Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Project: Maven Enforcer Plugin, Custom Rule: Property Usage

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE GAV Highest Severity CVE Count CPE Confidence Evidence Count
backport-util-concurrent-3.1.jar backport-util-concurrent:backport-util-concurrent:3.1   0 13
classworlds-1.1.jar classworlds:classworlds:1.1   0 14
jsr305-3.0.1.jar com.google.code.findbugs:jsr305:3.0.1   0 13
jsch-0.1.38.jar cpe:/a:jcraft:jsch:0.1.38 com.jcraft:jsch:0.1.38 Medium 1 LOW 12
commons-cli-1.2.jar commons-cli:commons-cli:1.2   0 22
commons-codec-1.2.jar commons-codec:commons-codec:1.2   0 14
commons-httpclient-3.0.jar cpe:/a:apache:commons-httpclient:3.0
cpe:/a:apache:httpclient:3.0
commons-httpclient:commons-httpclient:3.0 Medium 1 HIGHEST 15
commons-lang-2.3.jar commons-lang:commons-lang:2.3   0 16
nekohtml-1.9.6.2.jar nekohtml:nekohtml:1.9.6.2   0 11
xercesMinimal-1.9.6.2.jar nekohtml:xercesMinimal:1.9.6.2   0 8
jackrabbit-webdav-1.5.0.jar cpe:/a:apache:jackrabbit:1.5.0 org.apache.jackrabbit:jackrabbit-webdav:1.5.0 Medium 2 HIGHEST 13
doxia-logging-api-1.1.jar org.apache.maven.doxia:doxia-logging-api:1.1   0 16
doxia-sink-api-1.1.jar org.apache.maven.doxia:doxia-sink-api:1.1   0 16
enforcer-api-1.4.1.jar org.apache.maven.enforcer:enforcer-api:1.4.1   0 16
enforcer-rules-1.4.1.jar org.apache.maven.enforcer:enforcer-rules:1.4.1   0 16
maven-artifact-manager-2.2.1.jar org.apache.maven:maven-artifact-manager:2.2.1   0 15
maven-artifact-2.2.1.jar org.apache.maven:maven-artifact:2.2.1   0 15
maven-core-2.2.1.jar cpe:/a:apache:maven:2.2.1 org.apache.maven:maven-core:2.2.1   0 LOW 15
maven-error-diagnostics-2.2.1.jar org.apache.maven:maven-error-diagnostics:2.2.1   0 16
maven-model-2.2.1.jar org.apache.maven:maven-model:2.2.1   0 16
maven-monitor-2.2.1.jar org.apache.maven:maven-monitor:2.2.1   0 15
maven-plugin-api-2.0.9.jar org.apache.maven:maven-plugin-api:2.0.9   0 15
maven-plugin-descriptor-2.2.1.jar org.apache.maven:maven-plugin-descriptor:2.2.1   0 15
maven-plugin-parameter-documenter-2.2.1.jar org.apache.maven:maven-plugin-parameter-documenter:2.2.1   0 15
maven-plugin-registry-2.2.1.jar org.apache.maven:maven-plugin-registry:2.2.1   0 15
maven-profile-2.2.1.jar org.apache.maven:maven-profile:2.2.1   0 15
maven-project-2.2.1.jar org.apache.maven:maven-project:2.2.1   0 16
maven-repository-metadata-2.2.1.jar org.apache.maven:maven-repository-metadata:2.2.1   0 16
maven-settings-2.2.1.jar org.apache.maven:maven-settings:2.2.1   0 15
maven-reporting-api-2.2.1.jar org.apache.maven.reporting:maven-reporting-api:2.2.1   0 15
maven-common-artifact-filters-1.4.jar org.apache.maven.shared:maven-common-artifact-filters:1.4   0 17
maven-dependency-tree-2.2.jar org.apache.maven.shared:maven-dependency-tree:2.2   0 17
wagon-file-1.0-beta-6.jar org.apache.maven.wagon:wagon-file:1.0-beta-6   0 16
wagon-http-lightweight-1.0-beta-6.jar org.apache.maven.wagon:wagon-http-lightweight:1.0-beta-6   0 16
wagon-http-shared-1.0-beta-6.jar org.apache.maven.wagon:wagon-http-shared:1.0-beta-6   0 16
wagon-http-1.0-beta-6.jar org.apache.maven.wagon:wagon-http:1.0-beta-6   0 16
wagon-provider-api-1.0-beta-6.jar org.apache.maven.wagon:wagon-provider-api:1.0-beta-6   0 16
wagon-ssh-common-1.0-beta-6.jar org.apache.maven.wagon:wagon-ssh-common:1.0-beta-6   0 15
wagon-ssh-external-1.0-beta-6.jar org.apache.maven.wagon:wagon-ssh-external:1.0-beta-6   0 16
wagon-ssh-1.0-beta-6.jar org.apache.maven.wagon:wagon-ssh:1.0-beta-6   0 15
wagon-webdav-jackrabbit-1.0-beta-6.jar cpe:/a:apache:jackrabbit:1.0 org.apache.maven.wagon:wagon-webdav-jackrabbit:1.0-beta-6 Medium 1 LOW 16
bsh-2.0b4.jar org.beanshell:bsh:2.0b4   0 14
plexus-component-annotations-1.5.5.jar org.codehaus.plexus:plexus-component-annotations:1.5.5   0 14
plexus-container-default-1.5.5.jar org.codehaus.plexus:plexus-container-default:1.5.5   0 13
plexus-i18n-1.0-beta-6.jar org.codehaus.plexus:plexus-i18n:1.0-beta-6   0 16
plexus-interactivity-api-1.0-alpha-4.jar org.codehaus.plexus:plexus-interactivity-api:1.0-alpha-4   0 13
plexus-interpolation-1.11.jar org.codehaus.plexus:plexus-interpolation:1.11   0 13
plexus-utils-3.0.24.jar org.codehaus.plexus:plexus-utils:3.0.24   0 14
aether-util-0.9.0.M2.jar org.eclipse.aether:aether-util:0.9.0.M2   0 15
jcl-over-slf4j-1.5.6.jar cpe:/a:slf4j:slf4j:1.5.6 org.slf4j:jcl-over-slf4j:1.5.6   0 LOW 18
slf4j-api-1.5.6.jar cpe:/a:slf4j:slf4j:1.5.6 org.slf4j:slf4j-api:1.5.6   0 LOW 18
slf4j-nop-1.5.3.jar cpe:/a:slf4j:slf4j:1.5.3 org.slf4j:slf4j-nop:1.5.3   0 LOW 18
plexus-cipher-1.4.jar org.sonatype.plexus:plexus-cipher:1.4   0 15
plexus-sec-dispatcher-1.3.jar cpe:/a:sec_project:sec:1.3 org.sonatype.plexus:plexus-sec-dispatcher:1.3 Medium 1 LOW 15

Dependencies

backport-util-concurrent-3.1.jar

Description: Dawid Kurzyniec's backport of JSR 166

License:

Public Domain: http://creativecommons.org/licenses/publicdomain
File Path: /home/mikkoi/.m2/repository/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.jar
MD5: 748bb0cbf4780b2e3121dc9c12e10cd9
SHA1: 682f7ac17fed79e92f8e87d8455192b63376347b
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: backport-util-concurrent:backport-util-concurrent:3.1   Confidence:HIGH

classworlds-1.1.jar

File Path: /home/mikkoi/.m2/repository/classworlds/classworlds/1.1/classworlds-1.1.jar
MD5: c20629baa65f1f2948b37aa393b0310b
SHA1: 60c708f55deeb7c5dfce8a7886ef09cbc1388eca
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: classworlds:classworlds:1.1   Confidence:HIGH

jsr305-3.0.1.jar

Description: JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/mikkoi/.m2/repository/com/google/code/findbugs/jsr305/3.0.1/jsr305-3.0.1.jar
MD5: c6532beb3f7cc54a8d73d25d5602b9e4
SHA1: f7be08ec23c21485b9b5a1cf1654c2ec8c58168d
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:provided

Identifiers

  • maven: com.google.code.findbugs:jsr305:3.0.1   Confidence:HIGH

jsch-0.1.38.jar

Description: JSch is a pure Java implementation of SSH2

License:

BSD: http://www.jcraft.com/jsch/LICENSE.txt
File Path: /home/mikkoi/.m2/repository/com/jcraft/jsch/0.1.38/jsch-0.1.38.jar
MD5: 07828623a79ab4b59c33e6ace5814299
SHA1: 0677f7038dd5c8d5d687c558d09c124f820a8fd5
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: com.jcraft:jsch:0.1.38   Confidence:HIGH
  • cpe: cpe:/a:jcraft:jsch:0.1.38   Confidence:LOW   

CVE-2016-5725  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.

Vulnerable Software & Versions:

commons-cli-1.2.jar

Description:  Commons CLI provides a simple API for presenting, processing and validating a command line interface.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/mikkoi/.m2/repository/commons-cli/commons-cli/1.2/commons-cli-1.2.jar
MD5: bfdcae1ff93f0c07d733f03bdce28c9e
SHA1: 2bf96b7aa8b611c177d329452af1dc933e14501c
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: commons-cli:commons-cli:1.2   Confidence:HIGH

commons-codec-1.2.jar

Description: The codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

File Path: /home/mikkoi/.m2/repository/commons-codec/commons-codec/1.2/commons-codec-1.2.jar
MD5: 2617b220009f952bb9542af167d040cf
SHA1: 397f4731a9f9b6eb1907e224911c77ea3aa27a8b
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:runtime

Identifiers

  • maven: commons-codec:commons-codec:1.2   Confidence:HIGH

commons-httpclient-3.0.jar

Description: The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.

License:

Apache License: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/mikkoi/.m2/repository/commons-httpclient/commons-httpclient/3.0/commons-httpclient-3.0.jar
MD5: cd69c70d6c078f4340bd5e867ec6f1b6
SHA1: 336a280d178bb957e5233189f0f32e067366c4e5
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:runtime

Identifiers

  • maven: commons-httpclient:commons-httpclient:3.0   Confidence:HIGH
  • cpe: cpe:/a:apache:commons-httpclient:3.0   Confidence:HIGHEST   
  • cpe: cpe:/a:apache:httpclient:3.0   Confidence:LOW   

CVE-2012-5783  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Vulnerable Software & Versions: (show all)

commons-lang-2.3.jar

Description: Commons.Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: /home/mikkoi/.m2/repository/commons-lang/commons-lang/2.3/commons-lang-2.3.jar
MD5: dcdcbb47176603907c9f79a1349193eb
SHA1: 0eecdac8c86bc84b4bdfc24371ba8c785a1fc552
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: commons-lang:commons-lang:2.3   Confidence:HIGH

nekohtml-1.9.6.2.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/mikkoi/.m2/repository/nekohtml/nekohtml/1.9.6.2/nekohtml-1.9.6.2.jar
MD5: b27e7cb1391fe7a24273df7a969cf9e9
SHA1: 2d960be7b62ae6622dbbbe49ab4ffdc609f85c80
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: nekohtml:nekohtml:1.9.6.2   Confidence:HIGH

xercesMinimal-1.9.6.2.jar

File Path: /home/mikkoi/.m2/repository/nekohtml/xercesMinimal/1.9.6.2/xercesMinimal-1.9.6.2.jar
MD5: 798acf6fded21b391b7bae0d079a5635
SHA1: 0d1c5e063683a0e6f77cd5f051a9d4af48346fa6
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: nekohtml:xercesMinimal:1.9.6.2   Confidence:HIGH

jackrabbit-webdav-1.5.0.jar

Description: WebDAV library used by the Jackrabbit WebDAV support

File Path: /home/mikkoi/.m2/repository/org/apache/jackrabbit/jackrabbit-webdav/1.5.0/jackrabbit-webdav-1.5.0.jar
MD5: 137d4d30c1c78972fec7628c94f4f4a1
SHA1: b14c7fbbd34862d4d51c5e72ba3a69cde892c260
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:runtime

Identifiers

CVE-2015-1833  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation

XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.

Vulnerable Software & Versions: (show all)

CVE-2009-0026  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.

Vulnerable Software & Versions: (show all)

doxia-logging-api-1.1.jar

Description: Doxia Logging API.

File Path: /home/mikkoi/.m2/repository/org/apache/maven/doxia/doxia-logging-api/1.1/doxia-logging-api-1.1.jar
MD5: 8e93b74b3fb7353322069d4c996c7887
SHA1: c8fe274396e40452ca3e6121f6dd00220b210d48
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.apache.maven.doxia:doxia-logging-api:1.1   Confidence:HIGH

doxia-sink-api-1.1.jar

Description: Doxia Sink API.

File Path: /home/mikkoi/.m2/repository/org/apache/maven/doxia/doxia-sink-api/1.1/doxia-sink-api-1.1.jar
MD5: 83936a5b87b5a2ead35c8987d984b14a
SHA1: 9fc15c69e09a14fd07acba7300009eff6e692a44
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.apache.maven.doxia:doxia-sink-api:1.1   Confidence:HIGH

enforcer-api-1.4.1.jar

Description:  This component provides the generic interfaces needed to implement custom rules for the maven-enforcer-plugin.

File Path: /home/mikkoi/.m2/repository/org/apache/maven/enforcer/enforcer-api/1.4.1/enforcer-api-1.4.1.jar
MD5: 8dcbd6507014fb089270e15652f9aa09
SHA1: a653a73b288846b082dd33831a1c1d0b3396d849
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.apache.maven.enforcer:enforcer-api:1.4.1   Confidence:HIGH

enforcer-rules-1.4.1.jar

Description: This component contains the standard Enforcer Rules

File Path: /home/mikkoi/.m2/repository/org/apache/maven/enforcer/enforcer-rules/1.4.1/enforcer-rules-1.4.1.jar
MD5: 85ccb8df364ad9c65a943b5739a6ded8
SHA1: 3705628822e78b4ae4ae8ea4e26ef6c2955f43b6
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.apache.maven.enforcer:enforcer-rules:1.4.1   Confidence:HIGH

maven-artifact-manager-2.2.1.jar

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.jar
MD5: f3e76a8a83f422a900886543c48914f7
SHA1: ec355b913c34d37080810f98e3f51abecbe1572b
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.apache.maven:maven-artifact-manager:2.2.1   Confidence:HIGH

maven-artifact-2.2.1.jar

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.jar
MD5: 7b7613fd5db72967269abe7ab50b76e9
SHA1: 23600f790d4dab2cb965419eaa982e3e84c428f8
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.apache.maven:maven-artifact:2.2.1   Confidence:HIGH

maven-core-2.2.1.jar

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.jar
MD5: 7538cd62a04a378d4c1944e26c793164
SHA1: 6f488e461188496c62e161f32160b3465ce5901e
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • cpe: cpe:/a:apache:maven:2.2.1   Confidence:LOW   
  • maven: org.apache.maven:maven-core:2.2.1   Confidence:HIGH

maven-error-diagnostics-2.2.1.jar

Description: Provides a manager component which will process a given Throwable instance through a set of diagnostic sub-components, and return a String message with user-friendly information about the error and possibly how to fix it.

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.jar
MD5: 8eaa64d20f32c0b0c1beb9739bbb5fe3
SHA1: e81bb342d7d172f23d108dc8fa979a1facdcde8e
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.apache.maven:maven-error-diagnostics:2.2.1   Confidence:HIGH

maven-model-2.2.1.jar

Description: Maven Model

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.jar
MD5: b269f663e3440e40be4b696d9b7c2260
SHA1: c0a1c17436ec3ff5a56207c031d82277b4250a29
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.apache.maven:maven-model:2.2.1   Confidence:HIGH

maven-monitor-2.2.1.jar

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.jar
MD5: 396e401208090417e0f18ad2b1bccd92
SHA1: afc57c3a1368cd34caccb638e00523701f398c20
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.apache.maven:maven-monitor:2.2.1   Confidence:HIGH

maven-plugin-api-2.0.9.jar

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar
MD5: 09a279f8115f712946ecb81f8c372325
SHA1: 8b8cae9daa688fdb57995c6835a3e24475d554c0
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.apache.maven:maven-plugin-api:2.0.9   Confidence:HIGH

maven-plugin-descriptor-2.2.1.jar

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.jar
MD5: f28d3a50552a8d2943587638f5f01455
SHA1: 68d20ae3c40c4664dc52be90338af796db7ffb32
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.apache.maven:maven-plugin-descriptor:2.2.1   Confidence:HIGH

maven-plugin-parameter-documenter-2.2.1.jar

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.jar
MD5: 8ba54f6e61f1b07ec7076bd27d3eaa9c
SHA1: 1a117baac49437fc5a6fcd9f18f779e6bad4207e
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.apache.maven:maven-plugin-parameter-documenter:2.2.1   Confidence:HIGH

maven-plugin-registry-2.2.1.jar

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.jar
MD5: 46a27ab81d327e3f5fd1d3e435fe2aad
SHA1: 72a24b7775649af78f3986b5aa7eb354b9674cfd
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.apache.maven:maven-plugin-registry:2.2.1   Confidence:HIGH

maven-profile-2.2.1.jar

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.jar
MD5: 53dd14e28aaad4bd5dd379dfdbf46a4c
SHA1: 3950071587027e5086e9c395574a60650c432738
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.apache.maven:maven-profile:2.2.1   Confidence:HIGH

maven-project-2.2.1.jar

Description: This library is used to not only read Maven project object model files, but to assemble inheritence and to retrieve remote models as required.

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.jar
MD5: 8f9382d7c0c120e94c2aaf8bbe817b6f
SHA1: 8239e98c16f641d55a4ad0e0bab0aee3aff8933f
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.apache.maven:maven-project:2.2.1   Confidence:HIGH

maven-repository-metadata-2.2.1.jar

Description: Per-directory repository metadata.

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.jar
MD5: c426b243119831168af2fbd767254f59
SHA1: 98f0c07fcf1eeb213bef8d9316a9935184084b06
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.apache.maven:maven-repository-metadata:2.2.1   Confidence:HIGH

maven-settings-2.2.1.jar

File Path: /home/mikkoi/.m2/repository/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.jar
MD5: 7c3dcffd55434a860339dba78f0c165a
SHA1: 2236ffe71fa5f78ce42b0f5fc22c54ed45f14294
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.apache.maven:maven-settings:2.2.1   Confidence:HIGH

maven-reporting-api-2.2.1.jar

File Path: /home/mikkoi/.m2/repository/org/apache/maven/reporting/maven-reporting-api/2.2.1/maven-reporting-api-2.2.1.jar
MD5: 5e680d893d92086dffd8cc42637ceb0f
SHA1: 61942e490c112f84b3a1a61572d570f369414939
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.apache.maven.reporting:maven-reporting-api:2.2.1   Confidence:HIGH

maven-common-artifact-filters-1.4.jar

Description: A collection of ready-made filters to control inclusion/exclusion of artifacts during dependency resolution.

File Path: /home/mikkoi/.m2/repository/org/apache/maven/shared/maven-common-artifact-filters/1.4/maven-common-artifact-filters-1.4.jar
MD5: f349d565d928ff833dd1118ea565810e
SHA1: de97ff2efd804f06c3698a914f2d55205742bcc4
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.apache.maven.shared:maven-common-artifact-filters:1.4   Confidence:HIGH

maven-dependency-tree-2.2.jar

Description: A tree-based API for resolution of Maven project dependencies

File Path: /home/mikkoi/.m2/repository/org/apache/maven/shared/maven-dependency-tree/2.2/maven-dependency-tree-2.2.jar
MD5: c9b2c60a0fd118c04595db246f3075a2
SHA1: 5d9ce6add7b714b8095f0e3e396c5e9f8c5dcfef
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.apache.maven.shared:maven-dependency-tree:2.2   Confidence:HIGH

wagon-file-1.0-beta-6.jar

Description:  Wagon that gets and puts artifacts using file system protocol

File Path: /home/mikkoi/.m2/repository/org/apache/maven/wagon/wagon-file/1.0-beta-6/wagon-file-1.0-beta-6.jar
MD5: 440c57f18cef427fade1bfee1544db89
SHA1: 6c53633505460caf49d2660de1e24744d915afb9
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:runtime

Identifiers

  • maven: org.apache.maven.wagon:wagon-file:1.0-beta-6   Confidence:HIGH

wagon-http-lightweight-1.0-beta-6.jar

Description:  Wagon that gets and puts artifacts through http using standard Java library

File Path: /home/mikkoi/.m2/repository/org/apache/maven/wagon/wagon-http-lightweight/1.0-beta-6/wagon-http-lightweight-1.0-beta-6.jar
MD5: 7ef1200d5b39fb2c3f41ef378cb887f7
SHA1: b3815078570c3b1f0667e123d59717c6b726c6c2
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.apache.maven.wagon:wagon-http-lightweight:1.0-beta-6   Confidence:HIGH

wagon-http-shared-1.0-beta-6.jar

Description:  Shared Library for the wagon-http, and wagon-http-lightweight wagon providers.

File Path: /home/mikkoi/.m2/repository/org/apache/maven/wagon/wagon-http-shared/1.0-beta-6/wagon-http-shared-1.0-beta-6.jar
MD5: 2bba0550b782784fd112f723b4be663e
SHA1: ccd70d7e0d8c085e648a83f072da06ca9a53be94
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.apache.maven.wagon:wagon-http-shared:1.0-beta-6   Confidence:HIGH

wagon-http-1.0-beta-6.jar

Description:  Wagon that gets and puts artifacts through http using Apache commons-httpclient

File Path: /home/mikkoi/.m2/repository/org/apache/maven/wagon/wagon-http/1.0-beta-6/wagon-http-1.0-beta-6.jar
MD5: cacdb02e0d797e60306dbfe298814f9f
SHA1: 8c665cbb0ab67c355fbd2c942ad26e39753b6f2e
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.apache.maven.wagon:wagon-http:1.0-beta-6   Confidence:HIGH

wagon-provider-api-1.0-beta-6.jar

Description: Maven Wagon API that defines the contract between different Wagon implementations

File Path: /home/mikkoi/.m2/repository/org/apache/maven/wagon/wagon-provider-api/1.0-beta-6/wagon-provider-api-1.0-beta-6.jar
MD5: 63826e38e44f08e7935c1d173667ed8c
SHA1: 3f952e0282ae77ae59851d96bb18015e520b6208
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.apache.maven.wagon:wagon-provider-api:1.0-beta-6   Confidence:HIGH

wagon-ssh-common-1.0-beta-6.jar

File Path: /home/mikkoi/.m2/repository/org/apache/maven/wagon/wagon-ssh-common/1.0-beta-6/wagon-ssh-common-1.0-beta-6.jar
MD5: 3c5abd71adc03070d28f2af0d20ab3a3
SHA1: 0c654cc7e10e18bedca04a6e42f980d6c68435fc
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.apache.maven.wagon:wagon-ssh-common:1.0-beta-6   Confidence:HIGH

wagon-ssh-external-1.0-beta-6.jar

Description:  Wagon that gets and puts artifacts using SSH protocol with a preinstalled SSH client

File Path: /home/mikkoi/.m2/repository/org/apache/maven/wagon/wagon-ssh-external/1.0-beta-6/wagon-ssh-external-1.0-beta-6.jar
MD5: 729534f8ecef194bab3b5bd23afdb123
SHA1: 76918505c5fa6e309cd393aca8acd1b236559288
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:runtime

Identifiers

  • maven: org.apache.maven.wagon:wagon-ssh-external:1.0-beta-6   Confidence:HIGH

wagon-ssh-1.0-beta-6.jar

File Path: /home/mikkoi/.m2/repository/org/apache/maven/wagon/wagon-ssh/1.0-beta-6/wagon-ssh-1.0-beta-6.jar
MD5: a33c430bc42b11184b3aff2799057cab
SHA1: 37ac531f8159dddffa398a7612d5cbe313228437
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.apache.maven.wagon:wagon-ssh:1.0-beta-6   Confidence:HIGH

wagon-webdav-jackrabbit-1.0-beta-6.jar

Description:  Wagon that gets and puts artifacts through webdav protocol

File Path: /home/mikkoi/.m2/repository/org/apache/maven/wagon/wagon-webdav-jackrabbit/1.0-beta-6/wagon-webdav-jackrabbit-1.0-beta-6.jar
MD5: 54e5811336dab214bd598b4ac92cdf99
SHA1: b694b223d0f19abcb32e304ebd5054061ee0f7b5
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:runtime

Identifiers

  • cpe: cpe:/a:apache:jackrabbit:1.0   Confidence:LOW   
  • maven: org.apache.maven.wagon:wagon-webdav-jackrabbit:1.0-beta-6   Confidence:HIGH

CVE-2015-1833  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation

XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.

Vulnerable Software & Versions: (show all)

bsh-2.0b4.jar

Description: BeanShell

File Path: /home/mikkoi/.m2/repository/org/beanshell/bsh/2.0b4/bsh-2.0b4.jar
MD5: a1c60aa83c9c9a6cb2391c1c1b85eb00
SHA1: a05f0a0feefa8d8467ac80e16e7de071489f0d9c
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.beanshell:bsh:2.0b4   Confidence:HIGH

plexus-component-annotations-1.5.5.jar

Description:  Plexus Component "Java 5" Annotations, to describe plexus components properties in java sources with standard annotations instead of javadoc annotations.

File Path: /home/mikkoi/.m2/repository/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar
MD5: ef37dcdb84030422db428b63c4354e5b
SHA1: c72f2660d0cbed24246ddb55d7fdc4f7374d2078
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.codehaus.plexus:plexus-component-annotations:1.5.5   Confidence:HIGH

plexus-container-default-1.5.5.jar

Description:  The Plexus IoC container API and its default implementation.

File Path: /home/mikkoi/.m2/repository/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar
MD5: 9207a5b343b0cb5d22b09f41e87fce00
SHA1: 0265fa2851d31c2e2177859a518987595efe146b
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.codehaus.plexus:plexus-container-default:1.5.5   Confidence:HIGH

plexus-i18n-1.0-beta-6.jar

File Path: /home/mikkoi/.m2/repository/org/codehaus/plexus/plexus-i18n/1.0-beta-6/plexus-i18n-1.0-beta-6.jar
MD5: 6fe2f027270fac46b6cfbfa5eba53c9d
SHA1: 0de20e1eea680fc277fddb66bc24ba40d449168b
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.codehaus.plexus:plexus-i18n:1.0-beta-6   Confidence:HIGH

plexus-interactivity-api-1.0-alpha-4.jar

File Path: /home/mikkoi/.m2/repository/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar
MD5: c8ce4cfd3b7b6419c00dcb780a6eb603
SHA1: 0a8f1178664a5457eef3f4531eb62f9505e1295f
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.codehaus.plexus:plexus-interactivity-api:1.0-alpha-4   Confidence:HIGH

plexus-interpolation-1.11.jar

File Path: /home/mikkoi/.m2/repository/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.jar
MD5: d5ef768cef9a261d569ff1f672324154
SHA1: ad9dddff6043194904ad1d2c00ff1d003c3915f7
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.codehaus.plexus:plexus-interpolation:1.11   Confidence:HIGH

plexus-utils-3.0.24.jar

Description: A collection of various utility classes to ease working with strings, files, command lines, XML and more.

File Path: /home/mikkoi/.m2/repository/org/codehaus/plexus/plexus-utils/3.0.24/plexus-utils-3.0.24.jar
MD5: fbefd8983c6bb4928c27c680463ff355
SHA1: b4ac9780b37cb1b736eae9fbcef27609b7c911ef
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.codehaus.plexus:plexus-utils:3.0.24   Confidence:HIGH

aether-util-0.9.0.M2.jar

Description:  A collection of utility classes to ease usage of the repository system.

License:

http://www.eclipse.org/legal/epl-v10.html
File Path: /home/mikkoi/.m2/repository/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar
MD5: fc6315129d2e2063e2f2725e6337587f
SHA1: b957089deb654647da320ad7507b0a4b5ce23813
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.eclipse.aether:aether-util:0.9.0.M2   Confidence:HIGH

jcl-over-slf4j-1.5.6.jar

Description:  JCL 1.1.1 implementation over SLF4J

File Path: /home/mikkoi/.m2/repository/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.jar
MD5: 4ab274630492c6896f1eb88023af3c07
SHA1: 629680940b7dcb02c3904deb85992b462c42e272
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:runtime

Identifiers

  • cpe: cpe:/a:slf4j:slf4j:1.5.6   Confidence:LOW   
  • maven: org.slf4j:jcl-over-slf4j:1.5.6   Confidence:HIGH

slf4j-api-1.5.6.jar

Description: The slf4j API

File Path: /home/mikkoi/.m2/repository/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.jar
MD5: ca55c6dae5d0f9a8a829720408918586
SHA1: ec9b7142625dfa1dcaf22db99ecb7c555ffa714d
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:runtime

Identifiers

  • cpe: cpe:/a:slf4j:slf4j:1.5.6   Confidence:LOW   
  • maven: org.slf4j:slf4j-api:1.5.6   Confidence:HIGH

slf4j-nop-1.5.3.jar

Description:  The slf4j NOP binding

File Path: /home/mikkoi/.m2/repository/org/slf4j/slf4j-nop/1.5.3/slf4j-nop-1.5.3.jar
MD5: 16dacc0ab89858efafe1cb535d96b682
SHA1: 36a3c886235cddd05e55a979cef549196740231a
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:runtime

Identifiers

  • cpe: cpe:/a:slf4j:slf4j:1.5.3   Confidence:LOW   
  • maven: org.slf4j:slf4j-nop:1.5.3   Confidence:HIGH

plexus-cipher-1.4.jar

File Path: /home/mikkoi/.m2/repository/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar
MD5: 7b2d6fcf0d5800d5b1ce09d98d98dcaf
SHA1: 50ade46f23bb38cd984b4ec560c46223432aac38
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • maven: org.sonatype.plexus:plexus-cipher:1.4   Confidence:HIGH

plexus-sec-dispatcher-1.3.jar

File Path: /home/mikkoi/.m2/repository/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar
MD5: 53160199f5667de3fca69b723173639b
SHA1: dedc02034fb8fcd7615d66593228cb71709134b4
Referenced In Project/Scope: Maven Enforcer Plugin, Custom Rule: Property Usage:compile

Identifiers

  • cpe: cpe:/a:sec_project:sec:1.3   Confidence:LOW   
  • maven: org.sonatype.plexus:plexus-sec-dispatcher:1.3   Confidence:HIGH

CVE-2018-12070  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control

The sell function of a smart contract implementation for SEC, a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue.

Vulnerable Software & Versions:



This report contains data retrieved from the National Vulnerability Database.