:1.0.1   0 14
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.bundles.repackaged/jersey-guava/pom.xml org.glassfish.jersey.bundles.repackaged:jersey-guava:2.6   0 13
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.containers/jersey-container-servlet-core/pom.xml org.glassfish.jersey.containers:jersey-container-servlet-core:2.6   0 13
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.containers/jersey-container-servlet/pom.xml org.glassfish.jersey.containers:jersey-container-servlet:2.6   0 13
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.core/jersey-client/pom.xml org.glassfish.jersey.core:jersey-client:2.6   0 13
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.core/jersey-common/pom.xml org.glassfish.jersey.core:jersey-common:2.6   0 13
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.core/jersey-server/pom.xml org.glassfish.jersey.core:jersey-server:2.6   0 13
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.media/jersey-media-sse/pom.xml org.glassfish.jersey.media:jersey-media-sse:2.6   0 13
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.javassist/javassist/pom.xml org.javassist:javassist:3.18.1-GA   0 11
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.jvnet/tiger-types/pom.xml org.jvnet:tiger-types:1.4   0 12
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-common-resources-v1/pom.xml org.terracotta:management-common-resources-v1:2.0.15   0 13
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-common-resources-v2/pom.xml org.terracotta:management-common-resources-v2:2.0.15   0 13
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-common-v1/pom.xml org.terracotta:management-common-v1:2.0.15   0 13
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-common-v2/pom.xml org.terracotta:management-common-v2:2.0.15   0 13
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-core-resources/pom.xml org.terracotta:management-core-resources:2.0.15   0 13
ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-core/pom.xml org.terracotta:management-core:2.0.15   0 13

Dependencies

spring-convert-1.0.0.jar

Description: Small but useful library providing converter APIs and default implementations for easy and reliable conversion of objects.

License:

MIT License 2.0: https://opensource.org/licenses/MIT
File Path: /home/travis/.m2/repository/com/namics/oss/spring/convert/spring-convert/1.0.0/spring-convert-1.0.0.jar
MD5: 10c17115ecd2b1e025c12133bc950411
SHA1: d46474f177f582e40b2330a49f2fbe853df6a0b2
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

CVE-2016-9878  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Vulnerable Software & Versions: (show all)

CVE-2018-1270  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-358 Improperly Implemented Security Check for Standard

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Vulnerable Software & Versions: (show all)

CVE-2018-1271  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.

Vulnerable Software & Versions: (show all)

CVE-2018-1272  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

Vulnerable Software & Versions: (show all)

javax.batch-api-1.0.jar

File Path: /home/travis/.m2/repository/javax/batch/javax.batch-api/1.0/javax.batch-api-1.0.jar
MD5: d2c9b38431c46dc26a9eb722a6ff8903
SHA1: 65392d027a6eb369fd9fcd1b75cae150e25ac03c
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

jettison-1.2.jar

Description: A StAX implementation for JSON.

File Path: /home/travis/.m2/repository/org/codehaus/jettison/jettison/1.2/jettison-1.2.jar
MD5: 4661a5152aa90f104948bdc78fdf255c
SHA1: 0765a6181653f4b05c18c7a9e8f5c1f8269bf9b2
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

spring-retry-1.2.2.RELEASE.jar

Description: Spring Retry provides an abstraction around retrying failed operations, with an emphasis on declarative control of the process and policy-based bahaviour that is easy to extend and customize. For instance, you can configure a plain POJO operation to retry if it fails, based on the type of exception, and with a fixed or exponential backoff.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/springframework/retry/spring-retry/1.2.2.RELEASE/spring-retry-1.2.2.RELEASE.jar
MD5: a2f54e08d880787f26f1e595a3ccb20a
SHA1: 638928732585c450e461f0a132b6834ad7cf3af0
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

spring-batch-infrastructure-4.0.1.RELEASE.jar

Description: Spring Batch Infrastructure

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/springframework/batch/spring-batch-infrastructure/4.0.1.RELEASE/spring-batch-infrastructure-4.0.1.RELEASE.jar
MD5: 4f0241db92db901e13e813bc82dec9e1
SHA1: e0f1d359cc3c91d8a0cb129f9dfed8fc018cfabd
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

CVE-2014-0225  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.

Vulnerable Software & Versions: (show all)

CVE-2014-3578  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

Vulnerable Software & Versions: (show all)

CVE-2014-3625  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

Vulnerable Software & Versions: (show all)

CVE-2015-5211  

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-20 Improper Input Validation

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.

Vulnerable Software & Versions: (show all)

CVE-2016-5007  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.

Vulnerable Software & Versions: (show all)

CVE-2018-1270  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-358 Improperly Implemented Security Check for Standard

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Vulnerable Software & Versions: (show all)

CVE-2018-1271  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.

Vulnerable Software & Versions: (show all)

CVE-2018-1272  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

Vulnerable Software & Versions: (show all)

spring-batch-core-4.1.0.RC1.jar

Description: Spring Batch Core

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/springframework/batch/spring-batch-core/4.1.0.RC1/spring-batch-core-4.1.0.RC1.jar
MD5: f2c52831e19cf15eda15af3d095afbc9
SHA1: b552390988ca0a4975e7537ac0fafaf24c8f6ecd
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

  • cpe: cpe:/a:pivotal:spring_framework:4.1.0.rc1   Confidence:Low   
  • maven: org.springframework.batch:spring-batch-core:4.1.0.RC1   Confidence:High
  • cpe: cpe:/a:pivotal_software:spring_framework:4.1.0.rc1   Confidence:Low   

CVE-2018-1270  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-358 Improperly Implemented Security Check for Standard

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Vulnerable Software & Versions: (show all)

CVE-2018-1271  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.

Vulnerable Software & Versions: (show all)

CVE-2018-1272  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

Vulnerable Software & Versions: (show all)

spring-data-commons-2.0.6.RELEASE.jar

File Path: /home/travis/.m2/repository/org/springframework/data/spring-data-commons/2.0.6.RELEASE/spring-data-commons-2.0.6.RELEASE.jar
MD5: 13ff69d6655acfbd8dce2885c5ff3b4d
SHA1: 4d65fdcbe258961e866f4f85c87c13193bbfd18c
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

javax.inject-1.jar

Description: The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

slf4j-api-1.7.21.jar

Description: The slf4j API

File Path: /home/travis/.m2/repository/org/slf4j/slf4j-api/1.7.21/slf4j-api-1.7.21.jar
MD5: c9be56284a92dcb2576679282eff80bf
SHA1: 139535a69a4239db087de9bab0bee568bf8e0b70
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

joda-time-2.9.4.jar

Description: Date and time library to replace JDK date handling

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/joda-time/joda-time/2.9.4/joda-time-2.9.4.jar
MD5: e255d8f6e705d3e6918198bceb5458a0
SHA1: 1c295b462f16702ebe720bbb08f62e1ba80da41b
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

jackson-core-2.9.5.jar

Description: Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.9.5/jackson-core-2.9.5.jar
MD5: ec59f24f7f8d9acf53301c562722adf2
SHA1: a22ac51016944b06fd9ffbc9541c6e7ce5eea117
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

jackson-annotations-2.9.0.jar

Description: Core annotations used for value types, used by Jackson data binding package.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.9.0/jackson-annotations-2.9.0.jar
MD5: c09faa1b063681cf45706c6df50685b6
SHA1: 07c10d545325e3a6e72e06381afe469fd40eb701
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

jackson-databind-2.9.5.jar

Description: General data-binding functionality for Jackson: works on core streaming API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.5/jackson-databind-2.9.5.jar
MD5: 34b37affbf74f5d199be10622ddc83cd
SHA1: 3490508379d065fe3fcb80042b62f630f7588606
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

spring-core-5.0.5.RELEASE.jar

Description: Spring Core

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/travis/.m2/repository/org/springframework/spring-core/5.0.5.RELEASE/spring-core-5.0.5.RELEASE.jar
MD5: 988f815ea07b27f70cc2932c4b8c8392
SHA1: 1bd9feb1d9dac6accd27f5244b6c47cfcb55045c
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

CVE-2018-11039  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-20 Improper Input Validation

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.

Vulnerable Software & Versions: (show all)

CVE-2018-11040  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-254 Security Features

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.

Vulnerable Software & Versions: (show all)

CVE-2018-1257  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.

Vulnerable Software & Versions: (show all)

CVE-2018-1258  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-285 Improper Authorization

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

Vulnerable Software & Versions:

commons-pool-1.6.jar

Description: Commons Object Pooling Library

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/commons-pool/commons-pool/1.6/commons-pool-1.6.jar
MD5: 5ca02245c829422176d23fa530e919cc
SHA1: 4572d589699f09d866a226a14b7f4323c6d8f040
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

commons-dbcp-1.4.jar

Description: Commons Database Connection Pooling

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/commons-dbcp/commons-dbcp/1.4/commons-dbcp-1.4.jar
MD5: b004158fab904f37f5831860898b3cd9
SHA1: 30be73c965cc990b153a100aaaaafcf239f82d39
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

ehcache-2.10.2.2.21.jar

Description: Ehcache is an open source, standards-based cache used to boost performance, offload the database and simplify scalability. Ehcache is robust, proven and full-featured and this has made it the most widely-used Java-based cache.

License:

src/assemble/EHCACHE-CORE-LICENSE.txt
Apache Software License, Version 2.0
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar
MD5: 11492eaf9fc8384c745f6a72a1c172bf
SHA1: a9b07e3bfb0c9f5f00b633a0c2d67cdf1dd55854
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

jboss-logging-3.3.2.Final.jar

Description: The JBoss Logging Framework

License:

Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/jboss/logging/jboss-logging/3.3.2.Final/jboss-logging-3.3.2.Final.jar
MD5: c397132f958d7e8ac0d566b6723ca7ca
SHA1: 3789d00e859632e6c6206adc0c71625559e6e3b0
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

javassist-3.20.0-GA.jar

Description:  Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/
File Path: /home/travis/.m2/repository/org/javassist/javassist/3.20.0-GA/javassist-3.20.0-GA.jar
MD5: a89dd7907d76e061ec2c07e762a74256
SHA1: a9cbcdfb7e9f86fbc74d3afae65f2248bfbf82a0
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

antlr-2.7.7.jar

Description:  A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.

License:

BSD License: http://www.antlr.org/license.html
File Path: /home/travis/.m2/repository/antlr/antlr/2.7.7/antlr-2.7.7.jar
MD5: f8f1352c52a4c6a500b597596501fc64
SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

geronimo-jta_1.1_spec-1.1.1.jar

Description: Provides open-source implementations of Sun specifications.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/apache/geronimo/specs/geronimo-jta_1.1_spec/1.1.1/geronimo-jta_1.1_spec-1.1.1.jar
MD5: 4aa8d50456bcec0bf6f032ceb182ad64
SHA1: aabab3165b8ea936b9360abbf448459c0d04a5a4
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

jandex-2.0.0.Final.jar

Description: Parent POM for JBoss projects. Provides default project build configuration.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/jboss/jandex/2.0.0.Final/jandex-2.0.0.Final.jar
MD5: a76f6c70f99b5d9c6cd14180df0b6df1
SHA1: 3e899258936f94649c777193e1be846387ed54b3
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

classmate-1.3.4.jar

Description: Library for introspecting types with full generic information including resolving of field and method types.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/com/fasterxml/classmate/1.3.4/classmate-1.3.4.jar
MD5: 1e2e0fcc510753882683417e01895242
SHA1: 03d5f48f10bbe4eb7bd862f10c0583be2e0053c6
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

dom4j-1.6.1.jar

Description: dom4j: the flexible XML framework for Java

File Path: /home/travis/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar
MD5: 4d8f51d3fe3900efc6e395be48030d6d
SHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

CVE-2018-1000632  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-91 XML Injection (aka Blind XPath Injection)

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

Vulnerable Software & Versions: (show all)

hibernate-commons-annotations-5.0.1.Final.jar

Description: Common reflection code used in support of annotation processing

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/travis/.m2/repository/org/hibernate/common/hibernate-commons-annotations/5.0.1.Final/hibernate-commons-annotations-5.0.1.Final.jar
MD5: 2a9d6f5a4ece96557bc4300ecc4486fb
SHA1: 71e1cff3fcb20d3b3af4f3363c3ddb24d33c6879
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

el-api-2.2.jar

File Path: /home/travis/.m2/repository/javax/el/el-api/2.2/el-api-2.2.jar
MD5: 900b2de76d7c98f8dcbb43684c823113
SHA1: 42971279cc8ba864462580c7fc2199fd5715ee7f
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

jboss-interceptors-api_1.1_spec-1.0.0.Beta1.jar

Description:  The JavaEE Interceptors 1.1 API classes from JSR 318.

File Path: /home/travis/.m2/repository/org/jboss/spec/javax/interceptor/jboss-interceptors-api_1.1_spec/1.0.0.Beta1/jboss-interceptors-api_1.1_spec-1.0.0.Beta1.jar
MD5: 73f030d09865c924162588fe75c0d8e0
SHA1: 8cb388fd3b4912373da7a18e199bb55aa52aa5c1
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

jsr250-api-1.0.jar

Description: JSR-250 Reference Implementation by Glassfish

License:

COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: /home/travis/.m2/repository/javax/annotation/jsr250-api/1.0/jsr250-api-1.0.jar
MD5: 4cd56b2e4977e541186de69f5126b4a6
SHA1: 5025422767732a1ab45d93abfea846513d742dcf
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

cdi-api-1.1.jar

Description: APIs for CDI (Contexts and Dependency Injection for Java EE)

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/travis/.m2/repository/javax/enterprise/cdi-api/1.1/cdi-api-1.1.jar
MD5: 1c13ca2534b69efc26222c8c6e12cbc7
SHA1: 78b1feee99b05a78575fb2fd79fb77be5e74420d
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

hibernate-core-5.2.3.Final.jar

Description: The core O/RM functionality as provided by Hibernate

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/travis/.m2/repository/org/hibernate/hibernate-core/5.2.3.Final/hibernate-core-5.2.3.Final.jar
MD5: 7960a6866122fa3e18f9b81566f4aeb4
SHA1: 2903cfef064e2d4c650ece5a5dceefad826e4b26
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

hibernate-entitymanager-5.2.3.Final.jar

Description: (deprecated - use hibernate-core instead) Hibernate O/RM implementation of the JPA specification

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/travis/.m2/repository/org/hibernate/hibernate-entitymanager/5.2.3.Final/hibernate-entitymanager-5.2.3.Final.jar
MD5: 66460e7fc36589fc21a8b64bd9c6904b
SHA1: 7afbca082945eca8c6f244477304d43a7fc65250
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

hibernate-jpa-2.1-api-1.0.0.Final.jar

Description: Clean-room definition of JPA APIs intended for use in developing Hibernate JPA implementation. See README.md for details

License:

Eclipse Public License (EPL), Version 1.0: http://www.eclipse.org/legal/epl-v10.html
Eclipse Distribution License (EDL), Version 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /home/travis/.m2/repository/org/hibernate/javax/persistence/hibernate-jpa-2.1-api/1.0.0.Final/hibernate-jpa-2.1-api-1.0.0.Final.jar
MD5: 01b091825023c97fdfd6d2bceebe03ff
SHA1: 5e731d961297e5a07290bfaf3db1fbc8bbbf405a
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

hibernate-jpamodelgen-5.2.3.Final.jar

Description: Annotation Processor to generate JPA 2 static metamodel classes

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/travis/.m2/repository/org/hibernate/hibernate-jpamodelgen/5.2.3.Final/hibernate-jpamodelgen-5.2.3.Final.jar
MD5: 063bda0164960a297f8510c2f043f4dd
SHA1: f6b1ba04e2cf380cde5c1b12baa95ab0b0c642ac
Referenced In Project/Scope: spring-batch-support-samples-web:provided

Identifiers

validation-api-2.0.1.Final.jar

Description:  Bean Validation API

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/javax/validation/validation-api/2.0.1.Final/validation-api-2.0.1.Final.jar
MD5: 5d02c034034a7a16725ceff787e191d6
SHA1: cb855558e6271b1b32e716d24cb85c7f583ce09e
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

hibernate-validator-5.3.0.Final.jar

Description: Hibernate's Bean Validation (JSR-303) reference implementation.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/hibernate/hibernate-validator/5.3.0.Final/hibernate-validator-5.3.0.Final.jar
MD5: adbb3e8dea7d248cebe1c85495f1ae92
SHA1: fe2600d905fc7ca8294044310c3b2a72e98ec27e
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

mysql-connector-java-6.0.4.jar

Description: MySQL JDBC Type 4 driver

License:

The GNU General Public License, Version 2: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
File Path: /home/travis/.m2/repository/mysql/mysql-connector-java/6.0.4/mysql-connector-java-6.0.4.jar
MD5: 0ec0098028df28058bbf3fd058e2dd5e
SHA1: 20efb52fc39f60debcbc96a688f8c4e70654ef6b
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

  • cpe: cpe:/a:oracle:mysql_connector/j:6.0.4   Confidence:Low   
  • maven: mysql:mysql-connector-java:6.0.4    Confidence:Highest
  • cpe: cpe:/a:oracle:mysql:6.0.4   Confidence:Low   
  • cpe: cpe:/a:oracle:mysql_connectors:6.0.4   Confidence:Low   
  • cpe: cpe:/a:oracle:connector/j:6.0.4   Confidence:Low   
  • cpe: cpe:/a:mysql:mysql:6.0.4   Confidence:Highest   

CVE-2018-3054  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions: (show all)

CVE-2018-3056  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Vulnerable Software & Versions: (show all)

CVE-2018-3060  

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:N/I:P/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).

Vulnerable Software & Versions: (show all)

CVE-2018-3062  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions: (show all)

CVE-2018-3064  

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:N/I:P/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).

Vulnerable Software & Versions: (show all)

CVE-2018-3065  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions: (show all)

CVE-2018-3067  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3073  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3074  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3075  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3077  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions: (show all)

CVE-2018-3078  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3079  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3080  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3081  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:N/I:P/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).

Vulnerable Software & Versions: (show all)

CVE-2018-3082  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

Vulnerable Software & Versions:

CVE-2018-3084  

Severity: Low
CVSS Score: 1.9 (AV:L/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Core / Client). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 2.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L).

Vulnerable Software & Versions:

CVE-2018-3137  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3145  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3170  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3182  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3186  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3195  

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:N/I:P/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Vulnerable Software & Versions:

CVE-2018-3203  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3212  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Information Schema). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3258  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Vulnerable Software & Versions: (show all)

CVE-2018-3279  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3286  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Vulnerable Software & Versions:

h2-1.4.192.jar

Description: H2 Database Engine

License:

MPL 2.0 or EPL 1.0: http://h2database.com/html/license.html
File Path: /home/travis/.m2/repository/com/h2database/h2/1.4.192/h2-1.4.192.jar
MD5: 8e161053d21949a13e0918550cd5d2ca
SHA1: 1106492605db135523d2817881cdf029d9292afa
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

  • cpe: cpe:/a:h2database:h2:1.4.192   Confidence:Low   
  • maven: com.h2database:h2:1.4.192    Confidence:Highest

javax.servlet-api-3.1.0.jar

Description: Java(TM) Servlet 3.1 API Design Specification

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /home/travis/.m2/repository/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar
MD5: 79de69e9f5ed8c7fcb8342585732bbf7
SHA1: 3cd63d075497751784b2fa84be59432f4905bf7c
Referenced In Project/Scope: spring-batch-support-samples-web:provided

Identifiers

ognl-3.1.10.jar

Description: OGNL - Object Graph Navigation Library

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/ognl/ognl/3.1.10/ognl-3.1.10.jar
MD5: 80334f0492ae3ff83f710f66190cd2d8
SHA1: f0b5388b0de908867f2c714ccd589301a15e3b2f
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

  • cpe: cpe:/a:ognl_project:ognl:3.1.10   Confidence:Low   
  • maven: ognl:ognl:3.1.10    Confidence:Highest

attoparser-2.0.1.RELEASE.jar

Description: Powerful, fast and easy to use HTML and XML parser for Java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/attoparser/attoparser/2.0.1.RELEASE/attoparser-2.0.1.RELEASE.jar
MD5: 0aec87c6735aa32c65080990dfbe0027
SHA1: 3e95f3d9fa8095171d96cd4a57d6f3caa51982dc
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

unbescape-1.1.4.RELEASE.jar

Description: Advanced yet easy-to-use escape/unescape library for Java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/unbescape/unbescape/1.1.4.RELEASE/unbescape-1.1.4.RELEASE.jar
MD5: 27d3d1f9aa719637066193c951d42990
SHA1: 1ef1371149efc31d72d35dc290cf16c1a4736a12
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

thymeleaf-3.0.2.RELEASE.jar

Description: XML/XHTML/HTML5 template engine for Java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/thymeleaf/thymeleaf/3.0.2.RELEASE/thymeleaf-3.0.2.RELEASE.jar
MD5: 498a4da70b48a30d975d04fb15ed4d70
SHA1: f0758d924815a8ada59ecf3b34f9bb6c2c2441b7
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

thymeleaf-spring4-3.0.2.RELEASE.jar

Description: XML/XHTML/HTML5 template engine for Java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/thymeleaf/thymeleaf-spring4/3.0.2.RELEASE/thymeleaf-spring4-3.0.2.RELEASE.jar
MD5: 8505e918bdde8d90e712242c2f47cd20
SHA1: 9e99f78f944b58e491faa930f730709f80450892
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

commons-fileupload-1.3.2.jar

Description:  The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/commons-fileupload/commons-fileupload/1.3.2/commons-fileupload-1.3.2.jar
MD5: f76891c36a08e87e3f806d3a83fcb4bc
SHA1: 5d7491ed6ebd02b6a8d2305f8e6b7fe5dbd95f72
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

commons-io-2.5.jar

Description:  The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/commons-io/commons-io/2.5/commons-io-2.5.jar
MD5: e2d74794fba570ec2115fb9d5b05dc9b
SHA1: 2852e6e05fbb95076fc091f6d1780f1f8fe35e0f
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

ehcache-2.10.2.2.21.jar: sizeof-agent.jar

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/net/sf/ehcache/pool/sizeof/sizeof-agent.jar
MD5: 5ad919b3ac0516897bdca079c9a222a8
SHA1: e86399a80ae6a6c7a563717eaa0ce9ba4708571c
Referenced In Project/Scope: spring-batch-support-samples-web:compile

Identifiers

  • maven: net.sf.ehcache:sizeof-agent:1.0.1   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-annotations/pom.xml

Description: Core annotations used for value types, used by Jackson data binding package.

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-annotations/pom.xml
MD5: 920a7c797babb215595b83388a2cab1a
SHA1: bf2a064aec0f86ef110ded6b11147350cfef0bb7

Identifiers

  • cpe: cpe:/a:fasterxml:jackson:2.3.0   Confidence:Low   
  • maven: com.fasterxml.jackson.core:jackson-annotations:2.3.0   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-core/pom.xml

Description: Core Jackson abstractions, basic JSON streaming API implementation

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-core/pom.xml
MD5: 57bca813b5307e3154e7d8eeddb5c156
SHA1: fc05676963f49f5c338cdc115b4ff74dfe041c4f

Identifiers

  • maven: com.fasterxml.jackson.core:jackson-core:2.3.3   Confidence:High
  • cpe: cpe:/a:fasterxml:jackson:2.3.3   Confidence:Low   

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml

Description: General data-binding functionality for Jackson: works on core streaming API

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
MD5: 04e23f17a1150e7ec1f70eeac734af7d
SHA1: fc2fa919676ab9574a7e312fd44741e5569b86a1

Identifiers

  • cpe: cpe:/a:fasterxml:jackson-databind:2.3.3   Confidence:Highest   
  • maven: com.fasterxml.jackson.core:jackson-databind:2.3.3   Confidence:High
  • cpe: cpe:/a:fasterxml:jackson:2.3.3   Confidence:Low   

CVE-2017-15095  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.

Vulnerable Software & Versions: (show all)

CVE-2017-17485  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.

Vulnerable Software & Versions: (show all)

CVE-2017-7525  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Vulnerable Software & Versions: (show all)

CVE-2018-5968  

Severity: Medium
CVSS Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
CWE: CWE-184 Incomplete Blacklist

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.

Vulnerable Software & Versions: (show all)

CVE-2018-7489  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-184 Incomplete Blacklist

FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.

Vulnerable Software & Versions: (show all)

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/javax.annotation/javax.annotation-api/pom.xml

Description: Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/javax.annotation/javax.annotation-api/pom.xml
MD5: 11204d5fb5c6aa1ae5948f22a37a2795
SHA1: d90e6c7f83898fe30f83aeaf4d411285f970a433

Identifiers

  • maven: javax.annotation:javax.annotation-api:1.2   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/javax.servlet/javax.servlet-api/pom.xml

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/javax.servlet/javax.servlet-api/pom.xml
MD5: faa665eb553f227ed989e294d09c4175
SHA1: 992273c71fb14b78cd29052188857b446aa157d5

Identifiers

  • maven: javax.servlet:javax.servlet-api:3.0.1   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/javax.validation/validation-api/pom.xml

Description:  Bean Validation API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/javax.validation/validation-api/pom.xml
MD5: 392b65b1983526abcfb87d01d46973ea
SHA1: 0d2ad4d1498d1048abc6c6948fd3f835d8fdafb0

Identifiers

  • maven: javax.validation:validation-api:1.1.0.Final   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/javax.ws.rs/javax.ws.rs-api/pom.xml

License:

CDDL 1.1: http://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/javax.ws.rs/javax.ws.rs-api/pom.xml
MD5: ba4f047c8d5f7cfbed1b31c32989999d
SHA1: 056dfb068c761287f29c4c39ef492df23eb581c7

Identifiers

  • maven: javax.ws.rs:javax.ws.rs-api:2.0   Confidence:High
  • cpe: cpe:/a:ws_project:ws:2.0   Confidence:Low   

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache.internal/ehcache-rest-agent/pom.xml

Description: Ehcache REST implementation

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache.internal/ehcache-rest-agent/pom.xml
MD5: 804f428085329ebe7bd6c7634e14a881
SHA1: 13862e53d57758ffefa0544f4a87a24fc8778c34

Identifiers

  • maven: net.sf.ehcache.internal:ehcache-rest-agent:2.10.2.2.21   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-common/pom.xml

Description: A common library shared between different management-ehcache implementation versions

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-common/pom.xml
MD5: cc6f648038f3e2dfecc65b43069a3547
SHA1: dc49037c21ab259367cfb9556e0c1878f50f11a8

Identifiers

  • maven: net.sf.ehcache:management-ehcache-common:2.10.2.2.21   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-impl-v1/pom.xml

Description: A product library integrating with ehcache to construct the relevant management resource entities V1

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-impl-v1/pom.xml
MD5: 10dffcbcadf9d5cb69f986398bf34b59
SHA1: e9f1ed213515c9db70a6b07f16f48344f0be58a2

Identifiers

  • maven: net.sf.ehcache:management-ehcache-impl-v1:2.10.2.2.21   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-impl-v2/pom.xml

Description: A product library integrating with ehcache to construct the relevant management resource entities V1

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-impl-v2/pom.xml
MD5: 6dbf05be8b61663a23bfdc9b08574291
SHA1: db3fbf6f069fb1afdd914f78d872cc4f5c40df3e

Identifiers

  • maven: net.sf.ehcache:management-ehcache-impl-v2:2.10.2.2.21   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-v1/pom.xml

Description: A library defining the ehcache management resource services and resource entities, version 1

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-v1/pom.xml
MD5: 230c85eb7f17d3e02cde1e0885294cf5
SHA1: b9e72cb8bb84d923fe591373139277e82bb58e0c

Identifiers

  • maven: net.sf.ehcache:management-ehcache-v1:2.10.2.2.21   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-v2/pom.xml

Description: A library defining the ehcache management resource services and resource entities, version 2

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-v2/pom.xml
MD5: 82bb109d7f041d1afb3dac02df8191df
SHA1: 1f88365d45bd071ece481a852812ef4ee340597d

Identifiers

  • maven: net.sf.ehcache:management-ehcache-v2:2.10.2.2.21   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-http/pom.xml

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-http/pom.xml
MD5: 54db4afff96d30fe1bb1761fce9d3abf
SHA1: 46ae188c5c92aadb0d9876b66270787f8af3e1ed

Identifiers

  • maven: org.eclipse.jetty:jetty-http:8.1.15.v20140411   Confidence:High
  • cpe: cpe:/a:jetty:jetty:8.1.15.v20140411   Confidence:Low   
  • cpe: cpe:/a:eclipse:jetty:8.1.15.v20140411   Confidence:Low   

CVE-2017-7656  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.

Vulnerable Software & Versions: (show all)

CVE-2017-7657  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-190 Integer Overflow or Wraparound

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.

Vulnerable Software & Versions: (show all)

CVE-2017-7658  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-19 Data Handling

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.

Vulnerable Software & Versions: (show all)

CVE-2017-9735  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Vulnerable Software & Versions:

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-io/pom.xml

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-io/pom.xml
MD5: 5ccb45a1fb739e3c4547eb10a47b4ff7
SHA1: 8e69498dd5f7ed71790aa990f4bc1c72e5515234

Identifiers

  • maven: org.eclipse.jetty:jetty-io:8.1.15.v20140411   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2.external/aopalliance-repackaged/pom.xml

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2.external/aopalliance-repackaged/pom.xml
MD5: 677e72e5876b6f3459bf8f5d7ecb14d0
SHA1: 35e3525edffb1ab7792bfbe521eff7c756e17519

Identifiers

  • maven: org.glassfish.hk2.external:aopalliance-repackaged:2.2.0   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2.external/asm-all-repackaged/pom.xml

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2.external/asm-all-repackaged/pom.xml
MD5: 783be8098b6eec68967508453ba35232
SHA1: 7753d57f50fe99e22b1a548c9fde94e07d27a6d6

Identifiers

  • maven: org.glassfish.hk2.external:asm-all-repackaged:2.2.0   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2.external/javax.inject/pom.xml

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2.external/javax.inject/pom.xml
MD5: 06b553f82e3c3574bcf2e2bd7eb18b22
SHA1: 2fcb1cb95f14ad221a399fe5dca453fe4268f26e

Identifiers

  • maven: org.glassfish.hk2.external:javax.inject:2.2.0   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2/hk2-api/pom.xml

Description: ${project.name}

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2/hk2-api/pom.xml
MD5: 70a3017ce69c98e4db38406d0ac608aa
SHA1: 6eaac604d33d112a032cfd98357d82202e2ebbd0

Identifiers

  • maven: org.glassfish.hk2:hk2-api:2.2.0   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2/hk2-locator/pom.xml

Description: ${project.name}

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2/hk2-locator/pom.xml
MD5: e104bfee6f1062beb0ce3e01cf29167a
SHA1: 430cdc986e4b5d4e450e517d6ec7d0f6e00fade5

Identifiers

  • maven: org.glassfish.hk2:hk2-locator:2.2.0   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2/hk2-utils/pom.xml

Description: ${project.name}

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2/hk2-utils/pom.xml
MD5: 9b2900d409cc3cc15b739654b27a34d0
SHA1: de0f39f77a3d1e5ee2a1620ae4a7e5f335374433

Identifiers

  • maven: org.glassfish.hk2:hk2-utils:2.2.0   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2/osgi-resource-locator/pom.xml

Description:  See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2/osgi-resource-locator/pom.xml
MD5: 7830685882af91d91878333c6214adfb
SHA1: 52d2cc2460a202ba72cbd5be18905ae1b0b359fc

Identifiers

  • maven: org.glassfish.hk2:osgi-resource-locator:1.0.1   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.bundles.repackaged/jersey-guava/pom.xml

Description: Jersey Guava Repackaged

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.bundles.repackaged/jersey-guava/pom.xml
MD5: a8fc41f3b26e8cfadd12858574dc9078
SHA1: 0708708d8d899d53122eb390d0010a06e9cf165a

Identifiers

  • maven: org.glassfish.jersey.bundles.repackaged:jersey-guava:2.6   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.containers/jersey-container-servlet-core/pom.xml

Description: Jersey core Servlet 2.x implementation

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.containers/jersey-container-servlet-core/pom.xml
MD5: a92385abeabab3929ab7869f2ce7702b
SHA1: 007c7ed57f30633ee4d4ebb0f78d1ac7dcb55f65

Identifiers

  • maven: org.glassfish.jersey.containers:jersey-container-servlet-core:2.6   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.containers/jersey-container-servlet/pom.xml

Description: Jersey core Servlet 3.x implementation

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.containers/jersey-container-servlet/pom.xml
MD5: 0f518713e8bc61364feebe6b702edfba
SHA1: d6add865975e37545c57df3fb082ab39c9982e63

Identifiers

  • maven: org.glassfish.jersey.containers:jersey-container-servlet:2.6   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.core/jersey-client/pom.xml

Description: Jersey core client implementation

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.core/jersey-client/pom.xml
MD5: 9b2eacb28462852316277e0af4bb211a
SHA1: 2b610b0edff4572bdd0496dbd4c9e2cb55157290

Identifiers

  • maven: org.glassfish.jersey.core:jersey-client:2.6   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.core/jersey-common/pom.xml

Description: Jersey core common packages

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.core/jersey-common/pom.xml
MD5: 6ac51414b037b73b52dc5fc567a7c0bc
SHA1: 9463095a700df946fcb910b84c6184bc9fbab982

Identifiers

  • maven: org.glassfish.jersey.core:jersey-common:2.6   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.core/jersey-server/pom.xml

Description: Jersey core server implementation

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.core/jersey-server/pom.xml
MD5: 95b5ca3ecab1dd922dfc78080c4e30c7
SHA1: 5340b02c18f519e902f9380f6ec391913668347d

Identifiers

  • maven: org.glassfish.jersey.core:jersey-server:2.6   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.media/jersey-media-sse/pom.xml

Description:  Jersey Server Sent Events entity providers support module.

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.media/jersey-media-sse/pom.xml
MD5: 389235b47ad6333bbef8e21c16f403cc
SHA1: 6c57a7c5dea80a34f6ea54b9abcd4cd7ff30f2e7

Identifiers

  • maven: org.glassfish.jersey.media:jersey-media-sse:2.6   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.javassist/javassist/pom.xml

Description:  Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/
File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.javassist/javassist/pom.xml
MD5: efe57f6812fbafe121ef0806dc56b2e3
SHA1: af3b2b71de5691126a16d00e3155576dcaa1e3dc

Identifiers

  • maven: org.javassist:javassist:3.18.1-GA   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.jvnet/tiger-types/pom.xml

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.jvnet/tiger-types/pom.xml
MD5: 51329dba505e7cc4a9bc2719cf195be0
SHA1: 5855a7ee03b816073c2b448bce93319bd71f7029

Identifiers

  • maven: org.jvnet:tiger-types:1.4   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-common-resources-v1/pom.xml

Description: Common library for Terracotta management JAX RS resources, Rest API version 1

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-common-resources-v1/pom.xml
MD5: 9ee1fe31049c7a3fa457a93f0bf2e58c
SHA1: 946ef5e1aeb550df945752f78198cfa1484d46b7

Identifiers

  • maven: org.terracotta:management-common-resources-v1:2.0.15   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-common-resources-v2/pom.xml

Description: Common library for Terracotta management JAX RS resources, Rest API version 2

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-common-resources-v2/pom.xml
MD5: b61c6cfe0f1bf47e0e8ecd9ade661a98
SHA1: 8f2b59589ec467e26a4c9330474394b6b8720812

Identifiers

  • maven: org.terracotta:management-common-resources-v2:2.0.15   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-common-v1/pom.xml

Description: Common library for Terracotta management web services, Rest API version 1

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-common-v1/pom.xml
MD5: bd0b753927a8b3ddc08acd0cf802d2e2
SHA1: 8ce630b99443e5cad8d1534932130c7dabc2c779

Identifiers

  • maven: org.terracotta:management-common-v1:2.0.15   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-common-v2/pom.xml

Description: Common library for Terracotta management web services, Rest API version 2

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-common-v2/pom.xml
MD5: c7ae96d4c91a54f8c4ba7d7172ee1fc7
SHA1: 804b52aec0457581e27d85c25d2f35069f8862b4

Identifiers

  • maven: org.terracotta:management-common-v2:2.0.15   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-core-resources/pom.xml

Description: Core library for Terracotta management JAX RS resources

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-core-resources/pom.xml
MD5: 0c151448e712e6c7abf4924f7de73d0a
SHA1: 555654fe1b7d001d11c687b5e4ff0be46e9d9706

Identifiers

  • maven: org.terracotta:management-core-resources:2.0.15   Confidence:High

ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-core/pom.xml

Description: Core library for Terracotta management web services

File Path: /home/travis/.m2/repository/net/sf/ehcache/ehcache/2.10.2.2.21/ehcache-2.10.2.2.21.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-core/pom.xml
MD5: 1efaf18cd92a7ce6a9ff2d2ebfb9836e
SHA1: 55d1212f8bbbd8353285ff58fd13bb105515dc94

Identifiers

  • maven: org.terracotta:management-core:2.0.15   Confidence:High


This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the Node Security Platform.