Press CTR-C to copy XML [help]

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Project: Orbit_Check

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE GAV Highest Severity CVE Count CPE Confidence Evidence Count
ca.odell.glazedlists.source_1.9.0.v201303080712.jar   0 6
ca.odell.glazedlists_1.9.0.v201303080712.jar   0 15
cdi.api.source_1.0.0.v201105160744.jar   0 6
cdi.api_1.0.0.v201105160744.jar   0 8
ch.ethz.iks.slp.source_1.0.0.RC2_v20080604-1500.jar   0 6
ch.ethz.iks.slp_1.0.0.RC5_v20080820-1500.jar   0 10
ch.qos.logback.classic.source_1.0.7.v20121108-1250.jar   0 6
ch.qos.logback.classic_1.0.7.v20121108-1250.jar   0 10
ch.qos.logback.classic_1.1.2.v20160208-0839.jar org.eclipse.orbit.bundles:ch.qos.logback.classic:1.1.2-SNAPSHOT   0 17
ch.qos.logback.core.source_1.0.7.v20121108-1250.jar   0 6
ch.qos.logback.core_1.0.7.v20121108-1250.jar   0 10
ch.qos.logback.core_1.1.2.v20160208-0839.jar org.eclipse.orbit.bundles:ch.qos.logback.core:1.1.2-SNAPSHOT   0 17
ch.qos.logback.slf4j.source_1.0.7.v201505121915.jar   0 6
ch.qos.logback.slf4j_1.0.7.v201505121915.jar   0 10
ch.qos.logback.slf4j_1.1.2.v20160301-0943.jar org.eclipse.orbit.bundles:ch.qos.logback.slf4j:1.1.2-SNAPSHOT   0 15
com.fasterxml.jackson.core.jackson-core_2.5.0.v201504151636.jar cpe:/a:fasterxml:jackson:2.5.0.v20150415 com.fasterxml.jackson.core:jackson-core:2.5.0 High 1 LOW 25
com.fasterxml.jackson.core.jackson-core_2.6.2.v20161117-2150.jar cpe:/a:fasterxml:jackson:2.6.2.v20161117 org.eclipse.orbit.bundles:com.fasterxml.jackson.core.jackson-core:2.6.2-SNAPSHOT High 1 LOW 23
com.fasterxml.jackson.jaxrs.jackson-jaxrs-base_2.5.0.v201504171603.jar cpe:/a:fasterxml:jackson:2.5.0.v20150417 com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:2.5.0 High 1 LOW 23
com.github.jnr.constants_0.9.1.v20161107-2054.jar org.eclipse.orbit.bundles:com.github.jnr.constants:0.9.1-SNAPSHOT   0 15
com.github.jnr.enxio_0.12.0.v20161107-2054.jar org.eclipse.orbit.bundles:com.github.jnr.enxio:0.12.0-SNAPSHOT   0 15
com.github.jnr.ffi_2.0.9.v20161107-2054.jar org.eclipse.orbit.bundles:com.github.jnr.ffi:2.0.9-SNAPSHOT   0 15
com.github.jnr.jffi.native_1.2.11.v20161107-2054.jar org.eclipse.orbit.bundles:com.github.jnr.jffi.native:1.2.11-SNAPSHOT   0 14
com.github.jnr.jffi_1.2.11.v20161107-2054.jar org.eclipse.orbit.bundles:com.github.jnr.jffi:1.2.11-SNAPSHOT   0 15
com.github.jnr.posix_3.0.29.v20161107-2054.jar org.eclipse.orbit.bundles:com.github.jnr.posix:3.0.29-SNAPSHOT   0 17
com.github.jnr.unixsocket_0.12.0.v20161107-2054.jar org.eclipse.orbit.bundles:com.github.jnr.unixsocket:0.12.0-SNAPSHOT   0 15
com.google.gerrit.common.source_2.1.5.v201112241444.jar   0 6
com.google.gerrit.common_2.1.5.v201112241444.jar   0 11
com.google.gerrit.prettify.source_2.1.5.v201112241444.jar   0 6
com.google.gerrit.prettify_2.1.5.v201112241444.jar   0 10
com.google.gerrit.reviewdb.source_2.1.5.v201112241444.jar   0 6
com.google.gerrit.reviewdb_2.1.5.v201112241444.jar   0 9
com.google.gson.source_2.2.4.v201311231704.jar   0 7
com.google.gson_2.2.4.v201311231704.jar   0 11
com.google.gson_2.7.0.v20161205-1708.jar org.eclipse.orbit.bundles:com.google.gson:2.7.0-SNAPSHOT   0 17
com.google.guava.source_15.0.0.v201403281430.jar   0 6
com.google.guava_15.0.0.v201403281430.jar com.google.guava:guava:15.0   0 14
com.google.guava_18.0.0.v20161115-1643.jar org.eclipse.orbit.bundles:com.google.guava:18.0.0-SNAPSHOT   0 16
com.google.gwt.servlet.source_2.1.0.v201111291940.jar   0 6
com.google.gwt.servlet_2.1.0.v201111291940.jar   0 9
com.google.gwt.user.source_2.1.0.v201505121915.jar   0 6
com.google.gwt.user_2.1.0.v201505121915.jar   0 9
com.google.gwtjsonrpc.source_1.2.5.v201112241444.jar   0 6
com.google.gwtjsonrpc_1.2.5.v201112241444.jar   0 10
com.google.gwtorm.source_1.1.4.v201112241444.jar   0 6
com.google.gwtorm_1.1.4.v201112241444.jar   0 8
com.google.inject.assistedinject.source_3.0.0.v201402270930.jar   0 8
com.google.inject.assistedinject_3.0.0.v201402270930.jar   0 13
com.google.inject.multibindings.source_3.0.0.v201605172100.jar   0 8
com.google.inject.multibindings_3.0.0.v201605172100.jar   0 13
com.google.inject.source_3.0.0.v201605172100.jar   0 8
com.google.inject_3.0.0.v201605172100.jar   0 12
com.google.javascript_0.0.20160315.v20161124-1903.jar cpe:/a:google:google_apps:0.0.201603 org.eclipse.orbit.bundles:com.google.javascript:0.0.20160315-SNAPSHOT High 1 LOW 16
com.google.protobuf.source_2.4.0.v201105131100.jar   0 6
com.google.protobuf_2.4.0.v201105131100.jar   0 8
com.ibm.icu.base.source_56.1.0.v201601250100.jar   0 9
com.ibm.icu.base_56.1.0.v201601250100.jar   0 12
com.ibm.icu.source_56.1.0.v201601250100.jar   0 9
com.ibm.icu_56.1.0.v201601250100.jar cpe:/a:icu_project:international_components_for_unicode:56.1.0.v20160125 org.eclipse.birt.runtime:com.ibm.icu:56.1.0.v201601250100 High 2 LOW 21
com.jcraft.jsch.source_0.1.53.v201508180515.jar   0 6
com.jcraft.jsch_0.1.53.v201508180515.jar   0 8
com.jcraft.jzlib_1.1.1.v201205102305.jar cpe:/a:jcraft:jzlib:1.1.1.v20120510 com.jcraft:jzlib:1.1.1   0 LOW 13
com.kenai.jffi_1.2.7.v201505052040.jar com.github.jnr:jffi:1.2.7   0 12
com.lowagie.text.source_2.1.7.v201004222200.jar   0 6
com.lowagie.text_2.1.7.v201004222200.jar   0 9
com.novell.ldap_2.3.30.v201112011400.jar   0 8
com.spotify.docker.client_3.1.1.v201605180100.jar cpe:/a:docker:docker:3.1.1.v20160518 com.spotify:docker-client:3.1.1   0 LOW 13
com.spotify.docker.client_3.6.8.v20161117-2005.jar cpe:/a:docker:docker:3.6.8.v20161117 org.eclipse.orbit.bundles:com.spotify.docker.client:3.6.8-SNAPSHOT   0 LOW 14
com.sun.el.source_2.2.0.v201303151357.jar   0 6
com.sun.el_2.2.0.v201303151357.jar   0 11
com.sun.jersey.source_1.17.0.v201503170330.jar   0 6
com.sun.jersey_1.17.0.v201503170330.jar com.sun.jersey:jersey-bundle:1.17   0 18
com.sun.syndication.source_0.9.0.v200803061811.jar   0 6
com.sun.syndication_0.9.0.v200803061811.jar   0 10
com.sun.xml.bind.source_2.2.0.v201505121915.jar   0 6
com.sun.xml.bind_2.2.0.v201505121915.jar   0 11
com.thoughtworks.qdox.source_1.6.3.v20081201-1400.jar   0 6
com.thoughtworks.qdox_1.6.3.v20081201-1400.jar   0 8
com.thoughtworks.selenium.source_2.25.0.v201212071504.jar   0 6
com.thoughtworks.selenium_2.25.0.v201212071504.jar   0 11
com.thoughtworks.xstream_1.3.1.v201111240924.jar cpe:/a:x-stream:xstream:1.3.1.v20111124 Medium 1 LOW 8
com.vaadin_6.5.3.v201111241034.jar cpe:/a:vaadin:vaadin:6.5.3.v20111124   0 LOW 14
commonj.sdo.source_2.1.1.v201112051852.jar   0 6
commonj.sdo_2.1.1.v201112051852.jar   0 8
de.tuberlin.eecs.agg_2.1.0.v201512080800.jar   0 8
edu.emory.mathcs.backport.source_3.1.0.v201505121915.jar   0 7
edu.emory.mathcs.backport_3.1.0.v201505121915.jar   0 10
java_cup.runtime.source_0.10.0.v201005080400.jar   0 6
java_cup.runtime_0.10.0.v201005080400.jar   0 8
javaewah.source_0.7.9.v201605172130.jar   0 8
javaewah_0.7.9.v201605172130.jar   0 10
javaewah_1.1.6.v20160919-1400.jar org.eclipse.orbit.bundles:javaewah:1.1.6-SNAPSHOT   0 14
javassist.source_3.13.0.GA_v201209210905.jar   0 6
javassist_3.13.0.GA_v201209210905.jar   0 6
javax.activation.source_1.1.0.v201211130549.jar   0 6
javax.activation_1.1.0.v201211130549.jar   0 8
javax.annotation.source_1.2.0.v201602091430.jar   0 6
javax.annotation_1.2.0.v201602091430.jar   0 8
javax.ejb.source_3.1.1.v201204261316.jar   0 6
javax.ejb_3.1.1.v201204261316.jar   0 7
javax.el.source_2.2.0.v201303151357.jar   0 6
javax.el_2.2.0.v201303151357.jar   0 8
javax.inject.source_1.0.0.v20091030.jar   0 6
javax.inject_1.0.0.v20091030.jar   0 8
javax.jms.source_1.1.0.v201205091237.jar   0 6
javax.jms_1.1.0.v201205091237.jar   0 7
javax.jws.source_2.0.0.v201005080400.jar   0 6
javax.jws_2.0.0.v201005080400.jar   0 7
javax.mail.glassfish.source_1.4.1.v201108011116.jar   0 6
javax.mail.glassfish_1.4.1.v201108011116.jar   0 8
javax.mail_1.4.0.v201005080615.jar   0 8
javax.management.remote_1.0.0.v20100427-1100.jar   0 8
javax.management_1.2.0.v20100427-1100.jar   0 7
javax.persistence.source_1.0.0.v200905011740.jar   0 6
javax.persistence_1.0.0.v200905011740.jar   0 8
javax.resource.source_1.6.0.v201204270900.jar   0 6
javax.resource_1.6.0.v201204270900.jar   0 8
javax.security.auth.message.source_1.0.0.v201108011116.jar   0 6
javax.security.auth.message_1.0.0.v201108011116.jar   0 14
javax.security.jacc.source_1.4.0.v201205031350.jar   0 6
javax.security.jacc_1.4.0.v201205031350.jar   0 8
javax.servlet.jsp.jstl.impl.source_1.2.0.v201210211230.jar   0 6
javax.servlet.jsp.jstl.impl_1.2.0.v201210211230.jar cpe:/a:apache:standard_taglibs:1.2.0.v20121021 High 1 LOW 9
javax.servlet.jsp.jstl.source_1.2.0.v201105211821.jar   0 6
javax.servlet.jsp.jstl_1.2.0.v201105211821.jar   0 10
javax.servlet.jsp.source_2.2.0.v201112011158.jar   0 6
javax.servlet.jsp_2.2.0.v201112011158.jar   0 9
javax.servlet.source_3.1.0.v201410161800.jar   0 6
javax.servlet_3.1.0.v201410161800.jar   0 16
javax.transaction.source_1.1.1.v201105210645.jar   0 6
javax.transaction_1.1.1.v201105210645.jar org.apache.geronimo.specs:geronimo-jta_1.1_spec:1.1.1   0 15
javax.validation.source_1.0.0.GA_v201205091237.jar   0 6
javax.validation_1.0.0.GA_v201205091237.jar   0 7
javax.websocket.source_1.0.0.v20140310-1603.jar   0 6
javax.websocket_1.0.0.v20140310-1603.jar   0 7
javax.ws.rs_2.0.1.v201504171603.jar javax.ws.rs:javax.ws.rs-api:2.0.1   0 22
javax.wsdl.source_1.6.2.v201012040545.jar   0 6
javax.wsdl_1.5.1.v201012040544.jar   0 15
javax.wsdl_1.6.2.v201012040545.jar   0 14
javax.xml.bind.source_2.2.0.v201105210648.jar   0 6
javax.xml.bind_2.2.0.v201105210648.jar   0 9
javax.xml.rpc_1.1.0.v201209140446.jar   0 10
javax.xml.rpc_1.1.0.v201209140446.jar: jaxrpc.jar cpe:/a:apache:axis:1.4 axis:axis-jaxrpc:1.4 Medium 2 HIGHEST 12
javax.xml.soap_1.2.0.v201005080501.jar   0 6
javax.xml.soap_1.2.0.v201005080501.jar: saaj.jar cpe:/a:apache:axis:1.4 axis:axis-saaj:1.4 Medium 2 HIGHEST 12
javax.xml.soap_1.3.0.v201105210645.jar   0 9
javax.xml.stream_1.0.1.v201004272200.jar   0 9
javax.xml.ws_2.1.0.v200902101523.jar   0 9
javax.xml_1.3.4.v201005080400.jar cpe:/a:eclipse:birt:1.3.4.v20100508 org.eclipse.birt.runtime:javax.xml:1.3.4.v201005080400 Medium 1 LOW 17
jnr.constants_0.8.6.v201505052040.jar com.github.jnr:jnr-constants:0.8.6   0 12
jnr.enxio_0.6.0.v201505052040.jar com.github.jnr:jnr-enxio:0.6   0 12
jnr.ffi_2.0.1.v201505052040.jar com.github.jnr:jnr-ffi:2.0.1   0 12
jnr.posix_3.0.9.v201505052040.jar com.github.jnr:jnr-posix:3.0.9   0 11
jnr.unixsocket_0.5.0.v201505052040.jar com.github.jnr:jnr-unixsocket:0.5   0 12
jnr.x86asm_1.0.2.v201505052040.jar com.github.jnr:jnr-x86asm:1.0.2   0 12
lpg.runtime.java.source_2.0.17.v201004271640.jar   0 6
lpg.runtime.java_2.0.17.v201004271640.jar   0 8
me.prettyprint.hector.source_0.7.0.0022_v20110412-1025.jar   0 7
me.prettyprint.hector_0.7.0.0022_v20110412-1025.jar me.prettyprint:hector-core:0.7.0-22   0 12
net.miginfocom.layout.source_3.7.1.v200911230030.jar   0 7
net.miginfocom.layout.swing.source_3.7.1.v200911230030.jar   0 7
net.miginfocom.layout.swing_3.7.1.v200911230030.jar   0 9
net.miginfocom.layout.swt.source_3.7.1.v201505121915.jar   0 6
net.miginfocom.layout.swt_3.7.1.v201505121915.jar   0 9
net.miginfocom.layout_3.7.1.v200911230030.jar   0 9
net.sourceforge.lpg.lpgjavaruntime.source_1.1.0.v201004271650.jar   0 6
net.sourceforge.lpg.lpgjavaruntime_1.1.0.v201004271650.jar   0 8
net.sourceforge.mx4j.remote_3.0.1.v20100427-1100.jar   0 7
net.sourceforge.mx4j_3.0.1.v20100427-1100.jar   0 6
net.sourceforge.nattable.core.source_2.1.0.v201102070845.jar   0 6
net.sourceforge.nattable.core_2.1.0.v201102231538.jar   0 9
org.antlr.runtime.source_3.2.0.v201101311130.jar   0 6
org.antlr.runtime.source_4.3.0.v201502022030.jar   0 6
org.antlr.runtime_3.2.0.v201101311130.jar   0 8
org.antlr.runtime_4.3.0.v201502022030.jar   0 9
org.antlr.runtime_4.3.0.v201502022030.jar/META-INF/maven/org.abego.treelayout/org.abego.treelayout.core/pom.xml org.abego.treelayout:org.abego.treelayout.core:1.0.1   0 7
org.antlr.runtime_4.3.0.v201502022030.jar/META-INF/maven/org.antlr/antlr4-annotations/pom.xml org.antlr:antlr4-annotations:4.3   0 7
org.antlr.runtime_4.3.0.v201502022030.jar/META-INF/maven/org.antlr/antlr4-runtime/pom.xml org.antlr:antlr4-runtime:4.3   0 7
org.antlr.runtime_4.5.1.v20160210-1233.jar org.eclipse.orbit.bundles:org.antlr.runtime:4.5.1-SNAPSHOT   0 20
org.aopalliance_1.0.0.v201105210816.jar   0 8
org.apache.ant.source_1.9.6.v201510161327.jar   0 6
org.apache.ant_1.9.6.v201510161327.jar   0 12
org.apache.ant_1.9.6.v201510161327.jar: ant-antlr.jar org.apache.ant:ant-antlr:1.9.6   0 20
org.apache.ant_1.9.6.v201510161327.jar: ant-apache-bcel.jar org.apache.ant:ant-apache-bcel:1.9.6   0 19
org.apache.ant_1.9.6.v201510161327.jar: ant-apache-bsf.jar org.apache.ant:ant-apache-bsf:1.9.6   0 19
org.apache.ant_1.9.6.v201510161327.jar: ant-apache-log4j.jar org.apache.ant:ant-apache-log4j:1.9.6   0 20
org.apache.ant_1.9.6.v201510161327.jar: ant-apache-oro.jar org.apache.ant:ant-apache-oro:1.9.6   0 19
org.apache.ant_1.9.6.v201510161327.jar: ant-apache-regexp.jar org.apache.ant:ant-apache-regexp:1.9.6   0 19
org.apache.ant_1.9.6.v201510161327.jar: ant-apache-resolver.jar org.apache.ant:ant-apache-resolver:1.9.6   0 19
org.apache.ant_1.9.6.v201510161327.jar: ant-apache-xalan2.jar org.apache.ant:ant-apache-xalan2:1.9.6   0 21
org.apache.ant_1.9.6.v201510161327.jar: ant-commons-logging.jar org.apache.ant:ant-commons-logging:1.9.6   0 20
org.apache.ant_1.9.6.v201510161327.jar: ant-commons-net.jar org.apache.ant:ant-commons-net:1.9.6   0 20
org.apache.ant_1.9.6.v201510161327.jar: ant-jai.jar org.apache.ant:ant-jai:1.9.6   0 20
org.apache.ant_1.9.6.v201510161327.jar: ant-javamail.jar cpe:/a:apache-ssl:apache-ssl:1.9.6 org.apache.ant:ant-javamail:1.9.6   0 LOW 20
org.apache.ant_1.9.6.v201510161327.jar: ant-jdepend.jar org.apache.ant:ant-jdepend:1.9.6   0 20
org.apache.ant_1.9.6.v201510161327.jar: ant-jmf.jar org.apache.ant:ant-jmf:1.9.6   0 20
org.apache.ant_1.9.6.v201510161327.jar: ant-jsch.jar org.apache.ant:ant-jsch:1.9.6   0 20
org.apache.ant_1.9.6.v201510161327.jar: ant-junit.jar org.apache.ant:ant-junit:1.9.6   0 20
org.apache.ant_1.9.6.v201510161327.jar: ant-junit4.jar org.apache.ant:ant-junit4:1.9.6   0 21
org.apache.ant_1.9.6.v201510161327.jar: ant-launcher.jar org.apache.ant:ant-launcher:1.9.6   0 15
org.apache.ant_1.9.6.v201510161327.jar: ant-netrexx.jar org.apache.ant:ant-netrexx:1.9.6   0 20
org.apache.ant_1.9.6.v201510161327.jar: ant-swing.jar org.apache.ant:ant-swing:1.9.6   0 20
org.apache.ant_1.9.6.v201510161327.jar: ant-testutil.jar cpe:/a:apache:apache_test:1.9.6 org.apache.ant:ant-testutil:1.9.6 Medium 1 LOW 15
org.apache.ant_1.9.6.v201510161327.jar: ant.jar org.apache.ant:ant:1.9.6   0 18
org.apache.axis_1.4.0.v201411182030.jar cpe:/a:apache:axis:1.4.0.v20141118   0 LOW 7
org.apache.axis_1.4.0.v201411182030.jar: axis.jar cpe:/a:apache:axis:1.4 axis:axis:1.4 Medium 2 HIGHEST 16
org.apache.batik.css.source_1.7.0.v201011041433.jar cpe:/a:apache:batik:1.7.0.v20101104   0 LOW 6
org.apache.batik.css_1.6.0.v201011041432.jar cpe:/a:apache:batik:1.6.0.v20101104 Medium 1 LOW 11
org.apache.batik.css_1.7.0.v201011041433.jar cpe:/a:apache:batik:1.7 Medium 1 HIGH 15
org.apache.batik.dom_1.6.1.v201505192100.jar cpe:/a:apache:batik:1.6.1.v20150519 org.eclipse.birt.runtime:org.apache.batik.dom:1.6.1.v201505192100 Medium 1 LOW 19
org.apache.batik.dom_1.7.1.v201505191845.jar cpe:/a:apache:batik:1.7.1.v20150519   0 LOW 14
org.apache.batik.pdf_1.6.0.v201105071520.jar cpe:/a:apache:batik:1.6.0.v20110507 Medium 1 LOW 8
org.apache.batik.swing.source_1.7.0.v201302011158.jar cpe:/a:apache:batik:1.7.0.v20130201   0 LOW 6
org.apache.batik.swing_1.7.0.v201302011158.jar cpe:/a:apache:batik:1.7 Medium 1 HIGH 15
org.apache.batik.util.gui.source_1.7.0.v200903091627.jar cpe:/a:apache:batik:1.7.0.v20090309   0 LOW 6
org.apache.batik.util.gui_1.7.0.v200903091627.jar cpe:/a:apache:batik:1.7 Medium 1 HIGH 14
org.apache.bcel.source_5.2.0.v201005080400.jar   0 6
org.apache.bcel_5.2.0.v201005080400.jar   0 9
org.apache.bsf.source_2.4.0.v201103030230.jar   0 6
org.apache.bsf_2.4.0.v201103030230.jar   0 10
org.apache.bval.source_0.3.0.v201205161050.jar   0 6
org.apache.bval_0.3.0.v201205161050.jar   0 8
org.apache.cassandra_0.7.0.v201503170330.jar cpe:/a:apache:cassandra:0.7.0.v20150317   0 LOW 8
org.apache.catalina.ha.source_7.0.56.v201412180755.jar   0 6
org.apache.catalina.ha_7.0.56.v201412180755.jar   0 10
org.apache.catalina.source_7.0.56.v201503170330.jar   0 6
org.apache.catalina.tribes.source_7.0.56.v201412180755.jar   0 6
org.apache.catalina.tribes_7.0.56.v201412180755.jar   0 9
org.apache.catalina_7.0.56.v201503170330.jar   0 7
org.apache.commons.beanutils_1.8.0.v201205091237.jar cpe:/a:apache:commons_beanutils:1.8.0.v20120509 High 1 LOW 10
org.apache.commons.cli.source_1.2.0.v201404270220.jar   0 6
org.apache.commons.cli_1.2.0.v201404270220.jar   0 10
org.apache.commons.codec.source_1.6.0.v201305230611.jar   0 6
org.apache.commons.codec_1.6.0.v201305230611.jar commons-codec:commons-codec:1.6   0 24
org.apache.commons.collections_3.2.2.v201511171945.jar cpe:/a:apache:commons_collections:3.2.2.v20151117   0 LOW 9
org.apache.commons.compress_1.6.0.v201310281400.jar cpe:/a:apache:commons-compress:1.6.0.v20131028   0 LOW 20
org.apache.commons.daemon.source_1.0.5.v20121125-0905.jar cpe:/a:apache:apache_commons_daemon:1.0.5.v20121125   0 LOW 6
org.apache.commons.daemon_1.0.5.v20121125-0905.jar cpe:/a:apache:apache_commons_daemon:1.0.5 commons-daemon:commons-daemon:1.0.5 Medium 1 HIGHEST 15
org.apache.commons.dbcp.source_1.4.0.v201204271417.jar   0 6
org.apache.commons.dbcp_1.4.0.v201204271417.jar   0 9
org.apache.commons.discovery_0.2.0.v201004190315.jar   0 11
org.apache.commons.discovery_0.2.0.v201004190315.jar: commons-discovery-0.2.jar commons-discovery:commons-discovery:0.2   0 17
org.apache.commons.exec.source_1.1.0.v201301240602.jar   0 6
org.apache.commons.exec_1.1.0.v201301240602.jar org.apache.commons:commons-exec:1.1   0 23
org.apache.commons.fileupload_1.2.2.v20111214-1400.jar cpe:/a:apache:commons_fileupload:1.2.2.v20111214 High 3 LOW 9
org.apache.commons.httpclient_3.1.0.v201012070820.jar cpe:/a:apache:commons-httpclient:3.1.0.v20101207
cpe:/a:apache:httpclient:3.1.0.v20101207 		Medium 3 LOW 9
org.apache.commons.io.source_2.0.1.v201105210651.jar   0 6
org.apache.commons.io.source_2.2.0.v201405211200.jar   0 6
org.apache.commons.io_2.0.1.v201105210651.jar   0 16
org.apache.commons.io_2.2.0.v201405211200.jar   0 16
org.apache.commons.jxpath.source_1.3.0.v200911051830.jar   0 6
org.apache.commons.jxpath_1.3.0.v200911051830.jar   0 10
org.apache.commons.lang.source_2.6.0.v201404270220.jar   0 6
org.apache.commons.lang3.source_3.1.0.v201403281430.jar   0 6
org.apache.commons.lang3_3.1.0.v201403281430.jar org.apache.commons:commons-lang3:3.1   0 24
org.apache.commons.lang_2.6.0.v201404270220.jar   0 9
org.apache.commons.logging.source_1.0.4.v201101211617.jar   0 6
org.apache.commons.logging.source_1.1.1.v201101211721.jar   0 6
org.apache.commons.logging_1.0.4.v201101211617.jar   0 10
org.apache.commons.logging_1.1.1.v201101211721.jar   0 10
org.apache.commons.math.source_2.1.0.v201105210652.jar   0 6
org.apache.commons.math3_3.5.0.v20160301-1110.jar org.eclipse.orbit.bundles:org.apache.commons.math3:3.5.0-SNAPSHOT   0 23
org.apache.commons.math_2.1.0.v201105210652.jar   0 16
org.apache.commons.net.source_3.2.0.v201305141515.jar   0 6
org.apache.commons.net_3.2.0.v201305141515.jar commons-net:commons-net:3.2   0 24
org.apache.commons.pool.source_1.6.0.v201204271246.jar   0 6
org.apache.commons.pool_1.6.0.v201204271246.jar   0 9
org.apache.coyote.source_7.0.56.v201412180755.jar   0 6
org.apache.coyote_7.0.56.v201412180755.jar cpe:/a:apache:tomcat:7.0.56.v20141218
cpe:/a:apache_tomcat:apache_tomcat:7.0.56.v20141218 		High 3 LOW 9
org.apache.derby_10.11.1.1_v201605202053.jar cpe:/a:apache:derby:10.11.1.1.v20160520 org.eclipse.birt.runtime:org.apache.derby:10.11.1.1_v201605202053 Medium 1 LOW 18
org.apache.derby_10.8.2.2_v201605172130.jar cpe:/a:apache:derby:10.8.2.2.v20160517 Medium 1 LOW 9
org.apache.el.source_7.0.56.v201412180755.jar   0 6
org.apache.el_7.0.56.v201412180755.jar   0 8
org.apache.felix.gogo.command.source_0.10.0.v201209301215.jar   0 6
org.apache.felix.gogo.command_0.10.0.v201209301215.jar org.apache.felix:org.apache.felix.gogo.command:0.10.0   0 15
org.apache.felix.gogo.runtime.source_0.10.0.v201209301036.jar   0 6
org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar org.apache.felix:org.apache.felix.gogo.runtime:0.10.0   0 14
org.apache.felix.gogo.shell.source_0.10.0.v201212101605.jar   0 6
org.apache.felix.gogo.shell_0.10.0.v201212101605.jar org.apache.felix:org.apache.felix.gogo.shell:0.10.0   0 14
org.apache.felix.scr_2.0.6.v20161206-1638.jar org.eclipse.orbit.bundles:org.apache.felix.scr:2.0.6-SNAPSHOT   0 15
org.apache.geronimo.components.connector_3.1.1.v201205170953.jar cpe:/a:apache:geronimo:3.1.1.v20120517 Low 1 LOW 10
org.apache.geronimo.specs.j2ee.management_1.0.0.v201205091237.jar cpe:/a:apache:geronimo:2.0 High 4 MEDIUM 9
org.apache.geronimo.specs.osgi.locator_1.1.0.v201205170953.jar cpe:/a:apache:geronimo:1.1.0.v20120517 High 2 LOW 11
org.apache.hadoop.zookeeper_3.4.5.v20121214-1350.jar cpe:/a:apache:hadoop:3.4.5.v20121214
cpe:/a:apache:zookeeper:3.4.5.v20121214 		Medium 2 LOW 12
org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar cpe:/a:apache:httpclient:4.2.6.v20131107 Medium 2 LOW 19
org.apache.httpcomponents.httpclient_4.3.6.v201511171540.jar cpe:/a:apache:httpclient:4.3.6.v20151117   0 LOW 17
org.apache.httpcomponents.httpclient_4.5.2.v20161115-1643.jar cpe:/a:apache:httpclient:4.5.2.v20161115 org.eclipse.orbit.bundles:org.apache.httpcomponents.httpclient:4.5.2-SNAPSHOT   0 LOW 23
org.apache.httpcomponents.httpcore.nio.source_4.0.0.v200905121600.jar   0 6
org.apache.httpcomponents.httpcore.nio.source_4.1.0.v201101201700.jar   0 6
org.apache.httpcomponents.httpcore.nio_4.0.0.v200905121600.jar   0 9
org.apache.httpcomponents.httpcore.nio_4.1.0.v201101201700.jar   0 9
org.apache.httpcomponents.httpcore.source_4.2.5.v201311072007.jar   0 6
org.apache.httpcomponents.httpcore.source_4.3.3.v201411290715.jar   0 6
org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar   0 18
org.apache.httpcomponents.httpcore_4.3.3.v201411290715.jar   0 17
org.apache.httpcomponents.httpcore_4.4.4.v20161115-1643.jar org.eclipse.orbit.bundles:org.apache.httpcomponents.httpcore:4.4.4-SNAPSHOT   0 24
org.apache.jasper.glassfish.source_2.2.2.v201501141630.jar   0 7
org.apache.jasper.glassfish_2.2.2.v201501141630.jar   0 13
org.apache.jasper.source_7.0.56.v201412180755.jar   0 6
org.apache.jasper_7.0.56.v201412180755.jar   0 10
org.apache.jclouds.api.cloudwatch_1.8.0.v20160301-1110.jar org.eclipse.orbit.bundles:org.apache.jclouds.api.cloudwatch:1.8.0-SNAPSHOT   0 22
org.apache.jclouds.api.ec2_1.8.0.v20160301-1110.jar org.eclipse.orbit.bundles:org.apache.jclouds.api.ec2:1.8.0-SNAPSHOT   0 22
org.apache.jclouds.api.openstack-cinder_1.8.0.v20160301-1110.jar cpe:/a:openstack:cinder:1.8.0.v20160301 org.eclipse.orbit.bundles:org.apache.jclouds.api.openstack-cinder:1.8.0-SNAPSHOT Medium 3 LOW 22
org.apache.jclouds.api.openstack-keystone_1.8.0.v20160301-1110.jar cpe:/a:openstack:keystone:1.8.0.v20160301 org.eclipse.orbit.bundles:org.apache.jclouds.api.openstack-keystone:1.8.0-SNAPSHOT High 12 LOW 22
org.apache.jclouds.api.openstack-nova_1.8.0.v20160301-1110.jar cpe:/a:openstack:nova:1.8.0.v20160301 org.eclipse.orbit.bundles:org.apache.jclouds.api.openstack-nova:1.8.0-SNAPSHOT High 5 LOW 22
org.apache.jclouds.api.sts_1.8.0.v20160301-1110.jar org.eclipse.orbit.bundles:org.apache.jclouds.api.sts:1.8.0-SNAPSHOT   0 22
org.apache.jclouds.common.openstack-common_1.8.0.v20160301-1110.jar org.eclipse.orbit.bundles:org.apache.jclouds.common.openstack-common:1.8.0-SNAPSHOT   0 22
org.apache.jclouds.driver.jclouds-slf4j_1.8.0.v20160301-1110.jar org.eclipse.orbit.bundles:org.apache.jclouds.driver.jclouds-slf4j:1.8.0-SNAPSHOT   0 22
org.apache.jclouds.jclouds-blobstore_1.8.0.v20160301-1110.jar org.eclipse.orbit.bundles:org.apache.jclouds.jclouds-blobstore:1.8.0-SNAPSHOT   0 22
org.apache.jclouds.jclouds-compute_1.8.0.v20160301-1110.jar org.eclipse.orbit.bundles:org.apache.jclouds.jclouds-compute:1.8.0-SNAPSHOT   0 22
org.apache.jclouds.jclouds-core_1.8.0.v20160301-1110.jar org.eclipse.orbit.bundles:org.apache.jclouds.jclouds-core:1.8.0-SNAPSHOT   0 22
org.apache.jclouds.jclouds-scriptbuilder_1.8.0.v20160301-1110.jar org.eclipse.orbit.bundles:org.apache.jclouds.jclouds-scriptbuilder:1.8.0-SNAPSHOT   0 22
org.apache.jclouds.labs.docker_1.8.0.v20160301-1110.jar cpe:/a:docker:docker:1.8.0.v20160301 org.eclipse.orbit.bundles:org.apache.jclouds.labs.docker:1.8.0-SNAPSHOT Low 1 LOW 22
org.apache.jclouds.labs.openstack-neutron_1.8.0.v20160301-1110.jar cpe:/a:openstack:neutron:1.8.0.v20160301 org.eclipse.orbit.bundles:org.apache.jclouds.labs.openstack-neutron:1.8.0-SNAPSHOT High 8 LOW 22
org.apache.juli.extras.source_7.0.56.v201412180755.jar   0 6
org.apache.juli.extras_7.0.56.v201412180755.jar   0 7
org.apache.log4j.source_1.2.15.v201012070815.jar   0 6
org.apache.log4j_1.2.15.v201012070815.jar   0 8
org.apache.lucene.analysis.source_3.5.0.v20120725-1805.jar   0 6
org.apache.lucene.analysis_3.5.0.v20120725-1805.jar   0 16
org.apache.lucene.analyzers-common_5.2.1.v20160301-1110.jar org.eclipse.orbit.bundles:org.apache.lucene.analyzers-common:5.2.1-SNAPSHOT   0 21
org.apache.lucene.analyzers-common_6.1.0.v20161115-1612.jar org.eclipse.orbit.bundles:org.apache.lucene.analyzers-common:6.1.0-SNAPSHOT   0 20
org.apache.lucene.analyzers-smartcn_5.2.1.v20160301-1110.jar org.eclipse.orbit.bundles:org.apache.lucene.analyzers-smartcn:5.2.1-SNAPSHOT   0 21
org.apache.lucene.analyzers-smartcn_6.1.0.v20161115-1612.jar org.eclipse.orbit.bundles:org.apache.lucene.analyzers-smartcn:6.1.0-SNAPSHOT   0 20
org.apache.lucene.core.source_3.5.0.v20120725-1805.jar   0 6
org.apache.lucene.core_3.5.0.v20120725-1805.jar org.eclipse.birt.runtime:org.apache.lucene.core:3.5.0.v20120725-1805   0 23
org.apache.lucene.core_5.2.1.v20160301-1110.jar org.eclipse.orbit.bundles:org.apache.lucene.core:5.2.1-SNAPSHOT   0 21
org.apache.lucene.core_6.1.0.v20161115-1612.jar org.eclipse.orbit.bundles:org.apache.lucene.core:6.1.0-SNAPSHOT   0 20
org.apache.lucene.grouping.source_3.5.0.v20120725-1805.jar   0 6
org.apache.lucene.grouping_3.5.0.v20120725-1805.jar   0 17
org.apache.lucene.highlighter.source_3.5.0.v20121015-1317.jar   0 6
org.apache.lucene.highlighter_3.5.0.v20121015-1317.jar   0 17
org.apache.lucene.memory.source_3.5.0.v20120725-1805.jar   0 6
org.apache.lucene.memory_3.5.0.v20120725-1805.jar   0 17
org.apache.lucene.misc.source_3.5.0.v20120725-1805.jar   0 6
org.apache.lucene.misc_3.5.0.v20120725-1805.jar   0 16
org.apache.lucene.misc_6.1.0.v20161115-1612.jar org.eclipse.orbit.bundles:org.apache.lucene.misc:6.1.0-SNAPSHOT   0 21
org.apache.lucene.queries.source_3.5.0.v20120725-1805.jar   0 6
org.apache.lucene.queries_3.5.0.v20120725-1805.jar   0 16
org.apache.lucene.queries_5.2.1.v20160926-1534.jar org.eclipse.orbit.bundles:org.apache.lucene.queries:5.2.1-SNAPSHOT   0 21
org.apache.lucene.queryparser_5.2.1.v20160926-1534.jar org.eclipse.orbit.bundles:org.apache.lucene.queryparser:5.2.1-SNAPSHOT   0 21
org.apache.lucene.queryparser_6.1.0.v20161115-1612.jar org.eclipse.orbit.bundles:org.apache.lucene.queryparser:6.1.0-SNAPSHOT   0 20
org.apache.lucene.source_3.5.0.v20120725-1805.jar   0 6
org.apache.lucene.spatial.source_3.5.0.v20120725-1805.jar   0 6
org.apache.lucene.spatial_3.5.0.v20120725-1805.jar   0 16
org.apache.lucene.spellchecker.source_3.5.0.v20120725-1805.jar   0 6
org.apache.lucene.spellchecker_3.5.0.v20120725-1805.jar   0 17
org.apache.lucene_3.5.0.v20120725-1805.jar   0 7
org.apache.mina.core.source_2.0.7.v201401071602.jar   0 6
org.apache.mina.core_2.0.7.v201401071602.jar org.apache.mina:mina-core:2.0.2   0 13
org.apache.mina.filter.compression.source_2.0.7.v201401141305.jar   0 6
org.apache.mina.filter.compression_2.0.7.v201401141305.jar org.apache.mina:mina-filter-compression:2.0.7   0 14
org.apache.neethi_2.0.4.1.jar   0 7
org.apache.olingo_2.0.3.v201605172220.jar   0 10
org.apache.olingo_2.0.3.v201605172220.jar/META-INF/maven/org.apache.olingo/olingo-odata2-api-annotation/pom.xml org.apache.olingo:olingo-odata2-api-annotation:2.0.3   0 6
org.apache.olingo_2.0.3.v201605172220.jar/META-INF/maven/org.apache.olingo/olingo-odata2-api/pom.xml org.apache.olingo:olingo-odata2-api:2.0.3   0 6
org.apache.olingo_2.0.3.v201605172220.jar/META-INF/maven/org.apache.olingo/olingo-odata2-core/pom.xml org.apache.olingo:olingo-odata2-core:2.0.3   0 6
org.apache.onami.configuration_6.3.0.v20160301-1110.jar org.eclipse.orbit.bundles:org.apache.onami.configuration:6.3.0-SNAPSHOT   0 24
org.apache.openejb.api.source_4.0.0.beta-2_v201205041047.jar   0 6
org.apache.openejb.api_4.0.0.beta-2_v201205041047.jar   0 8
org.apache.openejb.core.source_4.0.0.beta-2_v201205260545.jar   0 6
org.apache.openejb.core_4.0.0.beta-2_v201205260545.jar   0 7
org.apache.openejb.javaagent.source_4.0.0.beta-2_v201205041047.jar   0 6
org.apache.openejb.javaagent_4.0.0.beta-2_v201205041047.jar   0 8
org.apache.openejb.jee.source_4.0.0.beta-2_v201205041336.jar   0 6
org.apache.openejb.jee_4.0.0.beta-2_v201205041336.jar   0 8
org.apache.openejb.loader.source_4.0.0.beta-2_v201304191030.jar   0 6
org.apache.openejb.loader_4.0.0.beta-2_v201304191030.jar   0 8
org.apache.openwebbeans.ee.common.source_1.1.7.v201304201405.jar   0 6
org.apache.openwebbeans.ee.common_1.1.7.v201304201405.jar   0 9
org.apache.openwebbeans.ee.source_1.1.7.v201304200545.jar   0 6
org.apache.openwebbeans.ee_1.1.7.v201304200545.jar   0 9
org.apache.openwebbeans.ejb.source_1.1.7.v201304200545.jar   0 6
org.apache.openwebbeans.ejb_1.1.7.v201304200545.jar   0 9
org.apache.openwebbeans.impl.source_1.1.7.v201304201405.jar   0 6
org.apache.openwebbeans.impl_1.1.7.v201304201405.jar   0 7
org.apache.openwebbeans.jsf.source_1.1.7.v201304201405.jar   0 6
org.apache.openwebbeans.jsf_1.1.7.v201304201405.jar   0 8
org.apache.openwebbeans.spi.source_1.1.7.v201505121400.jar   0 6
org.apache.openwebbeans.spi_1.1.7.v201505121400.jar   0 8
org.apache.openwebbeans.tomcat7_1.1.7.v201304201405.jar cpe:/a:apache:tomcat:7.0.0
cpe:/a:apache_tomcat:apache_tomcat:1.1.7.v20130420 		High 58 MEDIUM 9
org.apache.openwebbeans.web.source_1.1.7.v201304201405.jar   0 6
org.apache.openwebbeans.web_1.1.7.v201304201405.jar   0 8
org.apache.oro.source_2.0.8.v201005080400.jar   0 6
org.apache.oro_2.0.8.v201005080400.jar   0 9
org.apache.poi_3.9.0.v201405241750.jar cpe:/a:apache:poi:3.9.0.v20140524 Medium 4 LOW 8
org.apache.solr.core_3.5.0.v20150506-0844.jar cpe:/a:apache:solr:3.5.0.v20150506 High 7 LOW 8
org.apache.sshd.core.source_0.7.0.v201303101611.jar   0 6
org.apache.sshd.core_0.7.0.v201303101611.jar org.apache.sshd:sshd-core:0.7.0   0 13
org.apache.taglibs.standard.glassfish_1.2.0.v201112081803.jar cpe:/a:apache:standard_taglibs:1.2.0.v20111208 High 1 LOW 10
org.apache.thrift.source_0.5.0.v20110412-1025.jar   0 7
org.apache.thrift_0.5.0.v20110412-1025.jar   0 8
org.apache.tika.core_1.3.0.v201505121915.jar cpe:/a:apache:tika:1.3.0.v20150512   0 LOW 8
org.apache.tika.parsers_1.3.0.v201605180015.jar cpe:/a:apache:tika:1.3.0.v20160518 org.apache.tika:tika-parsers:1.3   0 LOW 13
org.apache.velocity_1.5.0.v200905192330.jar   0 9
org.apache.ws.commons.schema_1.4.2.v201003051240.jar   0 10
org.apache.ws.commons.util_1.0.1.v20100518-1140.jar   0 10
org.apache.ws.commons.util_1.0.2.v20160817-1930.jar org.eclipse.orbit.bundles:org.apache.ws.commons.util:1.0.2-SNAPSHOT   0 14
org.apache.ws.jaxme_0.5.1.v20100427-1100.jar   0 9
org.apache.wsil4j_1.0.0.v200901211807.jar   0 9
org.apache.xalan_2.7.1.v201005080400.jar cpe:/a:apache:xalan-java:2.7.1.v20100508   0 LOW 9
org.apache.xbean.asm_3.12.0.v201304200545.jar   0 8
org.apache.xbean.bundleutils.source_3.12.0.v201304200545.jar   0 6
org.apache.xbean.bundleutils_3.12.0.v201304200545.jar   0 9
org.apache.xbean.finder.source_3.12.0.v201304201405.jar   0 6
org.apache.xbean.finder_3.12.0.v201304201405.jar   0 8
org.apache.xbean.naming.source_3.12.0.v201304201405.jar   0 6
org.apache.xbean.naming_3.12.0.v201304201405.jar   0 9
org.apache.xbean.reflect.source_3.12.0.v201304201405.jar   0 6
org.apache.xbean.reflect_3.12.0.v201304201405.jar   0 8
org.apache.xerces_2.9.0.v201101211617.jar   0 9
org.apache.xml.resolver_1.2.0.v201005080400.jar   0 9
org.apache.xml.security_1.4.2.v201005080400.jar   0 9
org.apache.xml.serializer_2.7.1.v201005080400.jar   0 9
org.apache.xmlbeans.source_2.3.0.v201605172150.jar   0 6
org.apache.xmlbeans_2.3.0.v201605172150.jar   0 9
org.apache.xmlgraphics_1.4.0.v201301251218.jar   0 8
org.apache.xmlrpc.client_3.1.3.v20160817-1930.jar org.eclipse.orbit.bundles:org.apache.xmlrpc.client:3.1.3-SNAPSHOT   0 19
org.apache.xmlrpc.common_3.1.3.v20160817-1930.jar org.eclipse.orbit.bundles:org.apache.xmlrpc.common:3.1.3-SNAPSHOT   0 19
org.apache.xmlrpc.server_3.1.3.v20160817-1930.jar   0 15
org.apache.xmlrpc_3.0.0.v20100427-1100.jar   0 8
org.assertj_1.7.1.v20160208-0839.jar org.eclipse.orbit.bundles:org.assertj:1.7.1-SNAPSHOT   0 16
org.bouncycastle.bcpg_1.52.0.v20161004-1854.jar cpe:/a:openpgp:openpgp:1.52.0.v20161004
cpe:/a:pgp:openpgp:1.52.0.v20161004
cpe:/a:pgp:pgp:1.52.0.v20161004 		org.eclipse.orbit.bundles:org.bouncycastle.bcpg:1.52.0-SNAPSHOT Medium 3 LOW 25
org.bouncycastle.bcpkix.source_1.51.0.v201505131810.jar   0 6
org.bouncycastle.bcpkix_1.51.0.v201505131810.jar   0 18
org.bouncycastle.bcpkix_1.52.0.v20161004-1854.jar org.eclipse.orbit.bundles:org.bouncycastle.bcpkix:1.52.0-SNAPSHOT   0 25
org.bouncycastle.bcprov.source_1.51.0.v201505131810.jar   0 6
org.bouncycastle.bcprov_1.51.0.v201505131810.jar   0 18
org.bouncycastle.bcprov_1.52.0.v20161004-1854.jar org.eclipse.orbit.bundles:org.bouncycastle.bcprov:1.52.0-SNAPSHOT   0 25
org.ccil.cowan.tagsoup_1.2.0.v201202211000.jar   0 9
org.cliffc.high_scale_lib.source_1.1.2.v20110412-1025.jar   0 7
org.cliffc.high_scale_lib_1.1.2.v20110412-1025.jar   0 8
org.codehaus.jackson.core.source_1.6.0.v20101005-0925.jar   0 6
org.codehaus.jackson.core_1.6.0.v20101005-0925.jar   0 8
org.codehaus.jackson.jaxrs.source_1.6.0.v20101005-1100.jar   0 6
org.codehaus.jackson.jaxrs_1.6.0.v20101005-1100.jar   0 9
org.codehaus.jackson.mapper.source_1.6.0.v20101005-0925.jar   0 6
org.codehaus.jackson.mapper_1.6.0.v20101005-0925.jar   0 9
org.codehaus.jackson.smile.source_1.6.0.v20101005-0925.jar   0 6
org.codehaus.jackson.smile_1.6.0.v20101005-0925.jar   0 9
org.codehaus.jackson.xc.source_1.6.0.v20101005-0925.jar   0 6
org.codehaus.jackson.xc_1.6.0.v20101005-0925.jar   0 9
org.custommonkey.xmlunit.source_1.3.0.v201605172130.jar   0 6
org.custommonkey.xmlunit_1.3.0.v201605172130.jar   0 8
org.cyberneko.html_1.9.14.v201105210654.jar   0 8
org.dojotoolkit_1.6.1.v201108161253.jar cpe:/a:dojo_toolkit:dojo_toolkit:1.6.1.v20110816 Medium 1 LOW 5
org.dom4j.source_1.6.1.v201312101416.jar   0 6
org.dom4j_1.6.1.v201312101416.jar   0 7
org.easymock.source_2.4.0.v20090202-0900.jar   0 6
org.easymock_2.4.0.v20090202-0900.jar   0 8
org.eclipse.orbit.mongodb_2.10.1.v20130422-1135.jar cpe:/a:mongodb:mongodb:2.10.1.v20130422 Low 1 LOW 7
org.eclipse.orbit.mongodb_3.2.2.v20161219-1650.jar cpe:/a:mongodb:mongodb:3.2.2.v20161219 org.eclipse.orbit.bundles:org.eclipse.orbit.mongodb:3.2.2-SNAPSHOT Low 1 LOW 14
org.eclipse.osgi_3.12.0.v20161117-1918.jar   0 12
org.freemarker_2.3.22.v20160210-1233.jar org.eclipse.orbit.bundles:org.freemarker:2.3.22-SNAPSHOT   0 25
org.glassfish.com.sun.faces.source_2.1.18.v201304210537.jar   0 6
org.glassfish.com.sun.faces_2.1.18.v201304210537.jar   0 8
org.glassfish.hk2.api_2.3.0.b10_v201508191500.jar org.glassfish.hk2:hk2-api:2.3.0-b10   0 15
org.glassfish.hk2.api_2.5.0.v20161103-0227.jar org.eclipse.orbit.bundles:org.glassfish.hk2.api:2.5.0-SNAPSHOT   0 16
org.glassfish.hk2.locator_2.3.0.b10_v201508191500.jar org.glassfish.hk2:hk2-locator:2.3.0-b10   0 15
org.glassfish.hk2.locator_2.5.0.v20161103-0227.jar org.eclipse.orbit.bundles:org.glassfish.hk2.locator:2.5.0-SNAPSHOT   0 16
org.glassfish.hk2.osgi-resource-locator_2.3.0.b10_v201508191500.jar org.glassfish.hk2:osgi-resource-locator:2.3.0-b10   0 16
org.glassfish.hk2.osgi-resource-locator_2.5.0.v20161103-1916.jar org.eclipse.orbit.bundles:org.glassfish.hk2.osgi-resource-locator:2.5.0-SNAPSHOT   0 16
org.glassfish.hk2.utils_2.3.0.b10_v201508191500.jar   0 12
org.glassfish.hk2.utils_2.3.0.b10_v201508191500.jar/META-INF/maven/org.glassfish.hk2/hk2-utils/pom.xml org.glassfish.hk2:hk2-utils:2.3.0-b10   0 7
org.glassfish.hk2.utils_2.3.0.b10_v201508191500.jar/META-INF/maven/org.jvnet/tiger-types/pom.xml cpe:/a:tiger:tiger:1.4 org.jvnet:tiger-types:1.4   0 LOW 7
org.glassfish.hk2.utils_2.5.0.v20160210-1508.jar org.eclipse.orbit.bundles:org.glassfish.hk2.utils:2.5.0-SNAPSHOT   0 16
org.glassfish.javax.faces.source_2.1.18.v201304200545.jar   0 6
org.glassfish.javax.faces_2.1.18.v201304200545.jar   0 7
org.glassfish.jersey.apache.connector_2.14.0.v201504171603.jar org.glassfish.jersey.connectors:jersey-apache-connector:2.14   0 13
org.glassfish.jersey.apache.connector_2.22.1.v20161103-1916.jar org.eclipse.orbit.bundles:org.glassfish.jersey.apache.connector:2.22.1-SNAPSHOT   0 16
org.glassfish.jersey.bundles.repackaged.jersey-guava_2.14.0.v201504151636.jar org.glassfish.jersey.bundles.repackaged:jersey-guava:2.14   0 15
org.glassfish.jersey.bundles.repackaged.jersey-guava_2.22.1.v20161103-1916.jar org.eclipse.orbit.bundles:org.glassfish.jersey.bundles.repackaged.jersey-guava:2.22.1-SNAPSHOT   0 16
org.glassfish.jersey.core.jersey-client_2.14.0.v201504211925.jar org.glassfish.jersey.core:jersey-client:2.14   0 16
org.glassfish.jersey.core.jersey-client_2.22.1.v20161103-1916.jar org.eclipse.orbit.bundles:org.glassfish.jersey.core.jersey-client:2.22.1-SNAPSHOT   0 17
org.glassfish.jersey.core.jersey-common_2.14.0.v201504171603.jar org.glassfish.jersey.core:jersey-common:2.14   0 15
org.glassfish.jersey.core.jersey-common_2.22.1.v20161103-1916.jar org.eclipse.orbit.bundles:org.glassfish.jersey.core.jersey-common:2.22.1-SNAPSHOT   0 16
org.glassfish.jersey.core.jersey-server_2.22.1.v20161103-1916.jar org.eclipse.orbit.bundles:org.glassfish.jersey.core.jersey-server:2.22.1-SNAPSHOT   0 16
org.glassfish.jersey.ext.entityfiltering_2.22.1.v20161103-0227.jar org.eclipse.orbit.bundles:org.glassfish.jersey.ext.entityfiltering:2.22.1-SNAPSHOT   0 16
org.glassfish.jersey.media.jersey-media-json-jackson_2.14.0.v201504171603.jar org.glassfish.jersey.media:jersey-media-json-jackson:2.14   0 15
org.glassfish.jersey.media.jersey-media-json-jackson_2.22.1.v20161117-2005.jar org.eclipse.orbit.bundles:org.glassfish.jersey.media.jersey-media-json-jackson:2.22.1-SNAPSHOT   0 16
org.h2.source_1.3.168.v201212121212.jar   0 6
org.h2_1.3.168.v201212121212.jar   0 7
org.hamcrest.core.source_1.1.0.v20090501071000.jar   0 6
org.hamcrest.core.source_1.3.0.v201303031735.jar   0 6
org.hamcrest.core_1.1.0.v20090501071000.jar   0 7
org.hamcrest.core_1.3.0.v201303031735.jar   0 7
org.hamcrest.generator.source_1.1.0.v20090501071000.jar   0 6
org.hamcrest.generator.source_1.3.0.v201305210900.jar   0 6
org.hamcrest.generator_1.1.0.v20090501071000.jar   0 8
org.hamcrest.generator_1.3.0.v201305210900.jar   0 10
org.hamcrest.integration.source_1.1.0.v201303031500.jar   0 6
org.hamcrest.integration.source_1.3.0.v201305210900.jar   0 6
org.hamcrest.integration_1.1.0.v201303031500.jar   0 8
org.hamcrest.integration_1.3.0.v201305210900.jar   0 8
org.hamcrest.library.source_1.1.0.v20090501071000.jar   0 6
org.hamcrest.library.source_1.3.0.v201505072020.jar   0 6
org.hamcrest.library_1.1.0.v20090501071000.jar   0 8
org.hamcrest.library_1.3.0.v201505072020.jar   0 8
org.hamcrest.text.source_1.1.0.v20090501071000.jar   0 6
org.hamcrest.text_1.1.0.v20090501071000.jar   0 11
org.hamcrest_1.1.0.v20090501071000.jar   0 7
org.jacoco.agent_0.7.7.v20161114-2147.jar   0 9
org.jacoco.agent_0.7.7.v20161114-2147.jar: jacocoagent.jar   0 8
org.jacoco.agent_0.7.7.v20161114-2147.jar: jacocoagent.jar/META-INF/maven/org.jacoco/org.jacoco.agent.rt/pom.xml org.jacoco:org.jacoco.agent.rt:0.7.7.201606060606   0 7
org.jacoco.agent_0.7.7.v20161114-2147.jar/META-INF/maven/org.eclipse.orbit.bundles/org.jacoco.agent/pom.xml org.eclipse.orbit.bundles:org.jacoco.agent:0.7.7-SNAPSHOT   0 7
org.jacoco.agent_0.7.7.v20161114-2147.jar/META-INF/maven/org.jacoco/org.jacoco.agent/pom.xml org.jacoco:org.jacoco.agent:0.7.7.201606060606   0 7
org.jacoco.core_0.7.7.v20161109-1949.jar   0 8
org.jacoco.core_0.7.7.v20161109-1949.jar/META-INF/maven/org.eclipse.orbit.bundles/org.jacoco.core/pom.xml org.eclipse.orbit.bundles:org.jacoco.core:0.7.7-SNAPSHOT   0 7
org.jacoco.core_0.7.7.v20161109-1949.jar/META-INF/maven/org.jacoco/org.jacoco.core/pom.xml org.jacoco:org.jacoco.core:0.7.7.201606060606   0 7
org.jacoco.report_0.7.7.v20161109-1949.jar   0 10
org.jacoco.report_0.7.7.v20161109-1949.jar/META-INF/maven/org.eclipse.orbit.bundles/org.jacoco.report/pom.xml org.eclipse.orbit.bundles:org.jacoco.report:0.7.7-SNAPSHOT   0 7
org.jacoco.report_0.7.7.v20161109-1949.jar/META-INF/maven/org.jacoco/org.jacoco.report/pom.xml org.jacoco:org.jacoco.report:0.7.7.201606060606   0 7
org.jdom.source_1.1.1.v201101151400.jar   0 6
org.jdom_1.1.1.v201101151400.jar   0 8
org.jmock_1.2.0.v201303080310.jar   0 7
org.jmock_1.2.0.v201303080310.jar: jmock-core-1.2.0.jar   0 4
org.json_1.0.0.v201011060100.jar   0 7
org.jsoup.source_1.7.2.v201411291515.jar   0 6
org.jsoup_1.7.2.v201411291515.jar org.jsoup:jsoup:1.7.2   0 13
org.junit.source_4.12.0.v201504281640.jar   0 6
org.junit_4.12.0.v201504281640.jar   0 7
org.junit_4.12.0.v201504281640.jar: junit.jar junit:junit:4.12   0 16
org.kohsuke.args4j.source_2.0.21.v201301150030.jar   0 6
org.kohsuke.args4j_2.0.21.v201301150030.jar   0 9
org.kohsuke.args4j_2.33.0.v20160323-2218.jar org.eclipse.orbit.bundles:org.kohsuke.args4j:2.33.0-SNAPSHOT   0 16
org.mockito.source_1.8.4.v201303031500.jar   0 6
org.mockito.source_1.9.5.v201605172210.jar   0 6
org.mockito_1.8.4.v201303031500.jar   0 7
org.mockito_1.9.5.v201605172210.jar   0 6
org.mozilla.javascript.source_1.7.5.v201504281450.jar   0 6
org.mozilla.javascript_1.7.5.v201504281450.jar org.eclipse.birt.runtime:org.mozilla.javascript:1.7.5.v201504281450   0 17
org.objectweb.asm.analysis.source_5.0.1.v201505121915.jar   0 6
org.objectweb.asm.analysis_5.0.1.v201505121915.jar   0 14
org.objectweb.asm.analysis_5.1.0.v20160914-0701.jar org.eclipse.orbit.bundles:org.objectweb.asm.analysis:5.1.0-SNAPSHOT   0 20
org.objectweb.asm.commons.source_5.0.1.v201404251740.jar   0 6
org.objectweb.asm.commons_5.0.1.v201404251740.jar   0 13
org.objectweb.asm.commons_5.1.0.v20160914-0701.jar org.eclipse.orbit.bundles:org.objectweb.asm.commons:5.1.0-SNAPSHOT   0 20
org.objectweb.asm.source_3.3.1.v201105211655.jar   0 6
org.objectweb.asm.source_4.0.0.v201302062210.jar   0 6
org.objectweb.asm.source_5.0.1.v201404251740.jar   0 6
org.objectweb.asm.tree.source_5.0.1.v201404251740.jar   0 6
org.objectweb.asm.tree_5.0.1.v201404251740.jar   0 13
org.objectweb.asm.tree_5.1.0.v20160914-0701.jar org.eclipse.orbit.bundles:org.objectweb.asm.tree:5.1.0-SNAPSHOT   0 20
org.objectweb.asm.util.source_5.0.1.v201404251740.jar   0 6
org.objectweb.asm.util_5.0.1.v201404251740.jar   0 13
org.objectweb.asm.util_5.1.0.v20160914-0701.jar org.eclipse.orbit.bundles:org.objectweb.asm.util:5.1.0-SNAPSHOT   0 20
org.objectweb.asm.xml.source_5.0.1.v201404251740.jar   0 6
org.objectweb.asm.xml_5.0.1.v201404251740.jar   0 14
org.objectweb.asm.xml_5.1.0.v20160914-0701.jar org.eclipse.orbit.bundles:org.objectweb.asm.xml:5.1.0-SNAPSHOT   0 20
org.objectweb.asm_3.3.1.v201105211655.jar   0 12
org.objectweb.asm_4.0.0.v201302062210.jar   0 12
org.objectweb.asm_5.0.1.v201404251740.jar   0 12
org.objectweb.asm_5.1.0.v20160914-0701.jar org.eclipse.orbit.bundles:org.objectweb.asm:5.1.0-SNAPSHOT   0 20
org.objenesis.source_1.0.0.v201505121915.jar   0 6
org.objenesis_1.0.0.v201505121915.jar   0 8
org.openid4java_0.9.5.v201105210655.jar cpe:/a:openid:openid4java:0.9.5.v20110521
cpe:/a:openid:openid:0.9.5.v20110521 		High 2 LOW 7
org.opensaml_1.1.0.v201105210827.jar   0 7
org.ow2.jotm.jotm-core.source_2.1.9.v201204271116.jar   0 6
org.ow2.jotm.jotm-core_2.1.9.v201204271116.jar   0 9
org.prefuse.source_0.1.0.v20100514-1000.jar   0 6
org.prefuse_0.1.0.v20100514-1000.jar   0 7
org.pushingpixels.trident.source_1.2.0.v201305152020.jar   0 6
org.pushingpixels.trident_1.2.0.v201305152020.jar   0 9
org.quartz.source_1.8.3.v20110329-1420.jar   0 6
org.quartz_1.8.3.v20110329-1420.jar   0 7
org.restlet_2.0.5.v201605172130.jar cpe:/a:restlet:restlet:2.0.5.v20160517 High 2 LOW 11
org.sat4j.core_2.3.5.v201308161310.jar   0 12
org.sat4j.pb_2.3.5.v201404071733.jar   0 14
org.slf4j.api.source_1.7.2.v20121108-1250.jar   0 6
org.slf4j.api_1.7.10.v20160921-1923.jar org.eclipse.orbit.bundles:org.slf4j.api:1.7.10-SNAPSHOT   0 18
org.slf4j.api_1.7.2.v20121108-1250.jar   0 8
org.slf4j.apis.jcl_1.7.10.v20160208-0839.jar org.eclipse.orbit.bundles:org.slf4j.apis.jcl:1.7.10-SNAPSHOT   0 18
org.slf4j.apis.log4j_1.7.10.v20160208-0839.jar org.eclipse.orbit.bundles:org.slf4j.apis.log4j:1.7.10-SNAPSHOT   0 17
org.slf4j.binding.nop_1.7.10.v20160301-1109.jar org.eclipse.orbit.bundles:org.slf4j.binding.nop:1.7.10-SNAPSHOT   0 20
org.slf4j.binding.simple_1.7.10.v20160301-1109.jar org.eclipse.orbit.bundles:org.slf4j.binding.simple:1.7.10-SNAPSHOT   0 20
org.slf4j.bridge.jul_1.7.10.v20160208-0839.jar org.eclipse.orbit.bundles:org.slf4j.bridge.jul:1.7.10-SNAPSHOT   0 17
org.slf4j.ext.source_1.7.2.v20121108-1250.jar   0 6
org.slf4j.ext_1.7.10.v20160208-0839.jar org.eclipse.orbit.bundles:org.slf4j.ext:1.7.10-SNAPSHOT   0 18
org.slf4j.ext_1.7.2.v20121108-1250.jar   0 7
org.slf4j.impl.log4j12.source_1.7.2.v20131105-2200.jar   0 6
org.slf4j.impl.log4j12_1.7.2.v20131105-2200.jar   0 12
org.slf4j.jcl.source_1.7.2.v20130115-1340.jar   0 6
org.slf4j.jcl_1.7.2.v20130115-1340.jar   0 10
org.slf4j.jul.source_1.7.2.v20121108-1250.jar   0 6
org.slf4j.jul_1.7.2.v20121108-1250.jar   0 9
org.slf4j.log4j.source_1.7.2.v20130115-1340.jar   0 6
org.slf4j.log4j_1.7.2.v20130115-1340.jar   0 8
org.slf4j.nop.source_1.7.2.v201212060727.jar   0 6
org.slf4j.nop_1.7.2.v201212060727.jar   0 10
org.swtchart.source_0.10.0.v201605200358.jar   0 6
org.swtchart_0.10.0.v201605200358.jar   0 8
org.swtchart_0.7.0.v201201201914.jar   0 8
org.tukaani.xz.source_1.3.0.v201308270617.jar   0 9
org.tukaani.xz_1.3.0.v201308270617.jar   0 10
org.uddi4j_2.0.5.v200805270300.jar   0 8
org.w3c.css.sac.source_1.3.1.v200903091627.jar   0 6
org.w3c.css.sac_1.3.1.v200903091627.jar cpe:/a:eclipse:birt:1.3.1.v20090309 org.eclipse.birt.runtime:org.w3c.css.sac:1.3.1.v200903091627 Medium 1 LOW 18
org.w3c.dom.events.source_3.0.0.draft20060413_v201105210656.jar   0 6
org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar cpe:/a:eclipse:birt:3.0.0 org.eclipse.birt.runtime:org.w3c.dom.events:3.0.0.draft20060413_v201105210656   0 LOW 18
org.w3c.dom.smil.source_1.0.0.v200806040011.jar   0 6
org.w3c.dom.smil.source_1.0.1.v200903091627.jar   0 6
org.w3c.dom.smil_1.0.0.v200806040011.jar   0 10
org.w3c.dom.smil_1.0.1.v200903091627.jar   0 9
org.w3c.dom.svg.source_1.1.0.v201011041433.jar   0 6
org.w3c.dom.svg_1.1.0.v201011041433.jar   0 10
org.xbill.dns.source_2.0.8.v201112050911.jar   0 7
org.xbill.dns_2.0.8.v201112050911.jar   0 8
org.xmlpull_1.1.3.4_v201201052148.jar   0 7
org.yaml.snakeyaml_1.14.0.v201604211500.jar org.yaml:snakeyaml:1.14   0 12
osgi.enterprise.source_4.2.0.v201108120515.jar   0 6
osgi.enterprise_4.2.0.v201108120515.jar   0 8
scannotation.source_1.0.2.v201205170710.jar   0 6
scannotation_1.0.2.v201205170710.jar   0 7

Dependencies

ca.odell.glazedlists.source_1.9.0.v201303080712.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/ca.odell.glazedlists.source_1.9.0.v201303080712.jar
MD5: 20874fbb91668b8e7a0276bcd4ab623b
SHA1: 0fda5a091273952adf1bc42bbabbc7ac8971fb83

Identifiers

  • None

ca.odell.glazedlists_1.9.0.v201303080712.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/ca.odell.glazedlists_1.9.0.v201303080712.jar
MD5: d396e4da700274681c49951178d2b576
SHA1: c958c11659475919d0b24d3406cd064071e4aa20

Identifiers

  • None

cdi.api.source_1.0.0.v201105160744.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/cdi.api.source_1.0.0.v201105160744.jar
MD5: d2d2d431101e6f107c923426b0af1ec2
SHA1: 4298e1b7433a504d7f91f8a8c2a58039aaf3d4e3

Identifiers

  • None

cdi.api_1.0.0.v201105160744.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/cdi.api_1.0.0.v201105160744.jar
MD5: 2c43b8e34a678c9639918ba9931023d6
SHA1: 4f98066670f3586ecc6529d9fc914a024d9e5481

Identifiers

  • None

ch.ethz.iks.slp.source_1.0.0.RC2_v20080604-1500.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/ch.ethz.iks.slp.source_1.0.0.RC2_v20080604-1500.jar
MD5: cff1c38126dd750ec6788cc3d2b27421
SHA1: 05522c1d2038ac7cfb7d3fe594a135e253cf207e

Identifiers

  • None

ch.ethz.iks.slp_1.0.0.RC5_v20080820-1500.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/ch.ethz.iks.slp_1.0.0.RC5_v20080820-1500.jar
MD5: 35c264097216df83d7e9e1456f82cbd6
SHA1: b9d145a4be7f620bdcabb93e570f27d2f47a9a78

Identifiers

  • None

ch.qos.logback.classic.source_1.0.7.v20121108-1250.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/ch.qos.logback.classic.source_1.0.7.v20121108-1250.jar
MD5: 46958b8d4ee6c076485b21f838ea1e75
SHA1: 18a1b53efa6615b625e4982d00bf0680d6df1166

Identifiers

  • None

ch.qos.logback.classic_1.0.7.v20121108-1250.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/ch.qos.logback.classic_1.0.7.v20121108-1250.jar
MD5: 393ff075288eea7f441545e5aa05cc6c
SHA1: 57964192d25495610f392b106d80bd9c8818c448

Identifiers

  • None

ch.qos.logback.classic_1.1.2.v20160208-0839.jar

Description: logback-classic module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/ch.qos.logback.classic_1.1.2.v20160208-0839.jar
MD5: fa6ce4ad3d679284106625d8fbd26a86
SHA1: 730cbf493f1c097529c2013032f24d2159eb1bd2

Identifiers

  • maven: org.eclipse.orbit.bundles:ch.qos.logback.classic:1.1.2-SNAPSHOT   Confidence:HIGH

ch.qos.logback.core.source_1.0.7.v20121108-1250.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/ch.qos.logback.core.source_1.0.7.v20121108-1250.jar
MD5: d04c1fd12b284e58f2287f5c7bf83b94
SHA1: dc81aa62d86db5976295ad82314eef7a88570f76

Identifiers

  • None

ch.qos.logback.core_1.0.7.v20121108-1250.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/ch.qos.logback.core_1.0.7.v20121108-1250.jar
MD5: f5c6a395eabd0966d55716bad007b915
SHA1: 8938679988b4d4f54417a972c1834546cbe8a207

Identifiers

  • None

ch.qos.logback.core_1.1.2.v20160208-0839.jar

Description: logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/ch.qos.logback.core_1.1.2.v20160208-0839.jar
MD5: bbbfceddb33c2ef925ae63c922a7910b
SHA1: 0f63feefd684f6e17046fd78547cbfaf95d9434f

Identifiers

  • maven: org.eclipse.orbit.bundles:ch.qos.logback.core:1.1.2-SNAPSHOT   Confidence:HIGH

ch.qos.logback.slf4j.source_1.0.7.v201505121915.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/ch.qos.logback.slf4j.source_1.0.7.v201505121915.jar
MD5: dbf05eab3ed58a01690e05c27963aab0
SHA1: 05fbfab7db643f631fa5a8680d9024913bd44b08

Identifiers

  • None

ch.qos.logback.slf4j_1.0.7.v201505121915.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/ch.qos.logback.slf4j_1.0.7.v201505121915.jar
MD5: 744ac16f0c70b0b98231c01ad812eac8
SHA1: a65a37815dbc53e4e1c0ba633be0ef4269ae4e8a

Identifiers

  • None

ch.qos.logback.slf4j_1.1.2.v20160301-0943.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/ch.qos.logback.slf4j_1.1.2.v20160301-0943.jar
MD5: e7dfe94cc382ef8827df562cf4fd2d85
SHA1: a20458b616e57e1d9db4cb39fd69ccfd04a4f041

Identifiers

  • maven: org.eclipse.orbit.bundles:ch.qos.logback.slf4j:1.1.2-SNAPSHOT   Confidence:HIGH

com.fasterxml.jackson.core.jackson-core_2.5.0.v201504151636.jar

Description: Core Jackson abstractions, basic JSON streaming API implementation

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.fasterxml.jackson.core.jackson-core_2.5.0.v201504151636.jar
MD5: e29b738fd3841a539f5226803442f3c2
SHA1: 2dcb3bfbe08da5bd4af706d93a1e16972219799c

Identifiers

  • maven: com.fasterxml.jackson.core:jackson-core:2.5.0   Confidence:HIGH
  • cpe: cpe:/a:fasterxml:jackson:2.5.0.v20150415   Confidence:LOW   

CVE-2016-3720  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.

Vulnerable Software & Versions:

com.fasterxml.jackson.core.jackson-core_2.6.2.v20161117-2150.jar

Description: Core Jackson abstractions, basic JSON streaming API implementation

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.fasterxml.jackson.core.jackson-core_2.6.2.v20161117-2150.jar
MD5: 64e466fc9d1ca06f64fa55b1e77b24ff
SHA1: 7cb83cb926cd04e435d84388fd8e8cdf4a019b56

Identifiers

  • cpe: cpe:/a:fasterxml:jackson:2.6.2.v20161117   Confidence:LOW   
  • maven: org.eclipse.orbit.bundles:com.fasterxml.jackson.core.jackson-core:2.6.2-SNAPSHOT   Confidence:HIGH

CVE-2016-3720  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.

Vulnerable Software & Versions:

com.fasterxml.jackson.jaxrs.jackson-jaxrs-base_2.5.0.v201504171603.jar

Description: Pile of code that is shared by all Jackson-based JAX-RS providers.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.fasterxml.jackson.jaxrs.jackson-jaxrs-base_2.5.0.v201504171603.jar
MD5: 22a7118b26b4be24fb198aafad3ba9e3
SHA1: ca66695a9cd5a49aebcda8ee15d771be2d46abdc

Identifiers

  • maven: com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:2.5.0   Confidence:HIGH
  • cpe: cpe:/a:fasterxml:jackson:2.5.0.v20150417   Confidence:LOW   

CVE-2016-3720  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.

Vulnerable Software & Versions:

com.github.jnr.constants_0.9.1.v20161107-2054.jar

Description: A set of platform constants (e.g. errno values)

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.github.jnr.constants_0.9.1.v20161107-2054.jar
MD5: b8f438e1f71531c74bff39ad819af8e8
SHA1: 7ccd0f7a2b8d4782ae78fe873ae2683c28f53fee

Identifiers

  • maven: org.eclipse.orbit.bundles:com.github.jnr.constants:0.9.1-SNAPSHOT   Confidence:HIGH

com.github.jnr.enxio_0.12.0.v20161107-2054.jar

Description: Native I/O access for java

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.github.jnr.enxio_0.12.0.v20161107-2054.jar
MD5: 7c63dec60775adbd3c8b5a00e7d66721
SHA1: 341940803d3a1d4d9da4c1066f64818fb4bfe09d

Identifiers

  • maven: org.eclipse.orbit.bundles:com.github.jnr.enxio:0.12.0-SNAPSHOT   Confidence:HIGH

com.github.jnr.ffi_2.0.9.v20161107-2054.jar

Description: A library for invoking native functions from java

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.github.jnr.ffi_2.0.9.v20161107-2054.jar
MD5: 2dfe8e13cf8e8e67015bc59cb7470aa0
SHA1: 02cf404d9c247c9f4c65ae18a6acce2436648ab4

Identifiers

  • maven: org.eclipse.orbit.bundles:com.github.jnr.ffi:2.0.9-SNAPSHOT   Confidence:HIGH

com.github.jnr.jffi.native_1.2.11.v20161107-2054.jar

Description: Java Foreign Function Interface - Native Libraries

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.github.jnr.jffi.native_1.2.11.v20161107-2054.jar
MD5: d20deed56fa587cafad81fbb0a59136f
SHA1: 70e1942aaa0796ffd558b02da9affa78e47f35ee

Identifiers

  • maven: org.eclipse.orbit.bundles:com.github.jnr.jffi.native:1.2.11-SNAPSHOT   Confidence:HIGH

com.github.jnr.jffi_1.2.11.v20161107-2054.jar

Description: Java Foreign Function Interface

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.github.jnr.jffi_1.2.11.v20161107-2054.jar
MD5: 71cabad155bb55f867f3fa90198ea65c
SHA1: 94875c3ef4228ecdb5feddcc5cdd1b201a11568e

Identifiers

  • maven: org.eclipse.orbit.bundles:com.github.jnr.jffi:1.2.11-SNAPSHOT   Confidence:HIGH

com.github.jnr.posix_3.0.29.v20161107-2054.jar

Description: Common cross-project/cross-platform POSIX APIs

License:

http://www-128.ibm.com/developerworks/library/os-cpl.html, http://www.gnu.org/copyleft/gpl.html, http://www.gnu.org/licenses/lgpl.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.github.jnr.posix_3.0.29.v20161107-2054.jar
MD5: 999f89f6462f3618ac50ab1503e84916
SHA1: 29384cc2c22610a4d1fe5288bf7a9440f650456a

Identifiers

  • maven: org.eclipse.orbit.bundles:com.github.jnr.posix:3.0.29-SNAPSHOT   Confidence:HIGH

com.github.jnr.unixsocket_0.12.0.v20161107-2054.jar

Description: Native I/O access for java

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.github.jnr.unixsocket_0.12.0.v20161107-2054.jar
MD5: 6ba1db54852cd2ed313bdc3ea2ebe764
SHA1: 3790997bb3c867d761e8805e03d25eb7b9f01224

Identifiers

  • maven: org.eclipse.orbit.bundles:com.github.jnr.unixsocket:0.12.0-SNAPSHOT   Confidence:HIGH

com.google.gerrit.common.source_2.1.5.v201112241444.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.gerrit.common.source_2.1.5.v201112241444.jar
MD5: f17d89d185c4ac27161d2b7c772a4135
SHA1: b288e5760a8e517b36dbb7378058d4d067886a7c

Identifiers

  • None

com.google.gerrit.common_2.1.5.v201112241444.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.gerrit.common_2.1.5.v201112241444.jar
MD5: 0c1d6107209c3572feecd27699f0dfb0
SHA1: c560e55acb9686ec40dc669abfd6d2ba50c0ce3f

Identifiers

  • None

com.google.gerrit.prettify.source_2.1.5.v201112241444.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.gerrit.prettify.source_2.1.5.v201112241444.jar
MD5: 34dd8dbe7202ebe0e244535b783fc946
SHA1: f516808c03e439ea8a29e55ce9e147a8d8c5c0d5

Identifiers

  • None

com.google.gerrit.prettify_2.1.5.v201112241444.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.gerrit.prettify_2.1.5.v201112241444.jar
MD5: 8fd2cc3658673316d17f81dce7032f04
SHA1: ae0f24b62d13acdd9453df5701215732e072afff

Identifiers

  • None

com.google.gerrit.reviewdb.source_2.1.5.v201112241444.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.gerrit.reviewdb.source_2.1.5.v201112241444.jar
MD5: 08eecd3e1915871a04684e6dd26ba6c6
SHA1: 2af7d6044a6aacbc2e9852f20563ffc12626f540

Identifiers

  • None

com.google.gerrit.reviewdb_2.1.5.v201112241444.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.gerrit.reviewdb_2.1.5.v201112241444.jar
MD5: 0905de9336c5365ac7d97cf9d71d74d3
SHA1: e815aa1d1ed3a2746bbec6a8901f5428dd7bee18

Identifiers

  • None

com.google.gson.source_2.2.4.v201311231704.jar

Description: %Bundle-Description

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.gson.source_2.2.4.v201311231704.jar
MD5: 2d328ec4730c74e7202ebf04ad7607b0
SHA1: 49e40d96065c2d1b5d122759ea25e1e57ace32ef

Identifiers

  • None

com.google.gson_2.2.4.v201311231704.jar

Description: Google Gson library

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.gson_2.2.4.v201311231704.jar
MD5: 19903aeb78bb997c28bc66deea9f6288
SHA1: 3bd98686cd26f68f1ba6685295e3e1ee09fde1f7

Identifiers

  • None

com.google.gson_2.7.0.v20161205-1708.jar

Description: Gson JSON library

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.gson_2.7.0.v20161205-1708.jar
MD5: 7e384acc633b7b09ccc35850f7d91d65
SHA1: 169287cb81a718796a045fac4c3d4168be0258ae

Identifiers

  • maven: org.eclipse.orbit.bundles:com.google.gson:2.7.0-SNAPSHOT   Confidence:HIGH

com.google.guava.source_15.0.0.v201403281430.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.guava.source_15.0.0.v201403281430.jar
MD5: 11b2ff48585792eb6657018105d5c8d5
SHA1: 2afab30023a1bcb0fc34207c4ae6a4452e358604

Identifiers

  • None

com.google.guava_15.0.0.v201403281430.jar

Description:  Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has two code dependencies - javax.annotation per the JSR-305 spec and javax.inject per the JSR-330 spec.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.guava_15.0.0.v201403281430.jar
MD5: a31ec31a9a3b40508674576072fb3b46
SHA1: 29dc6f4a2590da13cc11004fb375700fd458af3f

Identifiers

  • maven: com.google.guava:guava:15.0   Confidence:HIGH

com.google.guava_18.0.0.v20161115-1643.jar

Description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.guava_18.0.0.v20161115-1643.jar
MD5: 177e140da92e43e3dd8c85c41121db17
SHA1: f5a2adcdbc99c957567fee1484bb3a33fcfff39c

Identifiers

  • maven: org.eclipse.orbit.bundles:com.google.guava:18.0.0-SNAPSHOT   Confidence:HIGH

com.google.gwt.servlet.source_2.1.0.v201111291940.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.gwt.servlet.source_2.1.0.v201111291940.jar
MD5: fe907e8d6820e28e7fb12de541ca52d9
SHA1: 96e2111cf22efe6c179bd99d30884d68b999b51c

Identifiers

  • None

com.google.gwt.servlet_2.1.0.v201111291940.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.gwt.servlet_2.1.0.v201111291940.jar
MD5: cf350f19c6abc3fb3a20cca5d88258a6
SHA1: 4d0a1d1b9c453ad81c16f9f10e445f19852dec3b

Identifiers

  • None

com.google.gwt.user.source_2.1.0.v201505121915.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.gwt.user.source_2.1.0.v201505121915.jar
MD5: 78dcbea03d752283e1e7794f5ed8269e
SHA1: b701e34a756f0eea142c9c968414afe3f9415a47

Identifiers

  • None

com.google.gwt.user_2.1.0.v201505121915.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.gwt.user_2.1.0.v201505121915.jar
MD5: e727f525038d662659700f44a9c82ea9
SHA1: 406144e8260d776a014d8ff30f2f1cda626e4500

Identifiers

  • None

com.google.gwtjsonrpc.source_1.2.5.v201112241444.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.gwtjsonrpc.source_1.2.5.v201112241444.jar
MD5: b9515171a037a75270514c7858574be5
SHA1: 86a3c473c45b610c881deb977b1ce4f33b27fa09

Identifiers

  • None

com.google.gwtjsonrpc_1.2.5.v201112241444.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.gwtjsonrpc_1.2.5.v201112241444.jar
MD5: d5d0cb994e63ff3c0fab70818feafb7f
SHA1: 0fd2c6db1ac3e0ee9d5b4c63019906edf3a00017

Identifiers

  • None

com.google.gwtorm.source_1.1.4.v201112241444.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.gwtorm.source_1.1.4.v201112241444.jar
MD5: 882c2efaa9f1bfa5ded5fd19e1f3c898
SHA1: 0f027cbd7ffbe20654e79e68c0568c827e6b8e98

Identifiers

  • None

com.google.gwtorm_1.1.4.v201112241444.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.gwtorm_1.1.4.v201112241444.jar
MD5: 47a1f40e74e78aa38fce68c5b643c0dc
SHA1: be40aec2c120979ce065e1f2ea126ebb63de5ac9

Identifiers

  • None

com.google.inject.assistedinject.source_3.0.0.v201402270930.jar

Description: %Bundle-Description

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.inject.assistedinject.source_3.0.0.v201402270930.jar
MD5: ebb9c77e1a00a14fe90f51abd5045b2b
SHA1: ed8efc229498b5daee5461ee014e658e2dc76dff

Identifiers

  • None

com.google.inject.assistedinject_3.0.0.v201402270930.jar

Description: %Bundle-Description

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.inject.assistedinject_3.0.0.v201402270930.jar
MD5: 7c318c57c5ef48f555cca5de1f7d8d4e
SHA1: 924a2dd774c57031caa6a93a219b02aff3f92bdb

Identifiers

  • None

com.google.inject.multibindings.source_3.0.0.v201605172100.jar

Description: %Bundle-Description

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.inject.multibindings.source_3.0.0.v201605172100.jar
MD5: f4429fca8d50a4d57ef0fd080a948288
SHA1: 55e05fd200becec04ad64d9dc636092f38fe7e0c

Identifiers

  • None

com.google.inject.multibindings_3.0.0.v201605172100.jar

Description: %Bundle-Description

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.inject.multibindings_3.0.0.v201605172100.jar
MD5: bb8b9fc24d5433f23634aaac05304958
SHA1: 5102054e04b9a316d5b9a0fd68c9b56785a2af89

Identifiers

  • None

com.google.inject.source_3.0.0.v201605172100.jar

Description: %Bundle-Description

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.inject.source_3.0.0.v201605172100.jar
MD5: 392e8cf9cda18573b959f8cc656b8595
SHA1: f87329d6749674af172c6f4db6cdac7b1c2f18f8

Identifiers

  • None

com.google.inject_3.0.0.v201605172100.jar

Description: %Bundle-Description

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.inject_3.0.0.v201605172100.jar
MD5: bb41a2230010bc2fdf17143f3a7cc043
SHA1: e73b832b351398d1f45ded59df2905bb1568d992

Identifiers

  • None

com.google.javascript_0.0.20160315.v20161124-1903.jar

Description: Closure Compiler is a JavaScript optimizing compiler. It parses your JavaScript, analyzes it, removes dead code and rewrites and minimizes what's left. It also checks syntax, variable references, and types, and warns about common JavaScript pitfalls. It is used in many of Google's JavaScript apps, including Gmail, Google Web Search, Google Maps, and Google Docs.

License:

http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.javascript_0.0.20160315.v20161124-1903.jar
MD5: 5e30f3652d8a809e7e9891d47c4ce8b3
SHA1: 35af743f225996f82cc17b42065dcb0049e0d65e

Identifiers

CVE-2008-3891  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-287 Improper Authentication

The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field.

Vulnerable Software & Versions:

com.google.protobuf.source_2.4.0.v201105131100.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.protobuf.source_2.4.0.v201105131100.jar
MD5: 4102c8ad22a1182ce0032290e4608a6e
SHA1: d03b1d4c5997ed8a5a0b67d09af11145f30aba5b

Identifiers

  • None

com.google.protobuf_2.4.0.v201105131100.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.google.protobuf_2.4.0.v201105131100.jar
MD5: 02d83421ab48bc61126f808b35547b29
SHA1: 78661b23f145c9635be697ecbb73567b84a22fe3

Identifiers

  • None

com.ibm.icu.base.source_56.1.0.v201601250100.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.ibm.icu.base.source_56.1.0.v201601250100.jar
MD5: c5be42258aa8c2623fe88ee1579a9b3c
SHA1: 5922cebfbd3122933ac75cf3edfae081e2fdf3a7

Identifiers

  • None

com.ibm.icu.base_56.1.0.v201601250100.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.ibm.icu.base_56.1.0.v201601250100.jar
MD5: 146ab3c9d7cf41a5344a6242fc269fad
SHA1: a1ab474b53bd2f944bd5e50bd30944cfecb0e9cd

Identifiers

  • None

com.ibm.icu.source_56.1.0.v201601250100.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.ibm.icu.source_56.1.0.v201601250100.jar
MD5: 65b0bef7095c3af251917ccb0193458d
SHA1: 3bb66eb8830112bf0e4d68fbe9cd875e476ce932

Identifiers

  • None

com.ibm.icu_56.1.0.v201601250100.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.ibm.icu_56.1.0.v201601250100.jar
MD5: 7cc52905d3a314df04a2304f8a5bc255
SHA1: 518bae3f7ac0c26cd49d9cbcfb86701c28832243

Identifiers

CVE-2016-7415  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string.

Vulnerable Software & Versions:

CVE-2016-6293  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument.

Vulnerable Software & Versions:

com.jcraft.jsch.source_0.1.53.v201508180515.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.jcraft.jsch.source_0.1.53.v201508180515.jar
MD5: e219105c1942cd3b0e37424790c523b9
SHA1: 5de9f04ebd472ff1c22e89a3f55dfecf5d7c17cb

Identifiers

  • None

com.jcraft.jsch_0.1.53.v201508180515.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.jcraft.jsch_0.1.53.v201508180515.jar
MD5: a972459538a11a71c45158209213b136
SHA1: 26ae53630ce9c08266983fa04dc2ad57a7d9851e

Identifiers

  • None

com.jcraft.jzlib_1.1.1.v201205102305.jar

Description: JZlib is a re-implementation of zlib in pure Java

License:

Revised BSD: http://www.jcraft.com/jzlib/LICENSE.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.jcraft.jzlib_1.1.1.v201205102305.jar
MD5: 265595c6534f55727109d11445665bac
SHA1: c46155c7b84fe4a294f54a6434a7ae0cc3a9360d

Identifiers

  • maven: com.jcraft:jzlib:1.1.1   Confidence:HIGH
  • cpe: cpe:/a:jcraft:jzlib:1.1.1.v20120510   Confidence:LOW   

com.kenai.jffi_1.2.7.v201505052040.jar

Description: Java Foreign Function Interface

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.kenai.jffi_1.2.7.v201505052040.jar
MD5: 67ea9512245d67177c6adb7d55ce5f2a
SHA1: 48a4f443854f7ec9e2b81fdfa1265491011b3ba5

Identifiers

  • maven: com.github.jnr:jffi:1.2.7   Confidence:HIGH

com.lowagie.text.source_2.1.7.v201004222200.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.lowagie.text.source_2.1.7.v201004222200.jar
MD5: ac9fb1700e9b511166f3cb0e40373e61
SHA1: 022e3f0f2fcbece79f32783a120eb363b91dc043

Identifiers

  • None

com.lowagie.text_2.1.7.v201004222200.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.lowagie.text_2.1.7.v201004222200.jar
MD5: 9fe43638b589561006cf8f1958be0669
SHA1: ab4834d143e80110b7bdc7c97fcd8286aa7dad3c

Identifiers

  • None

com.novell.ldap_2.3.30.v201112011400.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.novell.ldap_2.3.30.v201112011400.jar
MD5: 233189c6acb13972cb7dae8453380e35
SHA1: e806abff34511ffe7ab844a0a13abde6c2bf7f08

Identifiers

  • None

com.spotify.docker.client_3.1.1.v201605180100.jar

Description: A docker client

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.spotify.docker.client_3.1.1.v201605180100.jar
MD5: b2c0a46c11ec7908a80a31d375153ab0
SHA1: dc683ae2d9d67b9c37307b72c386aa75d22ced1c

Identifiers

  • maven: com.spotify:docker-client:3.1.1   Confidence:HIGH
  • cpe: cpe:/a:docker:docker:3.1.1.v20160518   Confidence:LOW   

com.spotify.docker.client_3.6.8.v20161117-2005.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.spotify.docker.client_3.6.8.v20161117-2005.jar
MD5: 72c7909ee59268e99ab79c1b2f3819ef
SHA1: e665a9c116daa7a23c11dfaace30a8c8700940ff

Identifiers

  • cpe: cpe:/a:docker:docker:3.6.8.v20161117   Confidence:LOW   
  • maven: org.eclipse.orbit.bundles:com.spotify.docker.client:3.6.8-SNAPSHOT   Confidence:HIGH

com.sun.el.source_2.2.0.v201303151357.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.sun.el.source_2.2.0.v201303151357.jar
MD5: 0abdb24921e389c3e456935b5cd2cd7a
SHA1: 1fd0210c8fe81fea8fa3f07aaccbcda562fa2606

Identifiers

  • None

com.sun.el_2.2.0.v201303151357.jar

Description: Javax El RI el-impl-2.2.4

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.sun.el_2.2.0.v201303151357.jar
MD5: b3f1778f62285260d42c99fd65fc9cb8
SHA1: b2e89886e50040a89bbed704dd3d579b486dc0f1

Identifiers

  • None

com.sun.jersey.source_1.17.0.v201503170330.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.sun.jersey.source_1.17.0.v201503170330.jar
MD5: 0e23bfa9013e9f563e767b0a646aec9a
SHA1: 7c9eecfca518f7797bd75b4b2f42f782595f1db9

Identifiers

  • None

com.sun.jersey_1.17.0.v201503170330.jar

Description: A bundle containing code of all jar-based modules that provide JAX-RS and Jersey-related features. Such a bundle is *only intended* for developers that do not use Maven's dependency system. The bundle does not include code for contributes, tests and samples.

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html, http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.sun.jersey_1.17.0.v201503170330.jar
MD5: 5c43f80214cf12a33cded55f1f349568
SHA1: 8ff0aa1ec5b49193cf73ce3eb8c15b478d6e37c3

Identifiers

  • maven: com.sun.jersey:jersey-bundle:1.17   Confidence:HIGH

com.sun.syndication.source_0.9.0.v200803061811.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.sun.syndication.source_0.9.0.v200803061811.jar
MD5: d27f6a3efdffb67a36a53aa6e9269465
SHA1: efbd72e2064ef70a5f16c1a86bdf88eb60f39fd3

Identifiers

  • None

com.sun.syndication_0.9.0.v200803061811.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.sun.syndication_0.9.0.v200803061811.jar
MD5: 928242c1cdabc1529dac4d9f28c4e80a
SHA1: 6df285877f6e4d34a8a11a124a4de821eee1aea4

Identifiers

  • None

com.sun.xml.bind.source_2.2.0.v201505121915.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.sun.xml.bind.source_2.2.0.v201505121915.jar
MD5: 3f398a0788bc5860ab4d5d2cf659a7ca
SHA1: c7abdb329d8b0225dadb2831e2344a74f7767c31

Identifiers

  • None

com.sun.xml.bind_2.2.0.v201505121915.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar
MD5: 91e9a2186504fb1676426894915234db
SHA1: 34f533366e1da217d15e37a87e4de9eea2813931

Identifiers

  • None

com.thoughtworks.qdox.source_1.6.3.v20081201-1400.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.thoughtworks.qdox.source_1.6.3.v20081201-1400.jar
MD5: 7da51c2306fbeb675da594d6a3cf5e14
SHA1: 05db5f687b8560afb54a509b9685bcd61bb75240

Identifiers

  • None

com.thoughtworks.qdox_1.6.3.v20081201-1400.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.thoughtworks.qdox_1.6.3.v20081201-1400.jar
MD5: 59837e66f97d607c41109043b0246328
SHA1: 58d8cc90ceced37eaeeaafd48ed76b8117857dcf

Identifiers

  • None

com.thoughtworks.selenium.source_2.25.0.v201212071504.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.thoughtworks.selenium.source_2.25.0.v201212071504.jar
MD5: 990f4c3690657b1ccb2c4bcb7e6fbe66
SHA1: 18b95941c8f71feb2caf9e1ed09114ff1ae57957

Identifiers

  • None

com.thoughtworks.selenium_2.25.0.v201212071504.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.thoughtworks.selenium_2.25.0.v201212071504.jar
MD5: abb4027279b0420c57869b5028e6016d
SHA1: 2c71dc12b0793fb869a9ea7fcc1475407210b5b6

Identifiers

  • None

com.thoughtworks.xstream_1.3.1.v201111240924.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.thoughtworks.xstream_1.3.1.v201111240924.jar
MD5: c34de8348c07f0d19fe72025e8c700a8
SHA1: 78e3dfd4c267db10ff26cca5e578661a9758de2f

Identifiers

  • cpe: cpe:/a:x-stream:xstream:1.3.1.v20111124   Confidence:LOW   

CVE-2016-3674  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.

Vulnerable Software & Versions:

com.vaadin_6.5.3.v201111241034.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/com.vaadin_6.5.3.v201111241034.jar
MD5: 037740fc9730bf27f5df95beb3763ed3
SHA1: 3de765620a10f0c430213bbd9ed30402c263f82f

Identifiers

  • cpe: cpe:/a:vaadin:vaadin:6.5.3.v20111124   Confidence:LOW   

commonj.sdo.source_2.1.1.v201112051852.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/commonj.sdo.source_2.1.1.v201112051852.jar
MD5: 0bbaddba24e67671dac1af3ac4c97314
SHA1: dd17e9cb376af9f7502b526e0042922026a7110e

Identifiers

  • None

commonj.sdo_2.1.1.v201112051852.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/commonj.sdo_2.1.1.v201112051852.jar
MD5: 99875641cf6ad05fe31c1c84dce3e23a
SHA1: 1199fb2e6e5e46ed43f8a9ee35413287114db7b6

Identifiers

  • None

de.tuberlin.eecs.agg_2.1.0.v201512080800.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/de.tuberlin.eecs.agg_2.1.0.v201512080800.jar
MD5: b8ef26e7f8ee15a159e9f42bc29867a3
SHA1: 0059667ef29b41d38acdf24262bb4fb389a571fd

Identifiers

  • None

edu.emory.mathcs.backport.source_3.1.0.v201505121915.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/edu.emory.mathcs.backport.source_3.1.0.v201505121915.jar
MD5: b1a937f5ce40331b0671ee4960ac54c4
SHA1: 18ef3a2e403be009dc8f5e5e78e92f9852947c39

Identifiers

  • None

edu.emory.mathcs.backport_3.1.0.v201505121915.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/edu.emory.mathcs.backport_3.1.0.v201505121915.jar
MD5: 544b705403c99e4ac63688610fb9a802
SHA1: 800693e1a84ac324eb078688ab48297a39cfbb7f

Identifiers

  • None

java_cup.runtime.source_0.10.0.v201005080400.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/java_cup.runtime.source_0.10.0.v201005080400.jar
MD5: 71c57e8a0c6b7080cb94d01d3bf16069
SHA1: 94034e80d57951a03adfb05829b160500f3649ef

Identifiers

  • None

java_cup.runtime_0.10.0.v201005080400.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/java_cup.runtime_0.10.0.v201005080400.jar
MD5: 05ff5df709ef653613974c9eb89b235c
SHA1: b8533c97c0a88cd17040f94ae513a3702fb62ffd

Identifiers

  • None

javaewah.source_0.7.9.v201605172130.jar

Description: %Bundle-Description

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javaewah.source_0.7.9.v201605172130.jar
MD5: 46c5fe2c6f76184d9828924dd7963796
SHA1: 9ebce1bdd4ec577eef2945e49e5bb945311351c3

Identifiers

  • None

javaewah_0.7.9.v201605172130.jar

Description: %Bundle-Description

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javaewah_0.7.9.v201605172130.jar
MD5: 1ca4c57c47ca1f212423b3c28b7e8ade
SHA1: 199ccfc247bc4e1368fa8d55cae0117a2af6b018

Identifiers

  • None

javaewah_1.1.6.v20160919-1400.jar

Description: The bit array data structure is implemented in Java as the BitSet class. Unfortunately, this fails to scale without compression. JavaEWAH is a word-aligned compressed variant of the Java bitset class. It uses a 64-bit run-length encoding (RLE) compression scheme. The goal of word-aligned compression is not to achieve the best compression, but rather to improve query processing time. Hence, we try to save CPU cycles, maybe at the expense of storage. However, the EWAH scheme we implemented is always more efficient storage-wise than an uncompressed bitmap (implemented in Java as the BitSet class). Unlike some alternatives, javaewah does not rely on a patented scheme.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javaewah_1.1.6.v20160919-1400.jar
MD5: e57bf638445e4df8209470a6637e1520
SHA1: 00a0caacbf2b5f3ae881abe07361cf6eac93e39d

Identifiers

  • maven: org.eclipse.orbit.bundles:javaewah:1.1.6-SNAPSHOT   Confidence:HIGH

javassist.source_3.13.0.GA_v201209210905.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javassist.source_3.13.0.GA_v201209210905.jar
MD5: 12ab051cfa91afb221dddeb514c84bdb
SHA1: 684d0195eeda883686f161fd19c020aec0deaa12

Identifiers

  • None

javassist_3.13.0.GA_v201209210905.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javassist_3.13.0.GA_v201209210905.jar
MD5: ab6445d3e18430da6581798e2dc5eb71
SHA1: 2129562242150c988a8e429db7cf47630e4e3fc7

Identifiers

  • None

javax.activation.source_1.1.0.v201211130549.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.activation.source_1.1.0.v201211130549.jar
MD5: cae0fdf002044b8216eccead0bdd30ff
SHA1: 63b027d44f7504a577c68942004ca249dcfa93ae

Identifiers

  • None

javax.activation_1.1.0.v201211130549.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.activation_1.1.0.v201211130549.jar
MD5: f0c58ba2592691d8f974f269cdc78c9c
SHA1: e0088c6c6174f877910ef3ed81acdabc0e61bb7f

Identifiers

  • None

javax.annotation.source_1.2.0.v201602091430.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.annotation.source_1.2.0.v201602091430.jar
MD5: 3ce1bbe7aefacfec3ab381a07146e72a
SHA1: a624c21b62e54a0dfa8a2c9b4e0f01cf9b4aae4f

Identifiers

  • None

javax.annotation_1.2.0.v201602091430.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.annotation_1.2.0.v201602091430.jar
MD5: 33919cead78729d63fcaa2c71fdf5ac1
SHA1: 23fce0d3c0030656a73dad116ed68d0899dfe7cb

Identifiers

  • None

javax.ejb.source_3.1.1.v201204261316.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.ejb.source_3.1.1.v201204261316.jar
MD5: 05c36ef64e20c1bfe4127ca9cb0c59f1
SHA1: 5a0d69e35f1839db4628d2854b21d591fc86e053

Identifiers

  • None

javax.ejb_3.1.1.v201204261316.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.ejb_3.1.1.v201204261316.jar
MD5: 19a647475533d1fd938f4f0d16bdcd3f
SHA1: 15e603af112b9c94e8f92265afee0b6f92c6e560

Identifiers

  • None

javax.el.source_2.2.0.v201303151357.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.el.source_2.2.0.v201303151357.jar
MD5: 37d38898ecf69a5d03add2767bffd1eb
SHA1: ddd6173dfc7bb9890980bbbb6290bb808ed421b0

Identifiers

  • None

javax.el_2.2.0.v201303151357.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.el_2.2.0.v201303151357.jar
MD5: 0295b5ceafc8c057a5597444ee46215f
SHA1: 21bfd3211b46ebca3ccc33d3bd801d18c6c7301e

Identifiers

  • None

javax.inject.source_1.0.0.v20091030.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.inject.source_1.0.0.v20091030.jar
MD5: 1fe0f044ed79eda98d83ca8d5cc21672
SHA1: c40fe94dd4fcf0b140199efa60020d05a76d3f03

Identifiers

  • None

javax.inject_1.0.0.v20091030.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.inject_1.0.0.v20091030.jar
MD5: 508774113f4ecc361d7a7ec5dc93c737
SHA1: bf39840bc3bc7fa50a0d5ab4fea74bc00e89f952

Identifiers

  • None

javax.jms.source_1.1.0.v201205091237.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.jms.source_1.1.0.v201205091237.jar
MD5: bc1b17048132e2b9d7b6cc6823f3c392
SHA1: 39336bad791bbfcb848cc6b5e47030148bd782af

Identifiers

  • None

javax.jms_1.1.0.v201205091237.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.jms_1.1.0.v201205091237.jar
MD5: 8762621440a2faef472a46e6c9285b1e
SHA1: 50f41f43f0c584ecf4f02597950db38af4144cdb

Identifiers

  • None

javax.jws.source_2.0.0.v201005080400.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.jws.source_2.0.0.v201005080400.jar
MD5: be304b8b63619c01a9801c613940b5a2
SHA1: c85af108864a3e8ab65c0ea0f7b859a9643cae6c

Identifiers

  • None

javax.jws_2.0.0.v201005080400.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.jws_2.0.0.v201005080400.jar
MD5: fdeabc422112edfa307e99a2ac69dfaa
SHA1: 9670a93b41e66e4a869ec5675cede3333e86cdbb

Identifiers

  • None

javax.mail.glassfish.source_1.4.1.v201108011116.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.mail.glassfish.source_1.4.1.v201108011116.jar
MD5: cf9ea97140c713682c0bde60c89ce96a
SHA1: d60f2855764241a12ac9e47464a1f3e6fdf4b1b1

Identifiers

  • None

javax.mail.glassfish_1.4.1.v201108011116.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.mail.glassfish_1.4.1.v201108011116.jar
MD5: 312cddb1ed26a8d6fc39f170cf3329aa
SHA1: 537accfb1ff7a72e9ab23ea301a58688a4b08157

Identifiers

  • None

javax.mail_1.4.0.v201005080615.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.mail_1.4.0.v201005080615.jar
MD5: 39bd9b66536d680199a0511b553ce29c
SHA1: 003f16175cea48ee1b3a6e16e66352149db2ca4b

Identifiers

  • None

javax.management.remote_1.0.0.v20100427-1100.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.management.remote_1.0.0.v20100427-1100.jar
MD5: 0fe32c4acd1741904ef420f2130610e6
SHA1: 30f7f1f22b837739529c5561cdba64dcc9266c37

Identifiers

  • None

javax.management_1.2.0.v20100427-1100.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.management_1.2.0.v20100427-1100.jar
MD5: 1f2e730fa2092dce64d23a73de4ff849
SHA1: c912520d93036c0c8970d321441b3e10df7c3cb1

Identifiers

  • None

javax.persistence.source_1.0.0.v200905011740.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.persistence.source_1.0.0.v200905011740.jar
MD5: 54ed035315a02037c94d40c6689a0fac
SHA1: 677deb48268643ad91401858305e85e9f0441aad

Identifiers

  • None

javax.persistence_1.0.0.v200905011740.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.persistence_1.0.0.v200905011740.jar
MD5: a2f8e2a83418a24dfc093b5dbc145a6d
SHA1: 816971b1bad190b66913ba2084b684f1fa73809f

Identifiers

  • None

javax.resource.source_1.6.0.v201204270900.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.resource.source_1.6.0.v201204270900.jar
MD5: 97e6fda91da8fb714e2c70baec8e7927
SHA1: 8d46ead47c00a29b9364318cbb60906bb3f56122

Identifiers

  • None

javax.resource_1.6.0.v201204270900.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.resource_1.6.0.v201204270900.jar
MD5: 8db5638c97db1a53eba2af6f623cd1aa
SHA1: 5fa61318011d46175d05d4e2f30fa03c2279a3a8

Identifiers

  • None

javax.security.auth.message.source_1.0.0.v201108011116.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.security.auth.message.source_1.0.0.v201108011116.jar
MD5: 6fd7893728cd81483c660bcb8e2f725b
SHA1: eb07402177ed76bc2f1c1ec78a88be3ea025deb8

Identifiers

  • None

javax.security.auth.message_1.0.0.v201108011116.jar

Description: Java Authentication Service Provider Interface for Containers (JSR-196) api

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.security.auth.message_1.0.0.v201108011116.jar
MD5: 06324c3490a7005c04c0cd55be1f49c4
SHA1: 384c06988c8c52e67f98a2f970ba60354fcb1f6d

Identifiers

  • None

javax.security.jacc.source_1.4.0.v201205031350.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.security.jacc.source_1.4.0.v201205031350.jar
MD5: 0d90704aa79d0c7eb28ce6330baa351f
SHA1: 7ac69b27b8b0cbd9b05964f95afb94a97872c321

Identifiers

  • None

javax.security.jacc_1.4.0.v201205031350.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.security.jacc_1.4.0.v201205031350.jar
MD5: 64e5cb175c12370210964caf141d1eb3
SHA1: 90cfabbc9c3ef87c3406d35b29ad6831af0fcada

Identifiers

  • None

javax.servlet.jsp.jstl.impl.source_1.2.0.v201210211230.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.servlet.jsp.jstl.impl.source_1.2.0.v201210211230.jar
MD5: d7b64b7122b6069b3e74ea4b9ad36da5
SHA1: 1bb255563928ddbb03329f8ad63c72d8ae65777b

Identifiers

  • None

javax.servlet.jsp.jstl.impl_1.2.0.v201210211230.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.servlet.jsp.jstl.impl_1.2.0.v201210211230.jar
MD5: e454eae989b2ecf382a29de55b09129b
SHA1: eb6ab31d411c08187f4c618f12f0d5e5c615422a

Identifiers

  • cpe: cpe:/a:apache:standard_taglibs:1.2.0.v20121021   Confidence:LOW   

CVE-2015-0254  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.

Vulnerable Software & Versions:

javax.servlet.jsp.jstl.source_1.2.0.v201105211821.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.servlet.jsp.jstl.source_1.2.0.v201105211821.jar
MD5: 745f83de641fd11bd98b4a77636d0a29
SHA1: 9aea4572cbc39ed3f66fb989caf9a59364414f14

Identifiers

  • None

javax.servlet.jsp.jstl_1.2.0.v201105211821.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.servlet.jsp.jstl_1.2.0.v201105211821.jar
MD5: 2f94c545526acea633851bb894ee5260
SHA1: 7dff0519faaf45dd93a12a442683a16b92f012f6

Identifiers

  • None

javax.servlet.jsp.source_2.2.0.v201112011158.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.servlet.jsp.source_2.2.0.v201112011158.jar
MD5: 2d36e09c2ed4ff5eb60d065caf16dccd
SHA1: f8b73460acd8285699c2d5c2487b3f3fe02a7b3a

Identifiers

  • None

javax.servlet.jsp_2.2.0.v201112011158.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.servlet.jsp_2.2.0.v201112011158.jar
MD5: 96c4fc48d64cdb105f1cfcb70d58d49c
SHA1: d5032f76122429931016dfd91bd1e99795eba81f

Identifiers

  • None

javax.servlet.source_3.1.0.v201410161800.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.servlet.source_3.1.0.v201410161800.jar
MD5: a067ab3e81a89a347000fcedcf28f778
SHA1: 2c6f06cde0b3fa280f5cf2269c31d29332b89fca

Identifiers

  • None

javax.servlet_3.1.0.v201410161800.jar

Description: %bundleDescription

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.servlet_3.1.0.v201410161800.jar
MD5: f7894d938002611ef08d82573cd7858e
SHA1: 71d552154032f9108c3b8d76eca65752f7d01160

Identifiers

  • None

javax.transaction.source_1.1.1.v201105210645.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.transaction.source_1.1.1.v201105210645.jar
MD5: 21ffa50234467b1b1085115fae7d835c
SHA1: 597ea681c02ab3fe36da42f0b9639f10e4f9a023

Identifiers

  • None

javax.transaction_1.1.1.v201105210645.jar

Description: Provides open-source implementations of Sun specifications.

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.transaction_1.1.1.v201105210645.jar
MD5: c0b7111aad2263bd7db940c468b74c31
SHA1: e6b90dd319f124008560aefcefaa3931c472ec00

Identifiers

  • maven: org.apache.geronimo.specs:geronimo-jta_1.1_spec:1.1.1   Confidence:HIGH

javax.validation.source_1.0.0.GA_v201205091237.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.validation.source_1.0.0.GA_v201205091237.jar
MD5: 68d642716d1656a5c17cbc29524cf51c
SHA1: da0f70f3a0d458d74292ca0fa66e635c40f8847e

Identifiers

  • None

javax.validation_1.0.0.GA_v201205091237.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.validation_1.0.0.GA_v201205091237.jar
MD5: 0ee33faaf6f53c531aaf52a41a4ff892
SHA1: 436adc809d3a4d3c0f66454e01d79ff6c6cfb8c0

Identifiers

  • None

javax.websocket.source_1.0.0.v20140310-1603.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.websocket.source_1.0.0.v20140310-1603.jar
MD5: f0a91d66745eea00a0254b825c433099
SHA1: 3f871317e717951c3fd3592657ee186f8d9f2c03

Identifiers

  • None

javax.websocket_1.0.0.v20140310-1603.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.websocket_1.0.0.v20140310-1603.jar
MD5: 1bbc92bf53f8c0a693a12cae8adcfe55
SHA1: 36cf00c08b71d627fc90994da1c24ba8722f364b

Identifiers

  • None

javax.ws.rs_2.0.1.v201504171603.jar

Description: Java API for RESTful Web Services (JAX-RS)

License:

CDDL 1.1: http://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.ws.rs_2.0.1.v201504171603.jar
MD5: d81d4b090f98e750a43042a0c66bc2a2
SHA1: c274bcc2c03c2b9d4f39da2f524c4972a03a027b

Identifiers

  • maven: javax.ws.rs:javax.ws.rs-api:2.0.1   Confidence:HIGH

javax.wsdl.source_1.6.2.v201012040545.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.wsdl.source_1.6.2.v201012040545.jar
MD5: 50a68feff0431c69c74217f8847a1e6d
SHA1: ef35eb388ad82a622de1c29d98bfa45bc379e575

Identifiers

  • None

javax.wsdl_1.5.1.v201012040544.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.wsdl_1.5.1.v201012040544.jar
MD5: 7907237149a208f2c61a28d193efd0be
SHA1: d570c465249092d19e3079a5ad3b0a3c6c20c838

Identifiers

  • None

javax.wsdl_1.6.2.v201012040545.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.wsdl_1.6.2.v201012040545.jar
MD5: feb65db3477b318240daf6e177aa09ea
SHA1: 25432393d6dbad7c5d8ec7fe14a1b0fdf900a85f

Identifiers

  • None

javax.xml.bind.source_2.2.0.v201105210648.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.xml.bind.source_2.2.0.v201105210648.jar
MD5: f14d434e4109fb538ad4e13311eea479
SHA1: cb37851a239868becf943fec4f4f01bcfbde9cc4

Identifiers

  • None

javax.xml.bind_2.2.0.v201105210648.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.xml.bind_2.2.0.v201105210648.jar
MD5: 4b2ec768ffd4beb5e6ccfc8443a23cfb
SHA1: 850f0d6ae87e24b0576253d49debe2a56522418b

Identifiers

  • None

javax.xml.rpc_1.1.0.v201209140446.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.xml.rpc_1.1.0.v201209140446.jar
MD5: c7b9d124a81559a28854c8967ba509fd
SHA1: d2f49cc8ae31e36bd0a18b512f49a2a780bf4a29

Identifiers

  • None

javax.xml.rpc_1.1.0.v201209140446.jar: jaxrpc.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.xml.rpc_1.1.0.v201209140446.jar/lib/jaxrpc.jar
MD5: b4592e5eccfeeeae87cfadef0ca66c66
SHA1: b393f1f0c0d95b68c86d0b1ab2e687bb71f3c075

Identifiers

CVE-2014-3596  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.

Vulnerable Software & Versions: (show all)

CVE-2012-5784  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation

Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Vulnerable Software & Versions: (show all)

javax.xml.soap_1.2.0.v201005080501.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.xml.soap_1.2.0.v201005080501.jar
MD5: 027a6f4db7cdfc008d6c75f04a1650aa
SHA1: ad23484f758d578db79f20bd7c4c84e1f4d867da

Identifiers

  • None

javax.xml.soap_1.2.0.v201005080501.jar: saaj.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.xml.soap_1.2.0.v201005080501.jar/lib/saaj.jar
MD5: 87b30c8124683bbd11f9ff2bcaaafbf8
SHA1: 581149d1f391258754354f2acf2b56665d53de2e

Identifiers

CVE-2014-3596  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.

Vulnerable Software & Versions: (show all)

CVE-2012-5784  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation

Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Vulnerable Software & Versions: (show all)

javax.xml.soap_1.3.0.v201105210645.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.xml.soap_1.3.0.v201105210645.jar
MD5: d84a04f656627254aad3490770639e2e
SHA1: b346eb196ec744297ea14f158dd7f723130fb982

Identifiers

  • None

javax.xml.stream_1.0.1.v201004272200.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.xml.stream_1.0.1.v201004272200.jar
MD5: 9631c630b638f4c5b91eb00f63d830fb
SHA1: 3c961dc1402e0072c73582ce9abc5dc9ed97f209

Identifiers

  • None

javax.xml.ws_2.1.0.v200902101523.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.xml.ws_2.1.0.v200902101523.jar
MD5: c0657c16664a8ff5cecbf9d3306ad95a
SHA1: 2a8e9793ab7a75304ca34d2e37cfbce926b31af2

Identifiers

  • None

javax.xml_1.3.4.v201005080400.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/javax.xml_1.3.4.v201005080400.jar
MD5: 7f7c93e568d12d93268300aa85060dd1
SHA1: 2c04a38e2b05f5ee4ca2556906c10c162fcabd06

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

jnr.constants_0.8.6.v201505052040.jar

Description: A set of platform constants (e.g. errno values)

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/jnr.constants_0.8.6.v201505052040.jar
MD5: a25afa6ace278518266261c544d25cbf
SHA1: 4e86b814f0e9a2aec092a3f5137691abf5c8a49f

Identifiers

  • maven: com.github.jnr:jnr-constants:0.8.6   Confidence:HIGH

jnr.enxio_0.6.0.v201505052040.jar

Description: Native I/O access for java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/jnr.enxio_0.6.0.v201505052040.jar
MD5: 1c26dc6bd97695d659eed76500b79b9e
SHA1: f2c0eaae39d224323e36577c7e45a31484cb9957

Identifiers

  • maven: com.github.jnr:jnr-enxio:0.6   Confidence:HIGH

jnr.ffi_2.0.1.v201505052040.jar

Description: A library for invoking native functions from java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/jnr.ffi_2.0.1.v201505052040.jar
MD5: 6aac633bbffe62810bf18dfb831dca0b
SHA1: 8057ad03afb6a597baf55d2b200d1530660be44d

Identifiers

  • maven: com.github.jnr:jnr-ffi:2.0.1   Confidence:HIGH

jnr.posix_3.0.9.v201505052040.jar

Description:  Common cross-project/cross-platform POSIX APIs

License:

Common Public License - v 1.0: http://www-128.ibm.com/developerworks/library/os-cpl.html
GNU General Public License Version 2: http://www.gnu.org/copyleft/gpl.html
GNU Lesser General Public License Version 2.1: http://www.gnu.org/licenses/lgpl.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/jnr.posix_3.0.9.v201505052040.jar
MD5: 1fc388d5ef0866494fd3851b26572bd4
SHA1: 4526fb745a82281b68ca1b696d24d509995dcf80

Identifiers

  • maven: com.github.jnr:jnr-posix:3.0.9   Confidence:HIGH

jnr.unixsocket_0.5.0.v201505052040.jar

Description: Native I/O access for java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/jnr.unixsocket_0.5.0.v201505052040.jar
MD5: 61ef4f7433bd3ea9d2e0193002b12cc4
SHA1: 0a9f67b0a5550f37bd0a1e44d5e35ae85c8f88cf

Identifiers

  • maven: com.github.jnr:jnr-unixsocket:0.5   Confidence:HIGH

jnr.x86asm_1.0.2.v201505052040.jar

Description: A pure-java X86 and X86_64 assembler

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/jnr.x86asm_1.0.2.v201505052040.jar
MD5: 6cefcb8ca26336c76c75c7cd77f326c9
SHA1: 0c5814b3f6ff969bc4d83d512fe78194ccb4c675

Identifiers

  • maven: com.github.jnr:jnr-x86asm:1.0.2   Confidence:HIGH

lpg.runtime.java.source_2.0.17.v201004271640.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/lpg.runtime.java.source_2.0.17.v201004271640.jar
MD5: d8d3ca3bd6047fa5595d85da9c71a647
SHA1: 1575670e59dd5ac43d9425208bd85d56484c8348

Identifiers

  • None

lpg.runtime.java_2.0.17.v201004271640.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/lpg.runtime.java_2.0.17.v201004271640.jar
MD5: 336421db8fcfda110b9caf073b34d441
SHA1: fe55253ad44269df61b4183a2c5832f52063836b

Identifiers

  • None

me.prettyprint.hector.source_0.7.0.0022_v20110412-1025.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/me.prettyprint.hector.source_0.7.0.0022_v20110412-1025.jar
MD5: 594552d1c90aa366cec398e9d07c953f
SHA1: 9b1512d3220844a6931d5d44121834eae01d1e6c

Identifiers

  • None

me.prettyprint.hector_0.7.0.0022_v20110412-1025.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/me.prettyprint.hector_0.7.0.0022_v20110412-1025.jar
MD5: 81a5c7a2300ab5ddc9e739a4ae2ef24b
SHA1: 79e6f0ba0be8433a87f449cdec41dcf3288cd779

Identifiers

  • maven: me.prettyprint:hector-core:0.7.0-22   Confidence:HIGH

net.miginfocom.layout.source_3.7.1.v200911230030.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/net.miginfocom.layout.source_3.7.1.v200911230030.jar
MD5: 12886a1d37bdad3922b47af490696f41
SHA1: b65c963464ca0ee12b17758a6aa13cccd5d5c2a4

Identifiers

  • None

net.miginfocom.layout.swing.source_3.7.1.v200911230030.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/net.miginfocom.layout.swing.source_3.7.1.v200911230030.jar
MD5: 15649a01c19fc0467e1f9ce875041c8a
SHA1: 14273052362c970cbd09cb9e1e30c6e0efb682d8

Identifiers

  • None

net.miginfocom.layout.swing_3.7.1.v200911230030.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/net.miginfocom.layout.swing_3.7.1.v200911230030.jar
MD5: 09bc732f0134657967da7a1c17d5207c
SHA1: eeed81f4abe6a900f133ac7b118955462e633880

Identifiers

  • None

net.miginfocom.layout.swt.source_3.7.1.v201505121915.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/net.miginfocom.layout.swt.source_3.7.1.v201505121915.jar
MD5: 5a9f77033fd9e536cf7f8cc91b298b84
SHA1: 8171a3c85fe7d9d2ba959d54eefeb2c0c23eb4f6

Identifiers

  • None

net.miginfocom.layout.swt_3.7.1.v201505121915.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/net.miginfocom.layout.swt_3.7.1.v201505121915.jar
MD5: 3f0d3c5f9fc5a7acb85275bf07b0636d
SHA1: 8ba57e37e3558921cd20a79140f86ec7797456ce

Identifiers

  • None

net.miginfocom.layout_3.7.1.v200911230030.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/net.miginfocom.layout_3.7.1.v200911230030.jar
MD5: 4c7845e6bf6aea415a6f0975b1b327bb
SHA1: 2537e7005c70db629e5317341c21436b4292cb75

Identifiers

  • None

net.sourceforge.lpg.lpgjavaruntime.source_1.1.0.v201004271650.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/net.sourceforge.lpg.lpgjavaruntime.source_1.1.0.v201004271650.jar
MD5: 87de595c48a904ddb9f46064fc197985
SHA1: a68109161dcc6f7600fe138df9d15b592e54ed2c

Identifiers

  • None

net.sourceforge.lpg.lpgjavaruntime_1.1.0.v201004271650.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/net.sourceforge.lpg.lpgjavaruntime_1.1.0.v201004271650.jar
MD5: 6d7ab388ef6d149a9609cbb46387a207
SHA1: c64a4d810986c20a831515ee2370f2217ef49e6a

Identifiers

  • None

net.sourceforge.mx4j.remote_3.0.1.v20100427-1100.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/net.sourceforge.mx4j.remote_3.0.1.v20100427-1100.jar
MD5: 848d105d2a3991e0a332eeb6824ac2c3
SHA1: f2d155b5796afba83a7be445184e499b02a02ed2

Identifiers

  • None

net.sourceforge.mx4j_3.0.1.v20100427-1100.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/net.sourceforge.mx4j_3.0.1.v20100427-1100.jar
MD5: e4410e17fdbad031403cb7dd3d859a08
SHA1: b74fa98d7a44ee1ec4a12a698bf280baa03329ba

Identifiers

  • None

net.sourceforge.nattable.core.source_2.1.0.v201102070845.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/net.sourceforge.nattable.core.source_2.1.0.v201102070845.jar
MD5: 023697e2d26fc5b54365b0fc34edc2eb
SHA1: 1eae93167232bb088bb66153e1b16f0a73ac6d48

Identifiers

  • None

net.sourceforge.nattable.core_2.1.0.v201102231538.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/net.sourceforge.nattable.core_2.1.0.v201102231538.jar
MD5: fdbbaf12346ff18d6cdab2d9752f28a3
SHA1: 9bb1488c7c312dac6a605901085a59852a4cef3f

Identifiers

  • None

org.antlr.runtime.source_3.2.0.v201101311130.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.antlr.runtime.source_3.2.0.v201101311130.jar
MD5: 6991835225bc8f721b7cc84e5dfa29bd
SHA1: 68261236ab1d3e300a463654353b797aa0157282

Identifiers

  • None

org.antlr.runtime.source_4.3.0.v201502022030.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.antlr.runtime.source_4.3.0.v201502022030.jar
MD5: 0a0f136208b45c6f83102aed002238c5
SHA1: 8cc624330f74b24ddcbe9ade8872aed218badac7

Identifiers

  • None

org.antlr.runtime_3.2.0.v201101311130.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.antlr.runtime_3.2.0.v201101311130.jar
MD5: 98e3ad702de8b3ef320668c4ba3a3da2
SHA1: fd50da1fe79fb90fb8627918e5545ff958861fc3

Identifiers

  • None

org.antlr.runtime_4.3.0.v201502022030.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.antlr.runtime_4.3.0.v201502022030.jar
MD5: b149c4c21adaa02cec86b1e03ecda138
SHA1: 07a46a87f97bc70aa27561a06d513195109c8936

Identifiers

  • None

org.antlr.runtime_4.3.0.v201502022030.jar/META-INF/maven/org.abego.treelayout/org.abego.treelayout.core/pom.xml

Description: Efficient and customizable TreeLayout Algorithm in Java.

License:

BSD 3-Clause "New" or "Revised" License (BSD-3-Clause): http://treelayout.googlecode.com/files/LICENSE.TXT
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.antlr.runtime_4.3.0.v201502022030.jar/META-INF/maven/org.abego.treelayout/org.abego.treelayout.core/pom.xml
MD5: 0fd589167b7a434db7580a66737649b9
SHA1: e8da72b4e31c6610ca57fde5f73d5ee4d1d5f957

Identifiers

  • maven: org.abego.treelayout:org.abego.treelayout.core:1.0.1   Confidence:HIGH

org.antlr.runtime_4.3.0.v201502022030.jar/META-INF/maven/org.antlr/antlr4-annotations/pom.xml

Description: A set of annotations used within the ANTLR 4 Runtime

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.antlr.runtime_4.3.0.v201502022030.jar/META-INF/maven/org.antlr/antlr4-annotations/pom.xml
MD5: 1f718a01d68d3d7cfbccb5afca7afbea
SHA1: 52d6faff570340f79aa5572e3587d887f530ac09

Identifiers

  • maven: org.antlr:antlr4-annotations:4.3   Confidence:HIGH

org.antlr.runtime_4.3.0.v201502022030.jar/META-INF/maven/org.antlr/antlr4-runtime/pom.xml

Description: The ANTLR 4 Runtime

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.antlr.runtime_4.3.0.v201502022030.jar/META-INF/maven/org.antlr/antlr4-runtime/pom.xml
MD5: 8a5f89957d6f2f5574a6435cb2e83c8d
SHA1: 7506afb2d7e1fdbd02bee67ce083a57a65d6667b

Identifiers

  • maven: org.antlr:antlr4-runtime:4.3   Confidence:HIGH

org.antlr.runtime_4.5.1.v20160210-1233.jar

Description: The ANTLR 4 Runtime

License:

http://www.antlr.org/license.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.antlr.runtime_4.5.1.v20160210-1233.jar
MD5: 1b0054ec0739478264bfef92b7e8d625
SHA1: d0de7035aa6e1efd43a1417656528c4f174f949e

Identifiers

  • maven: org.eclipse.orbit.bundles:org.antlr.runtime:4.5.1-SNAPSHOT   Confidence:HIGH

org.aopalliance_1.0.0.v201105210816.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.aopalliance_1.0.0.v201105210816.jar
MD5: 4f6a7c972ba01dce108fac7164c694b3
SHA1: 739f953aaf4a74102d5636399d728ca52ae409c8

Identifiers

  • None

org.apache.ant.source_1.9.6.v201510161327.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ant.source_1.9.6.v201510161327.jar
MD5: a587806773e6da90e6bd5304a4139699
SHA1: 360bec5e7b7722ce07cff84c2a77fa076289a5f2

Identifiers

  • None

org.apache.ant_1.9.6.v201510161327.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ant_1.9.6.v201510161327.jar
MD5: 3a922bce1b4ce5de2535dcfb98ecbab7
SHA1: 5d7d52821a74e71b897761e19ddd024c5a07419e

Identifiers

  • None

org.apache.ant_1.9.6.v201510161327.jar: ant-antlr.jar

Description: antlr specific task. The implementation forks a java process, therefore the antlr jar file is only needed at runtime

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ant_1.9.6.v201510161327.jar/lib/ant-antlr.jar
MD5: 307f0e1c9f23cd7debfcfbe6511d966b
SHA1: b71e7d7882752f47ca9f63efb2b5abcb0cf12a4f

Identifiers

org.apache.ant_1.9.6.v201510161327.jar: ant-apache-bcel.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ant_1.9.6.v201510161327.jar/lib/ant-apache-bcel.jar
MD5: d4e9576db90cf8d45f14bc3e345663a1
SHA1: e6fb06a39d3c5b10d77873c0a94f03cd5fc79cb4

Identifiers

org.apache.ant_1.9.6.v201510161327.jar: ant-apache-bsf.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ant_1.9.6.v201510161327.jar/lib/ant-apache-bsf.jar
MD5: 4ddf663af7fdef6a646fe6d38c3d31a4
SHA1: 11d02f850b1de3b90db432a776d6e1a444ab5780

Identifiers

org.apache.ant_1.9.6.v201510161327.jar: ant-apache-log4j.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ant_1.9.6.v201510161327.jar/lib/ant-apache-log4j.jar
MD5: d2bdcd83042937f50c7f26c5cfb5ce1a
SHA1: f0d9a69239d58aa2b1b7606d8c526dbe0e58ca10

Identifiers

org.apache.ant_1.9.6.v201510161327.jar: ant-apache-oro.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ant_1.9.6.v201510161327.jar/lib/ant-apache-oro.jar
MD5: a63b59de4bb0a51f57b42da260ff4213
SHA1: 29f732bddc55d23706ece78f7631b6cacdfca543

Identifiers

org.apache.ant_1.9.6.v201510161327.jar: ant-apache-regexp.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ant_1.9.6.v201510161327.jar/lib/ant-apache-regexp.jar
MD5: afe2cd51132c46ec88201d63a4fd72a2
SHA1: 24ddca79d0eefbbcb574e616e429adfa31b945d4

Identifiers

org.apache.ant_1.9.6.v201510161327.jar: ant-apache-resolver.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ant_1.9.6.v201510161327.jar/lib/ant-apache-resolver.jar
MD5: e1ba3f3a70d265d90536ccefe7410ddd
SHA1: 9b6b6ee561a8354f1525542078716053769aec7b

Identifiers

org.apache.ant_1.9.6.v201510161327.jar: ant-apache-xalan2.jar

Description: contains Xalan2-specific features

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ant_1.9.6.v201510161327.jar/lib/ant-apache-xalan2.jar
MD5: 989e9b3523a68f36986f1fa7d5694baa
SHA1: abf147f8fdc9b1d6a438d31773a462b0b8a0a0ef

Identifiers

org.apache.ant_1.9.6.v201510161327.jar: ant-commons-logging.jar

Description: Ant Listener based on commons-logging

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ant_1.9.6.v201510161327.jar/lib/ant-commons-logging.jar
MD5: 0dee69d3bfbd887989e3e0315575a074
SHA1: 4cda86a65b540c7e6073f194388bd32b6a16654c

Identifiers

org.apache.ant_1.9.6.v201510161327.jar: ant-commons-net.jar

Description: ftp, rexec and telnet tasks

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ant_1.9.6.v201510161327.jar/lib/ant-commons-net.jar
MD5: 02b9e4a9ad0c90bbdb33b91a00ec19ce
SHA1: ae04e77ba8a5ee6e0892b0fc665bba52ae3fccde

Identifiers

org.apache.ant_1.9.6.v201510161327.jar: ant-jai.jar

Description: image task and corresponding types.

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ant_1.9.6.v201510161327.jar/lib/ant-jai.jar
MD5: 8098f0a4db1bdf53e7615a9b26226315
SHA1: 094988e4dcfc7d650dc0eb21156b8151d2f5f60b

Identifiers

org.apache.ant_1.9.6.v201510161327.jar: ant-javamail.jar

Description: implementation of the mail task based on javamail. Required to send emails to SMTP servers using user/password combinations or to send mail over SSL

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ant_1.9.6.v201510161327.jar/lib/ant-javamail.jar
MD5: 9430b401445e65dfa1afa8d6412024ce
SHA1: 16c5a6c95391c918f974baabc453f9cc2f8138c4

Identifiers

org.apache.ant_1.9.6.v201510161327.jar: ant-jdepend.jar

Description: task jdepend invoking the jdepend parser. There is also a version 2.9.1 of the jdepend parser available on the maven repository

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ant_1.9.6.v201510161327.jar/lib/ant-jdepend.jar
MD5: 897771f4aa8bb492ecfc318c513f98c7
SHA1: b4e994f888c52883e36f9bcfd47b14554051ca30

Identifiers

org.apache.ant_1.9.6.v201510161327.jar: ant-jmf.jar

Description: contains the sound task and a soundplayer listener download the dependency from http://java.sun.com/products/java-media/jmf/

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ant_1.9.6.v201510161327.jar/lib/ant-jmf.jar
MD5: 77c7f11d000600322795d8d9a2d03b90
SHA1: ae74d555182ebca1908e8041fb80fc1f9b67faa5

Identifiers

org.apache.ant_1.9.6.v201510161327.jar: ant-jsch.jar

Description: contains the sshexec and scp tasks

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ant_1.9.6.v201510161327.jar/lib/ant-jsch.jar
MD5: 0c3785fee29ab1cd50c06c5f42fb712f
SHA1: 572788082a810909a0ec90af107b8834c5cc0a2c

Identifiers

org.apache.ant_1.9.6.v201510161327.jar: ant-junit.jar

Description: contains the junit and junirreport tasks

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ant_1.9.6.v201510161327.jar/lib/ant-junit.jar
MD5: 084e750fb2a0f0e819baa5a9cc94553d
SHA1: f1bb1873385e07236bd03f6cbfc8986489813090

Identifiers

org.apache.ant_1.9.6.v201510161327.jar: ant-junit4.jar

Description: contains JUnit 4.x support

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ant_1.9.6.v201510161327.jar/lib/ant-junit4.jar
MD5: ce06e0a65b453cf40a8e381d27d83915
SHA1: 272a6ce83866478f7d661aa341f715c4c631398b

Identifiers

org.apache.ant_1.9.6.v201510161327.jar: ant-launcher.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ant_1.9.6.v201510161327.jar/lib/ant-launcher.jar
MD5: 3c4bbfc6cd0393d2680bc5cb45428ec1
SHA1: d75dd4c39ba06401f20e7afffb861d268baec6bc

Identifiers

org.apache.ant_1.9.6.v201510161327.jar: ant-netrexx.jar

Description: NetRexxC task dependency can be downloaded from http://www.ibm.com/software/awdtools/netrexx/download.html

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ant_1.9.6.v201510161327.jar/lib/ant-netrexx.jar
MD5: 16d18ef932eef4f4df8c0cee7066835e
SHA1: cc335aa98b3170f7168734e53c460c1cce117853

Identifiers

org.apache.ant_1.9.6.v201510161327.jar: ant-swing.jar

Description: a listener and a splash task based on Swing

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ant_1.9.6.v201510161327.jar/lib/ant-swing.jar
MD5: 44bb0864748c7d8a08d91edc397bfe16
SHA1: 0975e53a70ac80eadf71f8fe005e91b98e843dc0

Identifiers

org.apache.ant_1.9.6.v201510161327.jar: ant-testutil.jar

Description: test utility classes

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ant_1.9.6.v201510161327.jar/lib/ant-testutil.jar
MD5: 989158e75e4b58d074dcc141d33bb658
SHA1: 97fe509017514cc627189e4bcbe996d37bda5b82

Identifiers

CVE-2007-1349  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

Vulnerable Software & Versions: (show all)

org.apache.ant_1.9.6.v201510161327.jar: ant.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ant_1.9.6.v201510161327.jar/lib/ant.jar
MD5: 03fe9e7bbb3a9d62bb33c55ba6820f21
SHA1: 80e2063b01bab3c79c2d84e4ed5e73868394c85a

Identifiers

org.apache.axis_1.4.0.v201411182030.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.axis_1.4.0.v201411182030.jar
MD5: 14daccddb676131a7b152ad557a8e3eb
SHA1: ce2cf99de67be8d82bb805228e923fc70a9c6397

Identifiers

  • cpe: cpe:/a:apache:axis:1.4.0.v20141118   Confidence:LOW   

org.apache.axis_1.4.0.v201411182030.jar: axis.jar

Description:  An implementation of the SOAP ("Simple Object Access Protocol") submission to W3C.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.axis_1.4.0.v201411182030.jar/lib/axis.jar
MD5: 03dcfdd88502505cc5a805a128bfdd8d
SHA1: 94a9ce681a42d0352b3ad22659f67835e560d107

Identifiers

CVE-2014-3596  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.

Vulnerable Software & Versions: (show all)

CVE-2012-5784  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation

Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Vulnerable Software & Versions: (show all)

org.apache.batik.css.source_1.7.0.v201011041433.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.batik.css.source_1.7.0.v201011041433.jar
MD5: 249e67f544ed6f334b2e61c69211c951
SHA1: 8c2d8a2b25d77b56cec1c6607fc25cf0be3f1580

Identifiers

  • cpe: cpe:/a:apache:batik:1.7.0.v20101104   Confidence:LOW   

org.apache.batik.css_1.6.0.v201011041432.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.batik.css_1.6.0.v201011041432.jar
MD5: f079e5677aed6420276227d58ff7958e
SHA1: 849ee12edacc7a5a511832284736d9c32044b8c2

Identifiers

  • cpe: cpe:/a:apache:batik:1.6.0.v20101104   Confidence:LOW   

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

org.apache.batik.css_1.7.0.v201011041433.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.batik.css_1.7.0.v201011041433.jar
MD5: 59805d01c5b30652b766971c2b8770aa
SHA1: e32386221b6a4bc7bd9ba3a73bafb56fc85ca373

Identifiers

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

org.apache.batik.dom_1.6.1.v201505192100.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.batik.dom_1.6.1.v201505192100.jar
MD5: fd947ad065d0a10142406ea6ab024997
SHA1: d62dc93129af0f2dfd6007bac42fc5905f4056bf

Identifiers

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

org.apache.batik.dom_1.7.1.v201505191845.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.batik.dom_1.7.1.v201505191845.jar
MD5: 60277dbbc8078dfcf910d6aa41c080e5
SHA1: ca2a04a5be488d7d23a84e4b4aa0740047a4c37a

Identifiers

  • cpe: cpe:/a:apache:batik:1.7.1.v20150519   Confidence:LOW   

org.apache.batik.pdf_1.6.0.v201105071520.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.batik.pdf_1.6.0.v201105071520.jar
MD5: 700312edd4779cb668953adb4f02e851
SHA1: 705723145ae5e5eb8f94e2af570dc886325c2a87

Identifiers

  • cpe: cpe:/a:apache:batik:1.6.0.v20110507   Confidence:LOW   

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

org.apache.batik.swing.source_1.7.0.v201302011158.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.batik.swing.source_1.7.0.v201302011158.jar
MD5: f266c192e2466065341ff33880e31217
SHA1: e006c91acada765cf868746a76616a4dca4882d6

Identifiers

  • cpe: cpe:/a:apache:batik:1.7.0.v20130201   Confidence:LOW   

org.apache.batik.swing_1.7.0.v201302011158.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.batik.swing_1.7.0.v201302011158.jar
MD5: 262e95a381c3d7589712db3ddff7a343
SHA1: fc42473d2ed3a7ec1fb8212b07ce52a39d20d0fe

Identifiers

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

org.apache.batik.util.gui.source_1.7.0.v200903091627.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.batik.util.gui.source_1.7.0.v200903091627.jar
MD5: 5b10c8eecff7aae57d2de86c19c58e78
SHA1: c332be8708889fcd816950d4d267804d312528c0

Identifiers

  • cpe: cpe:/a:apache:batik:1.7.0.v20090309   Confidence:LOW   

org.apache.batik.util.gui_1.7.0.v200903091627.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.batik.util.gui_1.7.0.v200903091627.jar
MD5: 705e2e76b2d50953dfb0872d46cbd163
SHA1: 44eed20e2aee27a9b092457015c96c5ebf676bb9

Identifiers

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

org.apache.bcel.source_5.2.0.v201005080400.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.bcel.source_5.2.0.v201005080400.jar
MD5: 57d751fe2d035c2227832af83563b059
SHA1: b8eaaacb3f3faaea37829470821b339f91510360

Identifiers

  • None

org.apache.bcel_5.2.0.v201005080400.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.bcel_5.2.0.v201005080400.jar
MD5: 997e92a0318669a7f5d60eaa7eb5395e
SHA1: 818375570abfe1474643795fc6d5345206d0acc1

Identifiers

  • None

org.apache.bsf.source_2.4.0.v201103030230.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.bsf.source_2.4.0.v201103030230.jar
MD5: 454a3d7b7281a63e4a7784e664d624c1
SHA1: 59c52c4e81fcf88376c8b23629bd75e5e72c5713

Identifiers

  • None

org.apache.bsf_2.4.0.v201103030230.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.bsf_2.4.0.v201103030230.jar
MD5: 48f1bf3b7903f8b9040497ee3627025b
SHA1: 3d810df093da9c083f1576c1288e473f06419775

Identifiers

  • None

org.apache.bval.source_0.3.0.v201205161050.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.bval.source_0.3.0.v201205161050.jar
MD5: 360453623464e35db44e323e6b71e341
SHA1: 40f5c7f6cd95c74c589b72ef9432fb583f0d5f34

Identifiers

  • None

org.apache.bval_0.3.0.v201205161050.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.bval_0.3.0.v201205161050.jar
MD5: 4c19481dca2ac81679cab6dfb90ebdb4
SHA1: be4dd583520a34d12949547ed8d89b442351ad3a

Identifiers

  • None

org.apache.cassandra_0.7.0.v201503170330.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.cassandra_0.7.0.v201503170330.jar
MD5: 2015521813387a32707eb7cd40b08b35
SHA1: 6c840328eebc0f9d573181c4e10ca15b9dc430e7

Identifiers

  • cpe: cpe:/a:apache:cassandra:0.7.0.v20150317   Confidence:LOW   

org.apache.catalina.ha.source_7.0.56.v201412180755.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.catalina.ha.source_7.0.56.v201412180755.jar
MD5: 5ce97f8a205142decaab75ab706eb923
SHA1: 0c37864f2ecc0737c23e742d9eb98abb461b7797

Identifiers

  • None

org.apache.catalina.ha_7.0.56.v201412180755.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.catalina.ha_7.0.56.v201412180755.jar
MD5: 62a4d36b135676bba8906777ad28cc3c
SHA1: 9e9f0c8f138269932e69a8f17f92f9251ef27744

Identifiers

  • None

org.apache.catalina.source_7.0.56.v201503170330.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.catalina.source_7.0.56.v201503170330.jar
MD5: 7767ce888edb6276d6b029650692f8bd
SHA1: 7a27515997d36792c0cbbe6077684b2b7ca66a97

Identifiers

  • None

org.apache.catalina.tribes.source_7.0.56.v201412180755.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.catalina.tribes.source_7.0.56.v201412180755.jar
MD5: 81e272dd9a949583863885c6bd57d3fe
SHA1: 83326e6e0de39f106a2fcd0c6769a583bd286d1a

Identifiers

  • None

org.apache.catalina.tribes_7.0.56.v201412180755.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.catalina.tribes_7.0.56.v201412180755.jar
MD5: 2057336e84988d99d015a0123a2a0bdf
SHA1: 944adeab4cc7483abd334df45bffb5c08e897758

Identifiers

  • None

org.apache.catalina_7.0.56.v201503170330.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.catalina_7.0.56.v201503170330.jar
MD5: 966cd55fe9fd8207fe0baa46781e47b9
SHA1: 122b7cd637b7307f21d897d5ded88ae24df84c3e

Identifiers

  • None

org.apache.commons.beanutils_1.8.0.v201205091237.jar

Description: BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.beanutils_1.8.0.v201205091237.jar
MD5: 1e222f3dde93c5936b698923ddb18c9e
SHA1: dffbc4c13b16b2c858364fa51f869942ca9e447b

Identifiers

  • cpe: cpe:/a:apache:commons_beanutils:1.8.0.v20120509   Confidence:LOW   

CVE-2014-0114  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Vulnerable Software & Versions: (show all)

org.apache.commons.cli.source_1.2.0.v201404270220.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.cli.source_1.2.0.v201404270220.jar
MD5: 471f85e7d9a21c82c99fbbc785d4c651
SHA1: 09f3a82383774508f608090ff19d90dcb0196d42

Identifiers

  • None

org.apache.commons.cli_1.2.0.v201404270220.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.cli_1.2.0.v201404270220.jar
MD5: 5bdd6c1ea7234f90ed1696ceb1410676
SHA1: 0ee57d7e81081b78069073995cc801ba9127bf65

Identifiers

  • None

org.apache.commons.codec.source_1.6.0.v201305230611.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.codec.source_1.6.0.v201305230611.jar
MD5: 20e3eb6b57101f612a32a178eeb8ff5d
SHA1: 6f900c05e27f0cce066e90e7bfda53d765799754

Identifiers

  • None

org.apache.commons.codec_1.6.0.v201305230611.jar

Description:  The codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.codec_1.6.0.v201305230611.jar
MD5: 5e0c6996f788eff3aee63cdfe179052a
SHA1: 0f5c2849adc06d92ec52346bf92377ceb4c91428

Identifiers

  • maven: commons-codec:commons-codec:1.6   Confidence:HIGH

org.apache.commons.collections_3.2.2.v201511171945.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.collections_3.2.2.v201511171945.jar
MD5: 0b1cc4e1ef4320c7894873091fb71a54
SHA1: 4331bf4c1b69c27998b2f3ca54f4c0eac1caa753

Identifiers

  • cpe: cpe:/a:apache:commons_collections:3.2.2.v20151117   Confidence:LOW   

org.apache.commons.compress_1.6.0.v201310281400.jar

Description: Apache Commons Compress software defines an API for working with compression and archive formats.These include: bzip2, gzip, pack200, xz and ar, cpio, jar, tar, zip, dump.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.compress_1.6.0.v201310281400.jar
MD5: 1aac3720d82a09840d96f9cff36f1078
SHA1: 4a3e714616c158947e102ce3b95f97a0d0720410

Identifiers

  • cpe: cpe:/a:apache:commons-compress:1.6.0.v20131028   Confidence:LOW   

org.apache.commons.daemon.source_1.0.5.v20121125-0905.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.daemon.source_1.0.5.v20121125-0905.jar
MD5: 92834b8c4c65323cd2b41fc7d57bd5e0
SHA1: bb228713f5e7aec7eaa1807cb109dad105775d0f

Identifiers

  • cpe: cpe:/a:apache:apache_commons_daemon:1.0.5.v20121125   Confidence:LOW   

org.apache.commons.daemon_1.0.5.v20121125-0905.jar

Description:  Alternative invocation mechanism for unix-daemon-like java code.

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.daemon_1.0.5.v20121125-0905.jar
MD5: 54ade4c93ae9081a7542a67d1a9c2080
SHA1: a73fbddabb549317bace5de979a7bbaf9911a22e

Identifiers

CVE-2011-2729  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

Vulnerable Software & Versions: (show all)

org.apache.commons.dbcp.source_1.4.0.v201204271417.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.dbcp.source_1.4.0.v201204271417.jar
MD5: 27d3c398e1ac1f60da0e65c64089f239
SHA1: a04759472dee805f34b330dbafd35e15a70bfbbf

Identifiers

  • None

org.apache.commons.dbcp_1.4.0.v201204271417.jar

Description: Commons Database Connection Pooling

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.dbcp_1.4.0.v201204271417.jar
MD5: a3c840df16ce16ee903d92d612dc0865
SHA1: f03f556752e10fd0d08c270dcf31cb1bc8d7ec95

Identifiers

  • None

org.apache.commons.discovery_0.2.0.v201004190315.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.discovery_0.2.0.v201004190315.jar
MD5: 8bffcc05d2bd99fd08791fa560a4fa09
SHA1: 2d9bd610ef0a3a7e1310de4b6183720f36e2d54e

Identifiers

  • None

org.apache.commons.discovery_0.2.0.v201004190315.jar: commons-discovery-0.2.jar

Description: Commons Discovery

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.discovery_0.2.0.v201004190315.jar/lib/commons-discovery-0.2.jar
MD5: 9a2fb56e6a79169b2fb6c8a0dc79abb0
SHA1: 7773ac7a7248f08ed2b8d297c6e2ef28260640ea

Identifiers

org.apache.commons.exec.source_1.1.0.v201301240602.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.exec.source_1.1.0.v201301240602.jar
MD5: c2f3794ad59ca023f6082ddec052ab37
SHA1: 1f7d8a3cef779a959088c1576e2e8fed4c9680e5

Identifiers

  • None

org.apache.commons.exec_1.1.0.v201301240602.jar

Description: A library to reliably execute external processes from within the JVM

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.exec_1.1.0.v201301240602.jar
MD5: c920634963e6a86bae80fae07ba5817c
SHA1: cd006cf862d77422ed7747470fbbb19ae246be9f

Identifiers

  • maven: org.apache.commons:commons-exec:1.1   Confidence:HIGH

org.apache.commons.fileupload_1.2.2.v20111214-1400.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.fileupload_1.2.2.v20111214-1400.jar
MD5: 5d328e61e68b8ce49997a26b547c4b68
SHA1: 115a3ca4e6b4f503c68d460a9788d3450560d487

Identifiers

CVE-2016-3092  

Severity: High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-20 Improper Input Validation

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

Vulnerable Software & Versions: (show all)

CVE-2016-1000031  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-284 Improper Access Control

Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution

Vulnerable Software & Versions:

CVE-2014-0050  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

Vulnerable Software & Versions: (show all)

org.apache.commons.httpclient_3.1.0.v201012070820.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.httpclient_3.1.0.v201012070820.jar
MD5: 22cb46aff3a05476aef167661e9e3b21
SHA1: c56ac5da20d435b5fbf28a95bbad15adb10c46f4

Identifiers

  • cpe: cpe:/a:apache:commons-httpclient:3.1.0.v20101207   Confidence:LOW   
  • cpe: cpe:/a:apache:httpclient:3.1.0.v20101207   Confidence:LOW   

CVE-2015-5262  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.

Vulnerable Software & Versions:

CVE-2014-3577  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.

Vulnerable Software & Versions: (show all)

CVE-2012-6153  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-20 Improper Input Validation

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783.

Vulnerable Software & Versions: (show all)

org.apache.commons.io.source_2.0.1.v201105210651.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.io.source_2.0.1.v201105210651.jar
MD5: 25f9a990622d2c0ce02a485e5a3e7386
SHA1: e94cb23b25abc26143ad5784b616df98af772cb1

Identifiers

  • None

org.apache.commons.io.source_2.2.0.v201405211200.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.io.source_2.2.0.v201405211200.jar
MD5: 8f55f3e65921ede2bd3d290d6f312266
SHA1: 09f9bab70e784be6221ae2796f830157c9b55ea1

Identifiers

  • None

org.apache.commons.io_2.0.1.v201105210651.jar

Description: Commons-IO contains utility classes, stream implementations, file filters, file comparators and endian classes.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.io_2.0.1.v201105210651.jar
MD5: 60887c7288cbbe621aa753c6cb321ffe
SHA1: ce13f6cd1168b001aa24a43f18a183ef3b5a65e2

Identifiers

  • None

org.apache.commons.io_2.2.0.v201405211200.jar

Description: Commons-IO contains utility classes, stream implementations, file filters, file comparators and endian classes.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.io_2.2.0.v201405211200.jar
MD5: 637aebc528c0eafd3413fe10143996bb
SHA1: 0a61dff5a173acbbc62eab9466d43d6a883db6d5

Identifiers

  • None

org.apache.commons.jxpath.source_1.3.0.v200911051830.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.jxpath.source_1.3.0.v200911051830.jar
MD5: 33c9ef9ca907f19b0a0ea6829d5b6815
SHA1: d4302dd14b0888bc03c1fc0266bcc16df98dd7e2

Identifiers

  • None

org.apache.commons.jxpath_1.3.0.v200911051830.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.jxpath_1.3.0.v200911051830.jar
MD5: 984d3a2502e01ae49d3714c7d9a6f6c8
SHA1: 65bba68a2eb451e5c40de38d8487f84fccb348db

Identifiers

  • None

org.apache.commons.lang.source_2.6.0.v201404270220.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.lang.source_2.6.0.v201404270220.jar
MD5: 00e7049d73bda02a09156988b99f21d4
SHA1: 687769e7d40990df829d9b1f7de686ad31671630

Identifiers

  • None

org.apache.commons.lang3.source_3.1.0.v201403281430.jar

Description: Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.lang3.source_3.1.0.v201403281430.jar
MD5: 2f2b0b2d82f8b71d1ee0e99d7a84c07d
SHA1: 3211d2ede0180fa0a6ca80e48ee70eefbdca45f9

Identifiers

  • None

org.apache.commons.lang3_3.1.0.v201403281430.jar

Description:  Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.lang3_3.1.0.v201403281430.jar
MD5: 358422435255f40c4b1106d847d9715b
SHA1: a701f5c0e4642cf4910138803d9f5d076f82d70e

Identifiers

  • maven: org.apache.commons:commons-lang3:3.1   Confidence:HIGH

org.apache.commons.lang_2.6.0.v201404270220.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.lang_2.6.0.v201404270220.jar
MD5: be5b143eada3d5356d47c08d6d635745
SHA1: d19153827ce09724c5e5e83f3173b318d31f882b

Identifiers

  • None

org.apache.commons.logging.source_1.0.4.v201101211617.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.logging.source_1.0.4.v201101211617.jar
MD5: 1a2bd000a822a0129d4d30d89028c840
SHA1: 6e0754c448d5792cd9ce86d309be7a666f57e2be

Identifiers

  • None

org.apache.commons.logging.source_1.1.1.v201101211721.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.logging.source_1.1.1.v201101211721.jar
MD5: 40868f631772f27fcae5f74c497118eb
SHA1: bffbba62c5efa59e3ebf0e5a9e99359bf593116b

Identifiers

  • None

org.apache.commons.logging_1.0.4.v201101211617.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.logging_1.0.4.v201101211617.jar
MD5: f99bb1bc52565defc3e602f12586b7a9
SHA1: aae7808e297cb1c34474cbc7529198b03f18c12b

Identifiers

  • None

org.apache.commons.logging_1.1.1.v201101211721.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.logging_1.1.1.v201101211721.jar
MD5: 677566eeaf1ea80e4b1a334dd636c379
SHA1: afec7337e36350cdc1ad71b8b38b9e99dee9a23e

Identifiers

  • None

org.apache.commons.math.source_2.1.0.v201105210652.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.math.source_2.1.0.v201105210652.jar
MD5: 4951596923ec1f52e712d9633f2c33e3
SHA1: f71950e8d40a5e13ea9f5e08d97f5ecff315308f

Identifiers

  • None

org.apache.commons.math3_3.5.0.v20160301-1110.jar

Description: The Apache Commons Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.math3_3.5.0.v20160301-1110.jar
MD5: c55e275ea3244baded73bf8dbb4956d1
SHA1: 09007f5077bf16b7ad8e29880aeb25c5384d48a0

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.commons.math3:3.5.0-SNAPSHOT   Confidence:HIGH

org.apache.commons.math_2.1.0.v201105210652.jar

Description: The Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.math_2.1.0.v201105210652.jar
MD5: 45a6afc93a0e4575fcf41eb2c0b293f6
SHA1: f2458aada8bf453df9b0e4c4b977b5210cebe2b2

Identifiers

  • None

org.apache.commons.net.source_3.2.0.v201305141515.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.net.source_3.2.0.v201305141515.jar
MD5: 2e5f4b8a6fef673f12c8fdc1ffb36936
SHA1: cae10ef61de8b77a6b6c1f38094cdcbbe78d6ecd

Identifiers

  • None

org.apache.commons.net_3.2.0.v201305141515.jar

Description:  Apache Commons Net library contains a collection of network utilities and protocol implementations. Supported protocols include: Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Telnet, Whois

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.net_3.2.0.v201305141515.jar
MD5: 5b61a48f211d95050b01c831f8caee0c
SHA1: e0eb0cc4389d10249c58eafc4c219f10bd4bd511

Identifiers

  • maven: commons-net:commons-net:3.2   Confidence:HIGH

org.apache.commons.pool.source_1.6.0.v201204271246.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.pool.source_1.6.0.v201204271246.jar
MD5: a02c37af7cdd81aad34bcfb1ddb09f0b
SHA1: 51922bc154b60268de5cbe7ec7959a21cb6f6918

Identifiers

  • None

org.apache.commons.pool_1.6.0.v201204271246.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.commons.pool_1.6.0.v201204271246.jar
MD5: f525c31972812f357b6a0b14618e6ea5
SHA1: a4de04e4b5ece825cf9a960fe04b0afff2586538

Identifiers

  • None

org.apache.coyote.source_7.0.56.v201412180755.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.coyote.source_7.0.56.v201412180755.jar
MD5: f6e7dbbafa8f3bd5d4f3fe6dd57a5321
SHA1: 07d754e7e9683cba03dd5dddd3c7a29606849aee

Identifiers

  • None

org.apache.coyote_7.0.56.v201412180755.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.coyote_7.0.56.v201412180755.jar
MD5: 2a8551f904a77a8245c9ad79b15bd0b9
SHA1: c1122bd3d4e48809434df3450708454ed851e5de

Identifiers

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-5388  

Severity: Medium
CVSS Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
CWE: CWE-284 Improper Access Control

Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.

Vulnerable Software & Versions: (show all)

org.apache.derby_10.11.1.1_v201605202053.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.derby_10.11.1.1_v201605202053.jar
MD5: 17166d0735e6557d4ad110de9e543d9a
SHA1: 2b60bf505a014edd8e3c7198f9c0b5761d2a1705

Identifiers

CVE-2015-1832  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
CWE: CWE-399 Resource Management Errors

XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.

Vulnerable Software & Versions:

org.apache.derby_10.8.2.2_v201605172130.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.derby_10.8.2.2_v201605172130.jar
MD5: 38267b7c597c9aa404a58bee246f035b
SHA1: 230d520cbd87977dc0fd2953b4f0ed3cf35a4d68

Identifiers

  • cpe: cpe:/a:apache:derby:10.8.2.2.v20160517   Confidence:LOW   

CVE-2015-1832  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
CWE: CWE-399 Resource Management Errors

XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.

Vulnerable Software & Versions:

org.apache.el.source_7.0.56.v201412180755.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.el.source_7.0.56.v201412180755.jar
MD5: 11eb107293203207d1b291c51b2872b8
SHA1: 793b12f48a7b68572ff5a2655d3ef4fc76076ee2

Identifiers

  • None

org.apache.el_7.0.56.v201412180755.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.el_7.0.56.v201412180755.jar
MD5: bd0d7cebe2cf05c51d43c9a42844d2e6
SHA1: 4876fb02bd2d0e2516717285c467101d95f888ea

Identifiers

  • None

org.apache.felix.gogo.command.source_0.10.0.v201209301215.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.felix.gogo.command.source_0.10.0.v201209301215.jar
MD5: 7c2cc7574ea9a96ae76d95bb283bc712
SHA1: dc4a032a38cbbe890fcbfe03b059fa56a666caf7

Identifiers

  • None

org.apache.felix.gogo.command_0.10.0.v201209301215.jar

Description:  Provides basic shell commands for Gogo.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.felix.gogo.command_0.10.0.v201209301215.jar
MD5: 5f854c9a06cffa77a2350797222bfe89
SHA1: 6f704cedf8fa422aa761fc61a58c3e28a734ea2c

Identifiers

  • maven: org.apache.felix:org.apache.felix.gogo.command:0.10.0   Confidence:HIGH

org.apache.felix.gogo.runtime.source_0.10.0.v201209301036.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.felix.gogo.runtime.source_0.10.0.v201209301036.jar
MD5: d5ea4cd1ef89327d0f2c191773be6352
SHA1: 1fd5591a72cd9b05c0b562b93e6a51a6257626b2

Identifiers

  • None

org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar

Description: Apache Felix Gogo Subproject

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar
MD5: 5b74a75ff316cadd8208e18a01dcb353
SHA1: f3999f96d957f6180cc55255efafe0dbb28e4082

Identifiers

  • maven: org.apache.felix:org.apache.felix.gogo.runtime:0.10.0   Confidence:HIGH

org.apache.felix.gogo.shell.source_0.10.0.v201212101605.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.felix.gogo.shell.source_0.10.0.v201212101605.jar
MD5: d61f74430e7c621d0af04a4f3c087adc
SHA1: 41de02d89a57cd2827908938a016aa5ba377bb85

Identifiers

  • None

org.apache.felix.gogo.shell_0.10.0.v201212101605.jar

Description: Apache Felix Gogo Subproject

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.felix.gogo.shell_0.10.0.v201212101605.jar
MD5: 40cdc965d53e9039bb5589b9355a2612
SHA1: 8ffd7f4d410e40b4e3a6e8f11e9e60ffc859083a

Identifiers

  • maven: org.apache.felix:org.apache.felix.gogo.shell:0.10.0   Confidence:HIGH

org.apache.felix.scr_2.0.6.v20161206-1638.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.felix.scr_2.0.6.v20161206-1638.jar
MD5: 341f1ce8c79789d36a8094b9f6693579
SHA1: 2ac828cf3bb4c8d8c44431fa0ce725af54543639

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.felix.scr:2.0.6-SNAPSHOT   Confidence:HIGH

org.apache.geronimo.components.connector_3.1.1.v201205170953.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.geronimo.components.connector_3.1.1.v201205170953.jar
MD5: efe127ec98f6cb45ca4af7336ddea3ab
SHA1: ddbec8151f44c2b94094b0adde6c5d70493eaaf0

Identifiers

CVE-2008-0732  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.

Vulnerable Software & Versions:

org.apache.geronimo.specs.j2ee.management_1.0.0.v201205091237.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.geronimo.specs.j2ee.management_1.0.0.v201205091237.jar
MD5: 6285154826d103c7dc4c68c154766377
SHA1: 8dc5f585c28e601121dbd57773886337fd7e4344

Identifiers

CVE-2011-5034  

Severity: High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-20 Improper Input Validation

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.

Vulnerable Software & Versions: (show all)

CVE-2008-0732  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.

Vulnerable Software & Versions:

CVE-2007-5797  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-287 Improper Authentication

SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.

Vulnerable Software & Versions: (show all)

CVE-2007-4548  

Severity: High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-287 Improper Authentication

The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.

Vulnerable Software & Versions:

org.apache.geronimo.specs.osgi.locator_1.1.0.v201205170953.jar

Description: This bundle is not used as a standalone unit, but contains classes thatshould be copied into another bundle as a private package.

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.geronimo.specs.osgi.locator_1.1.0.v201205170953.jar
MD5: 57a8839f951b09c8c14bb4badd3e2dce
SHA1: 5b2ab7e8f446fe59ef86082b3c9fe973f461a1e4

Identifiers

CVE-2011-5034  

Severity: High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-20 Improper Input Validation

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.

Vulnerable Software & Versions: (show all)

CVE-2008-0732  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.

Vulnerable Software & Versions:

org.apache.hadoop.zookeeper_3.4.5.v20121214-1350.jar

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.hadoop.zookeeper_3.4.5.v20121214-1350.jar
MD5: a495a673081e7c48059ace5a5371f804
SHA1: 54ecd4dd68a4121be700ea22568acf85338f4066

Identifiers

  • cpe: cpe:/a:apache:hadoop:3.4.5.v20121214   Confidence:LOW   
  • cpe: cpe:/a:apache:zookeeper:3.4.5.v20121214   Confidence:LOW   

CVE-2016-5017  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string.

Vulnerable Software & Versions: (show all)

CVE-2014-0085  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-255 Credentials Management

Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.

Vulnerable Software & Versions: (show all)

org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar

Description: HttpComponents Client (OSGi bundle)

License:

LICENSE.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar
MD5: 9fa07861805d7dd2992fe7192abdea5f
SHA1: 1da7239b0d044293b0e95073ee0e68518375cd2d

Identifiers

  • cpe: cpe:/a:apache:httpclient:4.2.6.v20131107   Confidence:LOW   

CVE-2015-5262  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.

Vulnerable Software & Versions:

CVE-2014-3577  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.

Vulnerable Software & Versions: (show all)

org.apache.httpcomponents.httpclient_4.3.6.v201511171540.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.httpcomponents.httpclient_4.3.6.v201511171540.jar
MD5: ce81d7f8c017ca35816b7c8551c403eb
SHA1: 981a4c813617e3ce2a025088371f62f3d6090e4f

Identifiers

  • cpe: cpe:/a:apache:httpclient:4.3.6.v20151117   Confidence:LOW   

org.apache.httpcomponents.httpclient_4.5.2.v20161115-1643.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.httpcomponents.httpclient_4.5.2.v20161115-1643.jar
MD5: a50c094febab3ec62f1d86cde1a5251c
SHA1: 2e203cf1edd422f6a3bec88e56d9908470b459e5

Identifiers

  • cpe: cpe:/a:apache:httpclient:4.5.2.v20161115   Confidence:LOW   
  • maven: org.eclipse.orbit.bundles:org.apache.httpcomponents.httpclient:4.5.2-SNAPSHOT   Confidence:HIGH

org.apache.httpcomponents.httpcore.nio.source_4.0.0.v200905121600.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.httpcomponents.httpcore.nio.source_4.0.0.v200905121600.jar
MD5: 23944577baa74eba0e130f331babf8af
SHA1: 7a078f596136c2f179ad453649aa4226fcffbd8b

Identifiers

  • None

org.apache.httpcomponents.httpcore.nio.source_4.1.0.v201101201700.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.httpcomponents.httpcore.nio.source_4.1.0.v201101201700.jar
MD5: c21780c83a983af9ae1249298fdfa470
SHA1: 8adac4c0c1da8f9e5c41dc747486489e9defeded

Identifiers

  • None

org.apache.httpcomponents.httpcore.nio_4.0.0.v200905121600.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.httpcomponents.httpcore.nio_4.0.0.v200905121600.jar
MD5: e64e8bb381bd55a7bdde90a66d3438b5
SHA1: 282c1af50557140878961750af5365590603720f

Identifiers

  • None

org.apache.httpcomponents.httpcore.nio_4.1.0.v201101201700.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.httpcomponents.httpcore.nio_4.1.0.v201101201700.jar
MD5: d130f0848b604267193537f5b9a8dbb6
SHA1: e342ba2da08d7bada9290d85de8d933c6cde96ee

Identifiers

  • None

org.apache.httpcomponents.httpcore.source_4.2.5.v201311072007.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.httpcomponents.httpcore.source_4.2.5.v201311072007.jar
MD5: d0361eff5e6727b5834ab4c228a982c0
SHA1: 56d0220a87b5f45b49a008ace776672e73f80870

Identifiers

  • None

org.apache.httpcomponents.httpcore.source_4.3.3.v201411290715.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.httpcomponents.httpcore.source_4.3.3.v201411290715.jar
MD5: c8b6059b5e3d49608a54fa3aea334f6f
SHA1: c38b3328e72947ca561334118af24fecda81db84

Identifiers

  • None

org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar

Description: HttpComponents Core (OSGi bundle)

License:

LICENSE.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar
MD5: c27dc75bfe0b6aa4a84bbf5137616e6e
SHA1: d03c2c081fc608b7708e82f586ad08330fd046e7

Identifiers

  • None

org.apache.httpcomponents.httpcore_4.3.3.v201411290715.jar

Description: %Bundle-Description

License:

LICENSE.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.httpcomponents.httpcore_4.3.3.v201411290715.jar
MD5: 655c65b770cc2637e2958ef5df30047f
SHA1: 2e4fcff8d28f2329013c3b0226656d3c7cb94b4b

Identifiers

  • None

org.apache.httpcomponents.httpcore_4.4.4.v20161115-1643.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.httpcomponents.httpcore_4.4.4.v20161115-1643.jar
MD5: 0e1ee5fa7507ca5e328edb7c6a9e418e
SHA1: e2ced9707478aab0cbb7e31778212f6ece98002f

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.httpcomponents.httpcore:4.4.4-SNAPSHOT   Confidence:HIGH

org.apache.jasper.glassfish.source_2.2.2.v201501141630.jar

Description: %Bundle-Description

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.jasper.glassfish.source_2.2.2.v201501141630.jar
MD5: 51c48f68e856468df7f6a8384c22bd2c
SHA1: 25b9843f7d8686804b6652e4305cc2868d758d2b

Identifiers

  • None

org.apache.jasper.glassfish_2.2.2.v201501141630.jar

Description: %Bundle-Description

License:

https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.jasper.glassfish_2.2.2.v201501141630.jar
MD5: b3269c3e492f032b026de4ca3571c358
SHA1: 2391436763a99ddbfb100352068fe0c5de8f1adb

Identifiers

  • None

org.apache.jasper.source_7.0.56.v201412180755.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.jasper.source_7.0.56.v201412180755.jar
MD5: 6813dc53d7fb730bb69cdbbd452f4786
SHA1: 6a5c71a9addd621f5c19d0961338ad2dd7efc966

Identifiers

  • None

org.apache.jasper_7.0.56.v201412180755.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.jasper_7.0.56.v201412180755.jar
MD5: d53a6fb4e9c80d14ea0f16f8b079830b
SHA1: 637016798f112a82cba8b928dbd6a42a3dcfaf11

Identifiers

  • None

org.apache.jclouds.api.cloudwatch_1.8.0.v20160301-1110.jar

Description: jclouds components to access an implementation of CloudWatch

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.jclouds.api.cloudwatch_1.8.0.v20160301-1110.jar
MD5: a683c2fb00ecb9657228d0fc5c4510fc
SHA1: c6813fa997ab54f2dff5b26e067aba7595b42d01

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.jclouds.api.cloudwatch:1.8.0-SNAPSHOT   Confidence:HIGH

org.apache.jclouds.api.ec2_1.8.0.v20160301-1110.jar

Description: jclouds components to access an implementation of EC2

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.jclouds.api.ec2_1.8.0.v20160301-1110.jar
MD5: 9cce7563f8e63540ba3f764b590a4f8b
SHA1: 4166d4add0df3a3babdc18569fb4c3bee9a294a8

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.jclouds.api.ec2:1.8.0-SNAPSHOT   Confidence:HIGH

org.apache.jclouds.api.openstack-cinder_1.8.0.v20160301-1110.jar

Description: jclouds components to access an implementation of OpenStack Cinder

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.jclouds.api.openstack-cinder_1.8.0.v20160301-1110.jar
MD5: 269b9f8ba6f06ae99ddd51806da5337c
SHA1: 14e944a015290ef2294e597067aee65125befc0c

Identifiers

  • cpe: cpe:/a:openstack:cinder:1.8.0.v20160301   Confidence:LOW   
  • maven: org.eclipse.orbit.bundles:org.apache.jclouds.api.openstack-cinder:1.8.0-SNAPSHOT   Confidence:HIGH

CVE-2014-7231  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.

Vulnerable Software & Versions: (show all)

CVE-2014-7230  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.

Vulnerable Software & Versions: (show all)

CVE-2014-3641  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.

Vulnerable Software & Versions: (show all)

org.apache.jclouds.api.openstack-keystone_1.8.0.v20160301-1110.jar

Description: jclouds components to access an implementation of OpenStack Keystone

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.jclouds.api.openstack-keystone_1.8.0.v20160301-1110.jar
MD5: 07c865f9005713dfd5f963cb27f44082
SHA1: 43abec59cdeb04c12d961dd9a4a5f7cd9d0df2d0

Identifiers

  • cpe: cpe:/a:openstack:keystone:1.8.0.v20160301   Confidence:LOW   
  • maven: org.eclipse.orbit.bundles:org.apache.jclouds.api.openstack-keystone:1.8.0-SNAPSHOT   Confidence:HIGH

CVE-2015-7546  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-254 Security Features

The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token.

Vulnerable Software & Versions: (show all)

CVE-2015-3646  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs.

Vulnerable Software & Versions: (show all)

CVE-2014-3621  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.

Vulnerable Software & Versions: (show all)

CVE-2014-3520  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-310 Cryptographic Issues

OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request.

Vulnerable Software & Versions: (show all)

CVE-2014-3476  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles.

Vulnerable Software & Versions: (show all)

CVE-2014-0204  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.

Vulnerable Software & Versions: (show all)

CVE-2013-6391  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request.

Vulnerable Software & Versions: (show all)

CVE-2013-4222  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-255 Credentials Management

OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.

Vulnerable Software & Versions: (show all)

CVE-2013-2157  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-287 Improper Authentication

OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.

Vulnerable Software & Versions: (show all)

CVE-2013-2014  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.

Vulnerable Software & Versions: (show all)

CVE-2012-4457  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-287 Improper Authentication

OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant.

Vulnerable Software & Versions: (show all)

CVE-2012-4456  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-287 Improper Authentication

The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services.

Vulnerable Software & Versions: (show all)

org.apache.jclouds.api.openstack-nova_1.8.0.v20160301-1110.jar

Description: jclouds components to access an implementation of OpenStack Nova

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.jclouds.api.openstack-nova_1.8.0.v20160301-1110.jar
MD5: b99d787613f7c575cd897ba27df4ffd6
SHA1: c627d824414fd1dd9b8cf0c49eb35555240e7c07

Identifiers

CVE-2015-5162  

Severity: High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-399 Resource Management Errors

The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.

Vulnerable Software & Versions: (show all)

CVE-2014-7231  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.

Vulnerable Software & Versions: (show all)

CVE-2014-7230  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.

Vulnerable Software & Versions: (show all)

CVE-2012-2101  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules.

Vulnerable Software & Versions: (show all)

CVE-2012-1585  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and disk consumption) via a long server name.

Vulnerable Software & Versions:

org.apache.jclouds.api.sts_1.8.0.v20160301-1110.jar

Description: jclouds components to access an implementation of Security Token Service (STS)

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.jclouds.api.sts_1.8.0.v20160301-1110.jar
MD5: 38e8a8a20267fb913874f29602dadab0
SHA1: 91bbf5815b1b69eeebf0d85767b7682658a9f1c8

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.jclouds.api.sts:1.8.0-SNAPSHOT   Confidence:HIGH

org.apache.jclouds.common.openstack-common_1.8.0.v20160301-1110.jar

Description: jclouds Core components to access OpenStack apis

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.jclouds.common.openstack-common_1.8.0.v20160301-1110.jar
MD5: 31c2bd7f4c89ea41472d7a1255c8524e
SHA1: 0ebbdfb3eb866e4565f123eea2259c3e721aec7a

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.jclouds.common.openstack-common:1.8.0-SNAPSHOT   Confidence:HIGH

org.apache.jclouds.driver.jclouds-slf4j_1.8.0.v20160301-1110.jar

Description: jclouds SLF4J Logging Module

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.jclouds.driver.jclouds-slf4j_1.8.0.v20160301-1110.jar
MD5: a8a4b11783c41cb60be61569bba17e30
SHA1: 35ee667a19e0214241efbe76d0cf6884ac08a172

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.jclouds.driver.jclouds-slf4j:1.8.0-SNAPSHOT   Confidence:HIGH

org.apache.jclouds.jclouds-blobstore_1.8.0.v20160301-1110.jar

Description: jclouds components to access blobstore

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.jclouds.jclouds-blobstore_1.8.0.v20160301-1110.jar
MD5: f7552593721ed4b9505ac93a2221d649
SHA1: c4777d3efcf76e81799c03b299f4e1b60cfa1f65

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.jclouds.jclouds-blobstore:1.8.0-SNAPSHOT   Confidence:HIGH

org.apache.jclouds.jclouds-compute_1.8.0.v20160301-1110.jar

Description: jclouds components to access compute providers

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.jclouds.jclouds-compute_1.8.0.v20160301-1110.jar
MD5: de846fe9d2d8d243919bf3ff709c6cf0
SHA1: 6f0bf79072a79237b78ef1cc29816d3df3276a6f

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.jclouds.jclouds-compute:1.8.0-SNAPSHOT   Confidence:HIGH

org.apache.jclouds.jclouds-core_1.8.0.v20160301-1110.jar

Description: Core components to access jclouds services

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.jclouds.jclouds-core_1.8.0.v20160301-1110.jar
MD5: 2ef5c7c9354d9801eb2c637a8db6fc5f
SHA1: 1c58a747c149e770abb30bed72ab044696af495a

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.jclouds.jclouds-core:1.8.0-SNAPSHOT   Confidence:HIGH

org.apache.jclouds.jclouds-scriptbuilder_1.8.0.v20160301-1110.jar

Description: creates scripts that can be used to manage services

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.jclouds.jclouds-scriptbuilder_1.8.0.v20160301-1110.jar
MD5: d65b47faa29299f566f85be85a2d380c
SHA1: 7a528337c643b75d8350a342b0e2b595631a8e7f

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.jclouds.jclouds-scriptbuilder:1.8.0-SNAPSHOT   Confidence:HIGH

org.apache.jclouds.labs.docker_1.8.0.v20160301-1110.jar

Description: ComputeService binding to the Docker API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.jclouds.labs.docker_1.8.0.v20160301-1110.jar
MD5: 50d33c686df86096d397e4ddf4ac828a
SHA1: a0bc9b6fdea4a095d7fc7256c100ba148f8449a6

Identifiers

  • cpe: cpe:/a:docker:docker:1.8.0.v20160301   Confidence:LOW   
  • maven: org.eclipse.orbit.bundles:org.apache.jclouds.labs.docker:1.8.0-SNAPSHOT   Confidence:HIGH

CVE-2016-3697  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.

Vulnerable Software & Versions: (show all)

org.apache.jclouds.labs.openstack-neutron_1.8.0.v20160301-1110.jar

Description: jclouds components to access an implementation of OpenStack Neutron

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.jclouds.labs.openstack-neutron_1.8.0.v20160301-1110.jar
MD5: bd8d9c730e9b59b87a54358b75a7c045
SHA1: 3d170b43a9cd4783600956a3d0a2c1d33d16e0a9

Identifiers

  • cpe: cpe:/a:openstack:neutron:1.8.0.v20160301   Confidence:LOW   
  • maven: org.eclipse.orbit.bundles:org.apache.jclouds.labs.openstack-neutron:1.8.0-SNAPSHOT   Confidence:HIGH

CVE-2016-5362  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
CWE: CWE-254 Security Features

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message.

Vulnerable Software & Versions: (show all)

CVE-2015-8914  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
CWE: CWE-254 Security Features

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address.

Vulnerable Software & Versions: (show all)

CVE-2015-3221  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.

Vulnerable Software & Versions: (show all)

CVE-2014-7821  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.

Vulnerable Software & Versions: (show all)

CVE-2014-6414  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N)

OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors.

Vulnerable Software & Versions: (show all)

CVE-2014-4167  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.

Vulnerable Software & Versions: (show all)

CVE-2014-3632  

Severity: High
CVSS Score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression.

Vulnerable Software & Versions: (show all)

CVE-2013-6433  

Severity: High
CVSS Score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file.

Vulnerable Software & Versions: (show all)

org.apache.juli.extras.source_7.0.56.v201412180755.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.juli.extras.source_7.0.56.v201412180755.jar
MD5: b25125c610b440925ccf944f841d2fe1
SHA1: 23b67d6801e02337c6700cad4ef5ed392ce4e0c4

Identifiers

  • None

org.apache.juli.extras_7.0.56.v201412180755.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.juli.extras_7.0.56.v201412180755.jar
MD5: b61aea265b4647c909e5dbc00e603688
SHA1: 71d61f5b4abe6a37926103652b6e58a6ed96f2a3

Identifiers

  • None

org.apache.log4j.source_1.2.15.v201012070815.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.log4j.source_1.2.15.v201012070815.jar
MD5: e84766df4516e9eaa8611e215eec77f3
SHA1: c285d634d7b4fb7e005f09a256a46bc5089d465d

Identifiers

  • None

org.apache.log4j_1.2.15.v201012070815.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.log4j_1.2.15.v201012070815.jar
MD5: 1a1235688c08c2fa7fbfee45da4216fd
SHA1: f1adee393e88d157a4ae555cb7f02b5919e2cbe4

Identifiers

  • None

org.apache.lucene.analysis.source_3.5.0.v20120725-1805.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.analysis.source_3.5.0.v20120725-1805.jar
MD5: a94379b0a86078fad518f5ea854e8891
SHA1: affc6b2b946b3af70dd612a07704d549b9511c02

Identifiers

  • None

org.apache.lucene.analysis_3.5.0.v20120725-1805.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.analysis_3.5.0.v20120725-1805.jar
MD5: a6cc7984b1b9ee9da27e989e41499c96
SHA1: 38a90c846590c7f0c62ce8ab51d3ee6bd223b664

Identifiers

  • None

org.apache.lucene.analyzers-common_5.2.1.v20160301-1110.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.analyzers-common_5.2.1.v20160301-1110.jar
MD5: e1527ccdc7bac43e0619c2a453e22ab1
SHA1: bdd128cd37903949670671f9c3450577dee0bf2e

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.lucene.analyzers-common:5.2.1-SNAPSHOT   Confidence:HIGH

org.apache.lucene.analyzers-common_6.1.0.v20161115-1612.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.analyzers-common_6.1.0.v20161115-1612.jar
MD5: 47d0512d88c671f6ce15a72bff52b5bc
SHA1: dee8bbac3066346dcca40b8829ae6e213691623d

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.lucene.analyzers-common:6.1.0-SNAPSHOT   Confidence:HIGH

org.apache.lucene.analyzers-smartcn_5.2.1.v20160301-1110.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.analyzers-smartcn_5.2.1.v20160301-1110.jar
MD5: 0f30a26f6163ce2d080c22fac9be2901
SHA1: c304c4014d8de644d92d006fcaecc4cfe2ced112

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.lucene.analyzers-smartcn:5.2.1-SNAPSHOT   Confidence:HIGH

org.apache.lucene.analyzers-smartcn_6.1.0.v20161115-1612.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.analyzers-smartcn_6.1.0.v20161115-1612.jar
MD5: 5068e8534bd623cf59b5d6a0f61ceb37
SHA1: 26a2ec1dfa5fc921351dc16b4657d1ae09b3c06e

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.lucene.analyzers-smartcn:6.1.0-SNAPSHOT   Confidence:HIGH

org.apache.lucene.core.source_3.5.0.v20120725-1805.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.core.source_3.5.0.v20120725-1805.jar
MD5: f11fde2eec10a79ebe4e5cefb10d6c86
SHA1: 5968b6771901011f9930d349f908cc7bb875e809

Identifiers

  • None

org.apache.lucene.core_3.5.0.v20120725-1805.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.core_3.5.0.v20120725-1805.jar
MD5: e243459011e2ab415d9604b90c2b5180
SHA1: b692d43c07f32c43402dd8c02efac090990c99c1

Identifiers

org.apache.lucene.core_5.2.1.v20160301-1110.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.core_5.2.1.v20160301-1110.jar
MD5: 6ed725371eceb3ea367329cfcaa2535d
SHA1: b80abe116d953f7cb3d3c17838726b3a4961d460

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.lucene.core:5.2.1-SNAPSHOT   Confidence:HIGH

org.apache.lucene.core_6.1.0.v20161115-1612.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.core_6.1.0.v20161115-1612.jar
MD5: 416b0ddd3cb85246fb9d2c18c556aaff
SHA1: 2242d3057574156201bdc82c0997c144474a33f6

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.lucene.core:6.1.0-SNAPSHOT   Confidence:HIGH

org.apache.lucene.grouping.source_3.5.0.v20120725-1805.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.grouping.source_3.5.0.v20120725-1805.jar
MD5: 322892688670e1b5036556ab59912e89
SHA1: 9a600cdb02975dd6b1f83e0f22b1553830b50cdd

Identifiers

  • None

org.apache.lucene.grouping_3.5.0.v20120725-1805.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.grouping_3.5.0.v20120725-1805.jar
MD5: 95045b0e7fc9701f86bf120009825b39
SHA1: 20b8b802bc7f570698cc012598698e56fb4e74f9

Identifiers

  • None

org.apache.lucene.highlighter.source_3.5.0.v20121015-1317.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.highlighter.source_3.5.0.v20121015-1317.jar
MD5: 86a86880539f1f3c0705020a5ce26062
SHA1: 49aa0893a70d1a336d630712409fd00fbb7f7634

Identifiers

  • None

org.apache.lucene.highlighter_3.5.0.v20121015-1317.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.highlighter_3.5.0.v20121015-1317.jar
MD5: 4715acc75a01eef0f1edc5e226b98de9
SHA1: d4207166e23bd017211adc26320b4e26a532499c

Identifiers

  • None

org.apache.lucene.memory.source_3.5.0.v20120725-1805.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.memory.source_3.5.0.v20120725-1805.jar
MD5: 3af4c91f1623b5287b939c580b2ac6a8
SHA1: 58a13ca6c2dad435f4d819af83a415ae1af5d5d8

Identifiers

  • None

org.apache.lucene.memory_3.5.0.v20120725-1805.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.memory_3.5.0.v20120725-1805.jar
MD5: a6446a8540c602881c582adb06f72c41
SHA1: b07d24ef6ce6d4a4569cb5f6fcdeaa10a519719e

Identifiers

  • None

org.apache.lucene.misc.source_3.5.0.v20120725-1805.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.misc.source_3.5.0.v20120725-1805.jar
MD5: e1570d809da4785508560cdb4a05d096
SHA1: b630441cc9ac71bfb4a6de5bbc0bafab98e03374

Identifiers

  • None

org.apache.lucene.misc_3.5.0.v20120725-1805.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.misc_3.5.0.v20120725-1805.jar
MD5: 898d8b413531728e0ed9befe89f7c4e3
SHA1: 0cceb7611916bfc4650434f0e0c23d26469b800f

Identifiers

  • None

org.apache.lucene.misc_6.1.0.v20161115-1612.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.misc_6.1.0.v20161115-1612.jar
MD5: d9cf8240e7db347ee98c433f0e54ffd8
SHA1: e05813b8695f39643f2da0b5caa6c3e9026e7861

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.lucene.misc:6.1.0-SNAPSHOT   Confidence:HIGH

org.apache.lucene.queries.source_3.5.0.v20120725-1805.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.queries.source_3.5.0.v20120725-1805.jar
MD5: 5aa45017f5b21f110b6faaf16af98a72
SHA1: e2b4ea3bb6cef995e83c5fd3fdf4c77bca3f242d

Identifiers

  • None

org.apache.lucene.queries_3.5.0.v20120725-1805.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.queries_3.5.0.v20120725-1805.jar
MD5: 8fc59b824751746c245372895bf264e9
SHA1: 093621864204d8fcd8e3532a5bbf6b4ec3c5c2e0

Identifiers

  • None

org.apache.lucene.queries_5.2.1.v20160926-1534.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.queries_5.2.1.v20160926-1534.jar
MD5: df4afc25184f0eb21ccb2b9b183ccb57
SHA1: 48351b20fc91137a6080150bf46634bdb9ca2653

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.lucene.queries:5.2.1-SNAPSHOT   Confidence:HIGH

org.apache.lucene.queryparser_5.2.1.v20160926-1534.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.queryparser_5.2.1.v20160926-1534.jar
MD5: ae4905d9572fc394439340c0aa8125af
SHA1: 53d189175850301fa2948899eb282e05d5527071

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.lucene.queryparser:5.2.1-SNAPSHOT   Confidence:HIGH

org.apache.lucene.queryparser_6.1.0.v20161115-1612.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.queryparser_6.1.0.v20161115-1612.jar
MD5: 2088df9ca41c8ced5c7b792bd6aea0bd
SHA1: ec1313b0bc20dcedf903c65ec0613dc9766c4f0d

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.lucene.queryparser:6.1.0-SNAPSHOT   Confidence:HIGH

org.apache.lucene.source_3.5.0.v20120725-1805.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.source_3.5.0.v20120725-1805.jar
MD5: d24f24a9cc34e79512865d21f9e2aec6
SHA1: 06569c69cf5b5193ceb006e81805c846a7772c45

Identifiers

  • None

org.apache.lucene.spatial.source_3.5.0.v20120725-1805.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.spatial.source_3.5.0.v20120725-1805.jar
MD5: 5749d9e40f1573084b9fb4c52b4d301e
SHA1: 8ffa8f9c5cf17f479e9d24cd81259d0893927049

Identifiers

  • None

org.apache.lucene.spatial_3.5.0.v20120725-1805.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.spatial_3.5.0.v20120725-1805.jar
MD5: 06e48ef6e9384745b7423d47b994ccee
SHA1: 9086ccdbb9bc38ee3e6ff556b886d05a5421f5bb

Identifiers

  • None

org.apache.lucene.spellchecker.source_3.5.0.v20120725-1805.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.spellchecker.source_3.5.0.v20120725-1805.jar
MD5: 04e8fae6b506631939d255bf4b1a42e0
SHA1: cf56e9db381643e8748c9de0ac350a3cc2105f88

Identifiers

  • None

org.apache.lucene.spellchecker_3.5.0.v20120725-1805.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene.spellchecker_3.5.0.v20120725-1805.jar
MD5: 761e3283bcd27a61139b1c692a521f4d
SHA1: e45f4b515aa771ca103a432d09416407fd375b77

Identifiers

  • None

org.apache.lucene_3.5.0.v20120725-1805.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.lucene_3.5.0.v20120725-1805.jar
MD5: ab55a8b4e994b9809d3d6119507eeb3f
SHA1: 74a187f2eb94c11a28a7aff7c58f6244ac82ac82

Identifiers

  • None

org.apache.mina.core.source_2.0.7.v201401071602.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.mina.core.source_2.0.7.v201401071602.jar
MD5: f3ae5c71231a55827f3470a31d9ba6ba
SHA1: 256f884f73fb6b938d29b22499da02f973e232fe

Identifiers

  • None

org.apache.mina.core_2.0.7.v201401071602.jar

Description: Apache MINA is a network application framework which helps users develop high performance and highlyscalable network applications easily. It provides an abstract event-driven asynchronous API over various transports such as TCP/IP and UDP/IP via Java NIO.

License:

http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.mina.core_2.0.7.v201401071602.jar
MD5: 2331e4741234e35d30781ac532f6846d
SHA1: 677a69f0ba762392c0e8b3d8e6767dc839388289

Identifiers

  • maven: org.apache.mina:mina-core:2.0.2   Confidence:HIGH

org.apache.mina.filter.compression.source_2.0.7.v201401141305.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.mina.filter.compression.source_2.0.7.v201401141305.jar
MD5: 60975b7225f5ab6257a05ae2be3f89fe
SHA1: 1a46f983e166170ca6159baeb60f268bc5336e5d

Identifiers

  • None

org.apache.mina.filter.compression_2.0.7.v201401141305.jar

Description: Apache MINA is a network application framework which helps users develop high performance and highly scalable network applications easily. It provides an abstract event-driven asynchronous API over various transports such as TCP/IP and UDP/IP via Java NIO.

License:

http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.mina.filter.compression_2.0.7.v201401141305.jar
MD5: e515fb71ae91eac5a8155189e39ad500
SHA1: de51827599e2d1b07835fb837bb0e605efd2ca7c

Identifiers

  • maven: org.apache.mina:mina-filter-compression:2.0.7   Confidence:HIGH

org.apache.neethi_2.0.4.1.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.neethi_2.0.4.1.jar
MD5: 00a7f3d174a028a6c987779090398aeb
SHA1: 8a3c619146608822f7132f4d60f62e4cebf41ec9

Identifiers

  • None

org.apache.olingo_2.0.3.v201605172220.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.olingo_2.0.3.v201605172220.jar
MD5: c6e266763fc3bc06ca4c8751f5c3e5d6
SHA1: a8aac87a44e2010e91b6cb3194c206e05b7f2f61

Identifiers

  • None

org.apache.olingo_2.0.3.v201605172220.jar/META-INF/maven/org.apache.olingo/olingo-odata2-api-annotation/pom.xml

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.olingo_2.0.3.v201605172220.jar/META-INF/maven/org.apache.olingo/olingo-odata2-api-annotation/pom.xml
MD5: 071d08c5e325ffcbd86c87f573a0daa0
SHA1: 46b66aef92920b2ac28b28bebaad7a81b9489197

Identifiers

  • maven: org.apache.olingo:olingo-odata2-api-annotation:2.0.3   Confidence:HIGH

org.apache.olingo_2.0.3.v201605172220.jar/META-INF/maven/org.apache.olingo/olingo-odata2-api/pom.xml

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.olingo_2.0.3.v201605172220.jar/META-INF/maven/org.apache.olingo/olingo-odata2-api/pom.xml
MD5: 5ed3c67204b5923ca04f09f040dba7c4
SHA1: 42c428ccc77ac6c7760507cf73193e4e542be657

Identifiers

  • maven: org.apache.olingo:olingo-odata2-api:2.0.3   Confidence:HIGH

org.apache.olingo_2.0.3.v201605172220.jar/META-INF/maven/org.apache.olingo/olingo-odata2-core/pom.xml

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.olingo_2.0.3.v201605172220.jar/META-INF/maven/org.apache.olingo/olingo-odata2-core/pom.xml
MD5: 5d0be8b6a41cfcf9c64db90340ab7dd8
SHA1: ec8f0dc44fa1e1516981e2cffc485b0249696ae4

Identifiers

  • maven: org.apache.olingo:olingo-odata2-core:2.0.3   Confidence:HIGH

org.apache.onami.configuration_6.3.0.v20160301-1110.jar

Description: Apache Onami-Configuration adds some spice to Google Guice through configuration files!

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.onami.configuration_6.3.0.v20160301-1110.jar
MD5: 340202c4e48ac54c0c9693e6a58f8b82
SHA1: c078c0576ccd60915d1143a1bd6c01a0eca7511c

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.onami.configuration:6.3.0-SNAPSHOT   Confidence:HIGH

org.apache.openejb.api.source_4.0.0.beta-2_v201205041047.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.openejb.api.source_4.0.0.beta-2_v201205041047.jar
MD5: 82f9f7cdcb939de3d13f299544469efc
SHA1: b08699fcb4a393fc92c7cbdeee62b79a4e18b18a

Identifiers

  • None

org.apache.openejb.api_4.0.0.beta-2_v201205041047.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.openejb.api_4.0.0.beta-2_v201205041047.jar
MD5: 207b77d7e88e1ddd1fc6eae8324bee01
SHA1: aab8c0c4f0a915ee4ae6341e9b33d4e59b2bf05c

Identifiers

  • None

org.apache.openejb.core.source_4.0.0.beta-2_v201205260545.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.openejb.core.source_4.0.0.beta-2_v201205260545.jar
MD5: 78721082162215a8b5caee139732777a
SHA1: 97eb5d816534de4953a218a6ec5bbe6a8fe9c2cf

Identifiers

  • None

org.apache.openejb.core_4.0.0.beta-2_v201205260545.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.openejb.core_4.0.0.beta-2_v201205260545.jar
MD5: ef0b34820d6565ef25a3957638ff58f5
SHA1: 9e1afaebb622a5eff2f119940e0e741e92a31725

Identifiers

  • None

org.apache.openejb.javaagent.source_4.0.0.beta-2_v201205041047.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.openejb.javaagent.source_4.0.0.beta-2_v201205041047.jar
MD5: 8c592a8020bf3489adb28a03dadc48d4
SHA1: d360c39d0e0a40ab24c30f2a7d644cf33c99cdb7

Identifiers

  • None

org.apache.openejb.javaagent_4.0.0.beta-2_v201205041047.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.openejb.javaagent_4.0.0.beta-2_v201205041047.jar
MD5: 1a21102ead41486f347b16f62e726885
SHA1: 7a9d3459b8751c28387d546351a060ec3e6eba7b

Identifiers

  • None

org.apache.openejb.jee.source_4.0.0.beta-2_v201205041336.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.openejb.jee.source_4.0.0.beta-2_v201205041336.jar
MD5: 113b466171a51268c8312632ba87c519
SHA1: 7706dbff57e07edc9841a1a6bbe7d5412007c686

Identifiers

  • None

org.apache.openejb.jee_4.0.0.beta-2_v201205041336.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.openejb.jee_4.0.0.beta-2_v201205041336.jar
MD5: 0972bc173baac05ec2aadcfd340a6d87
SHA1: d5d3d1c8456a732091a4e3a264b67d4dc79f9cc6

Identifiers

  • None

org.apache.openejb.loader.source_4.0.0.beta-2_v201304191030.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.openejb.loader.source_4.0.0.beta-2_v201304191030.jar
MD5: 6d41f7ba47ac0a9027b9d2d1099b3225
SHA1: 332445de71d7febda16600b2ef89afd341982319

Identifiers

  • None

org.apache.openejb.loader_4.0.0.beta-2_v201304191030.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.openejb.loader_4.0.0.beta-2_v201304191030.jar
MD5: e0ac8bdefdcbf2864e5f49d9a9f462dd
SHA1: ce373acc7914889c3e022bcc67c7b60b2cfc13d4

Identifiers

  • None

org.apache.openwebbeans.ee.common.source_1.1.7.v201304201405.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.openwebbeans.ee.common.source_1.1.7.v201304201405.jar
MD5: b6e2fca4bb333b2c11c6a2474483172a
SHA1: f9b3c29adcd50ffaf235248014a27c037a19be6c

Identifiers

  • None

org.apache.openwebbeans.ee.common_1.1.7.v201304201405.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.openwebbeans.ee.common_1.1.7.v201304201405.jar
MD5: e3564b3f5a6cd32ccf6a5b1c41067887
SHA1: 9b02c35e6879a15f26409c811a1d238d225c230c

Identifiers

  • None

org.apache.openwebbeans.ee.source_1.1.7.v201304200545.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.openwebbeans.ee.source_1.1.7.v201304200545.jar
MD5: ab2b7797e0a6039bf3d94b21125e6c58
SHA1: cfbb9ed18963a74a0c31549e7f9e3918d0e4c541

Identifiers

  • None

org.apache.openwebbeans.ee_1.1.7.v201304200545.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.openwebbeans.ee_1.1.7.v201304200545.jar
MD5: c061a14e308dec654b2347c7136f0d40
SHA1: 194240a7a7ee2a1013d0400033517d6e124902ce

Identifiers

  • None

org.apache.openwebbeans.ejb.source_1.1.7.v201304200545.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.openwebbeans.ejb.source_1.1.7.v201304200545.jar
MD5: c147aef412f3128942fc3066a2d2de0f
SHA1: 624c13c3df6bd56593f937477a76b3e9c6ebe3dd

Identifiers

  • None

org.apache.openwebbeans.ejb_1.1.7.v201304200545.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.openwebbeans.ejb_1.1.7.v201304200545.jar
MD5: e2a358de4adfdcaf1a3f97a0dd44b561
SHA1: 869563f5c61dbc27ffd0e3fb1849e8f559d7b5dc

Identifiers

  • None

org.apache.openwebbeans.impl.source_1.1.7.v201304201405.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.openwebbeans.impl.source_1.1.7.v201304201405.jar
MD5: 01396654a9807b335fb4a33d977ac19f
SHA1: ab8d63d755747b5af68004036f8e16574cdaf36f

Identifiers

  • None

org.apache.openwebbeans.impl_1.1.7.v201304201405.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.openwebbeans.impl_1.1.7.v201304201405.jar
MD5: 4251425106ab53252c851e9ed8dddb57
SHA1: d8173c01a58cbfa3fec5aa2574808e599a58deea

Identifiers

  • None

org.apache.openwebbeans.jsf.source_1.1.7.v201304201405.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.openwebbeans.jsf.source_1.1.7.v201304201405.jar
MD5: 513afbb1b99bec49901e5659439cc35f
SHA1: 1558ef2b551af8f7f18b3837ca661079b63ecb25

Identifiers

  • None

org.apache.openwebbeans.jsf_1.1.7.v201304201405.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.openwebbeans.jsf_1.1.7.v201304201405.jar
MD5: 2c9043f6e26875bb90f4d28d4c2f17d3
SHA1: 5df01987b21cf7b8a0a51a0393bede4c309900c6

Identifiers

  • None

org.apache.openwebbeans.spi.source_1.1.7.v201505121400.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.openwebbeans.spi.source_1.1.7.v201505121400.jar
MD5: 0ef8c3f3a3815fa2930372f81820990a
SHA1: 1f210417405b4415f62a39c0bc3e163d37d88ebb

Identifiers

  • None

org.apache.openwebbeans.spi_1.1.7.v201505121400.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.openwebbeans.spi_1.1.7.v201505121400.jar
MD5: f6951f8d93447af746da2146820acb48
SHA1: 768b83337d8d3a3d61433ae372293aa060222990

Identifiers

  • None

org.apache.openwebbeans.tomcat7_1.1.7.v201304201405.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.openwebbeans.tomcat7_1.1.7.v201304201405.jar
MD5: 76ea5ebfd3e8012f26089ad61fc7aa18
SHA1: 2017025f5b4ca6d4341e46deabd236253dc8cf57

Identifiers

  • cpe: cpe:/a:apache:tomcat:7.0.0   Confidence:MEDIUM   
  • cpe: cpe:/a:apache_tomcat:apache_tomcat:1.1.7.v20130420   Confidence:LOW   

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-5388  

Severity: Medium
CVSS Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
CWE: CWE-284 Improper Access Control

Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.

Vulnerable Software & Versions: (show all)

CVE-2016-3092  

Severity: High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-20 Improper Input Validation

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

Vulnerable Software & Versions: (show all)

CVE-2016-1240  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-20 Improper Input Validation

The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out.

Vulnerable Software & Versions: (show all)

CVE-2016-0763  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.

Vulnerable Software & Versions: (show all)

CVE-2016-0714  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.

Vulnerable Software & Versions: (show all)

CVE-2016-0706  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.

Vulnerable Software & Versions: (show all)

CVE-2015-5351  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352

The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.

Vulnerable Software & Versions: (show all)

CVE-2015-5346  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.

Vulnerable Software & Versions: (show all)

CVE-2015-5345  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.

Vulnerable Software & Versions: (show all)

CVE-2015-5174  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.

Vulnerable Software & Versions: (show all)

CVE-2014-7810  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

Vulnerable Software & Versions: (show all)

CVE-2014-0230  

Severity: High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-399 Resource Management Errors

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

Vulnerable Software & Versions: (show all)

CVE-2014-0227  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-19 Data Handling

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

Vulnerable Software & Versions: (show all)

CVE-2014-0119  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.

Vulnerable Software & Versions: (show all)

CVE-2014-0099  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-189 Numeric Errors

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

Vulnerable Software & Versions: (show all)

CVE-2014-0096  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2014-0075  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.

Vulnerable Software & Versions: (show all)

CVE-2014-0050  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

Vulnerable Software & Versions: (show all)

CVE-2013-4590  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2013-4444  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.

Vulnerable Software & Versions: (show all)

CVE-2013-4322  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

Vulnerable Software & Versions: (show all)

CVE-2013-4286  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.

Vulnerable Software & Versions: (show all)

CVE-2013-2185  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.

Vulnerable Software & Versions: (show all)

CVE-2013-2071  

Severity: Low
CVSS Score: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.

Vulnerable Software & Versions: (show all)

CVE-2013-2067  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-287 Improper Authentication

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.

Vulnerable Software & Versions: (show all)

CVE-2013-0346  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."

Vulnerable Software & Versions: (show all)

CVE-2012-5887  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-287 Improper Authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.

Vulnerable Software & Versions: (show all)

CVE-2012-5886  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-287 Improper Authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.

Vulnerable Software & Versions: (show all)

CVE-2012-5885  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2012-5568  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-16 Configuration

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

Vulnerable Software & Versions: (show all)

CVE-2012-4534  

Severity: Low
CVSS Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.

Vulnerable Software & Versions: (show all)

CVE-2012-4431  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.

Vulnerable Software & Versions: (show all)

CVE-2012-3546  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.

Vulnerable Software & Versions: (show all)

CVE-2012-3544  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.

Vulnerable Software & Versions: (show all)

CVE-2012-2733  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.

Vulnerable Software & Versions: (show all)

CVE-2012-0022  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.

Vulnerable Software & Versions: (show all)

CVE-2011-5064  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2011-5063  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-287 Improper Authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2011-5062  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.

Vulnerable Software & Versions: (show all)

CVE-2011-4858  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Vulnerable Software & Versions: (show all)

CVE-2011-3376  

Severity: Medium
CVSS Score: 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.

Vulnerable Software & Versions: (show all)

CVE-2011-3375  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.

Vulnerable Software & Versions: (show all)

CVE-2011-3190  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

Vulnerable Software & Versions: (show all)

CVE-2011-2729  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

Vulnerable Software & Versions: (show all)

CVE-2011-2526  

Severity: Medium
CVSS Score: 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.

Vulnerable Software & Versions: (show all)

CVE-2011-2481  

Severity: Medium
CVSS Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)

Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.

Vulnerable Software & Versions: (show all)

CVE-2011-2204  

Severity: Low
CVSS Score: 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.

Vulnerable Software & Versions: (show all)

CVE-2011-1475  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-20 Improper Input Validation

The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."

Vulnerable Software & Versions: (show all)

CVE-2011-1419  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.

Vulnerable Software & Versions: (show all)

CVE-2011-1184  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.

Vulnerable Software & Versions: (show all)

CVE-2011-1088  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.

Vulnerable Software & Versions: (show all)

CVE-2011-0534  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.

Vulnerable Software & Versions: (show all)

CVE-2011-0013  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

Vulnerable Software & Versions: (show all)

CVE-2010-4172  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

Vulnerable Software & Versions: (show all)

CVE-2010-3718  

Severity: Low
CVSS Score: 1.2 (AV:L/AC:H/Au:N/C:N/I:P/A:N)

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

Vulnerable Software & Versions: (show all)

CVE-2010-2227  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."

Vulnerable Software & Versions: (show all)

org.apache.openwebbeans.web.source_1.1.7.v201304201405.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.openwebbeans.web.source_1.1.7.v201304201405.jar
MD5: 6a9405919088584e1301a80e106dbb02
SHA1: 1f77c559073f07aab2e7bb4f1633cde803d1e929

Identifiers

  • None

org.apache.openwebbeans.web_1.1.7.v201304201405.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.openwebbeans.web_1.1.7.v201304201405.jar
MD5: 7e4d554f56bfa64fb6a909b165b20144
SHA1: d7eeb7422a5fbf0716e77f881169549f857da695

Identifiers

  • None

org.apache.oro.source_2.0.8.v201005080400.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.oro.source_2.0.8.v201005080400.jar
MD5: 36b34c1dd7ac98a4525dc997e586c369
SHA1: 491269a160c82b882a5ec38d6b6b1afc3a77bea1

Identifiers

  • None

org.apache.oro_2.0.8.v201005080400.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.oro_2.0.8.v201005080400.jar
MD5: 57857bbb9330581704c3985ca8844e92
SHA1: 7dd353ea113d7f3435b52e0001f1906f6da37d3d

Identifiers

  • None

org.apache.poi_3.9.0.v201405241750.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.poi_3.9.0.v201405241750.jar
MD5: 66acbb8b787e52452470d2f7118fe57f
SHA1: 66d7e952cb2a41589c056ba11ac69fd92053f7b0

Identifiers

  • cpe: cpe:/a:apache:poi:3.9.0.v20140524   Confidence:LOW   

CVE-2016-5000  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions:

CVE-2014-9527  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.

Vulnerable Software & Versions:

CVE-2014-3574  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

Vulnerable Software & Versions: (show all)

CVE-2014-3529  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

org.apache.solr.core_3.5.0.v20150506-0844.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.solr.core_3.5.0.v20150506-0844.jar
MD5: 44223a7c2a9c6d8eeb7917501142eff9
SHA1: 863bf8ab6942cd53fc66dcaa96eebda8d916d4a7

Identifiers

  • cpe: cpe:/a:apache:solr:3.5.0.v20150506   Confidence:LOW   

CVE-2015-8797  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI.

Vulnerable Software & Versions:

CVE-2015-8796  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL.

Vulnerable Software & Versions:

CVE-2015-8795  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js.

Vulnerable Software & Versions:

CVE-2013-6408  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.

Vulnerable Software & Versions: (show all)

CVE-2013-6407  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2013-6397  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.

Vulnerable Software & Versions: (show all)

CVE-2012-6612  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.

Vulnerable Software & Versions: (show all)

org.apache.sshd.core.source_0.7.0.v201303101611.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.sshd.core.source_0.7.0.v201303101611.jar
MD5: 134ff4d66fd32f3e1527116c22d5b3e4
SHA1: fd83b11387a9cdd9bd0f1b42e1f7630b1bef99e2

Identifiers

  • None

org.apache.sshd.core_0.7.0.v201303101611.jar

Description: The Apache Software Foundation provides support for the Apache community of open-source software projects. The Apache projects are characterized by a collaborative, consensus based development process, an open and pragmatic software license, and a desire to create high quality software that leads the way in its field. We consider ourselves not simply a group of projects sharing a server, but rather a community of developers and users.

License:

http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.sshd.core_0.7.0.v201303101611.jar
MD5: 5f3d2974270bfc3cbe52d2f4ac7ef53a
SHA1: c4daf4e0bbc61586938d672f16e3ff7c70788c9b

Identifiers

  • maven: org.apache.sshd:sshd-core:0.7.0   Confidence:HIGH

org.apache.taglibs.standard.glassfish_1.2.0.v201112081803.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.taglibs.standard.glassfish_1.2.0.v201112081803.jar
MD5: 2203b1ff31ada345fec658bf35b3880f
SHA1: 0b015889b68eae07de9ca8f78faf964db9adb610

Identifiers

  • cpe: cpe:/a:apache:standard_taglibs:1.2.0.v20111208   Confidence:LOW   

CVE-2015-0254  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.

Vulnerable Software & Versions:

org.apache.thrift.source_0.5.0.v20110412-1025.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.thrift.source_0.5.0.v20110412-1025.jar
MD5: 40ec7d2374cf1ae78bf50d9a0bec2d3e
SHA1: 1c89960c3371f16b9eb7ecb3e67593b54136d00b

Identifiers

  • None

org.apache.thrift_0.5.0.v20110412-1025.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.thrift_0.5.0.v20110412-1025.jar
MD5: 9b5fe64f8201292f315fa2ad25a8dcc7
SHA1: 4b4ca203776167af81eed81d3f7a21613eeef066

Identifiers

  • None

org.apache.tika.core_1.3.0.v201505121915.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.tika.core_1.3.0.v201505121915.jar
MD5: 0c039d099a3ec1976b761e8c0429e62d
SHA1: d9c92957c1b0b798b22c309c660e9e57751216e0

Identifiers

  • cpe: cpe:/a:apache:tika:1.3.0.v20150512   Confidence:LOW   

org.apache.tika.parsers_1.3.0.v201605180015.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.tika.parsers_1.3.0.v201605180015.jar
MD5: afc47164e17b162aae4274691445b0bb
SHA1: 8c48c8b8bc1ef4ed71174c8943eb6e69a7fa8b55

Identifiers

  • cpe: cpe:/a:apache:tika:1.3.0.v20160518   Confidence:LOW   
  • maven: org.apache.tika:tika-parsers:1.3   Confidence:HIGH

org.apache.velocity_1.5.0.v200905192330.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.velocity_1.5.0.v200905192330.jar
MD5: c3756a67ceb2df6abfd18557b31a6bc2
SHA1: 9eabebd0cef7ee6fa039c6dfb3e1931158dd66c3

Identifiers

  • None

org.apache.ws.commons.schema_1.4.2.v201003051240.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ws.commons.schema_1.4.2.v201003051240.jar
MD5: efa343df50da2736b6f32bfb2a9de55c
SHA1: 2681c8047c856b5924856858184708938b1500ba

Identifiers

  • None

org.apache.ws.commons.util_1.0.1.v20100518-1140.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ws.commons.util_1.0.1.v20100518-1140.jar
MD5: db44cf8febfd452083e59099c5aad7cd
SHA1: c4ce3b7cf11d1d2f468a27c46ad0b93412a71d98

Identifiers

  • None

org.apache.ws.commons.util_1.0.2.v20160817-1930.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ws.commons.util_1.0.2.v20160817-1930.jar
MD5: 8e3f8605a7a0f86c06cdf9c81b73726e
SHA1: 9bf909cc7e2f38874a7fe33333c72c7d133fd21a

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.ws.commons.util:1.0.2-SNAPSHOT   Confidence:HIGH

org.apache.ws.jaxme_0.5.1.v20100427-1100.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.ws.jaxme_0.5.1.v20100427-1100.jar
MD5: 18ff9ca0feb49d7717a24b90ddf7a1d6
SHA1: edb235acf539543adf9c32d280a6775326537220

Identifiers

  • None

org.apache.wsil4j_1.0.0.v200901211807.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.wsil4j_1.0.0.v200901211807.jar
MD5: 17f65dcbc00f83ff0ad7c75d5fa8cc8f
SHA1: 9ed20d71750cd926753cd2c1323c3113295cd7de

Identifiers

  • None

org.apache.xalan_2.7.1.v201005080400.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.xalan_2.7.1.v201005080400.jar
MD5: 0e97f9f8eb0d9a09f81b65ef3fa36142
SHA1: 54c02d5fb093a21dd08a0d477895a1f796f19dce

Identifiers

  • cpe: cpe:/a:apache:xalan-java:2.7.1.v20100508   Confidence:LOW   

org.apache.xbean.asm_3.12.0.v201304200545.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.xbean.asm_3.12.0.v201304200545.jar
MD5: f6fb0266a39a5c20abb503964fb57448
SHA1: f7357dcd0f140852eb17a54397566454a3fd2d84

Identifiers

  • None

org.apache.xbean.bundleutils.source_3.12.0.v201304200545.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.xbean.bundleutils.source_3.12.0.v201304200545.jar
MD5: efff1139c3ceb86ca94019cf37fbc0a5
SHA1: 4eec1967dc32c0cc7990fde42ed227c11db113c5

Identifiers

  • None

org.apache.xbean.bundleutils_3.12.0.v201304200545.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.xbean.bundleutils_3.12.0.v201304200545.jar
MD5: 7b1012185dc9de68a84f6f4033d9956b
SHA1: 6f2b4da6da2cca9de25aea78917441bd36dcb7d1

Identifiers

  • None

org.apache.xbean.finder.source_3.12.0.v201304201405.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.xbean.finder.source_3.12.0.v201304201405.jar
MD5: 55ece283f7d065fb9496de3dd4eccecf
SHA1: 260a8647e286a266f6f8bb42f14d812862de1480

Identifiers

  • None

org.apache.xbean.finder_3.12.0.v201304201405.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.xbean.finder_3.12.0.v201304201405.jar
MD5: 725686618c6210636b4cea4b2f800e64
SHA1: 5c4a9408098be28cf55ab97cc938abe3e4746621

Identifiers

  • None

org.apache.xbean.naming.source_3.12.0.v201304201405.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.xbean.naming.source_3.12.0.v201304201405.jar
MD5: 7f71cfa337369a95c5ccc40812413431
SHA1: c7109dc95ad4008ea263fdc32af0a9e66b6bfc7d

Identifiers

  • None

org.apache.xbean.naming_3.12.0.v201304201405.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.xbean.naming_3.12.0.v201304201405.jar
MD5: 557011344cc27f4457b3768868e00279
SHA1: 09a2c845b36451bb6457c3381f71c1f69d3bd549

Identifiers

  • None

org.apache.xbean.reflect.source_3.12.0.v201304201405.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.xbean.reflect.source_3.12.0.v201304201405.jar
MD5: c0f2892bb80eaf9d1a2ab4cfc07b5479
SHA1: 5c656ae7af61fc77d7bf1841fec8cbdb89a5f129

Identifiers

  • None

org.apache.xbean.reflect_3.12.0.v201304201405.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.xbean.reflect_3.12.0.v201304201405.jar
MD5: d398f69243e73668ed7e674b27ae8ff3
SHA1: 8735fd5c617ad2066cb16a63f9a317ee20a1f622

Identifiers

  • None

org.apache.xerces_2.9.0.v201101211617.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.xerces_2.9.0.v201101211617.jar
MD5: e0f21dbd08abef03e3249931314bbb9c
SHA1: 233fccd99c5196294d50780fb71158534588926f

Identifiers

  • None

org.apache.xml.resolver_1.2.0.v201005080400.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.xml.resolver_1.2.0.v201005080400.jar
MD5: 04080faf70ac0ddfad4913d8048f88f8
SHA1: b73d25c88ef8d45560cf9fc446fdd6db077775e7

Identifiers

  • None

org.apache.xml.security_1.4.2.v201005080400.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.xml.security_1.4.2.v201005080400.jar
MD5: 56aed93c1600c965dd95233c078d2b8f
SHA1: e51c2d17a36fa034d9a3186094e46346a2723bb1

Identifiers

  • None

org.apache.xml.serializer_2.7.1.v201005080400.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.xml.serializer_2.7.1.v201005080400.jar
MD5: b7d782e6abcaae279979b5fc5a6398f2
SHA1: 5b2312418decd37f28108fc7e38df2b319b20e95

Identifiers

  • None

org.apache.xmlbeans.source_2.3.0.v201605172150.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.xmlbeans.source_2.3.0.v201605172150.jar
MD5: 1ff4674a8d8fa5a1d3863613a42edfaf
SHA1: e82d19cd68a42021f9864c785bebd9e44fe34013

Identifiers

  • None

org.apache.xmlbeans_2.3.0.v201605172150.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.xmlbeans_2.3.0.v201605172150.jar
MD5: 5be8cdc8df7d6f1063b8dc1695df2ab4
SHA1: 9303c36031aa5f2c35100e6cd92a7308f33f01bb

Identifiers

  • None

org.apache.xmlgraphics_1.4.0.v201301251218.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.xmlgraphics_1.4.0.v201301251218.jar
MD5: 00de557d00ea1a3cf8a72fc2b573145c
SHA1: 14d2d444f5cc8f875c6642aa60c77f6ab50287d2

Identifiers

  • None

org.apache.xmlrpc.client_3.1.3.v20160817-1930.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.xmlrpc.client_3.1.3.v20160817-1930.jar
MD5: 673771ae880be8edc0ddb6ebeaac479c
SHA1: 15931fd34621c493fa3491b855d77cbbe741e281

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.xmlrpc.client:3.1.3-SNAPSHOT   Confidence:HIGH

org.apache.xmlrpc.common_3.1.3.v20160817-1930.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.xmlrpc.common_3.1.3.v20160817-1930.jar
MD5: 0b04217b68fc039111dce415568427c4
SHA1: d185b81fb35c69a26fb16d9c4d77abb8470d1374

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.xmlrpc.common:3.1.3-SNAPSHOT   Confidence:HIGH

org.apache.xmlrpc.server_3.1.3.v20160817-1930.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.xmlrpc.server_3.1.3.v20160817-1930.jar
MD5: 961e49a38efac8bc568ec8fe68d223ea
SHA1: 4f9632d0009a619e74973c61643aa156bfb90ef3

Identifiers

  • None

org.apache.xmlrpc_3.0.0.v20100427-1100.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.apache.xmlrpc_3.0.0.v20100427-1100.jar
MD5: 26528fe75a45d9536f4a7186b9fbda95
SHA1: ebb24d893ba423a66750f351ca010f2840ed38e5

Identifiers

  • None

org.assertj_1.7.1.v20160208-0839.jar

Description: Rich and fluent assertions for testing

License:

LICENSE.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.assertj_1.7.1.v20160208-0839.jar
MD5: 2057a70eca938c3c9a8637d727506c99
SHA1: 8428b4fea03d46f0a5e5f0dab64802809ce1b5c4

Identifiers

  • maven: org.eclipse.orbit.bundles:org.assertj:1.7.1-SNAPSHOT   Confidence:HIGH

org.bouncycastle.bcpg_1.52.0.v20161004-1854.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.bouncycastle.bcpg_1.52.0.v20161004-1854.jar
MD5: 390c82d8128970ee6fa9bd1282c04cd8
SHA1: 2c0bc2e67ec5b2cef3429f4d83641e7c3b70ec8c

Identifiers

CVE-2005-0366  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed.

Vulnerable Software & Versions:

CVE-2001-0381  

Severity: Medium
CVSS Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)

The OpenPGP PGP standard allows an attacker to determine the private signature key via a cryptanalytic attack in which the attacker alters the encrypted private key file and captures a single message signed with the signature key.

Vulnerable Software & Versions:

CVE-2001-0265  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N)

ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers to create files in arbitrary locations via a malformed ASCII armored file.

Vulnerable Software & Versions: (show all)

org.bouncycastle.bcpkix.source_1.51.0.v201505131810.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.bouncycastle.bcpkix.source_1.51.0.v201505131810.jar
MD5: 1184b22d3ccadae2716e45eaef730632
SHA1: 4cee0a6264065f7233ec51830aa68dcb66a4af8d

Identifiers

  • None

org.bouncycastle.bcpkix_1.51.0.v201505131810.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.bouncycastle.bcpkix_1.51.0.v201505131810.jar
MD5: 3182025f2fc5e98a2596e52f8281d685
SHA1: 312c428e9bfc79630391da4f3ba743169c000746

Identifiers

  • None

org.bouncycastle.bcpkix_1.52.0.v20161004-1854.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.bouncycastle.bcpkix_1.52.0.v20161004-1854.jar
MD5: 9d82743b1ae873c5119b3791f5471fee
SHA1: 047d7e43ff9d72be407dd4d0e2f9512ddf559fe2

Identifiers

  • maven: org.eclipse.orbit.bundles:org.bouncycastle.bcpkix:1.52.0-SNAPSHOT   Confidence:HIGH

org.bouncycastle.bcprov.source_1.51.0.v201505131810.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.bouncycastle.bcprov.source_1.51.0.v201505131810.jar
MD5: 8dd5993c3b40d240d5e9bb862a9e60a0
SHA1: a5242604d6f77fcb15341e9f49a4298212e359a0

Identifiers

  • None

org.bouncycastle.bcprov_1.51.0.v201505131810.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.bouncycastle.bcprov_1.51.0.v201505131810.jar
MD5: 70523cbb482a06b841499dfd243762cd
SHA1: f7b6c98aae57748234105bbe968a39f2b067fdf1

Identifiers

  • None

org.bouncycastle.bcprov_1.52.0.v20161004-1854.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.bouncycastle.bcprov_1.52.0.v20161004-1854.jar
MD5: 1f170dbb269fd1e8bd9c5a3d4c0d8f28
SHA1: 988c9e05c825434cae73548c8214f5d4b7491ba8

Identifiers

  • maven: org.eclipse.orbit.bundles:org.bouncycastle.bcprov:1.52.0-SNAPSHOT   Confidence:HIGH

org.ccil.cowan.tagsoup_1.2.0.v201202211000.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.ccil.cowan.tagsoup_1.2.0.v201202211000.jar
MD5: e1aaaec047dc7d14a204fe1272f8d786
SHA1: 2d9dd04c003079998cdbe82eff50ad0e3e06b850

Identifiers

  • None

org.cliffc.high_scale_lib.source_1.1.2.v20110412-1025.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.cliffc.high_scale_lib.source_1.1.2.v20110412-1025.jar
MD5: 7803af7288f02054eb0b2a22a552a9a4
SHA1: 1a16efadd4db3fca4c91f2f7457ae3203facd47c

Identifiers

  • None

org.cliffc.high_scale_lib_1.1.2.v20110412-1025.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.cliffc.high_scale_lib_1.1.2.v20110412-1025.jar
MD5: 96bc538048f6fe42947937916b85292e
SHA1: f9c7ae746c930d8f407939892124ca8ef8747988

Identifiers

  • None

org.codehaus.jackson.core.source_1.6.0.v20101005-0925.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.codehaus.jackson.core.source_1.6.0.v20101005-0925.jar
MD5: 7a0fa3e3f8b271282ff15dd21716207b
SHA1: 2d7417a84e6a55558f7350f40db81fae987b1437

Identifiers

  • None

org.codehaus.jackson.core_1.6.0.v20101005-0925.jar

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.codehaus.jackson.core_1.6.0.v20101005-0925.jar
MD5: 3d388049e933005f3d12d2d29b483bd2
SHA1: be7481355e12e1cce22ab3dca50456edd03267bc

Identifiers

  • None

org.codehaus.jackson.jaxrs.source_1.6.0.v20101005-1100.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.codehaus.jackson.jaxrs.source_1.6.0.v20101005-1100.jar
MD5: 6763df4c762406e3b4cbf4f3839362eb
SHA1: e73da48b8ca63587d2f839a4dec365c6fad016b0

Identifiers

  • None

org.codehaus.jackson.jaxrs_1.6.0.v20101005-1100.jar

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.codehaus.jackson.jaxrs_1.6.0.v20101005-1100.jar
MD5: 6b159dc4fbab631dff7e4c19825b458b
SHA1: ff2840f9867b873cc7b438e4ada2bdb7cbc1a2ed

Identifiers

  • None

org.codehaus.jackson.mapper.source_1.6.0.v20101005-0925.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.codehaus.jackson.mapper.source_1.6.0.v20101005-0925.jar
MD5: cc87ffe01bae3cef750ac6c935233827
SHA1: 2c04fddfc0ced487107dbe6e3b99476e323de62d

Identifiers

  • None

org.codehaus.jackson.mapper_1.6.0.v20101005-0925.jar

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.codehaus.jackson.mapper_1.6.0.v20101005-0925.jar
MD5: c4f41afa62d3d08d2a15e462912f0ea7
SHA1: f9202dd278c3b3e3a934d37f07132c84a2c9761a

Identifiers

  • None

org.codehaus.jackson.smile.source_1.6.0.v20101005-0925.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.codehaus.jackson.smile.source_1.6.0.v20101005-0925.jar
MD5: bd5f61577965ac122f2df02d28d522dc
SHA1: bfb386db0f75b7eb36534423322d17b73f9cfb9f

Identifiers

  • None

org.codehaus.jackson.smile_1.6.0.v20101005-0925.jar

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.codehaus.jackson.smile_1.6.0.v20101005-0925.jar
MD5: c91e24cd845b6b40410092cfd3b11a72
SHA1: 96ec47afd56682f5e94bd45c8e123ffd48b574ef

Identifiers

  • None

org.codehaus.jackson.xc.source_1.6.0.v20101005-0925.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.codehaus.jackson.xc.source_1.6.0.v20101005-0925.jar
MD5: 9b4007ed444a34f69b5587b2bf4037b4
SHA1: 950a367a889d5f7364f7914ef4c6f63f760ffd55

Identifiers

  • None

org.codehaus.jackson.xc_1.6.0.v20101005-0925.jar

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.codehaus.jackson.xc_1.6.0.v20101005-0925.jar
MD5: c78c115a3add8c7cbd415d135c37afb9
SHA1: 3474e5e85025fa453226972717f058c2c476e83d

Identifiers

  • None

org.custommonkey.xmlunit.source_1.3.0.v201605172130.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.custommonkey.xmlunit.source_1.3.0.v201605172130.jar
MD5: bd1dd64a767295592edb479841cfb903
SHA1: 4b0b584f6b1149431a51d3cc546108749e264b36

Identifiers

  • None

org.custommonkey.xmlunit_1.3.0.v201605172130.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.custommonkey.xmlunit_1.3.0.v201605172130.jar
MD5: ec9d824a1eeaa4486204ef7d47d9387a
SHA1: d4f0beb2fab5ad54d61004c7feb1cbc927907e2c

Identifiers

  • None

org.cyberneko.html_1.9.14.v201105210654.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.cyberneko.html_1.9.14.v201105210654.jar
MD5: 39cd51dfa263ca76299714d94cc0747d
SHA1: a301ea2f4ed9034e24ce8cc3411082b7fa9e351b

Identifiers

  • None

org.dojotoolkit_1.6.1.v201108161253.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.dojotoolkit_1.6.1.v201108161253.jar
MD5: c38a6cabcbf746e74953bcbd43cc7c7f
SHA1: 9b006c753617d1a5f62c4a3f6657535f134e0acd

Identifiers

CVE-2007-2376  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

The Dojo framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."

Vulnerable Software & Versions:

org.dom4j.source_1.6.1.v201312101416.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.dom4j.source_1.6.1.v201312101416.jar
MD5: 1222d35ef6d211bd4d499a17c5e21f69
SHA1: 76af1cab7fff9cfbac65dfdb29083353399bc51a

Identifiers

  • None

org.dom4j_1.6.1.v201312101416.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.dom4j_1.6.1.v201312101416.jar
MD5: b4896d2c0647b2cb24a8c7df084433b8
SHA1: 0e7cc409750a9e44ebbf9bb0b8c3a9ce25d65f92

Identifiers

  • None

org.easymock.source_2.4.0.v20090202-0900.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.easymock.source_2.4.0.v20090202-0900.jar
MD5: a8f25f9966488b66283b04dc7d49c848
SHA1: 0deda56fc4a1a6a9bf1ea64c3893a0c91d01115a

Identifiers

  • None

org.easymock_2.4.0.v20090202-0900.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.easymock_2.4.0.v20090202-0900.jar
MD5: 1751b7e1b14cedf1d0150f3dd6fcdcfb
SHA1: ce9352a5c747ad4acce4c3852d8b0f68c2108a19

Identifiers

  • None

org.eclipse.orbit.mongodb_2.10.1.v20130422-1135.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.eclipse.orbit.mongodb_2.10.1.v20130422-1135.jar
MD5: 6304d46a16576d59d5dd58144f3e9e45
SHA1: 8c94c45dd7f5c332d0102c56b85d2210410038c3

Identifiers

CVE-2016-6494  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.

Vulnerable Software & Versions:

org.eclipse.orbit.mongodb_3.2.2.v20161219-1650.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.eclipse.orbit.mongodb_3.2.2.v20161219-1650.jar
MD5: 6a6f9b1bcdbeda2b462c5f55f6c539f3
SHA1: 5974e402f207b32e59aa1acd257a1eed566a993c

Identifiers

CVE-2016-6494  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.

Vulnerable Software & Versions:

org.eclipse.osgi_3.12.0.v20161117-1918.jar

Description: %systemBundle

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.eclipse.osgi_3.12.0.v20161117-1918.jar
MD5: 515b995c7f0f1105c63838d69000287e
SHA1: d7b73d0e108d338968d1d8e545c7b73c6c9017e8

Identifiers

  • None

org.freemarker_2.3.22.v20160210-1233.jar

License:

Apache License, Version 2.0; see: http://freemarker.org/LICENSE.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.freemarker_2.3.22.v20160210-1233.jar
MD5: 550a6c9e74aafc19d482b41f06383fa6
SHA1: 461d83a03494c1eba3a856056835c4d2351d4945

Identifiers

  • maven: org.eclipse.orbit.bundles:org.freemarker:2.3.22-SNAPSHOT   Confidence:HIGH

org.glassfish.com.sun.faces.source_2.1.18.v201304210537.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.glassfish.com.sun.faces.source_2.1.18.v201304210537.jar
MD5: e4dd46bdd23442e62bf89d7728c45d76
SHA1: b00814455822cc677c61a22700a0c6a7f2218e6f

Identifiers

  • None

org.glassfish.com.sun.faces_2.1.18.v201304210537.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.glassfish.com.sun.faces_2.1.18.v201304210537.jar
MD5: 295db206a7539adb930d5426d11ad481
SHA1: 1d30b1631bfdbbc44a360bcd98a6c0b0ad7d4b86

Identifiers

  • None

org.glassfish.hk2.api_2.3.0.b10_v201508191500.jar

Description: ${project.name}

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.glassfish.hk2.api_2.3.0.b10_v201508191500.jar
MD5: b82fa04d31712a554c0f88459254db8f
SHA1: df0940878e88afe44a7697a959381e61fd355c60

Identifiers

  • maven: org.glassfish.hk2:hk2-api:2.3.0-b10   Confidence:HIGH

org.glassfish.hk2.api_2.5.0.v20161103-0227.jar

Description: HK2 API module

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.glassfish.hk2.api_2.5.0.v20161103-0227.jar
MD5: 4708e49765b9269df1f9c5943b49492f
SHA1: 28b25c7ab216a5eba8fe5fd1fe4a9d46300e06d6

Identifiers

  • maven: org.eclipse.orbit.bundles:org.glassfish.hk2.api:2.5.0-SNAPSHOT   Confidence:HIGH

org.glassfish.hk2.locator_2.3.0.b10_v201508191500.jar

Description: ${project.name}

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.glassfish.hk2.locator_2.3.0.b10_v201508191500.jar
MD5: 2876439d978faf1d4eead8416e1259aa
SHA1: 99cad36d4ac363e3cda936e7f75e64ca18f4610e

Identifiers

  • maven: org.glassfish.hk2:hk2-locator:2.3.0-b10   Confidence:HIGH

org.glassfish.hk2.locator_2.5.0.v20161103-0227.jar

Description: ServiceLocator Default Implementation

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.glassfish.hk2.locator_2.5.0.v20161103-0227.jar
MD5: dfc7fc0bf3faf50700b065879b509fdd
SHA1: d1b5c63bc2fb73bba2bb7dba5a0fd4c8eea8354c

Identifiers

  • maven: org.eclipse.orbit.bundles:org.glassfish.hk2.locator:2.5.0-SNAPSHOT   Confidence:HIGH

org.glassfish.hk2.osgi-resource-locator_2.3.0.b10_v201508191500.jar

Description: Used by various API providers that rely on META-INF/services mechanism to locate providers.

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.glassfish.hk2.osgi-resource-locator_2.3.0.b10_v201508191500.jar
MD5: fa77b9fd06aa4b028c75deda7aa68389
SHA1: 73cdade69d016c2c86a1a726c33d7de0bab4f1d7

Identifiers

  • maven: org.glassfish.hk2:osgi-resource-locator:2.3.0-b10   Confidence:HIGH

org.glassfish.hk2.osgi-resource-locator_2.5.0.v20161103-1916.jar

Description: Used by various API providers that rely on META-INF/services mechanism to locate providers.

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.glassfish.hk2.osgi-resource-locator_2.5.0.v20161103-1916.jar
MD5: 8fdd96e36c34dd3472f9e5043dc8cd01
SHA1: f2565f4f870936fdeb884d2fc0069702d8ce4244

Identifiers

  • maven: org.eclipse.orbit.bundles:org.glassfish.hk2.osgi-resource-locator:2.5.0-SNAPSHOT   Confidence:HIGH

org.glassfish.hk2.utils_2.3.0.b10_v201508191500.jar

Description: HK2 Implementation Utilities

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.glassfish.hk2.utils_2.3.0.b10_v201508191500.jar
MD5: 509e98369bb6eddb7a3a2bf1f3d53a54
SHA1: dac14cb3d3ff9793e4c11bc8fb7c3e35c930b3e5

Identifiers

  • None

org.glassfish.hk2.utils_2.3.0.b10_v201508191500.jar/META-INF/maven/org.glassfish.hk2/hk2-utils/pom.xml

Description: ${project.name}

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.glassfish.hk2.utils_2.3.0.b10_v201508191500.jar/META-INF/maven/org.glassfish.hk2/hk2-utils/pom.xml
MD5: b6dd4e3158e0de2ee657866423d4abba
SHA1: 67ad2f9369559043b18a4ac677427e9395408345

Identifiers

  • maven: org.glassfish.hk2:hk2-utils:2.3.0-b10   Confidence:HIGH

org.glassfish.hk2.utils_2.3.0.b10_v201508191500.jar/META-INF/maven/org.jvnet/tiger-types/pom.xml

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.glassfish.hk2.utils_2.3.0.b10_v201508191500.jar/META-INF/maven/org.jvnet/tiger-types/pom.xml
MD5: 51329dba505e7cc4a9bc2719cf195be0
SHA1: 5855a7ee03b816073c2b448bce93319bd71f7029

Identifiers

  • cpe: cpe:/a:tiger:tiger:1.4   Confidence:LOW   
  • maven: org.jvnet:tiger-types:1.4   Confidence:HIGH

org.glassfish.hk2.utils_2.5.0.v20160210-1508.jar

Description: HK2 Implementation Utilities

License:

https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.glassfish.hk2.utils_2.5.0.v20160210-1508.jar
MD5: 47d4a17d700e2ff38341f544e6c5c7c9
SHA1: f81b0f2b4c93f7fee497a7783dc6e83022d85cd7

Identifiers

  • maven: org.eclipse.orbit.bundles:org.glassfish.hk2.utils:2.5.0-SNAPSHOT   Confidence:HIGH

org.glassfish.javax.faces.source_2.1.18.v201304200545.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.glassfish.javax.faces.source_2.1.18.v201304200545.jar
MD5: 43fababefb54a2cc668b248263c535bd
SHA1: 7b569198a8306caa6dc5e2337f3a03f73a3b57c5

Identifiers

  • None

org.glassfish.javax.faces_2.1.18.v201304200545.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.glassfish.javax.faces_2.1.18.v201304200545.jar
MD5: 1bee61bdb93ad474ad4f1ffc4d8e7232
SHA1: 7380ca470931272896b956e0b0fd711a398f8130

Identifiers

  • None

org.glassfish.jersey.apache.connector_2.14.0.v201504171603.jar

Description: Jersey Client Transport via Apache

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.glassfish.jersey.apache.connector_2.14.0.v201504171603.jar
MD5: 7fd8bb91df0ed2c81290132eda6493fc
SHA1: f7d418715c53094d424b8e13f10a2195dc17219e

Identifiers

  • maven: org.glassfish.jersey.connectors:jersey-apache-connector:2.14   Confidence:HIGH

org.glassfish.jersey.apache.connector_2.22.1.v20161103-1916.jar

Description: Jersey Client Transport via Apache

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.glassfish.jersey.apache.connector_2.22.1.v20161103-1916.jar
MD5: e83c9a0d4592d0a9a6ba508283dd41a7
SHA1: c085a33afca5240f1a8255b14acba3a735fceda9

Identifiers

  • maven: org.eclipse.orbit.bundles:org.glassfish.jersey.apache.connector:2.22.1-SNAPSHOT   Confidence:HIGH

org.glassfish.jersey.bundles.repackaged.jersey-guava_2.14.0.v201504151636.jar

Description: Jersey Guava Repackaged

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.glassfish.jersey.bundles.repackaged.jersey-guava_2.14.0.v201504151636.jar
MD5: 4a3a3fe56e096f7fd8d791a7dd45a0b5
SHA1: 96571ef41ee7b8d53a0a7c1dee9acf2f057455c9

Identifiers

  • maven: org.glassfish.jersey.bundles.repackaged:jersey-guava:2.14   Confidence:HIGH

org.glassfish.jersey.bundles.repackaged.jersey-guava_2.22.1.v20161103-1916.jar

Description: Jersey Guava Repackaged

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.glassfish.jersey.bundles.repackaged.jersey-guava_2.22.1.v20161103-1916.jar
MD5: 47df17b1ddc03d2e8897196a4ebed278
SHA1: 4803d0a20de8685e3d5f3b2a98676b9744f1b38d

Identifiers

  • maven: org.eclipse.orbit.bundles:org.glassfish.jersey.bundles.repackaged.jersey-guava:2.22.1-SNAPSHOT   Confidence:HIGH

org.glassfish.jersey.core.jersey-client_2.14.0.v201504211925.jar

Description: Jersey core client implementation

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.glassfish.jersey.core.jersey-client_2.14.0.v201504211925.jar
MD5: 48b6109f96f82f42b8ef5e952416c7e6
SHA1: 48416ce3795037ba182ab7f259968e787168a539

Identifiers

  • maven: org.glassfish.jersey.core:jersey-client:2.14   Confidence:HIGH

org.glassfish.jersey.core.jersey-client_2.22.1.v20161103-1916.jar

Description: Jersey core client implementation

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.glassfish.jersey.core.jersey-client_2.22.1.v20161103-1916.jar
MD5: 7b4c3c78cb2c81329e6232e26049a936
SHA1: b57be67279791d6fc8c2b5231561c0a9e33eb2cf

Identifiers

  • maven: org.eclipse.orbit.bundles:org.glassfish.jersey.core.jersey-client:2.22.1-SNAPSHOT   Confidence:HIGH

org.glassfish.jersey.core.jersey-common_2.14.0.v201504171603.jar

Description: Jersey core common packages

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.glassfish.jersey.core.jersey-common_2.14.0.v201504171603.jar
MD5: 0c5899d1d463717de0127f9f8f134612
SHA1: c031cb70b4c418d8ce0ae9cda52baf7daf6ceede

Identifiers

  • maven: org.glassfish.jersey.core:jersey-common:2.14   Confidence:HIGH

org.glassfish.jersey.core.jersey-common_2.22.1.v20161103-1916.jar

Description: Jersey core common packages

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.glassfish.jersey.core.jersey-common_2.22.1.v20161103-1916.jar
MD5: 0beec41cdd60bf6956df44e75c82aae8
SHA1: 0ce3381cfeddde578f158a8be58139d2a92d9724

Identifiers

  • maven: org.eclipse.orbit.bundles:org.glassfish.jersey.core.jersey-common:2.22.1-SNAPSHOT   Confidence:HIGH

org.glassfish.jersey.core.jersey-server_2.22.1.v20161103-1916.jar

Description: Jersey core server implementation

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.glassfish.jersey.core.jersey-server_2.22.1.v20161103-1916.jar
MD5: f284f58bc531ef8315ef9c819673b11f
SHA1: 7f76ba2c7619ff7ae407dddba60b7f4f7c89f826

Identifiers

  • maven: org.eclipse.orbit.bundles:org.glassfish.jersey.core.jersey-server:2.22.1-SNAPSHOT   Confidence:HIGH

org.glassfish.jersey.ext.entityfiltering_2.22.1.v20161103-0227.jar

Description: Jersey extension module providing support for Entity Data Filtering.

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.glassfish.jersey.ext.entityfiltering_2.22.1.v20161103-0227.jar
MD5: ef40432209c73a5e104c7c21c30ac4d0
SHA1: fee0d836b2eb10b8e0edd5100db0994659faa869

Identifiers

  • maven: org.eclipse.orbit.bundles:org.glassfish.jersey.ext.entityfiltering:2.22.1-SNAPSHOT   Confidence:HIGH

org.glassfish.jersey.media.jersey-media-json-jackson_2.14.0.v201504171603.jar

Description:  Jersey JSON Jackson (2.x) entity providers support module.

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.glassfish.jersey.media.jersey-media-json-jackson_2.14.0.v201504171603.jar
MD5: 832bd0281cdfea421900520d47b02382
SHA1: 5b5afdce387e00261d272fae3a0bdf33fc1ccddf

Identifiers

  • maven: org.glassfish.jersey.media:jersey-media-json-jackson:2.14   Confidence:HIGH

org.glassfish.jersey.media.jersey-media-json-jackson_2.22.1.v20161117-2005.jar

Description: Jersey JSON Jackson (2.x) entity providers support module.

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.glassfish.jersey.media.jersey-media-json-jackson_2.22.1.v20161117-2005.jar
MD5: 583e7798c225ecc521efa9419625e497
SHA1: 50485a05c504ff71b533eb7f7a1fcb68837bb8f9

Identifiers

  • maven: org.eclipse.orbit.bundles:org.glassfish.jersey.media.jersey-media-json-jackson:2.22.1-SNAPSHOT   Confidence:HIGH

org.h2.source_1.3.168.v201212121212.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.h2.source_1.3.168.v201212121212.jar
MD5: 08eb1740adfb11dc8f92b92f7419afd7
SHA1: eb8873d38fc7d9ac89d53d5923b2ba8b8f19a08f

Identifiers

  • None

org.h2_1.3.168.v201212121212.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.h2_1.3.168.v201212121212.jar
MD5: 38c977d4b6dc5d9f8796d2c478020544
SHA1: 4d357d2bd530e26c6c8e103ff988bc558e53c32c

Identifiers

  • None

org.hamcrest.core.source_1.1.0.v20090501071000.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.hamcrest.core.source_1.1.0.v20090501071000.jar
MD5: cbaf3807d23b273ef00e6ee3ade376e6
SHA1: e548ff0a9684259169830e24215021142aba25d7

Identifiers

  • None

org.hamcrest.core.source_1.3.0.v201303031735.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.hamcrest.core.source_1.3.0.v201303031735.jar
MD5: 5eada58bf6b98a2b78809444569cef46
SHA1: 31b991e4abee4972c045f2f38062d033a6b8d75a

Identifiers

  • None

org.hamcrest.core_1.1.0.v20090501071000.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.hamcrest.core_1.1.0.v20090501071000.jar
MD5: a95a705593eac9efde898c2d2741e2cd
SHA1: 1dcff37db071da5392f162e775e32b72b168149f

Identifiers

  • None

org.hamcrest.core_1.3.0.v201303031735.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.hamcrest.core_1.3.0.v201303031735.jar
MD5: 1630dbffcb70d29b8e31f48461efe337
SHA1: d638da94469d274900b947be102b7ccbcfc749fc

Identifiers

  • None

org.hamcrest.generator.source_1.1.0.v20090501071000.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.hamcrest.generator.source_1.1.0.v20090501071000.jar
MD5: 043fe0dfa14c657fc8db638089b68078
SHA1: 783e7f773467fa5332c731e54391cb5769d7d1f7

Identifiers

  • None

org.hamcrest.generator.source_1.3.0.v201305210900.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.hamcrest.generator.source_1.3.0.v201305210900.jar
MD5: 4df502f3d751c459e9f8f5c3198e00cb
SHA1: f5dad459b3a8c7ce09eaf74c77fdcd99edae7f5f

Identifiers

  • None

org.hamcrest.generator_1.1.0.v20090501071000.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.hamcrest.generator_1.1.0.v20090501071000.jar
MD5: 1db581d78bcd022d484ca5aba8285ca7
SHA1: f9f18715a22a344b1981d071f90d1fbff0f68e57

Identifiers

  • None

org.hamcrest.generator_1.3.0.v201305210900.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.hamcrest.generator_1.3.0.v201305210900.jar
MD5: cc5a040158238bea7232036a5109f7fd
SHA1: 9453aa99dfb9a7e4d39b635f7b0b1ce7fd1b7c6c

Identifiers

  • None

org.hamcrest.integration.source_1.1.0.v201303031500.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.hamcrest.integration.source_1.1.0.v201303031500.jar
MD5: 5a95af95e241505e4c41cac6126be306
SHA1: c11b50cc11eab6879d912c267243b83521d8f174

Identifiers

  • None

org.hamcrest.integration.source_1.3.0.v201305210900.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.hamcrest.integration.source_1.3.0.v201305210900.jar
MD5: 9e5c50fc9244fc4b7d6000fe7e011dcb
SHA1: 01270554538b29370390472faadd26fb1f4c8eb1

Identifiers

  • None

org.hamcrest.integration_1.1.0.v201303031500.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.hamcrest.integration_1.1.0.v201303031500.jar
MD5: 316d38cf3dfb1de638e477b14bdfba79
SHA1: af4cc55eaec6103b05c20f67449f7a198b4d086d

Identifiers

  • None

org.hamcrest.integration_1.3.0.v201305210900.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.hamcrest.integration_1.3.0.v201305210900.jar
MD5: a4c258dbab8e7e3e4a3800bc14931a42
SHA1: 03ef06cdc80f3fce5f81af84f55cc6acade9007d

Identifiers

  • None

org.hamcrest.library.source_1.1.0.v20090501071000.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.hamcrest.library.source_1.1.0.v20090501071000.jar
MD5: 4156fb9fddb43a1674adf0fd21de9a79
SHA1: cdc1f39c408255974cf4389d2e1d0a3a2a8c5215

Identifiers

  • None

org.hamcrest.library.source_1.3.0.v201505072020.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.hamcrest.library.source_1.3.0.v201505072020.jar
MD5: 1b7469d5c6332e6d8bd1081fc95c9b51
SHA1: 6aaf1024201ad6944967e345c60622f507418a40

Identifiers

  • None

org.hamcrest.library_1.1.0.v20090501071000.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.hamcrest.library_1.1.0.v20090501071000.jar
MD5: 1bbe0b7a6c60ecbafa33b749ea533c2e
SHA1: d11cafd8b560d1d4793c560bdbc01817ad1493c8

Identifiers

  • None

org.hamcrest.library_1.3.0.v201505072020.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.hamcrest.library_1.3.0.v201505072020.jar
MD5: 84465b81a63aa718c439a6d59e722b34
SHA1: 706df17e649c716c800b7fc0fdcc21e4342daff1

Identifiers

  • None

org.hamcrest.text.source_1.1.0.v20090501071000.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.hamcrest.text.source_1.1.0.v20090501071000.jar
MD5: 69d1eaf5bd15ba89093a2c6911af8505
SHA1: d7a622abd9a9a690ad425398f794e4488f131c84

Identifiers

  • None

org.hamcrest.text_1.1.0.v20090501071000.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.hamcrest.text_1.1.0.v20090501071000.jar
MD5: 189a879a6cdcd1c1cb95edcdc53a380f
SHA1: a22e562c7a78e34cc2b2e2f40429218f3acde4f4

Identifiers

  • None

org.hamcrest_1.1.0.v20090501071000.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.hamcrest_1.1.0.v20090501071000.jar
MD5: c522d9ba8eae729cc5c1610c9be37a8f
SHA1: 546f2241c0ccaac33d58fed0034f4c6a44bfec50

Identifiers

  • None

org.jacoco.agent_0.7.7.v20161114-2147.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.jacoco.agent_0.7.7.v20161114-2147.jar
MD5: fc665009ecb7c18341283003f81197b5
SHA1: e302a819718b49e3be31c906b99551f5f85f43c8

Identifiers

  • None

org.jacoco.agent_0.7.7.v20161114-2147.jar: jacocoagent.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.jacoco.agent_0.7.7.v20161114-2147.jar/jacocoagent.jar
MD5: 15ef5b126f7bec2bc7abdfc2d5544e40
SHA1: c9690f554da579b6f3bad5e17eff07e4b7f3eb07

Identifiers

  • None

org.jacoco.agent_0.7.7.v20161114-2147.jar: jacocoagent.jar/META-INF/maven/org.jacoco/org.jacoco.agent.rt/pom.xml

Description: JaCoCo Java Agent

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.jacoco.agent_0.7.7.v20161114-2147.jar/jacocoagent.jar/META-INF/maven/org.jacoco/org.jacoco.agent.rt/pom.xml
MD5: 7abb77fff02390b755e39e2245eec12f
SHA1: 181af1520f77c1f43bc8ac4c1cf1ea606a101dc5

Identifiers

  • maven: org.jacoco:org.jacoco.agent.rt:0.7.7.201606060606   Confidence:HIGH

org.jacoco.agent_0.7.7.v20161114-2147.jar/META-INF/maven/org.eclipse.orbit.bundles/org.jacoco.agent/pom.xml

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.jacoco.agent_0.7.7.v20161114-2147.jar/META-INF/maven/org.eclipse.orbit.bundles/org.jacoco.agent/pom.xml
MD5: ad6a436c93f06848e20d9a23b3a0fa3b
SHA1: 159bada07be874c482d14986064a9b31f4913ff7

Identifiers

  • maven: org.eclipse.orbit.bundles:org.jacoco.agent:0.7.7-SNAPSHOT   Confidence:HIGH

org.jacoco.agent_0.7.7.v20161114-2147.jar/META-INF/maven/org.jacoco/org.jacoco.agent/pom.xml

Description: JaCoCo Agent

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.jacoco.agent_0.7.7.v20161114-2147.jar/META-INF/maven/org.jacoco/org.jacoco.agent/pom.xml
MD5: eb7a5c04bf227b12294a6679d28d3e29
SHA1: 573a4810c846249d72ffee607e3753282b0a0ec0

Identifiers

  • maven: org.jacoco:org.jacoco.agent:0.7.7.201606060606   Confidence:HIGH

org.jacoco.core_0.7.7.v20161109-1949.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.jacoco.core_0.7.7.v20161109-1949.jar
MD5: 3ce444136205faedf72c656c25865f80
SHA1: 9780caa8f8b85379371179fb86a647beefc6f6dc

Identifiers

  • None

org.jacoco.core_0.7.7.v20161109-1949.jar/META-INF/maven/org.eclipse.orbit.bundles/org.jacoco.core/pom.xml

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.jacoco.core_0.7.7.v20161109-1949.jar/META-INF/maven/org.eclipse.orbit.bundles/org.jacoco.core/pom.xml
MD5: 59802b713ceb916c8f4f18d945e87c80
SHA1: bb5aff949c3c6cd7932e3467d1dfda9a74f2accc

Identifiers

  • maven: org.eclipse.orbit.bundles:org.jacoco.core:0.7.7-SNAPSHOT   Confidence:HIGH

org.jacoco.core_0.7.7.v20161109-1949.jar/META-INF/maven/org.jacoco/org.jacoco.core/pom.xml

Description: JaCoCo Core

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.jacoco.core_0.7.7.v20161109-1949.jar/META-INF/maven/org.jacoco/org.jacoco.core/pom.xml
MD5: 7cdb3cf1f8e295a3a597b43e23f96f8e
SHA1: 9cd16fcdd18727a35a566f1feb49671437fdd788

Identifiers

  • maven: org.jacoco:org.jacoco.core:0.7.7.201606060606   Confidence:HIGH

org.jacoco.report_0.7.7.v20161109-1949.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.jacoco.report_0.7.7.v20161109-1949.jar
MD5: 7a052d2c859f8916f42ebfd06cc5ded4
SHA1: f200c7acd70f3b5e717e636011cc76d9fe313bc9

Identifiers

  • None

org.jacoco.report_0.7.7.v20161109-1949.jar/META-INF/maven/org.eclipse.orbit.bundles/org.jacoco.report/pom.xml

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.jacoco.report_0.7.7.v20161109-1949.jar/META-INF/maven/org.eclipse.orbit.bundles/org.jacoco.report/pom.xml
MD5: e4d25c73eaec38ae6b881104dc62fdb4
SHA1: 98eedbc638ed1003bb558033a24848e2c22fe596

Identifiers

  • maven: org.eclipse.orbit.bundles:org.jacoco.report:0.7.7-SNAPSHOT   Confidence:HIGH

org.jacoco.report_0.7.7.v20161109-1949.jar/META-INF/maven/org.jacoco/org.jacoco.report/pom.xml

Description: JaCoCo Reporting

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.jacoco.report_0.7.7.v20161109-1949.jar/META-INF/maven/org.jacoco/org.jacoco.report/pom.xml
MD5: 0d65b61c346d9d840dda61d2e7a67dbf
SHA1: 0113bc580b9df15f8e4ca1c873950da9e7a5e0a4

Identifiers

  • maven: org.jacoco:org.jacoco.report:0.7.7.201606060606   Confidence:HIGH

org.jdom.source_1.1.1.v201101151400.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.jdom.source_1.1.1.v201101151400.jar
MD5: 7e2afc1052823252a21eff1df01e7330
SHA1: e098a06cd71c730f425c81a3888e9cbda6998c7d

Identifiers

  • None

org.jdom_1.1.1.v201101151400.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.jdom_1.1.1.v201101151400.jar
MD5: c4a9b4e399a2065874e1387503cb73bb
SHA1: dfd6adb8f27f7f0f6e849837a90db2bf8e4c8beb

Identifiers

  • None

org.jmock_1.2.0.v201303080310.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.jmock_1.2.0.v201303080310.jar
MD5: 6365516fdb16cc87aad202285dc81c13
SHA1: 6e41adc6279e709f10c1a377c02a634e5d7df6c9

Identifiers

  • None

org.jmock_1.2.0.v201303080310.jar: jmock-core-1.2.0.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.jmock_1.2.0.v201303080310.jar/lib/jmock-core-1.2.0.jar
MD5: c7336115b2533588eb5ac6f0f2c5f60b
SHA1: bb1f6d391d4c8d504564c24c8f6881f4ea9640b1

Identifiers

  • None

org.json_1.0.0.v201011060100.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.json_1.0.0.v201011060100.jar
MD5: 2808be826c19f9d5b6f37231193fa028
SHA1: b424437057eb6e0565579d4848a55e8ca94f50de

Identifiers

  • None

org.jsoup.source_1.7.2.v201411291515.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.jsoup.source_1.7.2.v201411291515.jar
MD5: 956749b7287ae995b2d261b78a296ed8
SHA1: c184773f74af6e0139399caf838e1e73e49a4743

Identifiers

  • None

org.jsoup_1.7.2.v201411291515.jar

Description: jsoup HTML parser

License:

The MIT License: http://jsoup.com/license
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.jsoup_1.7.2.v201411291515.jar
MD5: 794e17360f7a8db9c55be8c95a304c79
SHA1: e63a8334b02253bf812fd2cd9429317c3873e889

Identifiers

  • maven: org.jsoup:jsoup:1.7.2   Confidence:HIGH

org.junit.source_4.12.0.v201504281640.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.junit.source_4.12.0.v201504281640.jar
MD5: 77c6bc61c59dd71ca59dea2522a63331
SHA1: 45901aee8a9811d636407a8cbe48c92b72c536b4

Identifiers

  • None

org.junit_4.12.0.v201504281640.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.junit_4.12.0.v201504281640.jar
MD5: a90ecded89982ddd23ad55c984e18207
SHA1: b09c3b77bb7c77b248fa63048aed6a8aea925126

Identifiers

  • None

org.junit_4.12.0.v201504281640.jar: junit.jar

Description: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.

License:

Eclipse Public License 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.junit_4.12.0.v201504281640.jar/junit.jar
MD5: 5b38c40c97fbd0adee29f91e60405584
SHA1: 2973d150c0dc1fefe998f834810d68f278ea58ec

Identifiers

org.kohsuke.args4j.source_2.0.21.v201301150030.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.kohsuke.args4j.source_2.0.21.v201301150030.jar
MD5: ee14f26ec91c599c7dfe7b453662811e
SHA1: 143bac3a9cc95a1ba4e8acbf28a35e6efe552651

Identifiers

  • None

org.kohsuke.args4j_2.0.21.v201301150030.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.kohsuke.args4j_2.0.21.v201301150030.jar
MD5: 347e4c5363e3daa296e22288ea2bb4c3
SHA1: b509f925116b4f863aa2aa0a4d0490e1f810c977

Identifiers

  • None

org.kohsuke.args4j_2.33.0.v20160323-2218.jar

Description: args4j : Java command line arguments parser

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.kohsuke.args4j_2.33.0.v20160323-2218.jar
MD5: 059777d37f3422e0b2599318680c87b3
SHA1: f5060a79262ba93cc6972ea8e2385bc20bd83f47

Identifiers

  • maven: org.eclipse.orbit.bundles:org.kohsuke.args4j:2.33.0-SNAPSHOT   Confidence:HIGH

org.mockito.source_1.8.4.v201303031500.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.mockito.source_1.8.4.v201303031500.jar
MD5: 4bc3cc44f48f17286ee28e14d65b203f
SHA1: b8733fed4cec0cdb1ee56de0ee56ec603214998c

Identifiers

  • None

org.mockito.source_1.9.5.v201605172210.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.mockito.source_1.9.5.v201605172210.jar
MD5: f7f998d1bb6847458ace365b84872cee
SHA1: f5d64785426da0b0bb8743be3660d04ae2344aea

Identifiers

  • None

org.mockito_1.8.4.v201303031500.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.mockito_1.8.4.v201303031500.jar
MD5: e098e48cc92912e9642ae15fdb5ea469
SHA1: 8485c20059af3ec1cb83b95e70f2163184b94281

Identifiers

  • None

org.mockito_1.9.5.v201605172210.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.mockito_1.9.5.v201605172210.jar
MD5: 7b7eded13afc990a340a465e1dd8ac25
SHA1: 0b613587f3f385a30fbee6e86a4d21f4375ca045

Identifiers

  • None

org.mozilla.javascript.source_1.7.5.v201504281450.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.mozilla.javascript.source_1.7.5.v201504281450.jar
MD5: 84af230ee7ee520de165b643f9d369dd
SHA1: 751a5b5968d3c889a1ca99e36b28216015e44423

Identifiers

  • None

org.mozilla.javascript_1.7.5.v201504281450.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.mozilla.javascript_1.7.5.v201504281450.jar
MD5: 7c605a1b0b2d489aec7ed1b4f44ac26f
SHA1: dbd067fe2a3c4caec6326ec366b505b76fe73743

Identifiers

org.objectweb.asm.analysis.source_5.0.1.v201505121915.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.objectweb.asm.analysis.source_5.0.1.v201505121915.jar
MD5: 41f883428ea1e51f654e91e5372369e0
SHA1: 082e0ea5fda45fc143e5b02d0e30e9c6dca2624a

Identifiers

  • None

org.objectweb.asm.analysis_5.0.1.v201505121915.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.objectweb.asm.analysis_5.0.1.v201505121915.jar
MD5: 85776d4eaaa0a789573d87ae58699a0c
SHA1: 1c098098c9e69af1ce7152ff95115534ed7893bc

Identifiers

  • None

org.objectweb.asm.analysis_5.1.0.v20160914-0701.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.objectweb.asm.analysis_5.1.0.v20160914-0701.jar
MD5: da1430e4eaef746ec4acd8b2d8f92aea
SHA1: 852aa649e95e3e89a82c789340558dc967aa6e02

Identifiers

  • maven: org.eclipse.orbit.bundles:org.objectweb.asm.analysis:5.1.0-SNAPSHOT   Confidence:HIGH

org.objectweb.asm.commons.source_5.0.1.v201404251740.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.objectweb.asm.commons.source_5.0.1.v201404251740.jar
MD5: 8bcfea542ecdfb1ad59a25887d1af545
SHA1: 05637de7112dce8df0c907c42e103312e28f977e

Identifiers

  • None

org.objectweb.asm.commons_5.0.1.v201404251740.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.objectweb.asm.commons_5.0.1.v201404251740.jar
MD5: f10276acefa68a3f9b5ea086640b42a9
SHA1: 59bc5cfaa1069766600c3d13924640911911fbaf

Identifiers

  • None

org.objectweb.asm.commons_5.1.0.v20160914-0701.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.objectweb.asm.commons_5.1.0.v20160914-0701.jar
MD5: 2560138749c09ebb0f3658aa3609b423
SHA1: 26d9c1700efa894d05b0d8afbd1054596e3c7a35

Identifiers

  • maven: org.eclipse.orbit.bundles:org.objectweb.asm.commons:5.1.0-SNAPSHOT   Confidence:HIGH

org.objectweb.asm.source_3.3.1.v201105211655.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.objectweb.asm.source_3.3.1.v201105211655.jar
MD5: b0ef2112ce79ee06a996bb92c8d1f551
SHA1: 17757989b6c3a1333592f5addcc9a7281bf92ab6

Identifiers

  • None

org.objectweb.asm.source_4.0.0.v201302062210.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.objectweb.asm.source_4.0.0.v201302062210.jar
MD5: 9e180676508d4b06bfc4f2a7220f7459
SHA1: cf9bfecc86ff6b625369300eae3b58107ebe73f8

Identifiers

  • None

org.objectweb.asm.source_5.0.1.v201404251740.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.objectweb.asm.source_5.0.1.v201404251740.jar
MD5: fa1e33d3ec029d1264afa11f4d1a66e3
SHA1: 8da66cc577a7ef6a9aca263e1f75bf3cbb08c44c

Identifiers

  • None

org.objectweb.asm.tree.source_5.0.1.v201404251740.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.objectweb.asm.tree.source_5.0.1.v201404251740.jar
MD5: ff846d5cf9c7ff4346d7d68b6f58eb48
SHA1: a409bfb3d286fd59ed5b2848d1e8ab2c10147b85

Identifiers

  • None

org.objectweb.asm.tree_5.0.1.v201404251740.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.objectweb.asm.tree_5.0.1.v201404251740.jar
MD5: 6065a48b8631df1406e047aa0507ef73
SHA1: 94a02cf8d6886f798aca7345d5079d149331a7b0

Identifiers

  • None

org.objectweb.asm.tree_5.1.0.v20160914-0701.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.objectweb.asm.tree_5.1.0.v20160914-0701.jar
MD5: f58099df6bda637ca8de2faafcb9eab1
SHA1: 0a5021bd91ad2a250f65f04fda64efa94350d672

Identifiers

  • maven: org.eclipse.orbit.bundles:org.objectweb.asm.tree:5.1.0-SNAPSHOT   Confidence:HIGH

org.objectweb.asm.util.source_5.0.1.v201404251740.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.objectweb.asm.util.source_5.0.1.v201404251740.jar
MD5: 83b14a8adea9e9363863f412def3374b
SHA1: 2afc4222f3e6d7dc1418584cf2d1966cbd43d7c6

Identifiers

  • None

org.objectweb.asm.util_5.0.1.v201404251740.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.objectweb.asm.util_5.0.1.v201404251740.jar
MD5: 2bcd6df013effa5676ce54c28a6e0cc5
SHA1: b83a7fe7b99a9177a5c7b9d0c9662032cab46830

Identifiers

  • None

org.objectweb.asm.util_5.1.0.v20160914-0701.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.objectweb.asm.util_5.1.0.v20160914-0701.jar
MD5: 5cec80f57e49af58c7582d090bd18648
SHA1: 5b899af9c3c29e6e07155a22b453a3887cac9eff

Identifiers

  • maven: org.eclipse.orbit.bundles:org.objectweb.asm.util:5.1.0-SNAPSHOT   Confidence:HIGH

org.objectweb.asm.xml.source_5.0.1.v201404251740.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.objectweb.asm.xml.source_5.0.1.v201404251740.jar
MD5: 3a8644e17f517b986a4114a15c2dfe1c
SHA1: 62ab34918bdc1491625908500dddaccbac78c117

Identifiers

  • None

org.objectweb.asm.xml_5.0.1.v201404251740.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.objectweb.asm.xml_5.0.1.v201404251740.jar
MD5: e9dbe6587fbe7ecb25f5b98d3845785c
SHA1: 102d04f36ee5878f5f4debe0b0b78b1a233be5b0

Identifiers

  • None

org.objectweb.asm.xml_5.1.0.v20160914-0701.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.objectweb.asm.xml_5.1.0.v20160914-0701.jar
MD5: 461877891041e382e2d7e851ac41c210
SHA1: a6a9b24246ea9e3f44d3996ccd0f32f47a3b9f85

Identifiers

  • maven: org.eclipse.orbit.bundles:org.objectweb.asm.xml:5.1.0-SNAPSHOT   Confidence:HIGH

org.objectweb.asm_3.3.1.v201105211655.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.objectweb.asm_3.3.1.v201105211655.jar
MD5: 182964f6b20d7e5beca0c3fccdd411d8
SHA1: c005c97457ddf6d1184eafc680ee132e676e4da6

Identifiers

  • None

org.objectweb.asm_4.0.0.v201302062210.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.objectweb.asm_4.0.0.v201302062210.jar
MD5: a5b357f4fd726f977fdb3501ec74535c
SHA1: f9af9f5585421016ebc993bbbeb72f0228699e15

Identifiers

  • None

org.objectweb.asm_5.0.1.v201404251740.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.objectweb.asm_5.0.1.v201404251740.jar
MD5: dd269c390b993129d21259fc77881b6c
SHA1: ad16298cac645895dc9b5508884c8e6a956b2643

Identifiers

  • None

org.objectweb.asm_5.1.0.v20160914-0701.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.objectweb.asm_5.1.0.v20160914-0701.jar
MD5: bb607a89986b81354f8dbc350631ca8c
SHA1: bfece9c169bf83b0fd4d2a89e9d181bfe5565976

Identifiers

  • maven: org.eclipse.orbit.bundles:org.objectweb.asm:5.1.0-SNAPSHOT   Confidence:HIGH

org.objenesis.source_1.0.0.v201505121915.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.objenesis.source_1.0.0.v201505121915.jar
MD5: 756a64f228a83d9b53598943e93f2707
SHA1: 79abdfdc31605a775106c421dcb0faec8292ca57

Identifiers

  • None

org.objenesis_1.0.0.v201505121915.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.objenesis_1.0.0.v201505121915.jar
MD5: 137712968f11d28f074db566de0bbec6
SHA1: 0472369dd043ca70c486117186b5068830a90449

Identifiers

  • None

org.openid4java_0.9.5.v201105210655.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.openid4java_0.9.5.v201105210655.jar
MD5: dc1151f3c04f65ae5aae35adb2098ee1
SHA1: 9b1326c4fbacb1f57ffddbb17713c7ddc3a2b2b4

Identifiers

CVE-2007-1652  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

OpenID allows remote attackers to forcibly log a user into an OpenID enabled site, divulge the user's personal information to this site, and add it site to the trusted sites list via a crafted web page, related to cached tokens.

Vulnerable Software & Versions:

CVE-2007-1651  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Cross-site request forgery (CSRF) vulnerability in OpenID allows remote attackers to restore the login session of a user on an OpenID enabled site via unspecified vectors related to an arbitrary remote web site and cached tokens, after the user has signed into an OpenID server, logged into the OpenID enabled site, and then logged out of the OpenID enabled site.

Vulnerable Software & Versions:

org.opensaml_1.1.0.v201105210827.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.opensaml_1.1.0.v201105210827.jar
MD5: 4c52ce7f1b2ac54de5cd392489035cc5
SHA1: d2cb4fa0fadb2370254a26c33cea4ccf7b0df6d5

Identifiers

  • None

org.ow2.jotm.jotm-core.source_2.1.9.v201204271116.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.ow2.jotm.jotm-core.source_2.1.9.v201204271116.jar
MD5: 37bcc852d6d88b1d5bc01ed02ffe74bb
SHA1: 1e5309627930b4f1e08cbdf26d3b9933c1d5ac84

Identifiers

  • None

org.ow2.jotm.jotm-core_2.1.9.v201204271116.jar

Description: JOTM: Java Open Transaction Manager - Core

License:

http://www.opensource.org/licenses/bsd-license.php
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.ow2.jotm.jotm-core_2.1.9.v201204271116.jar
MD5: 09271d0021250a05ea1d585c6bb0a2d3
SHA1: 23260bf87df96b5b177df03142d7e82291b4bb05

Identifiers

  • None

org.prefuse.source_0.1.0.v20100514-1000.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.prefuse.source_0.1.0.v20100514-1000.jar
MD5: 0d94fe45bb6876ae0c6b82cbbf0880ef
SHA1: 7c09ff5b5e82de496c9bbe7e950b37c18d8c2ca2

Identifiers

  • None

org.prefuse_0.1.0.v20100514-1000.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.prefuse_0.1.0.v20100514-1000.jar
MD5: aae38622004228c7a04191d5018e983a
SHA1: 480b9bb6d8d78b939868c0b75574162d4781c241

Identifiers

  • None

org.pushingpixels.trident.source_1.2.0.v201305152020.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.pushingpixels.trident.source_1.2.0.v201305152020.jar
MD5: 67b9ed045489cccd5757792ad63db7e6
SHA1: 18ec2153aed5bc0329c6b6036e98b6edb8309599

Identifiers

  • None

org.pushingpixels.trident_1.2.0.v201305152020.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.pushingpixels.trident_1.2.0.v201305152020.jar
MD5: 20187217dd9eebc81504cf891f29439e
SHA1: 47e6cfec5038a4d295463e715d7cab625bca67d3

Identifiers

  • None

org.quartz.source_1.8.3.v20110329-1420.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.quartz.source_1.8.3.v20110329-1420.jar
MD5: fb9c638de35e9be32a55090ec17d427b
SHA1: a0e344e328bf82a5b14ead1ba85a817fae593cbc

Identifiers

  • None

org.quartz_1.8.3.v20110329-1420.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.quartz_1.8.3.v20110329-1420.jar
MD5: b748d1491026b7e2355d9ba1e080ed22
SHA1: 979f3612aa8636737fcb1a711ef29bf09e2266fc

Identifiers

  • None

org.restlet_2.0.5.v201605172130.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.restlet_2.0.5.v201605172130.jar
MD5: b9fa4f04de100869f5c13ff99a37b50f
SHA1: 147ae6c6164466cfa4ee99d05925f86564e1382a

Identifiers

  • cpe: cpe:/a:restlet:restlet:2.0.5.v20160517   Confidence:LOW   

CVE-2013-4271  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221.

Vulnerable Software & Versions: (show all)

CVE-2013-4221  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-16 Configuration

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.

Vulnerable Software & Versions: (show all)

org.sat4j.core_2.3.5.v201308161310.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.sat4j.core_2.3.5.v201308161310.jar
MD5: 68c313891b898e533b2fbfe93f378665
SHA1: 90eae8914dbcca97b1485bdb635e2a33e35162a4

Identifiers

  • None

org.sat4j.pb_2.3.5.v201404071733.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.sat4j.pb_2.3.5.v201404071733.jar
MD5: a9b8b746882d41798a8e9c4c83c12873
SHA1: 1fc4ae7ac4a3d4da3d1c6f79250f809c4d530d9e

Identifiers

  • None

org.slf4j.api.source_1.7.2.v20121108-1250.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.slf4j.api.source_1.7.2.v20121108-1250.jar
MD5: cd061c55603b46603dea326a447e7757
SHA1: b01f33c3218216969eae3831bb99890bca837809

Identifiers

  • None

org.slf4j.api_1.7.10.v20160921-1923.jar

Description: The slf4j API

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.slf4j.api_1.7.10.v20160921-1923.jar
MD5: 427741360e4972bbfb8028bfb84988ec
SHA1: 922bf3fbc477582907be3be7505041f4dde474db

Identifiers

  • maven: org.eclipse.orbit.bundles:org.slf4j.api:1.7.10-SNAPSHOT   Confidence:HIGH

org.slf4j.api_1.7.2.v20121108-1250.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.slf4j.api_1.7.2.v20121108-1250.jar
MD5: 9d986345d5b6e89ec1dbec445db8abc6
SHA1: 2f5f81841831760144edd80243ecdcf65dc4e2f4

Identifiers

  • None

org.slf4j.apis.jcl_1.7.10.v20160208-0839.jar

Description: JCL 1.1.1 implemented over SLF4J

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.slf4j.apis.jcl_1.7.10.v20160208-0839.jar
MD5: b05b0cc2e9af986a3bb795321f7de0c0
SHA1: 3074da7236e834c01aa3374bcbdd4a846eee4ba6

Identifiers

  • maven: org.eclipse.orbit.bundles:org.slf4j.apis.jcl:1.7.10-SNAPSHOT   Confidence:HIGH

org.slf4j.apis.log4j_1.7.10.v20160208-0839.jar

Description: Log4j implemented over SLF4J

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.slf4j.apis.log4j_1.7.10.v20160208-0839.jar
MD5: d980828705391422ff655626fe939b6c
SHA1: cf8806401bad25d21e608a5252b5a8997b245788

Identifiers

  • maven: org.eclipse.orbit.bundles:org.slf4j.apis.log4j:1.7.10-SNAPSHOT   Confidence:HIGH

org.slf4j.binding.nop_1.7.10.v20160301-1109.jar

Description: SLF4J NOP Binding

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.slf4j.binding.nop_1.7.10.v20160301-1109.jar
MD5: 7ed5be468ff7b9dae4fece4189e17b8b
SHA1: b91efba28feee8e37db1d8686bb953cabe66661e

Identifiers

  • maven: org.eclipse.orbit.bundles:org.slf4j.binding.nop:1.7.10-SNAPSHOT   Confidence:HIGH

org.slf4j.binding.simple_1.7.10.v20160301-1109.jar

Description: SLF4J Simple binding

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.slf4j.binding.simple_1.7.10.v20160301-1109.jar
MD5: c6c3145c4927758c2fdbf59e086d0c4c
SHA1: 8c618d97a6cc0e7d0fe76b206d834cea2c03cf7d

Identifiers

  • maven: org.eclipse.orbit.bundles:org.slf4j.binding.simple:1.7.10-SNAPSHOT   Confidence:HIGH

org.slf4j.bridge.jul_1.7.10.v20160208-0839.jar

Description: JUL to SLF4J bridge

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.slf4j.bridge.jul_1.7.10.v20160208-0839.jar
MD5: acbe00dc989255968eea76615606ed66
SHA1: 695c5520af6b307a3201e06a80b8f9d51da3bc4e

Identifiers

  • maven: org.eclipse.orbit.bundles:org.slf4j.bridge.jul:1.7.10-SNAPSHOT   Confidence:HIGH

org.slf4j.ext.source_1.7.2.v20121108-1250.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.slf4j.ext.source_1.7.2.v20121108-1250.jar
MD5: e457f60ea266e91cf89359c28c9f8b82
SHA1: bc57f598424299139fa849cae0942a07c5d72756

Identifiers

  • None

org.slf4j.ext_1.7.10.v20160208-0839.jar

Description: Extensions to the SLF4J API

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.slf4j.ext_1.7.10.v20160208-0839.jar
MD5: bc3eb18ef58dc2318111d3a492faa9f9
SHA1: ef0f9f303954c342f14cedefbbe1b7e729094ba8

Identifiers

  • maven: org.eclipse.orbit.bundles:org.slf4j.ext:1.7.10-SNAPSHOT   Confidence:HIGH

org.slf4j.ext_1.7.2.v20121108-1250.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.slf4j.ext_1.7.2.v20121108-1250.jar
MD5: 6d53e490e514c5b0e006fa061e7ae536
SHA1: 31bf731feced8ea8c6a9e579e07cf9f2ce4ee07e

Identifiers

  • None

org.slf4j.impl.log4j12.source_1.7.2.v20131105-2200.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.slf4j.impl.log4j12.source_1.7.2.v20131105-2200.jar
MD5: 41c9c2d27ba74c417de75e4d761e1e11
SHA1: ee3cefe0b9642b15ebe0521504e7c420fff1a188

Identifiers

  • None

org.slf4j.impl.log4j12_1.7.2.v20131105-2200.jar

Description: %Bundle-Description

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.slf4j.impl.log4j12_1.7.2.v20131105-2200.jar
MD5: 73f16e60c8979fcb837cf7d1f56bbca1
SHA1: 5acc42eb6129994e87c9458c94b758b0f5d96fc5

Identifiers

  • None

org.slf4j.jcl.source_1.7.2.v20130115-1340.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.slf4j.jcl.source_1.7.2.v20130115-1340.jar
MD5: d4f8c463dc0e909ef882d8684342765a
SHA1: 84172bebee61ca57b3fd582af7abf04a8a0b12d3

Identifiers

  • None

org.slf4j.jcl_1.7.2.v20130115-1340.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.slf4j.jcl_1.7.2.v20130115-1340.jar
MD5: 9c407c0456cc505904e2e28d2da17e72
SHA1: 9495278020a8791aafdbddf7e44868358703929c

Identifiers

  • None

org.slf4j.jul.source_1.7.2.v20121108-1250.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.slf4j.jul.source_1.7.2.v20121108-1250.jar
MD5: d0653c91130f890ca819c041d3742e1a
SHA1: e70f477cebd92c7b1569e7ecfdbaae1a23fac568

Identifiers

  • None

org.slf4j.jul_1.7.2.v20121108-1250.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.slf4j.jul_1.7.2.v20121108-1250.jar
MD5: 6e47f6c051fee6356fd31575f934e2fe
SHA1: b7442d83ee3556f5a64459145ced78efe5f2092c

Identifiers

  • None

org.slf4j.log4j.source_1.7.2.v20130115-1340.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.slf4j.log4j.source_1.7.2.v20130115-1340.jar
MD5: 88f79ea3f4d93f9cc91479fef9a6a369
SHA1: cf25379fc0a662bf64e87ec1d62ad7c1c7d23459

Identifiers

  • None

org.slf4j.log4j_1.7.2.v20130115-1340.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.slf4j.log4j_1.7.2.v20130115-1340.jar
MD5: 569a8936301e9c7e406878e61e8ed9fc
SHA1: 86d7fb0631b81b3819c2608a95d931156052625a

Identifiers

  • None

org.slf4j.nop.source_1.7.2.v201212060727.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.slf4j.nop.source_1.7.2.v201212060727.jar
MD5: d02a81e70b5bd7b4916450e1fe6388dd
SHA1: 826a81155c4b7deafa3328fef69a0655fc07489f

Identifiers

  • None

org.slf4j.nop_1.7.2.v201212060727.jar

Description: The slf4j NOP binding

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.slf4j.nop_1.7.2.v201212060727.jar
MD5: 96700a80c0fba00cb7cf470a1d813009
SHA1: 77cc4c32fa75fa84bf4c528392dcc1db2e5ac971

Identifiers

  • None

org.swtchart.source_0.10.0.v201605200358.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.swtchart.source_0.10.0.v201605200358.jar
MD5: b3a0fe54b8f68948aa5a19e8b35b5809
SHA1: 63cfb473127a4c14346a5a5fe29285bf01c0878d

Identifiers

  • None

org.swtchart_0.10.0.v201605200358.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.swtchart_0.10.0.v201605200358.jar
MD5: efe4093c0acf55b175df004995c13f3e
SHA1: 21807ad9a0d0e3c31c8c06702501ef1ecfc5aed6

Identifiers

  • None

org.swtchart_0.7.0.v201201201914.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.swtchart_0.7.0.v201201201914.jar
MD5: b5d82d4b224fe8e08d61dfc3c3be3ccd
SHA1: e8f0c86f68eaefe3b90c49038b535ae5a28378f8

Identifiers

  • None

org.tukaani.xz.source_1.3.0.v201308270617.jar

Description: %pluginDescription

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.tukaani.xz.source_1.3.0.v201308270617.jar
MD5: 0ddb6fe0623d2daf4ddd930601a17104
SHA1: 52b1a493979c8903773c9d433c4089ce6424a1f6

Identifiers

  • None

org.tukaani.xz_1.3.0.v201308270617.jar

Description: %pluginDescription

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.tukaani.xz_1.3.0.v201308270617.jar
MD5: 2616b60b6bd9511845a132d8e74ea44c
SHA1: e45a23c1d3ef0dd7388c399679c0082f2abc3002

Identifiers

  • None

org.uddi4j_2.0.5.v200805270300.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.uddi4j_2.0.5.v200805270300.jar
MD5: 3ff2e2242fc056e02b74f5d06da330b8
SHA1: f82415e85ca510fd17f882268254eeef2a080c26

Identifiers

  • None

org.w3c.css.sac.source_1.3.1.v200903091627.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.w3c.css.sac.source_1.3.1.v200903091627.jar
MD5: 3816e351357e8135c26c50448c7168a4
SHA1: c06d3da9f224dea2e27d6003c3459b829d845858

Identifiers

  • None

org.w3c.css.sac_1.3.1.v200903091627.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.w3c.css.sac_1.3.1.v200903091627.jar
MD5: 72902273245b11d21039de8c10398844
SHA1: 8a9501900c6ed5d6da577bf9e947011319c8e512

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

org.w3c.dom.events.source_3.0.0.draft20060413_v201105210656.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.w3c.dom.events.source_3.0.0.draft20060413_v201105210656.jar
MD5: 6ae4ce39ef3cf3563b310bfb26691756
SHA1: 1ab3a58ff9821ddc297a3fa64cdb3dbe6d21b25b

Identifiers

  • None

org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar
MD5: f78c10bd77b8c842cae88e8988378e23
SHA1: 381ff9d23c3d8d92b420ea84e22dbeb0c6fe20d4

Identifiers

org.w3c.dom.smil.source_1.0.0.v200806040011.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.w3c.dom.smil.source_1.0.0.v200806040011.jar
MD5: fc9b57032f85f0994de41981782ce9a8
SHA1: c52575a1dc402d01bb335ebdb4c52b517a1b2514

Identifiers

  • None

org.w3c.dom.smil.source_1.0.1.v200903091627.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.w3c.dom.smil.source_1.0.1.v200903091627.jar
MD5: 2cbfa2bed2f7b9f6e166140d09fd152f
SHA1: e924a56dcf8a1a902fc7eaa30365d5f7ba00c05c

Identifiers

  • None

org.w3c.dom.smil_1.0.0.v200806040011.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.w3c.dom.smil_1.0.0.v200806040011.jar
MD5: 137595d7edcba253b5b8af421e16ffe3
SHA1: 63ca75c855983921cd4a144d245918b313f6f4bb

Identifiers

  • None

org.w3c.dom.smil_1.0.1.v200903091627.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.w3c.dom.smil_1.0.1.v200903091627.jar
MD5: d0cb07071fce017bdf9be03406045479
SHA1: f2cdae95dfa7ea447d29a83588e60bc7154c31df

Identifiers

  • None

org.w3c.dom.svg.source_1.1.0.v201011041433.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.w3c.dom.svg.source_1.1.0.v201011041433.jar
MD5: 6aabdcd59c4b33067bebee3bf6276702
SHA1: 4c162f68476473ab5051d41a320303d588692dc5

Identifiers

  • None

org.w3c.dom.svg_1.1.0.v201011041433.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.w3c.dom.svg_1.1.0.v201011041433.jar
MD5: 82e4a20bab6cb9ca8324defc887bc8a6
SHA1: ea6041ad2cce77784d6b33e0ce01dacd4f545b28

Identifiers

  • None

org.xbill.dns.source_2.0.8.v201112050911.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.xbill.dns.source_2.0.8.v201112050911.jar
MD5: 5fc57177912343614aed05b907c8336d
SHA1: 6e685630536c8f9390ab2197b98ac23c5148ebcf

Identifiers

  • None

org.xbill.dns_2.0.8.v201112050911.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.xbill.dns_2.0.8.v201112050911.jar
MD5: f95a9c1e6e08afa8ab3d5e2d3af8b3a4
SHA1: da5edc544008e6fcc7416e63a0ab74435206cf35

Identifiers

  • None

org.xmlpull_1.1.3.4_v201201052148.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.xmlpull_1.1.3.4_v201201052148.jar
MD5: c05f2ccaf97b0b046ea783e76a033829
SHA1: 478efaae9e5d55c27211e702a2e5d5fed6006219

Identifiers

  • None

org.yaml.snakeyaml_1.14.0.v201604211500.jar

Description: YAML 1.1 parser and emitter for Java

License:

Apache License Version 2.0: LICENSE.txt
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/org.yaml.snakeyaml_1.14.0.v201604211500.jar
MD5: 9b5d43920782363d7dc51f200c727a80
SHA1: a18ecce3dfb89e53f3d3df4b20a9d26d9ece8c41

Identifiers

  • maven: org.yaml:snakeyaml:1.14   Confidence:HIGH

osgi.enterprise.source_4.2.0.v201108120515.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/osgi.enterprise.source_4.2.0.v201108120515.jar
MD5: 157a8bf1dfa8ac93ff7cf59cff8867a4
SHA1: 51cdd7893f17897a971fbb26df50fbc7e87eac35

Identifiers

  • None

osgi.enterprise_4.2.0.v201108120515.jar

Description: OSGi Service Platform Release 4 Version 4.2, Enterprise Interfaces and Classes for use in compiling bundles.

License:

http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/osgi.enterprise_4.2.0.v201108120515.jar
MD5: a11bd877127c7a25f6200eb86cdfc9a0
SHA1: aa86678e5f47d26eae4bdc9ea51e9cc83236253b

Identifiers

  • None

scannotation.source_1.0.2.v201205170710.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/scannotation.source_1.0.2.v201205170710.jar
MD5: 5a42b32e1e73065fe4077d7527573a58
SHA1: fa53b2a7b66d0b9de2ad45d7260948cccd831461

Identifiers

  • None

scannotation_1.0.2.v201205170710.jar

File Path: /home/rgrunberg/git/orbit-recipes/releng/vulnerability-check/target/repository/plugins/scannotation_1.0.2.v201205170710.jar
MD5: 5784c9b6238369a0d4f2bf8693115020
SHA1: 7ee0bdbbf3daecd3307def546e31df36d71de3af

Identifiers

  • None


This report contains data retrieved from the National Vulnerability Database.