Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 1.4.3
Report Generated On: Oct 19, 2018 at 21:03:45 CEST
Dependencies Scanned: 56 (54 unique)
Vulnerable Dependencies: 5
Vulnerabilities Found: 6
Vulnerabilities Suppressed: 0
...
NVD CVE 2002: 19/10/2018 10:05:08
NVD CVE 2003: 19/10/2018 10:02:40
NVD CVE 2004: 19/10/2018 10:01:56
NVD CVE 2005: 19/10/2018 10:00:37
NVD CVE 2006: 19/10/2018 09:58:25
NVD CVE 2007: 19/10/2018 09:55:04
NVD CVE 2008: 19/10/2018 09:51:53
NVD CVE 2009: 19/10/2018 09:48:16
NVD CVE 2010: 19/10/2018 09:45:17
NVD CVE 2011: 19/10/2018 09:41:18
NVD CVE 2012: 19/10/2018 09:36:05
NVD CVE 2013: 19/10/2018 09:32:39
NVD CVE 2014: 19/10/2018 09:29:11
NVD CVE 2015: 19/10/2018 09:25:12
NVD CVE 2016: 19/10/2018 09:21:05
NVD CVE 2017: 19/10/2018 09:15:52
NVD CVE 2018: 19/10/2018 09:05:28
NVD CVE Checked: 19/10/2018 21:00:21
NVD CVE Modified: 19/10/2018 20:07:11
VersionCheckOn: 1483308396144

Display: Showing Vulnerable Dependencies (click to show all)

Dependency	CPE	GAV	Highest Severity	CVE Count	CPE Confidence	Evidence Count
backport-util-concurrent-3.1.jar		backport-util-concurrent:backport-util-concurrent:3.1		0		13
classworlds-1.1.jar		classworlds:classworlds:1.1		0		14
jsr305-3.0.1.jar		com.google.code.findbugs:jsr305:3.0.1		0		13
jsch-0.1.38.jar	cpe:/a:jcraft:jsch:0.1.38	com.jcraft:jsch:0.1.38	Medium	1	LOW	12
commons-cli-1.2.jar		commons-cli:commons-cli:1.2		0		22
commons-codec-1.2.jar		commons-codec:commons-codec:1.2		0		14
commons-httpclient-3.0.jar	cpe:/a:apache:commons-httpclient:3.0 cpe:/a:apache:httpclient:3.0	commons-httpclient:commons-httpclient:3.0	Medium	1	HIGHEST	15
commons-lang-2.3.jar		commons-lang:commons-lang:2.3		0		16
nekohtml-1.9.6.2.jar		nekohtml:nekohtml:1.9.6.2		0		11
xercesMinimal-1.9.6.2.jar		nekohtml:xercesMinimal:1.9.6.2		0		8
jackrabbit-webdav-1.5.0.jar	cpe:/a:apache:jackrabbit:1.5.0	org.apache.jackrabbit:jackrabbit-webdav:1.5.0	Medium	2	HIGHEST	13
doxia-logging-api-1.1.jar		org.apache.maven.doxia:doxia-logging-api:1.1		0		16
doxia-sink-api-1.1.jar		org.apache.maven.doxia:doxia-sink-api:1.1		0		16
enforcer-api-1.4.1.jar		org.apache.maven.enforcer:enforcer-api:1.4.1		0		16
enforcer-rules-1.4.1.jar		org.apache.maven.enforcer:enforcer-rules:1.4.1		0		16
maven-artifact-manager-2.2.1.jar		org.apache.maven:maven-artifact-manager:2.2.1		0		15
maven-artifact-2.2.1.jar		org.apache.maven:maven-artifact:2.2.1		0		15
maven-core-2.2.1.jar	cpe:/a:apache:maven:2.2.1	org.apache.maven:maven-core:2.2.1		0	LOW	15
maven-error-diagnostics-2.2.1.jar		org.apache.maven:maven-error-diagnostics:2.2.1		0		16
maven-model-2.2.1.jar		org.apache.maven:maven-model:2.2.1		0		16
maven-monitor-2.2.1.jar		org.apache.maven:maven-monitor:2.2.1		0		15
maven-plugin-api-2.0.9.jar		org.apache.maven:maven-plugin-api:2.0.9		0		15
maven-plugin-descriptor-2.2.1.jar		org.apache.maven:maven-plugin-descriptor:2.2.1		0		15
maven-plugin-parameter-documenter-2.2.1.jar		org.apache.maven:maven-plugin-parameter-documenter:2.2.1		0		15
maven-plugin-registry-2.2.1.jar		org.apache.maven:maven-plugin-registry:2.2.1		0		15
maven-profile-2.2.1.jar		org.apache.maven:maven-profile:2.2.1		0		15
maven-project-2.2.1.jar		org.apache.maven:maven-project:2.2.1		0		16
maven-repository-metadata-2.2.1.jar		org.apache.maven:maven-repository-metadata:2.2.1		0		16
maven-settings-2.2.1.jar		org.apache.maven:maven-settings:2.2.1		0		15
maven-reporting-api-2.2.1.jar		org.apache.maven.reporting:maven-reporting-api:2.2.1		0		15
maven-common-artifact-filters-1.4.jar		org.apache.maven.shared:maven-common-artifact-filters:1.4		0		17
maven-dependency-tree-2.2.jar		org.apache.maven.shared:maven-dependency-tree:2.2		0		17
wagon-file-1.0-beta-6.jar		org.apache.maven.wagon:wagon-file:1.0-beta-6		0		16
wagon-http-lightweight-1.0-beta-6.jar		org.apache.maven.wagon:wagon-http-lightweight:1.0-beta-6		0		16
wagon-http-shared-1.0-beta-6.jar		org.apache.maven.wagon:wagon-http-shared:1.0-beta-6		0		16
wagon-http-1.0-beta-6.jar		org.apache.maven.wagon:wagon-http:1.0-beta-6		0		16
wagon-provider-api-1.0-beta-6.jar		org.apache.maven.wagon:wagon-provider-api:1.0-beta-6		0		16
wagon-ssh-common-1.0-beta-6.jar		org.apache.maven.wagon:wagon-ssh-common:1.0-beta-6		0		15
wagon-ssh-external-1.0-beta-6.jar		org.apache.maven.wagon:wagon-ssh-external:1.0-beta-6		0		16
wagon-ssh-1.0-beta-6.jar		org.apache.maven.wagon:wagon-ssh:1.0-beta-6		0		15
wagon-webdav-jackrabbit-1.0-beta-6.jar	cpe:/a:apache:jackrabbit:1.0	org.apache.maven.wagon:wagon-webdav-jackrabbit:1.0-beta-6	Medium	1	LOW	16
bsh-2.0b4.jar		org.beanshell:bsh:2.0b4		0		14
plexus-component-annotations-1.5.5.jar		org.codehaus.plexus:plexus-component-annotations:1.5.5		0		14
plexus-container-default-1.5.5.jar		org.codehaus.plexus:plexus-container-default:1.5.5		0		13
plexus-i18n-1.0-beta-6.jar		org.codehaus.plexus:plexus-i18n:1.0-beta-6		0		16
plexus-interactivity-api-1.0-alpha-4.jar		org.codehaus.plexus:plexus-interactivity-api:1.0-alpha-4		0		13
plexus-interpolation-1.11.jar		org.codehaus.plexus:plexus-interpolation:1.11		0		13
plexus-utils-3.0.24.jar		org.codehaus.plexus:plexus-utils:3.0.24		0		14
aether-util-0.9.0.M2.jar		org.eclipse.aether:aether-util:0.9.0.M2		0		15
jcl-over-slf4j-1.5.6.jar	cpe:/a:slf4j:slf4j:1.5.6	org.slf4j:jcl-over-slf4j:1.5.6		0	LOW	18
slf4j-api-1.5.6.jar	cpe:/a:slf4j:slf4j:1.5.6	org.slf4j:slf4j-api:1.5.6		0	LOW	18
slf4j-nop-1.5.3.jar	cpe:/a:slf4j:slf4j:1.5.3	org.slf4j:slf4j-nop:1.5.3		0	LOW	18
plexus-cipher-1.4.jar		org.sonatype.plexus:plexus-cipher:1.4		0		15
plexus-sec-dispatcher-1.3.jar	cpe:/a:sec_project:sec:1.3	org.sonatype.plexus:plexus-sec-dispatcher:1.3	Medium	1	LOW	15

Dependencies

backport-util-concurrent-3.1.jar

Description: Dawid Kurzyniec's backport of JSR 166

License:

Public Domain: http://creativecommons.org/licenses/publicdomain

File Path: /home/mikkoi/.m2/repository/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.jar
MD5: 748bb0cbf4780b2e3121dc9c12e10cd9
SHA1: 682f7ac17fed79e92f8e87d8455192b63376347b
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	backport-util-concurrent
file	version	3.1
jar	package name	backport
jar	package name	edu
jar	package name	emory
jar	package name	mathcs
pom	artifactid	backport-util-concurrent
pom	description	Dawid Kurzyniec's backport of JSR 166
pom	groupid	backport-util-concurrent
pom	name	Backport of JSR 166
pom	organization name	http://www.mathcs.emory.edu/~dawidk/
pom	url	http://backport-jsr166.sourceforge.net/
pom	version	3.1

Identifiers

maven: backport-util-concurrent:backport-util-concurrent:3.1 Confidence:HIGH

classworlds-1.1.jar

File Path: /home/mikkoi/.m2/repository/classworlds/classworlds/1.1/classworlds-1.1.jar
MD5: c20629baa65f1f2948b37aa393b0310b
SHA1: 60c708f55deeb7c5dfce8a7886ef09cbc1388eca
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	classworlds
file	version	1.1
Manifest	extension-name	classworlds
Manifest	Implementation-Title	org.codehaus.classworlds
Manifest	Implementation-Vendor	The Codehaus
Manifest	Implementation-Version	1.1
Manifest	specification-title	classworlds: Java(tm) ClassLoader Management F...
Manifest	specification-vendor	The Codehaus
pom	artifactid	classworlds
pom	groupid	classworlds
pom	name	classworlds
pom	organization name	http://codehaus.org/
pom	url	http://classworlds.codehaus.org/
pom	version	1.1

Identifiers

maven: classworlds:classworlds:1.1 Confidence:HIGH

jsr305-3.0.1.jar

Description: JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/mikkoi/.m2/repository/com/google/code/findbugs/jsr305/3.0.1/jsr305-3.0.1.jar
MD5: c6532beb3f7cc54a8d73d25d5602b9e4
SHA1: f7be08ec23c21485b9b5a1cf1654c2ec8c58168d
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:provided

Evidence

Source	Name	Value
file	name	jsr305
file	version	3.0.1
manifest	Bundle-Description	JSR305 Annotations for Findbugs
Manifest	Bundle-Name	FindBugs-jsr305
Manifest	bundle-symbolicname	org.jsr-305
Manifest	Bundle-Version	3.0.1
pom	artifactid	jsr305
pom	description	JSR305 Annotations for Findbugs
pom	groupid	com.google.code.findbugs
pom	groupid	google.code.findbugs
pom	name	FindBugs-jsr305
pom	url	http://findbugs.sourceforge.net/
pom	version	3.0.1

Identifiers

maven: com.google.code.findbugs:jsr305:3.0.1 Confidence:HIGH

jsch-0.1.38.jar

Description: JSch is a pure Java implementation of SSH2

License:

BSD: http://www.jcraft.com/jsch/LICENSE.txt

File Path: /home/mikkoi/.m2/repository/com/jcraft/jsch/0.1.38/jsch-0.1.38.jar
MD5: 07828623a79ab4b59c33e6ace5814299
SHA1: 0677f7038dd5c8d5d687c558d09c124f820a8fd5
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	jsch
file	version	0.1.38
jar	package name	jcraft
jar	package name	jsch
pom	artifactid	jsch
pom	description	JSch is a pure Java implementation of SSH2
pom	groupid	com.jcraft
pom	groupid	jcraft
pom	name	JSch
pom	organization name	http://www.jcraft.com/jsch
pom	url	http://www.jcraft.com/jsch/
pom	version	0.1.38

Identifiers

maven: com.jcraft:jsch:0.1.38 Confidence:HIGH
cpe: cpe:/a:jcraft:jsch:0.1.38 Confidence:LOW

Published Vulnerabilities

CVE-2016-5725

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.

BID - 93100
CONFIRM - http://www.jcraft.com/jsch/ChangeLog
EXPLOIT-DB - 40411
FULLDISC - 20160921 CVE-2016-5725 - JCraft/JSch Java Secure Channel <= 0.1.53 recursive sftp-get path traversal (client-side, windows)
MISC - http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html
MISC - https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725
REDHAT - RHSA-2017:3115

Vulnerable Software & Versions:

cpe:/a:jcraft:jsch:0.1.53 and all previous versions

commons-cli-1.2.jar

Description: Commons CLI provides a simple API for presenting, processing and validating a command line interface.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/mikkoi/.m2/repository/commons-cli/commons-cli/1.2/commons-cli-1.2.jar
MD5: bfdcae1ff93f0c07d733f03bdce28c9e
SHA1: 2bf96b7aa8b611c177d329452af1dc933e14501c
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	commons-cli
file	version	1.2
manifest	Bundle-Description	Commons CLI provides a simple API for presenting, processing and validating a command line interface.
Manifest	bundle-docurl	http://commons.apache.org/cli/
Manifest	Bundle-Name	Commons CLI
Manifest	bundle-symbolicname	org.apache.commons.cli
Manifest	Bundle-Version	1.2
Manifest	Implementation-Title	Commons CLI
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	1.2
Manifest	specification-title	Commons CLI
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	commons-cli
pom	description	Commons CLI provides a simple API for presenting, processing and validating a command line interface.
pom	groupid	commons-cli
pom	name	Commons CLI
pom	parent-artifactid	commons-parent
pom	parent-groupid	org.apache.commons
pom	parent-version	1.2
pom	url	http://commons.apache.org/cli/
pom	version	1.2

Identifiers

maven: commons-cli:commons-cli:1.2 Confidence:HIGH

commons-codec-1.2.jar

Description: The codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

File Path: /home/mikkoi/.m2/repository/commons-codec/commons-codec/1.2/commons-codec-1.2.jar
MD5: 2617b220009f952bb9542af167d040cf
SHA1: 397f4731a9f9b6eb1907e224911c77ea3aa27a8b
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:runtime

Evidence

Source	Name	Value
file	name	commons-codec
file	version	1.2
Manifest	extension-name	org.apache.commons.codec.*
Manifest	Implementation-Title	org.apache.commons.codec.*
Manifest	Implementation-Vendor	Apache Software Foundation
Manifest	Implementation-Vendor-Id
Manifest	Implementation-Version	1.2
Manifest	specification-title	Jakarta Commons Codec
Manifest	specification-vendor	Apache Software Foundation
pom	artifactid	commons-codec
pom	description	The codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
pom	groupid	commons-codec
pom	name	Codec
pom	version	1.2

Identifiers

maven: commons-codec:commons-codec:1.2 Confidence:HIGH

commons-httpclient-3.0.jar

Description: The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.

License:

Apache License: http://www.apache.org/licenses/LICENSE-2.0

File Path: /home/mikkoi/.m2/repository/commons-httpclient/commons-httpclient/3.0/commons-httpclient-3.0.jar
MD5: cd69c70d6c078f4340bd5e867ec6f1b6
SHA1: 336a280d178bb957e5233189f0f32e067366c4e5
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:runtime

Evidence

Source	Name	Value
file	name	commons-httpclient
file	version	3.0
Manifest	extension-name	commons-httpclient
Manifest	Implementation-Title	org.apache.commons.httpclient
Manifest	Implementation-Vendor	Apache Software Foundation
Manifest	Implementation-Version	3.0
Manifest	specification-title	Jakarta Commons HttpClient
Manifest	specification-vendor	Apache Software Foundation
pom	artifactid	commons-httpclient
pom	description	The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.
pom	groupid	commons-httpclient
pom	name	HttpClient
pom	organization name	http://jakarta.apache.org/
pom	url	http://jakarta.apache.org/commons/httpclient/
pom	version	3.0

Identifiers

maven: commons-httpclient:commons-httpclient:3.0 Confidence:HIGH
cpe: cpe:/a:apache:commons-httpclient:3.0 Confidence:HIGHEST
cpe: cpe:/a:apache:httpclient:3.0 Confidence:LOW

Published Vulnerabilities

CVE-2012-5783

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

BID - 58073
CONFIRM - https://issues.apache.org/jira/browse/HTTPCLIENT-1265
MISC - http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
REDHAT - RHSA-2013:0270
REDHAT - RHSA-2013:0679
REDHAT - RHSA-2013:0680
REDHAT - RHSA-2013:0681
REDHAT - RHSA-2013:0682
REDHAT - RHSA-2013:1147
REDHAT - RHSA-2013:1853
REDHAT - RHSA-2014:0224
REDHAT - RHSA-2017:0868
SUSE - openSUSE-SU-2013:0354
SUSE - openSUSE-SU-2013:0622
SUSE - openSUSE-SU-2013:0623
SUSE - openSUSE-SU-2013:0638
UBUNTU - USN-2769-1
XF - apache-commons-ssl-spoofing(79984)

Vulnerable Software & Versions: (show all)

commons-lang-2.3.jar

Description: Commons.Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

The Apache Software License, Version 2.0: /LICENSE.txt

File Path: /home/mikkoi/.m2/repository/commons-lang/commons-lang/2.3/commons-lang-2.3.jar
MD5: dcdcbb47176603907c9f79a1349193eb
SHA1: 0eecdac8c86bc84b4bdfc24371ba8c785a1fc552
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	commons-lang
file	version	2.3
Manifest	extension-name	commons-lang
Manifest	Implementation-Title	Commons Lang
Manifest	Implementation-Vendor	Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	2.3
Manifest	specification-title	Commons Lang
Manifest	specification-vendor	Apache Software Foundation
pom	artifactid	commons-lang
pom	description	Commons.Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.
pom	groupid	commons-lang
pom	name	Lang
pom	organization name	http://jakarta.apache.org
pom	url	http://jakarta.apache.org/commons/lang/
pom	version	2.3

Identifiers

maven: commons-lang:commons-lang:2.3 Confidence:HIGH

nekohtml-1.9.6.2.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/mikkoi/.m2/repository/nekohtml/nekohtml/1.9.6.2/nekohtml-1.9.6.2.jar
MD5: b27e7cb1391fe7a24273df7a969cf9e9
SHA1: 2d960be7b62ae6622dbbbe49ab4ffdc609f85c80
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	nekohtml
file	version	1.9.6.2
manifest: org/cyberneko/html/	Implementation-Title	CyberNeko HTML Parser
manifest: org/cyberneko/html/	Implementation-Vendor	Andy Clark
manifest: org/cyberneko/html/	Implementation-Version	1.9.6.2
manifest: org/cyberneko/html/	Specification-Title	Hyper-Text Markup Language (HTML)
pom	artifactid	nekohtml
pom	groupid	nekohtml
pom	name	Neko HTML
pom	url	http://nekohtml.sourceforge.net/
pom	version	1.9.6.2

Identifiers

maven: nekohtml:nekohtml:1.9.6.2 Confidence:HIGH

xercesMinimal-1.9.6.2.jar

File Path: /home/mikkoi/.m2/repository/nekohtml/xercesMinimal/1.9.6.2/xercesMinimal-1.9.6.2.jar
MD5: 798acf6fded21b391b7bae0d079a5635
SHA1: 0d1c5e063683a0e6f77cd5f051a9d4af48346fa6
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	xercesMinimal
file	version	1.9.6.2
jar	package name	apache
jar	package name	xerces
jar	package name	xni
pom	artifactid	xercesMinimal
pom	groupid	nekohtml
pom	version	1.9.6.2

Identifiers

maven: nekohtml:xercesMinimal:1.9.6.2 Confidence:HIGH

jackrabbit-webdav-1.5.0.jar

Description: WebDAV library used by the Jackrabbit WebDAV support

File Path: /home/mikkoi/.m2/repository/org/apache/jackrabbit/jackrabbit-webdav/1.5.0/jackrabbit-webdav-1.5.0.jar
MD5: 137d4d30c1c78972fec7628c94f4f4a1
SHA1: b14c7fbbd34862d4d51c5e72ba3a69cde892c260
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:runtime

Evidence

Source	Name	Value
file	name	jackrabbit-webdav
file	version	1.5.0
jar	package name	apache
jar	package name	jackrabbit
jar	package name	webdav
pom	artifactid	jackrabbit-webdav
pom	description	WebDAV library used by the Jackrabbit WebDAV support
pom	groupid	apache.jackrabbit
pom	groupid	org.apache.jackrabbit
pom	name	Jackrabbit WebDAV Library
pom	parent-artifactid	jackrabbit-parent
pom	parent-groupid	org.apache.jackrabbit
pom	version	1.5.0

Related Dependencies

Identifiers

cpe: cpe:/a:apache:jackrabbit:1.5.0 Confidence:HIGHEST
maven: org.apache.jackrabbit:jackrabbit-webdav:1.5.0 Confidence:HIGH

Published Vulnerabilities

CVE-2015-1833

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation

XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.

BID - 74761
BUGTRAQ - 20150521 CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability)
CONFIRM - http://www.apache.org/dist/jackrabbit/2.10.1/RELEASE-NOTES.txt
CONFIRM - https://issues.apache.org/jira/browse/JCR-3883
DEBIAN - DSA-3298
EXPLOIT-DB - 37110
MISC - http://packetstormsecurity.com/files/132005/Jackrabbit-WebDAV-XXE-Injection.html
MLIST - [jackrabbit-announce] 20150521 CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability)

Vulnerable Software & Versions: (show all)

CVE-2009-0026

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.

BID - 33360
BUGTRAQ - 20090120 [ANNOUNCE] Apache Jackrabbit 1.5.2 released
CONFIRM - http://www.apache.org/dist/jackrabbit/RELEASE-NOTES-1.5.2.txt
CONFIRM - https://issues.apache.org/jira/browse/JCR-1925
SREASON - 4942
VUPEN - ADV-2009-0177
XF - jackrabbit-search-swr-xss(48110)

Vulnerable Software & Versions: (show all)

doxia-logging-api-1.1.jar

Description: Doxia Logging API.

File Path: /home/mikkoi/.m2/repository/org/apache/maven/doxia/doxia-logging-api/1.1/doxia-logging-api-1.1.jar
MD5: 8e93b74b3fb7353322069d4c996c7887
SHA1: c8fe274396e40452ca3e6121f6dd00220b210d48
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	doxia-logging-api
file	version	1.1
Manifest	Implementation-Title	Doxia :: Logging API
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven.doxia
Manifest	Implementation-Version	1.1
Manifest	specification-title	Doxia :: Logging API
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	doxia-logging-api
pom	description	Doxia Logging API.
pom	groupid	apache.maven.doxia
pom	groupid	org.apache.maven.doxia
pom	name	Doxia :: Logging API
pom	parent-artifactid	doxia
pom	parent-groupid	org.apache.maven.doxia
pom	version	1.1

Identifiers

maven: org.apache.maven.doxia:doxia-logging-api:1.1 Confidence:HIGH

doxia-sink-api-1.1.jar

Description: Doxia Sink API.

File Path: /home/mikkoi/.m2/repository/org/apache/maven/doxia/doxia-sink-api/1.1/doxia-sink-api-1.1.jar
MD5: 83936a5b87b5a2ead35c8987d984b14a
SHA1: 9fc15c69e09a14fd07acba7300009eff6e692a44
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	doxia-sink-api
file	version	1.1
Manifest	Implementation-Title	Doxia :: Sink API
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven.doxia
Manifest	Implementation-Version	1.1
Manifest	specification-title	Doxia :: Sink API
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	doxia-sink-api
pom	description	Doxia Sink API.
pom	groupid	apache.maven.doxia
pom	groupid	org.apache.maven.doxia
pom	name	Doxia :: Sink API
pom	parent-artifactid	doxia
pom	parent-groupid	org.apache.maven.doxia
pom	version	1.1

Identifiers

maven: org.apache.maven.doxia:doxia-sink-api:1.1 Confidence:HIGH

enforcer-api-1.4.1.jar

Description: This component provides the generic interfaces needed to implement custom rules for the maven-enforcer-plugin.

File Path: /home/mikkoi/.m2/repository/org/apache/maven/enforcer/enforcer-api/1.4.1/enforcer-api-1.4.1.jar
MD5: 8dcbd6507014fb089270e15652f9aa09
SHA1: a653a73b288846b082dd33831a1c1d0b3396d849
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	enforcer-api
file	version	1.4.1
Manifest	Implementation-Title	Apache Maven Enforcer API
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven.enforcer
Manifest	Implementation-Version	1.4.1
Manifest	specification-title	Apache Maven Enforcer API
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	enforcer-api
pom	description	This component provides the generic interfaces needed to implement custom rules for the maven-enforcer-plugin.
pom	groupid	apache.maven.enforcer
pom	groupid	org.apache.maven.enforcer
pom	name	Apache Maven Enforcer API
pom	parent-artifactid	enforcer
pom	parent-groupid	org.apache.maven.enforcer
pom	version	1.4.1

Identifiers

maven: org.apache.maven.enforcer:enforcer-api:1.4.1 Confidence:HIGH

enforcer-rules-1.4.1.jar

Description: This component contains the standard Enforcer Rules

File Path: /home/mikkoi/.m2/repository/org/apache/maven/enforcer/enforcer-rules/1.4.1/enforcer-rules-1.4.1.jar
MD5: 85ccb8df364ad9c65a943b5739a6ded8
SHA1: 3705628822e78b4ae4ae8ea4e26ef6c2955f43b6
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	enforcer-rules
file	version	1.4.1
Manifest	Implementation-Title	Apache Maven Enforcer Rules
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven.enforcer
Manifest	Implementation-Version	1.4.1
Manifest	specification-title	Apache Maven Enforcer Rules
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	enforcer-rules
pom	description	This component contains the standard Enforcer Rules
pom	groupid	apache.maven.enforcer
pom	groupid	org.apache.maven.enforcer
pom	name	Apache Maven Enforcer Rules
pom	parent-artifactid	enforcer
pom	parent-groupid	org.apache.maven.enforcer
pom	version	1.4.1

Identifiers

maven: org.apache.maven.enforcer:enforcer-rules:1.4.1 Confidence:HIGH

maven-artifact-manager-2.2.1.jar

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.jar
MD5: f3e76a8a83f422a900886543c48914f7
SHA1: ec355b913c34d37080810f98e3f51abecbe1572b
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	maven-artifact-manager
file	version	2.2.1
Manifest	Implementation-Title	Maven Artifact Manager
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven
Manifest	Implementation-Version	2.2.1
Manifest	specification-title	Maven Artifact Manager
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	maven-artifact-manager
pom	groupid	apache.maven
pom	groupid	org.apache.maven
pom	name	Maven Artifact Manager
pom	parent-artifactid	maven
pom	parent-groupid	org.apache.maven
pom	version	2.2.1

Identifiers

maven: org.apache.maven:maven-artifact-manager:2.2.1 Confidence:HIGH

maven-artifact-2.2.1.jar

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.jar
MD5: 7b7613fd5db72967269abe7ab50b76e9
SHA1: 23600f790d4dab2cb965419eaa982e3e84c428f8
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	maven-artifact
file	version	2.2.1
Manifest	Implementation-Title	Maven Artifact
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven
Manifest	Implementation-Version	2.2.1
Manifest	specification-title	Maven Artifact
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	maven-artifact
pom	groupid	apache.maven
pom	groupid	org.apache.maven
pom	name	Maven Artifact
pom	parent-artifactid	maven
pom	parent-groupid	org.apache.maven
pom	version	2.2.1

Identifiers

maven: org.apache.maven:maven-artifact:2.2.1 Confidence:HIGH

maven-core-2.2.1.jar

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.jar
MD5: 7538cd62a04a378d4c1944e26c793164
SHA1: 6f488e461188496c62e161f32160b3465ce5901e
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	maven-core
file	version	2.2.1
Manifest	Implementation-Title	Maven Core
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven
Manifest	Implementation-Version	2.2.1
Manifest	specification-title	Maven Core
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	maven-core
pom	groupid	apache.maven
pom	groupid	org.apache.maven
pom	name	Maven Core
pom	parent-artifactid	maven
pom	parent-groupid	org.apache.maven
pom	version	2.2.1

Identifiers

cpe: cpe:/a:apache:maven:2.2.1 Confidence:LOW
maven: org.apache.maven:maven-core:2.2.1 Confidence:HIGH

maven-error-diagnostics-2.2.1.jar

Description: Provides a manager component which will process a given Throwable instance through a set of diagnostic sub-components, and return a String message with user-friendly information about the error and possibly how to fix it.

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.jar
MD5: 8eaa64d20f32c0b0c1beb9739bbb5fe3
SHA1: e81bb342d7d172f23d108dc8fa979a1facdcde8e
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	maven-error-diagnostics
file	version	2.2.1
Manifest	Implementation-Title	Maven Error Diagnostics
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven
Manifest	Implementation-Version	2.2.1
Manifest	specification-title	Maven Error Diagnostics
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	maven-error-diagnostics
pom	description	Provides a manager component which will process a given Throwable instance through a set of diagnostic sub-components, and return a String message with user-friendly information about the error and possibly how to fix it.
pom	groupid	apache.maven
pom	groupid	org.apache.maven
pom	name	Maven Error Diagnostics
pom	parent-artifactid	maven
pom	parent-groupid	org.apache.maven
pom	version	2.2.1

Identifiers

maven: org.apache.maven:maven-error-diagnostics:2.2.1 Confidence:HIGH

maven-model-2.2.1.jar

Description: Maven Model

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.jar
MD5: b269f663e3440e40be4b696d9b7c2260
SHA1: c0a1c17436ec3ff5a56207c031d82277b4250a29
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	maven-model
file	version	2.2.1
Manifest	Implementation-Title	Maven Model
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven
Manifest	Implementation-Version	2.2.1
Manifest	specification-title	Maven Model
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	maven-model
pom	description	Maven Model
pom	groupid	apache.maven
pom	groupid	org.apache.maven
pom	name	Maven Model
pom	parent-artifactid	maven
pom	parent-groupid	org.apache.maven
pom	version	2.2.1

Identifiers

maven: org.apache.maven:maven-model:2.2.1 Confidence:HIGH

maven-monitor-2.2.1.jar

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.jar
MD5: 396e401208090417e0f18ad2b1bccd92
SHA1: afc57c3a1368cd34caccb638e00523701f398c20
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	maven-monitor
file	version	2.2.1
Manifest	Implementation-Title	Maven Monitor
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven
Manifest	Implementation-Version	2.2.1
Manifest	specification-title	Maven Monitor
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	maven-monitor
pom	groupid	apache.maven
pom	groupid	org.apache.maven
pom	name	Maven Monitor
pom	parent-artifactid	maven
pom	parent-groupid	org.apache.maven
pom	version	2.2.1

Identifiers

maven: org.apache.maven:maven-monitor:2.2.1 Confidence:HIGH

maven-plugin-api-2.0.9.jar

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar
MD5: 09a279f8115f712946ecb81f8c372325
SHA1: 8b8cae9daa688fdb57995c6835a3e24475d554c0
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	maven-plugin-api
file	version	2.0.9
Manifest	Implementation-Title	Maven Plugin API
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven
Manifest	Implementation-Version	2.0.9
Manifest	specification-title	Maven Plugin API
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	maven-plugin-api
pom	groupid	apache.maven
pom	groupid	org.apache.maven
pom	name	Maven Plugin API
pom	parent-artifactid	maven
pom	parent-groupid	org.apache.maven
pom	version	2.0.9

Identifiers

maven: org.apache.maven:maven-plugin-api:2.0.9 Confidence:HIGH

maven-plugin-descriptor-2.2.1.jar

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.jar
MD5: f28d3a50552a8d2943587638f5f01455
SHA1: 68d20ae3c40c4664dc52be90338af796db7ffb32
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	maven-plugin-descriptor
file	version	2.2.1
Manifest	Implementation-Title	Maven Plugin Descriptor Model
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven
Manifest	Implementation-Version	2.2.1
Manifest	specification-title	Maven Plugin Descriptor Model
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	maven-plugin-descriptor
pom	groupid	apache.maven
pom	groupid	org.apache.maven
pom	name	Maven Plugin Descriptor Model
pom	parent-artifactid	maven
pom	parent-groupid	org.apache.maven
pom	version	2.2.1

Identifiers

maven: org.apache.maven:maven-plugin-descriptor:2.2.1 Confidence:HIGH

maven-plugin-parameter-documenter-2.2.1.jar

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.jar
MD5: 8ba54f6e61f1b07ec7076bd27d3eaa9c
SHA1: 1a117baac49437fc5a6fcd9f18f779e6bad4207e
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	maven-plugin-parameter-documenter
file	version	2.2.1
Manifest	Implementation-Title	Maven Plugin Parameter Documenter API
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven
Manifest	Implementation-Version	2.2.1
Manifest	specification-title	Maven Plugin Parameter Documenter API
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	maven-plugin-parameter-documenter
pom	groupid	apache.maven
pom	groupid	org.apache.maven
pom	name	Maven Plugin Parameter Documenter API
pom	parent-artifactid	maven
pom	parent-groupid	org.apache.maven
pom	version	2.2.1

Identifiers

maven: org.apache.maven:maven-plugin-parameter-documenter:2.2.1 Confidence:HIGH

maven-plugin-registry-2.2.1.jar

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.jar
MD5: 46a27ab81d327e3f5fd1d3e435fe2aad
SHA1: 72a24b7775649af78f3986b5aa7eb354b9674cfd
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	maven-plugin-registry
file	version	2.2.1
Manifest	Implementation-Title	Maven Plugin Registry Model
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven
Manifest	Implementation-Version	2.2.1
Manifest	specification-title	Maven Plugin Registry Model
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	maven-plugin-registry
pom	groupid	apache.maven
pom	groupid	org.apache.maven
pom	name	Maven Plugin Registry Model
pom	parent-artifactid	maven
pom	parent-groupid	org.apache.maven
pom	version	2.2.1

Identifiers

maven: org.apache.maven:maven-plugin-registry:2.2.1 Confidence:HIGH

maven-profile-2.2.1.jar

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.jar
MD5: 53dd14e28aaad4bd5dd379dfdbf46a4c
SHA1: 3950071587027e5086e9c395574a60650c432738
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	maven-profile
file	version	2.2.1
Manifest	Implementation-Title	Maven Profile Model
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven
Manifest	Implementation-Version	2.2.1
Manifest	specification-title	Maven Profile Model
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	maven-profile
pom	groupid	apache.maven
pom	groupid	org.apache.maven
pom	name	Maven Profile Model
pom	parent-artifactid	maven
pom	parent-groupid	org.apache.maven
pom	version	2.2.1

Identifiers

maven: org.apache.maven:maven-profile:2.2.1 Confidence:HIGH

maven-project-2.2.1.jar

Description: This library is used to not only read Maven project object model files, but to assemble inheritence and to retrieve remote models as required.

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.jar
MD5: 8f9382d7c0c120e94c2aaf8bbe817b6f
SHA1: 8239e98c16f641d55a4ad0e0bab0aee3aff8933f
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	maven-project
file	version	2.2.1
Manifest	Implementation-Title	Maven Project Builder
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven
Manifest	Implementation-Version	2.2.1
Manifest	specification-title	Maven Project Builder
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	maven-project
pom	description	This library is used to not only read Maven project object model files, but to assemble inheritence and to retrieve remote models as required.
pom	groupid	apache.maven
pom	groupid	org.apache.maven
pom	name	Maven Project Builder
pom	parent-artifactid	maven
pom	parent-groupid	org.apache.maven
pom	version	2.2.1

Identifiers

maven: org.apache.maven:maven-project:2.2.1 Confidence:HIGH

maven-repository-metadata-2.2.1.jar

Description: Per-directory repository metadata.

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.jar
MD5: c426b243119831168af2fbd767254f59
SHA1: 98f0c07fcf1eeb213bef8d9316a9935184084b06
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	maven-repository-metadata
file	version	2.2.1
Manifest	Implementation-Title	Maven Repository Metadata Model
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven
Manifest	Implementation-Version	2.2.1
Manifest	specification-title	Maven Repository Metadata Model
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	maven-repository-metadata
pom	description	Per-directory repository metadata.
pom	groupid	apache.maven
pom	groupid	org.apache.maven
pom	name	Maven Repository Metadata Model
pom	parent-artifactid	maven
pom	parent-groupid	org.apache.maven
pom	version	2.2.1

Identifiers

maven: org.apache.maven:maven-repository-metadata:2.2.1 Confidence:HIGH

maven-settings-2.2.1.jar

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.jar
MD5: 7c3dcffd55434a860339dba78f0c165a
SHA1: 2236ffe71fa5f78ce42b0f5fc22c54ed45f14294
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	maven-settings
file	version	2.2.1
Manifest	Implementation-Title	Maven Local Settings Model
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven
Manifest	Implementation-Version	2.2.1
Manifest	specification-title	Maven Local Settings Model
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	maven-settings
pom	groupid	apache.maven
pom	groupid	org.apache.maven
pom	name	Maven Local Settings Model
pom	parent-artifactid	maven
pom	parent-groupid	org.apache.maven
pom	version	2.2.1

Identifiers

maven: org.apache.maven:maven-settings:2.2.1 Confidence:HIGH

maven-reporting-api-2.2.1.jar

File Path: /home/mikkoi/.m2/repository/org/apache/maven/reporting/maven-reporting-api/2.2.1/maven-reporting-api-2.2.1.jar
MD5: 5e680d893d92086dffd8cc42637ceb0f
SHA1: 61942e490c112f84b3a1a61572d570f369414939
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	maven-reporting-api
file	version	2.2.1
Manifest	Implementation-Title	Maven Reporting API
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven.reporting
Manifest	Implementation-Version	2.2.1
Manifest	specification-title	Maven Reporting API
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	maven-reporting-api
pom	groupid	apache.maven.reporting
pom	groupid	org.apache.maven.reporting
pom	name	Maven Reporting API
pom	parent-artifactid	maven-reporting
pom	parent-groupid	org.apache.maven.reporting
pom	version	2.2.1

Identifiers

maven: org.apache.maven.reporting:maven-reporting-api:2.2.1 Confidence:HIGH

maven-common-artifact-filters-1.4.jar

Description: A collection of ready-made filters to control inclusion/exclusion of artifacts during dependency resolution.

File Path: /home/mikkoi/.m2/repository/org/apache/maven/shared/maven-common-artifact-filters/1.4/maven-common-artifact-filters-1.4.jar
MD5: f349d565d928ff833dd1118ea565810e
SHA1: de97ff2efd804f06c3698a914f2d55205742bcc4
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	maven-common-artifact-filters
file	version	1.4
Manifest	Implementation-Title	Maven Common Artifact Filters
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven.shared
Manifest	Implementation-Version	1.4
Manifest	specification-title	Maven Common Artifact Filters
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	maven-common-artifact-filters
pom	description	A collection of ready-made filters to control inclusion/exclusion of artifacts during dependency resolution.
pom	groupid	apache.maven.shared
pom	groupid	org.apache.maven.shared
pom	name	Maven Common Artifact Filters
pom	parent-artifactid	maven-shared-components
pom	parent-groupid	org.apache.maven.shared
pom	parent-version	1.4
pom	version	1.4

Identifiers

maven: org.apache.maven.shared:maven-common-artifact-filters:1.4 Confidence:HIGH

maven-dependency-tree-2.2.jar

Description: A tree-based API for resolution of Maven project dependencies

File Path: /home/mikkoi/.m2/repository/org/apache/maven/shared/maven-dependency-tree/2.2/maven-dependency-tree-2.2.jar
MD5: c9b2c60a0fd118c04595db246f3075a2
SHA1: 5d9ce6add7b714b8095f0e3e396c5e9f8c5dcfef
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	maven-dependency-tree
file	version	2.2
Manifest	Implementation-Title	Apache Maven Dependency Tree
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven.shared
Manifest	Implementation-Version	2.2
Manifest	specification-title	Apache Maven Dependency Tree
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	maven-dependency-tree
pom	description	A tree-based API for resolution of Maven project dependencies
pom	groupid	apache.maven.shared
pom	groupid	org.apache.maven.shared
pom	name	Apache Maven Dependency Tree
pom	parent-artifactid	maven-shared-components
pom	parent-groupid	org.apache.maven.shared
pom	parent-version	2.2
pom	version	2.2

Identifiers

maven: org.apache.maven.shared:maven-dependency-tree:2.2 Confidence:HIGH

wagon-file-1.0-beta-6.jar

Description: Wagon that gets and puts artifacts using file system protocol

File Path: /home/mikkoi/.m2/repository/org/apache/maven/wagon/wagon-file/1.0-beta-6/wagon-file-1.0-beta-6.jar
MD5: 440c57f18cef427fade1bfee1544db89
SHA1: 6c53633505460caf49d2660de1e24744d915afb9
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:runtime

Evidence

Source	Name	Value
file	name	wagon-file
file	version	1.0.beta
Manifest	Implementation-Title	Maven Wagon File Provider
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven.wagon
Manifest	Implementation-Version	1.0-beta-6
Manifest	specification-title	Maven Wagon File Provider
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	wagon-file
pom	description	Wagon that gets and puts artifacts using file system protocol
pom	groupid	apache.maven.wagon
pom	groupid	org.apache.maven.wagon
pom	name	Maven Wagon File Provider
pom	parent-artifactid	wagon-providers
pom	parent-groupid	org.apache.maven.wagon
pom	version	1.0-beta-6

Identifiers

maven: org.apache.maven.wagon:wagon-file:1.0-beta-6 Confidence:HIGH

wagon-http-lightweight-1.0-beta-6.jar

Description: Wagon that gets and puts artifacts through http using standard Java library

File Path: /home/mikkoi/.m2/repository/org/apache/maven/wagon/wagon-http-lightweight/1.0-beta-6/wagon-http-lightweight-1.0-beta-6.jar
MD5: 7ef1200d5b39fb2c3f41ef378cb887f7
SHA1: b3815078570c3b1f0667e123d59717c6b726c6c2
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	wagon-http-lightweight
file	version	1.0.beta
Manifest	Implementation-Title	Maven Wagon Lightweight HTTP Provider
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven.wagon
Manifest	Implementation-Version	1.0-beta-6
Manifest	specification-title	Maven Wagon Lightweight HTTP Provider
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	wagon-http-lightweight
pom	description	Wagon that gets and puts artifacts through http using standard Java library
pom	groupid	apache.maven.wagon
pom	groupid	org.apache.maven.wagon
pom	name	Maven Wagon Lightweight HTTP Provider
pom	parent-artifactid	wagon-providers
pom	parent-groupid	org.apache.maven.wagon
pom	version	1.0-beta-6

Identifiers

maven: org.apache.maven.wagon:wagon-http-lightweight:1.0-beta-6 Confidence:HIGH

wagon-http-shared-1.0-beta-6.jar

Description: Shared Library for the wagon-http, and wagon-http-lightweight wagon providers.

File Path: /home/mikkoi/.m2/repository/org/apache/maven/wagon/wagon-http-shared/1.0-beta-6/wagon-http-shared-1.0-beta-6.jar
MD5: 2bba0550b782784fd112f723b4be663e
SHA1: ccd70d7e0d8c085e648a83f072da06ca9a53be94
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	wagon-http-shared
file	version	1.0.beta
Manifest	Implementation-Title	Maven Wagon HTTP Shared Library
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven.wagon
Manifest	Implementation-Version	1.0-beta-6
Manifest	specification-title	Maven Wagon HTTP Shared Library
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	wagon-http-shared
pom	description	Shared Library for the wagon-http, and wagon-http-lightweight wagon providers.
pom	groupid	apache.maven.wagon
pom	groupid	org.apache.maven.wagon
pom	name	Maven Wagon HTTP Shared Library
pom	parent-artifactid	wagon-providers
pom	parent-groupid	org.apache.maven.wagon
pom	version	1.0-beta-6

Identifiers

maven: org.apache.maven.wagon:wagon-http-shared:1.0-beta-6 Confidence:HIGH

wagon-http-1.0-beta-6.jar

Description: Wagon that gets and puts artifacts through http using Apache commons-httpclient

File Path: /home/mikkoi/.m2/repository/org/apache/maven/wagon/wagon-http/1.0-beta-6/wagon-http-1.0-beta-6.jar
MD5: cacdb02e0d797e60306dbfe298814f9f
SHA1: 8c665cbb0ab67c355fbd2c942ad26e39753b6f2e
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	wagon-http
file	version	1.0.beta
Manifest	Implementation-Title	Maven Wagon HTTP Provider
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven.wagon
Manifest	Implementation-Version	1.0-beta-6
Manifest	specification-title	Maven Wagon HTTP Provider
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	wagon-http
pom	description	Wagon that gets and puts artifacts through http using Apache commons-httpclient
pom	groupid	apache.maven.wagon
pom	groupid	org.apache.maven.wagon
pom	name	Maven Wagon HTTP Provider
pom	parent-artifactid	wagon-providers
pom	parent-groupid	org.apache.maven.wagon
pom	version	1.0-beta-6

Identifiers

maven: org.apache.maven.wagon:wagon-http:1.0-beta-6 Confidence:HIGH

wagon-provider-api-1.0-beta-6.jar

Description: Maven Wagon API that defines the contract between different Wagon implementations

File Path: /home/mikkoi/.m2/repository/org/apache/maven/wagon/wagon-provider-api/1.0-beta-6/wagon-provider-api-1.0-beta-6.jar
MD5: 63826e38e44f08e7935c1d173667ed8c
SHA1: 3f952e0282ae77ae59851d96bb18015e520b6208
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	wagon-provider-api
file	version	1.0.beta
Manifest	Implementation-Title	Maven Wagon API
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven.wagon
Manifest	Implementation-Version	1.0-beta-6
Manifest	specification-title	Maven Wagon API
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	wagon-provider-api
pom	description	Maven Wagon API that defines the contract between different Wagon implementations
pom	groupid	apache.maven.wagon
pom	groupid	org.apache.maven.wagon
pom	name	Maven Wagon API
pom	parent-artifactid	wagon
pom	parent-groupid	org.apache.maven.wagon
pom	version	1.0-beta-6

Identifiers

maven: org.apache.maven.wagon:wagon-provider-api:1.0-beta-6 Confidence:HIGH

wagon-ssh-common-1.0-beta-6.jar

File Path: /home/mikkoi/.m2/repository/org/apache/maven/wagon/wagon-ssh-common/1.0-beta-6/wagon-ssh-common-1.0-beta-6.jar
MD5: 3c5abd71adc03070d28f2af0d20ab3a3
SHA1: 0c654cc7e10e18bedca04a6e42f980d6c68435fc
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	wagon-ssh-common
file	version	1.0.beta
Manifest	Implementation-Title	Maven Wagon SSH Common Library
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven.wagon
Manifest	Implementation-Version	1.0-beta-6
Manifest	specification-title	Maven Wagon SSH Common Library
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	wagon-ssh-common
pom	groupid	apache.maven.wagon
pom	groupid	org.apache.maven.wagon
pom	name	Maven Wagon SSH Common Library
pom	parent-artifactid	wagon-providers
pom	parent-groupid	org.apache.maven.wagon
pom	version	1.0-beta-6

Identifiers

maven: org.apache.maven.wagon:wagon-ssh-common:1.0-beta-6 Confidence:HIGH

wagon-ssh-external-1.0-beta-6.jar

Description: Wagon that gets and puts artifacts using SSH protocol with a preinstalled SSH client

File Path: /home/mikkoi/.m2/repository/org/apache/maven/wagon/wagon-ssh-external/1.0-beta-6/wagon-ssh-external-1.0-beta-6.jar
MD5: 729534f8ecef194bab3b5bd23afdb123
SHA1: 76918505c5fa6e309cd393aca8acd1b236559288
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:runtime

Evidence

Source	Name	Value
file	name	wagon-ssh-external
file	version	1.0.beta
Manifest	Implementation-Title	Maven Wagon SSH External Provider
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven.wagon
Manifest	Implementation-Version	1.0-beta-6
Manifest	specification-title	Maven Wagon SSH External Provider
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	wagon-ssh-external
pom	description	Wagon that gets and puts artifacts using SSH protocol with a preinstalled SSH client
pom	groupid	apache.maven.wagon
pom	groupid	org.apache.maven.wagon
pom	name	Maven Wagon SSH External Provider
pom	parent-artifactid	wagon-providers
pom	parent-groupid	org.apache.maven.wagon
pom	version	1.0-beta-6

Identifiers

maven: org.apache.maven.wagon:wagon-ssh-external:1.0-beta-6 Confidence:HIGH

wagon-ssh-1.0-beta-6.jar

File Path: /home/mikkoi/.m2/repository/org/apache/maven/wagon/wagon-ssh/1.0-beta-6/wagon-ssh-1.0-beta-6.jar
MD5: a33c430bc42b11184b3aff2799057cab
SHA1: 37ac531f8159dddffa398a7612d5cbe313228437
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	wagon-ssh
file	version	1.0.beta
Manifest	Implementation-Title	Maven Wagon SSH Provider
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven.wagon
Manifest	Implementation-Version	1.0-beta-6
Manifest	specification-title	Maven Wagon SSH Provider
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	wagon-ssh
pom	groupid	apache.maven.wagon
pom	groupid	org.apache.maven.wagon
pom	name	Maven Wagon SSH Provider
pom	parent-artifactid	wagon-providers
pom	parent-groupid	org.apache.maven.wagon
pom	version	1.0-beta-6

Identifiers

maven: org.apache.maven.wagon:wagon-ssh:1.0-beta-6 Confidence:HIGH

wagon-webdav-jackrabbit-1.0-beta-6.jar

Description: Wagon that gets and puts artifacts through webdav protocol

File Path: /home/mikkoi/.m2/repository/org/apache/maven/wagon/wagon-webdav-jackrabbit/1.0-beta-6/wagon-webdav-jackrabbit-1.0-beta-6.jar
MD5: 54e5811336dab214bd598b4ac92cdf99
SHA1: b694b223d0f19abcb32e304ebd5054061ee0f7b5
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:runtime

Evidence

Source	Name	Value
file	name	wagon-webdav-jackrabbit
file	version	1.0.beta
Manifest	Implementation-Title	Maven Wagon WebDav Provider
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven.wagon
Manifest	Implementation-Version	1.0-beta-6
Manifest	specification-title	Maven Wagon WebDav Provider
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	wagon-webdav-jackrabbit
pom	description	Wagon that gets and puts artifacts through webdav protocol
pom	groupid	apache.maven.wagon
pom	groupid	org.apache.maven.wagon
pom	name	Maven Wagon WebDav Provider
pom	parent-artifactid	wagon-providers
pom	parent-groupid	org.apache.maven.wagon
pom	version	1.0-beta-6

Identifiers

cpe: cpe:/a:apache:jackrabbit:1.0 Confidence:LOW
maven: org.apache.maven.wagon:wagon-webdav-jackrabbit:1.0-beta-6 Confidence:HIGH

Published Vulnerabilities

CVE-2015-1833

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation

BID - 74761
BUGTRAQ - 20150521 CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability)
CONFIRM - http://www.apache.org/dist/jackrabbit/2.10.1/RELEASE-NOTES.txt
CONFIRM - https://issues.apache.org/jira/browse/JCR-3883
DEBIAN - DSA-3298
EXPLOIT-DB - 37110
MISC - http://packetstormsecurity.com/files/132005/Jackrabbit-WebDAV-XXE-Injection.html
MLIST - [jackrabbit-announce] 20150521 CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability)

Vulnerable Software & Versions: (show all)

bsh-2.0b4.jar

Description: BeanShell

File Path: /home/mikkoi/.m2/repository/org/beanshell/bsh/2.0b4/bsh-2.0b4.jar
MD5: a1c60aa83c9c9a6cb2391c1c1b85eb00
SHA1: a05f0a0feefa8d8467ac80e16e7de071489f0d9c
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	bsh
file	version	2.0.b4
Manifest	Implementation-Vendor	Pat Niemeyer (pat@pat.net)
Manifest	Implementation-Version	2.0b4 2005-05-23 11:49:20
Manifest	specification-title	BeanShell
Manifest	specification-vendor	http://www.beanshell.org/
pom	artifactid	bsh
pom	description	BeanShell
pom	groupid	beanshell
pom	groupid	org.beanshell
pom	name	BeanShell
pom	parent-artifactid	beanshell
pom	parent-groupid	org.beanshell
pom	version	2.0b4

Identifiers

maven: org.beanshell:bsh:2.0b4 Confidence:HIGH

plexus-component-annotations-1.5.5.jar

Description: Plexus Component "Java 5" Annotations, to describe plexus components properties in java sources with standard annotations instead of javadoc annotations.

File Path: /home/mikkoi/.m2/repository/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar
MD5: ef37dcdb84030422db428b63c4354e5b
SHA1: c72f2660d0cbed24246ddb55d7fdc4f7374d2078
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	plexus-component-annotations
file	version	1.5.5
jar	package name	annotations
jar	package name	codehaus
jar	package name	component
jar	package name	plexus
pom	artifactid	plexus-component-annotations
pom	description	Plexus Component "Java 5" Annotations, to describe plexus components properties in java sources with standard annotations instead of javadoc annotations.
pom	groupid	codehaus.plexus
pom	groupid	org.codehaus.plexus
pom	name	Plexus :: Component Annotations
pom	parent-artifactid	plexus-containers
pom	parent-groupid	org.codehaus.plexus
pom	version	1.5.5

Identifiers

maven: org.codehaus.plexus:plexus-component-annotations:1.5.5 Confidence:HIGH

plexus-container-default-1.5.5.jar

Description: The Plexus IoC container API and its default implementation.

File Path: /home/mikkoi/.m2/repository/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar
MD5: 9207a5b343b0cb5d22b09f41e87fce00
SHA1: 0265fa2851d31c2e2177859a518987595efe146b
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	plexus-container-default
file	version	1.5.5
jar	package name	codehaus
jar	package name	component
jar	package name	plexus
pom	artifactid	plexus-container-default
pom	description	The Plexus IoC container API and its default implementation.
pom	groupid	codehaus.plexus
pom	groupid	org.codehaus.plexus
pom	name	Plexus :: Default Container
pom	parent-artifactid	plexus-containers
pom	parent-groupid	org.codehaus.plexus
pom	version	1.5.5

Identifiers

maven: org.codehaus.plexus:plexus-container-default:1.5.5 Confidence:HIGH

plexus-i18n-1.0-beta-6.jar

File Path: /home/mikkoi/.m2/repository/org/codehaus/plexus/plexus-i18n/1.0-beta-6/plexus-i18n-1.0-beta-6.jar
MD5: 6fe2f027270fac46b6cfbfa5eba53c9d
SHA1: 0de20e1eea680fc277fddb66bc24ba40d449168b
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	plexus-i18n
file	version	1.0.beta
Manifest	extension-name	plexus-i18n
Manifest	Implementation-Title	plexus-i18n
Manifest	Implementation-Vendor	Codehaus
Manifest	Implementation-Version	1.0-beta-6
Manifest	specification-vendor	Codehaus
pom	artifactid	plexus-i18n
pom	groupid	codehaus.plexus
pom	groupid	org.codehaus.plexus
pom	name	Plexus I18N Component
pom	organization name	http://www.codehaus.org/
pom	parent-artifactid	plexus-components
pom	parent-groupid	org.codehaus.plexus
pom	parent-version	1.0-beta-6
pom	version	1.0-beta-6

Identifiers

maven: org.codehaus.plexus:plexus-i18n:1.0-beta-6 Confidence:HIGH

plexus-interactivity-api-1.0-alpha-4.jar

File Path: /home/mikkoi/.m2/repository/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar
MD5: c8ce4cfd3b7b6419c00dcb780a6eb603
SHA1: 0a8f1178664a5457eef3f4531eb62f9505e1295f
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	plexus-interactivity-api
file	version	1.0.alpha
Manifest	extension-name	plexus-interactivity-api
Manifest	Implementation-Title	plexus-interactivity-api
Manifest	Implementation-Vendor	Codehaus
Manifest	Implementation-Version	1.0-alpha-4
Manifest	specification-vendor	Codehaus
pom	artifactid	plexus-interactivity-api
pom	groupid	codehaus.plexus
pom	groupid	org.codehaus.plexus
pom	name	Plexus Default Interactivity Handler
pom	organization name	http://www.codehaus.org/
pom	version	1.0-alpha-4

Identifiers

maven: org.codehaus.plexus:plexus-interactivity-api:1.0-alpha-4 Confidence:HIGH

plexus-interpolation-1.11.jar

File Path: /home/mikkoi/.m2/repository/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.jar
MD5: d5ef768cef9a261d569ff1f672324154
SHA1: ad9dddff6043194904ad1d2c00ff1d003c3915f7
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	plexus-interpolation
file	version	1.11
jar	package name	codehaus
jar	package name	interpolation
jar	package name	plexus
pom	artifactid	plexus-interpolation
pom	groupid	codehaus.plexus
pom	groupid	org.codehaus.plexus
pom	name	Plexus Interpolation API
pom	parent-artifactid	plexus-components
pom	parent-groupid	org.codehaus.plexus
pom	parent-version	1.11
pom	version	1.11

Identifiers

maven: org.codehaus.plexus:plexus-interpolation:1.11 Confidence:HIGH

plexus-utils-3.0.24.jar

Description: A collection of various utility classes to ease working with strings, files, command lines, XML and more.

File Path: /home/mikkoi/.m2/repository/org/codehaus/plexus/plexus-utils/3.0.24/plexus-utils-3.0.24.jar
MD5: fbefd8983c6bb4928c27c680463ff355
SHA1: b4ac9780b37cb1b736eae9fbcef27609b7c911ef
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	plexus-utils
file	version	3.0.24
jar	package name	codehaus
jar	package name	plexus
jar	package name	util
pom	artifactid	plexus-utils
pom	description	A collection of various utility classes to ease working with strings, files, command lines, XML and more.
pom	groupid	codehaus.plexus
pom	groupid	org.codehaus.plexus
pom	name	Plexus Common Utilities
pom	parent-artifactid	plexus
pom	parent-groupid	org.codehaus.plexus
pom	parent-version	3.0.24
pom	version	3.0.24

Identifiers

maven: org.codehaus.plexus:plexus-utils:3.0.24 Confidence:HIGH

aether-util-0.9.0.M2.jar

Description: A collection of utility classes to ease usage of the repository system.

License:

http://www.eclipse.org/legal/epl-v10.html

File Path: /home/mikkoi/.m2/repository/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar
MD5: fc6315129d2e2063e2f2725e6337587f
SHA1: b957089deb654647da320ad7507b0a4b5ce23813
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	aether-util
file	version	0.9.0.m2
manifest	Bundle-Description	A collection of utility classes to ease usage of the repository system.
Manifest	bundle-docurl	http://www.eclipse.org/aether/aether-util/
Manifest	Bundle-Name	Aether Utilities (Incubation)
Manifest	bundle-symbolicname	org.eclipse.aether.util
Manifest	Bundle-Version	0.9.0.M2
pom	artifactid	aether-util
pom	description	A collection of utility classes to ease usage of the repository system.
pom	groupid	eclipse.aether
pom	groupid	org.eclipse.aether
pom	name	Aether Utilities
pom	parent-artifactid	aether
pom	parent-groupid	org.eclipse.aether
pom	version	0.9.0.M2

Identifiers

maven: org.eclipse.aether:aether-util:0.9.0.M2 Confidence:HIGH

jcl-over-slf4j-1.5.6.jar

Description: JCL 1.1.1 implementation over SLF4J

File Path: /home/mikkoi/.m2/repository/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.jar
MD5: 4ab274630492c6896f1eb88023af3c07
SHA1: 629680940b7dcb02c3904deb85992b462c42e272
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:runtime

Evidence

Source	Name	Value
file	name	jcl-over-slf4j
file	version	1.5.6
manifest	Bundle-Description	JCL 1.1.1 implementation over SLF4J
Manifest	Bundle-Name	jcl-over-slf4j
Manifest	bundle-requiredexecutionenvironment	J2SE-1.3
Manifest	bundle-symbolicname	jcl.over.slf4j
Manifest	Bundle-Version	1.5.6
Manifest	Implementation-Title	jcl-over-slf4j
Manifest	Implementation-Version	1.5.6
pom	artifactid	jcl-over-slf4j
pom	description	JCL 1.1.1 implementation over SLF4J
pom	groupid	org.slf4j
pom	groupid	slf4j
pom	name	JCL 1.1.1 implemented over SLF4J
pom	parent-artifactid	slf4j-parent
pom	parent-groupid	org.slf4j
pom	url	http://www.slf4j.org
pom	version	1.5.6

Identifiers

cpe: cpe:/a:slf4j:slf4j:1.5.6 Confidence:LOW
maven: org.slf4j:jcl-over-slf4j:1.5.6 Confidence:HIGH

slf4j-api-1.5.6.jar

Description: The slf4j API

File Path: /home/mikkoi/.m2/repository/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.jar
MD5: ca55c6dae5d0f9a8a829720408918586
SHA1: ec9b7142625dfa1dcaf22db99ecb7c555ffa714d
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:runtime

Evidence

Source	Name	Value
file	name	slf4j-api
file	version	1.5.6
manifest	Bundle-Description	The slf4j API
Manifest	Bundle-Name	slf4j-api
Manifest	bundle-requiredexecutionenvironment	J2SE-1.3
Manifest	bundle-symbolicname	slf4j.api
Manifest	Bundle-Version	1.5.6
Manifest	Implementation-Title	slf4j-api
Manifest	Implementation-Version	1.5.6
pom	artifactid	slf4j-api
pom	description	The slf4j API
pom	groupid	org.slf4j
pom	groupid	slf4j
pom	name	SLF4J API Module
pom	parent-artifactid	slf4j-parent
pom	parent-groupid	org.slf4j
pom	url	http://www.slf4j.org
pom	version	1.5.6

Related Dependencies

Identifiers

cpe: cpe:/a:slf4j:slf4j:1.5.6 Confidence:LOW
maven: org.slf4j:slf4j-api:1.5.6 Confidence:HIGH

slf4j-nop-1.5.3.jar

Description: The slf4j NOP binding

File Path: /home/mikkoi/.m2/repository/org/slf4j/slf4j-nop/1.5.3/slf4j-nop-1.5.3.jar
MD5: 16dacc0ab89858efafe1cb535d96b682
SHA1: 36a3c886235cddd05e55a979cef549196740231a
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:runtime

Evidence

Source	Name	Value
file	name	slf4j-nop
file	version	1.5.3
manifest	Bundle-Description	The slf4j NOP binding
Manifest	Bundle-Name	slf4j-nop
Manifest	bundle-requiredexecutionenvironment	J2SE-1.3
Manifest	bundle-symbolicname	slf4j.nop
Manifest	Bundle-Version	1.5.3
Manifest	Implementation-Title	slf4j-nop
Manifest	Implementation-Version	1.5.3
pom	artifactid	slf4j-nop
pom	description	The slf4j NOP binding
pom	groupid	org.slf4j
pom	groupid	slf4j
pom	name	SLF4J NOP Binding
pom	parent-artifactid	slf4j-parent
pom	parent-groupid	org.slf4j
pom	url	http://www.slf4j.org
pom	version	1.5.3

Identifiers

cpe: cpe:/a:slf4j:slf4j:1.5.3 Confidence:LOW
maven: org.slf4j:slf4j-nop:1.5.3 Confidence:HIGH

plexus-cipher-1.4.jar

File Path: /home/mikkoi/.m2/repository/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar
MD5: 7b2d6fcf0d5800d5b1ce09d98d98dcaf
SHA1: 50ade46f23bb38cd984b4ec560c46223432aac38
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	plexus-cipher
file	version	1.4
jar	package name	cipher
jar	package name	components
jar	package name	plexus
jar	package name	sonatype
pom	artifactid	plexus-cipher
pom	groupid	org.sonatype.plexus
pom	groupid	sonatype.plexus
pom	name	Plexus Cipher: encryption/decryption Component
pom	parent-artifactid	spice-parent
pom	parent-groupid	org.sonatype.spice
pom	parent-version	1.4
pom	url	http://spice.sonatype.org/${project.artifactId}
pom	version	1.4

Identifiers

maven: org.sonatype.plexus:plexus-cipher:1.4 Confidence:HIGH

plexus-sec-dispatcher-1.3.jar

File Path: /home/mikkoi/.m2/repository/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar
MD5: 53160199f5667de3fca69b723173639b
SHA1: dedc02034fb8fcd7615d66593228cb71709134b4
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Evidence

Source	Name	Value
file	name	plexus-sec-dispatcher
file	version	1.3
jar	package name	components
jar	package name	plexus
jar	package name	sec
jar	package name	sonatype
pom	artifactid	plexus-sec-dispatcher
pom	groupid	org.sonatype.plexus
pom	groupid	sonatype.plexus
pom	name	Plexus Security Dispatcher Component
pom	parent-artifactid	spice-parent
pom	parent-groupid	org.sonatype.spice
pom	parent-version	1.3
pom	url	http://spice.sonatype.org/${project.artifactId}
pom	version	1.3

Identifiers

cpe: cpe:/a:sec_project:sec:1.3 Confidence:LOW
maven: org.sonatype.plexus:plexus-sec-dispatcher:1.3 Confidence:HIGH

Published Vulnerabilities

CVE-2018-12070

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control

The sell function of a smart contract implementation for SEC, a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue.

MISC - https://peckshield.com/2018/06/11/tradeTrap/

Vulnerable Software & Versions:

cpe:/a:sec_project:sec:-

Project: Maven Enforcer Plugin, Custom Rule: Property Usage

Dependencies

backport-util-concurrent-3.1.jar

Evidence

Identifiers

classworlds-1.1.jar

Evidence

Identifiers

jsr305-3.0.1.jar

Evidence

Identifiers

jsch-0.1.38.jar

Evidence

Identifiers

Published Vulnerabilities

commons-cli-1.2.jar

Evidence

Identifiers

commons-codec-1.2.jar

Evidence

Identifiers

commons-httpclient-3.0.jar

Evidence

Identifiers

Published Vulnerabilities

commons-lang-2.3.jar

Evidence

Identifiers

nekohtml-1.9.6.2.jar

Evidence

Identifiers

xercesMinimal-1.9.6.2.jar

Evidence

Identifiers

jackrabbit-webdav-1.5.0.jar

Evidence

Related Dependencies

Identifiers

Published Vulnerabilities

doxia-logging-api-1.1.jar

Evidence

Identifiers

doxia-sink-api-1.1.jar

Evidence

Identifiers

enforcer-api-1.4.1.jar

Evidence

Identifiers

enforcer-rules-1.4.1.jar

Evidence

Identifiers

maven-artifact-manager-2.2.1.jar

Evidence

Identifiers

maven-artifact-2.2.1.jar

Evidence

Identifiers

maven-core-2.2.1.jar

Evidence

Identifiers

maven-error-diagnostics-2.2.1.jar

Evidence

Identifiers

maven-model-2.2.1.jar

Evidence

Identifiers

maven-monitor-2.2.1.jar

Evidence

Identifiers

maven-plugin-api-2.0.9.jar

Evidence

Identifiers

maven-plugin-descriptor-2.2.1.jar

Evidence

Identifiers

maven-plugin-parameter-documenter-2.2.1.jar

Evidence

Identifiers

maven-plugin-registry-2.2.1.jar

Evidence