Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 1.4.5Report Generated On : Mar 11, 2017 at 23:50:56 ESTDependencies Scanned : 76 (58 unique)Vulnerable Dependencies : 7 Vulnerabilities Found : 18Vulnerabilities Suppressed : 0...
CurrentEngineRelease : NVD CVE 2002 : 19/02/2017 03:25:58NVD CVE 2003 : 19/02/2017 03:24:25NVD CVE 2004 : 19/02/2017 03:23:59NVD CVE 2005 : 24/02/2017 03:12:32NVD CVE 2006 : 19/02/2017 03:20:36NVD CVE 2007 : 19/02/2017 03:18:20NVD CVE 2008 : 19/02/2017 03:16:18NVD CVE 2009 : 19/02/2017 03:14:03NVD CVE 2010 : 09/02/2017 03:09:26NVD CVE 2011 : 19/02/2017 03:11:57NVD CVE 2012 : 24/02/2017 03:11:07NVD CVE 2013 : 24/02/2017 03:09:00NVD CVE 2014 : 01/03/2017 03:07:38NVD CVE 2015 : 04/03/2017 03:06:02NVD CVE 2016 : 05/03/2017 03:02:53NVD CVE 2017 : 05/03/2017 03:00:24NVD CVE Checked : 11/03/2017 23:34:50NVD CVE Modified : 11/03/2017 20:00:24VersionCheckOn : 1486838497071
Display:
Showing Vulnerable Dependencies (click to show all)
Dependencies
File Path: C:\Users\Dad\.m2\repository\antlr\antlr\2.7.7\antlr-2.7.7.jarMD5: f8f1352c52a4c6a500b597596501fc64SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid antlr central groupid antlr central version 2.7.7 file name antlr file version 2.7.7 jar package name antlr pom artifactid antlr pom groupid antlr pom name AntLR pom url http://www.antlr.org/ pom version 2.7.7
Description: AOP Alliance
License:
Public Domain
File Path: C:\Users\Dad\.m2\repository\aopalliance\aopalliance\1.0\aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid aopalliance central groupid aopalliance central version 1.0 file name aopalliance file version 1.0 jar package name aopalliance jar package name intercept pom artifactid aopalliance pom description AOP Alliance pom groupid aopalliance pom name AOP alliance pom url http://aopalliance.sourceforge.net pom version 1.0
File Path: C:\Users\Dad\.m2\repository\asm\asm\3.3.1\asm-3.3.1.jarMD5: 1ad1e8959324b0f680b8e62406955642SHA1: 1d5f20b4ea675e6fab6ab79f1cd60ec268ddc015
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid asm central groupid asm central version 3.3.1 file name asm file version 3.3.1 Manifest Implementation-Title ASM Manifest Implementation-Vendor France Telecom R&D Manifest Implementation-Version 3.3.1 pom artifactid asm pom groupid asm pom name ASM Core pom parent-artifactid asm-parent pom version 3.3.1
Description: JAXB (JSR 222) reference implementation
License:
CDDL 1.0: https://glassfish.dev.java.net/public/CDDL+GPL.html
GPL2 w/ CPE: https://glassfish.dev.java.net/public/CDDL+GPL.html
File Path: C:\Users\Dad\.m2\repository\com\sun\xml\bind\jaxb-impl\2.1.13\jaxb-impl-2.1.13.jar
MD5: 97e9e91a0824277ca351063e1ee6d2de
SHA1: 7c1ea3e298d0a32fafcebcb734e77990598f7720
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid jaxb-impl central groupid com.sun.xml.bind central version 2.1.13 file name jaxb-impl file version 2.1.13 Manifest extension-name com.sun.xml.bind Manifest Implementation-Title JAXB Reference Implementation Manifest Implementation-Vendor Sun Microsystems, Inc. Manifest Implementation-Vendor-Id com.sun Manifest Implementation-Version 2.1.13 Manifest specification-title Java Architecture for XML Binding Manifest specification-vendor Sun Microsystems, Inc. pom artifactid jaxb-impl pom description JAXB (JSR 222) reference implementation pom groupid com.sun.xml.bind pom groupid sun.xml.bind pom name JAXB RI pom url https://jaxb.dev.java.net/ pom version 2.1.13
Description: The core functionality of the CodeModel java source code generation library
File Path: C:\Users\Dad\.m2\repository\com\sun\xml\bind\jaxb-xjc\2.1.13\jaxb-xjc-2.1.13.jarMD5: bd159bfd1ad36963f8f7bb05d7e8f644SHA1: 0a953200fed20f683c09e8f419c2babb1d89d82a
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid jaxb-xjc central groupid com.sun.xml.bind file name jaxb-xjc file version 2.1.13 Manifest extension-name com.sun.tools.xjc Manifest Implementation-Title JAXB Reference Implementation Manifest Implementation-Vendor Sun Microsystems, Inc. Manifest Implementation-Vendor-Id com.sun Manifest Implementation-Version 2.1.13 Manifest specification-title Java Architecture for XML Binding Manifest specification-vendor Sun Microsystems, Inc. pom artifactid codemodel pom artifactid jaxb-xjc pom description The core functionality of the CodeModel java source code generation library pom groupid com.sun.xml.bind pom groupid sun.codemodel pom name Codemodel Core pom parent-groupid com.sun
Description:
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: C:\Users\Dad\.m2\repository\commons-codec\commons-codec\1.10\commons-codec-1.10.jar
MD5: 353cf6a2bdba09595ccfa073b78c7fcb
SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8
Referenced In Project/Scope:
fgsms Apache CXF Agent:compile
Evidence
Source Name Value central artifactid commons-codec central groupid commons-codec central version 1.10 file name commons-codec file version 1.10 manifest Bundle-Description The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. Manifest bundle-docurl http://commons.apache.org/proper/commons-codec/ Manifest Bundle-Name Apache Commons Codec Manifest bundle-symbolicname org.apache.commons.codec Manifest implementation-build trunk@r1637108; 2014-11-06 14:14:12+0000 Manifest Implementation-Title Apache Commons Codec Manifest Implementation-Vendor The Apache Software Foundation Manifest Implementation-Vendor-Id org.apache Manifest Implementation-Version 1.10 Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Manifest specification-title Apache Commons Codec Manifest specification-vendor The Apache Software Foundation pom artifactid commons-codec pom description The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. pom groupid commons-codec pom name Apache Commons Codec pom parent-artifactid commons-parent pom parent-groupid org.apache.commons pom url http://commons.apache.org/proper/commons-codec/ pom version 1.10
Description: Types that extend and augment the Java Collections Framework.
License:
The Apache Software License, Version 2.0: /LICENSE.txt
File Path: C:\Users\Dad\.m2\repository\commons-collections\commons-collections\3.2\commons-collections-3.2.jar
MD5: 7b9216b608d550787bdf43a63d88bf3b
SHA1: f951934aa5ae5a88d7e6dfaa6d32307d834a88be
Referenced In Project/Scope:
fgsms Apache CXF Agent:compile
Evidence
Source Name Value central artifactid commons-collections central groupid commons-collections central version 3.2 file name commons-collections file version 3.2 Manifest extension-name commons-collections Manifest Implementation-Title Commons Collections Manifest Implementation-Vendor Apache Software Foundation Manifest Implementation-Vendor-Id org.apache Manifest Implementation-Version 3.2 Manifest specification-title Commons Collections Manifest specification-vendor Apache Software Foundation pom artifactid commons-collections pom description Types that extend and augment the Java Collections Framework. pom groupid commons-collections pom name Collections pom organization name http://jakarta.apache.org
pom url http://jakarta.apache.org/commons/collections/ pom version 3.2
Published Vulnerabilities
CVE-2015-6420 suppress
Severity:
High
Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Vulnerable Software & Versions: (show all )
Description:
Tools to assist in the reading of configuration/preferences files in
various formats
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: C:\Users\Dad\.m2\repository\commons-configuration\commons-configuration\1.9\commons-configuration-1.9.jar
MD5: a433303bae1cd9ec6313fe7bbac8fbe9
SHA1: 5e8a4890284cf7eaa9241ace2cc07518d9519d22
Referenced In Project/Scope:
fgsms Apache CXF Agent:compile
Evidence
Source Name Value central artifactid commons-configuration central groupid commons-configuration central version 1.9 file name commons-configuration file version 1.9 manifest Bundle-Description Tools to assist in the reading of configuration/preferences files in various formats Manifest bundle-docurl http://commons.apache.org/configuration/ Manifest Bundle-Name Commons Configuration Manifest bundle-symbolicname org.apache.commons.configuration Manifest implementation-build tags/CONFIGURATION_1_9RC1@r1369345; 2012-08-04 17:37:27+0200 Manifest Implementation-Title Commons Configuration Manifest Implementation-Vendor The Apache Software Foundation Manifest Implementation-Vendor-Id org.apache Manifest Implementation-Version 1.9 Manifest specification-title Commons Configuration Manifest specification-vendor The Apache Software Foundation pom artifactid commons-configuration pom description Tools to assist in the reading of configuration/preferences files in various formats pom groupid commons-configuration pom name Commons Configuration pom parent-artifactid commons-parent pom parent-groupid org.apache.commons pom url http://commons.apache.org/configuration/ pom version 1.9
Description:
Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: C:\Users\Dad\.m2\repository\commons-lang\commons-lang\2.6\commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
Referenced In Project/Scope:
fgsms Apache CXF Agent:compile
Evidence
Source Name Value central artifactid commons-lang central groupid commons-lang central version 2.6 file name commons-lang file version 2.6 manifest Bundle-Description Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Manifest bundle-docurl http://commons.apache.org/lang/ Manifest Bundle-Name Commons Lang Manifest bundle-symbolicname org.apache.commons.lang Manifest Implementation-Title Commons Lang Manifest Implementation-Vendor The Apache Software Foundation Manifest Implementation-Vendor-Id org.apache Manifest Implementation-Version 2.6 Manifest specification-title Commons Lang Manifest specification-vendor The Apache Software Foundation pom artifactid commons-lang pom description Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. pom groupid commons-lang pom name Commons Lang pom parent-artifactid commons-parent pom parent-groupid org.apache.commons pom url http://commons.apache.org/lang/ pom version 2.6
Description: Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems.
License:
The Apache Software License, Version 2.0: /LICENSE.txt
File Path: C:\Users\Dad\.m2\repository\commons-logging\commons-logging-api\1.1\commons-logging-api-1.1.jar
MD5: 4374238076ab08e60e0d296234480837
SHA1: 7d4cf5231d46c8524f9b9ed75bb2d1c69ab93322
Referenced In Project/Scope:
fgsms Apache CXF Agent:compile
Evidence
Source Name Value central artifactid commons-logging-api central groupid commons-logging central version 1.1 file name commons-logging-api file version 1.1 Manifest extension-name org.apache.commons.logging Manifest Implementation-Title Jakarta Commons Logging Manifest Implementation-Vendor Apache Software Foundation Manifest Implementation-Vendor-Id org.apache Manifest Implementation-Version 1.1 Manifest specification-title Jakarta Commons Logging Manifest specification-vendor Apache Software Foundation pom artifactid commons-logging-api pom description Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems. pom groupid commons-logging pom name Logging pom organization name http://jakarta.apache.org
pom url http://jakarta.apache.org/commons/logging/ pom version 1.1
Description: Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems.
License:
The Apache Software License, Version 2.0: /LICENSE.txt
File Path: C:\Users\Dad\.m2\repository\commons-logging\commons-logging\1.1\commons-logging-1.1.jar
MD5: 6b62417e77b000a87de66ee3935edbf5
SHA1: ba24d5de831911b684c92cd289ed5ff826271824
Referenced In Project/Scope:
fgsms Apache CXF Agent:compile
Evidence
Source Name Value central artifactid commons-logging central groupid commons-logging central version 1.1 file name commons-logging file version 1.1 Manifest extension-name org.apache.commons.logging Manifest Implementation-Title Jakarta Commons Logging Manifest Implementation-Vendor Apache Software Foundation Manifest Implementation-Vendor-Id org.apache Manifest Implementation-Version 1.1 Manifest specification-title Jakarta Commons Logging Manifest specification-vendor Apache Software Foundation pom artifactid commons-logging pom description Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems. pom groupid commons-logging pom name Logging pom organization name http://jakarta.apache.org
pom url http://jakarta.apache.org/commons/${pom.artifactId.substring(8)}/ pom version 1.1
Description: dnsjava is an implementation of DNS in Java
License:
BSD license: http://www.dnsjava.org/README
File Path: C:\Users\Dad\.m2\repository\dnsjava\dnsjava\2.0.6\dnsjava-2.0.6.jar
MD5: 3a783229899ea708d3a7c73624d305c4
SHA1: e367971f81d95e653552b5c8f3065d0fad724369
Referenced In Project/Scope:
fgsms Apache CXF Agent:compile
Evidence
Source Name Value central artifactid dnsjava central groupid dnsjava central groupid org.dnsjava central groupid org.dspace.dnsjava central version 2.0.6 file name dnsjava file version 2.0.6 Manifest Implementation-Title dnsjava Manifest Implementation-Version 2.0.6 pom artifactid dnsjava pom description dnsjava is an implementation of DNS in Java pom groupid dnsjava pom name dnsjava pom url http://www.dnsjava.org pom version 2.0.6
Description: Java.net - The Source for Java Technology Collaboration
License:
CDDL 1.1: http://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: C:\Users\Dad\.m2\repository\javax\ws\rs\javax.ws.rs-api\2.0-m10\javax.ws.rs-api-2.0-m10.jar
MD5: 86cdb9036c14a84efa2711e2791e9210
SHA1: 74705b1b0c448f88cff1a46f431b70b23588e8f4
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid javax.ws.rs-api central groupid javax.ws.rs central version 2.0-m10 file name javax.ws.rs-api file version 2.0.m10 manifest Bundle-Description Java.net - The Source for Java Technology Collaboration Manifest bundle-docurl http://www.oracle.com/ Manifest Bundle-Name javax.ws.rs-api Manifest bundle-symbolicname javax.ws.rs.javax.ws.rs-api Manifest extension-name javax.ws.rs Manifest specification-title Java API for RESTful Web Services (JAX-RS) Manifest specification-vendor Oracle Corporation pom artifactid javax.ws.rs-api pom groupid javax.ws.rs pom name javax.ws.rs-api pom organization name http://www.oracle.com/
pom parent-artifactid jvnet-parent pom parent-groupid net.java pom url http://jax-rs-spec.java.net pom version 2.0-m10
Description: Date and time library to replace JDK date handling
License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Dad\.m2\repository\joda-time\joda-time\2.2\joda-time-2.2.jar
MD5: 226f5207543c490f10f234e82108b998
SHA1: a5f29a7acaddea3f4af307e8cf2d0cc82645fd7d
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid joda-time central groupid joda-time central version 2.2 file name joda-time file version 2.2 Manifest bundle-docurl http://joda-time.sourceforge.net/ Manifest Bundle-Name Joda-Time Manifest bundle-symbolicname joda-time Manifest extension-name joda-time Manifest Implementation-Title org.joda.time Manifest Implementation-Vendor Joda.org Manifest Implementation-Vendor-Id org.joda Manifest Implementation-Version 2.2 Manifest specification-title Joda-Time Manifest specification-vendor Joda.org pom artifactid joda-time pom description Date and time library to replace JDK date handling pom groupid joda-time pom name Joda time pom organization name http://www.joda.org
pom url http://joda-time.sourceforge.net pom version 2.2
Description: Apache Log4j 1.2
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Dad\.m2\repository\log4j\log4j\1.2.17\log4j-1.2.17.jar
MD5: 04a41f0a068986f0f73485cf507c0f40
SHA1: 5af35056b4d257e4b64b9e8069c0746e8b08629f
Referenced In Project/Scope:
fgsms Apache CXF Agent:compile
Evidence
Source Name Value central artifactid log4j central groupid log4j central version 1.2.17 file name log4j file version 1.2.17 manifest Bundle-Description Apache Log4j 1.2 Manifest bundle-docurl http://logging.apache.org/log4j/1.2 Manifest Bundle-Name Apache Log4j Manifest bundle-symbolicname log4j manifest: org.apache.log4j Implementation-Title log4j manifest: org.apache.log4j Implementation-Vendor "Apache Software Foundation" pom artifactid log4j pom description Apache Log4j 1.2 pom groupid log4j pom name Apache Log4j pom organization name http://www.apache.org
pom url http://logging.apache.org/log4j/1.2/ pom version 1.2.17
File Path: C:\Users\Dad\.m2\repository\net\oauth\core\oauth-provider\20100527\oauth-provider-20100527.jarMD5: afdc85d3f14481e4842c317c4f414f7eSHA1: 165bfc97e63e5af8e052a47f4dee832ce06bf7d7
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid oauth-provider central groupid net.oauth.core central version 20100527 file name oauth-provider-20100527 file version 20100527 jar package name net jar package name oauth pom artifactid oauth-provider pom groupid net.oauth.core pom name OAuth Core: Provider pom parent-artifactid oauth-core-parent pom version 20100527
File Path: C:\Users\Dad\.m2\repository\net\oauth\core\oauth\20100527\oauth-20100527.jarMD5: 91c7c70579f95b7ddee95b2143a49b41SHA1: a84c5331e225bc25a5a288db328048d6b1bb6fd5
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid oauth central groupid net.oauth.core central version 20100527 file name oauth-20100527 file version 20100527 jar package name net jar package name oauth pom artifactid oauth pom groupid net.oauth.core pom name OAuth Core pom parent-artifactid oauth-core-parent pom version 20100527
Description: This is the ehcache core module. Pair it with other modules for added functionality.
License:
The Apache Software License, Version 2.0: src/assemble/EHCACHE-CORE-LICENSE.txt
File Path: C:\Users\Dad\.m2\repository\net\sf\ehcache\ehcache-core\2.5.1\ehcache-core-2.5.1.jar
MD5: 143cfff4c10373af9e422eb9fe4ec561
SHA1: 574be2dda111c3c05d4684e279e9e973fbdc4967
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid ehcache-core central groupid net.sf.ehcache central version 2.5.1 file name ehcache-core file version 2.5.1 pom artifactid ehcache-core pom description This is the ehcache core module. Pair it with other modules for added functionality. pom groupid net.sf.ehcache pom name Ehcache Core pom parent-artifactid ehcache-parent pom url http://ehcache.org pom version 2.5.1
File Path: C:\Users\Dad\.m2\repository\net\sf\ehcache\ehcache-core\2.5.1\ehcache-core-2.5.1.jar\net\sf\ehcache\pool\sizeof\sizeof-agent.jarMD5: 5ad919b3ac0516897bdca079c9a222a8SHA1: e86399a80ae6a6c7a563717eaa0ce9ba4708571c
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value file name sizeof-agent Manifest hudson-build-number 6 Manifest hudson-project sizeof-agent_sizeof-agent-1.0.1_publisher Manifest hudson-version 1.449 Manifest jenkins-build-number 6 Manifest jenkins-project sizeof-agent_sizeof-agent-1.0.1_publisher Manifest jenkins-version 1.449 pom artifactid sizeof-agent pom groupid net.sf.ehcache pom name Ehcache Size-Of Agent pom parent-artifactid ehcache-parent pom parent-version 1.0.1 pom url http://www.ehcache.org pom version 1.0.1
maven: net.sf.ehcache:sizeof-agent:1.0.1
Confidence :HIGH
Description:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Dad\.m2\repository\org\apache\commons\commons-lang3\3.5\commons-lang3-3.5.jar
MD5: 780b5a8b72eebe6d0dbff1c11b5658fa
SHA1: 6c6c702c89bfff3cd9e80b04d668c5e190d588c6
Referenced In Project/Scope:
fgsms Apache CXF Agent:compile
Evidence
Source Name Value central artifactid commons-lang3 central groupid org.apache.commons central version 3.5 file name commons-lang3 file version 3.5 manifest Bundle-Description Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Manifest Bundle-Name Apache Commons Lang Manifest bundle-symbolicname org.apache.commons.lang3 Manifest implementation-build release@r36f98d87b24c2f542b02abbf6ec1ee742f1b158b; 2016-10-13 19:52:17+0000 Manifest Implementation-Title Apache Commons Lang Manifest implementation-url http://commons.apache.org/proper/commons-lang/ Manifest Implementation-Vendor The Apache Software Foundation Manifest Implementation-Vendor-Id org.apache Manifest Implementation-Version 3.5 Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Manifest specification-title Apache Commons Lang Manifest specification-vendor The Apache Software Foundation pom artifactid commons-lang3 pom description Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. pom groupid apache.commons pom groupid org.apache.commons pom name Apache Commons Lang pom parent-artifactid commons-parent pom parent-groupid org.apache.commons pom url http://commons.apache.org/proper/commons-lang/ pom version 3.5
Description: Apache CXF Runtime Core
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: C:\Users\Dad\.m2\repository\org\apache\cxf\cxf-rt-core\2.7.11\cxf-rt-core-2.7.11.jar
MD5: 6e9ff60dd475ba1c91d8c358e70b540f
SHA1: 928f3aaeea343f2b370527f21d9e8379e7d0d6b7
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid cxf-rt-core central groupid org.apache.cxf central version 2.7.11 file name cxf-rt-core file version 2.7.11 Manifest bundle-blueprint OSGI-INF/blueprint/cxf-core.xml manifest Bundle-Description Apache CXF Runtime Core Manifest bundle-docurl http://cxf.apache.org Manifest Bundle-Name Apache CXF Runtime Core Manifest bundle-symbolicname org.apache.cxf.cxf-rt-core Manifest export-service org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/blueprint/core" Manifest Implementation-Title Apache CXF Runtime Core Manifest Implementation-Vendor The Apache Software Foundation Manifest Implementation-Vendor-Id org.apache Manifest Implementation-Version 2.7.11 Manifest specification-title Apache CXF Runtime Core Manifest specification-vendor The Apache Software Foundation pom artifactid cxf-rt-core pom description Apache CXF Runtime Core pom groupid apache.cxf pom groupid org.apache.cxf pom name Apache CXF Runtime Core pom parent-artifactid cxf-parent pom parent-groupid org.apache.cxf pom url http://cxf.apache.org pom version 2.7.11
Related Dependencies
cxf-api-2.7.11.jar
File Path: C:\Users\Dad\.m2\repository\org\apache\cxf\cxf-api\2.7.11\cxf-api-2.7.11.jar
SHA1: 569572a9fcd03893fe011d94c9bdf1c0eb964a67
MD5: d658862309445790563ae3d41e9dd381
maven: org.apache.cxf:cxf-api:2.7.11
cxf-bundle-2.7.11.jar
File Path: C:\Users\Dad\.m2\repository\org\apache\cxf\cxf-bundle\2.7.11\cxf-bundle-2.7.11.jar
SHA1: e23a61971c89494ed797a6b0a7ab2ed3d4bb50ee
MD5: decd0e7230868af06e455667605c6007
maven: org.apache.cxf:cxf-bundle:2.7.11
cxf-rt-bindings-soap-2.7.11.jar
File Path: C:\Users\Dad\.m2\repository\org\apache\cxf\cxf-rt-bindings-soap\2.7.11\cxf-rt-bindings-soap-2.7.11.jar
SHA1: de0a53472593332f6f6a8c73f9d7c4e3338e9be4
MD5: d3147004491c0dee40ec42f20248cebb
maven: org.apache.cxf:cxf-rt-bindings-soap:2.7.11
cxf-rt-bindings-xml-2.7.11.jar
File Path: C:\Users\Dad\.m2\repository\org\apache\cxf\cxf-rt-bindings-xml\2.7.11\cxf-rt-bindings-xml-2.7.11.jar
SHA1: 362b1ed91d495044992d46c0cb5a3fb0b08330c6
MD5: 47999489a05cb58893e666ff9d322330
maven: org.apache.cxf:cxf-rt-bindings-xml:2.7.11
cxf-rt-databinding-jaxb-2.7.11.jar
File Path: C:\Users\Dad\.m2\repository\org\apache\cxf\cxf-rt-databinding-jaxb\2.7.11\cxf-rt-databinding-jaxb-2.7.11.jar
SHA1: e6f24189fcf4a97dbaec46d53621376c798513db
MD5: 0be2df49428e4b7d9489f3ab103aac35
maven: org.apache.cxf:cxf-rt-databinding-jaxb:2.7.11
cxf-rt-frontend-jaxrs-2.7.11.jar
File Path: C:\Users\Dad\.m2\repository\org\apache\cxf\cxf-rt-frontend-jaxrs\2.7.11\cxf-rt-frontend-jaxrs-2.7.11.jar
SHA1: 6ca223e95da19430f888bcba60f177ba951c9032
MD5: 9ed6d6beb427012b8d888a0750f62cb5
maven: org.apache.cxf:cxf-rt-frontend-jaxrs:2.7.11
cxf-rt-frontend-jaxws-2.7.11.jar
File Path: C:\Users\Dad\.m2\repository\org\apache\cxf\cxf-rt-frontend-jaxws\2.7.11\cxf-rt-frontend-jaxws-2.7.11.jar
SHA1: 81fe848ab1f57c650e74c4a9d691a8c7fc2de996
MD5: 936f6a5788a926da4319a7c3f9843d39
maven: org.apache.cxf:cxf-rt-frontend-jaxws:2.7.11
cxf-rt-frontend-simple-2.7.11.jar
File Path: C:\Users\Dad\.m2\repository\org\apache\cxf\cxf-rt-frontend-simple\2.7.11\cxf-rt-frontend-simple-2.7.11.jar
SHA1: 4d2bdf8745189d828aa20943c318f96c26834cbc
MD5: 051a4dadd67296673eb0c655ae9e4f7b
maven: org.apache.cxf:cxf-rt-frontend-simple:2.7.11
cxf-rt-rs-extension-providers-2.7.11.jar
File Path: C:\Users\Dad\.m2\repository\org\apache\cxf\cxf-rt-rs-extension-providers\2.7.11\cxf-rt-rs-extension-providers-2.7.11.jar
SHA1: b57b7a3d53069434192209c7136d320a136101cf
MD5: 158c5472f3ddb314796c99c8ef4288a8
maven: org.apache.cxf:cxf-rt-rs-extension-providers:2.7.11
cxf-rt-transports-http-jetty-2.7.11.jar
File Path: C:\Users\Dad\.m2\repository\org\apache\cxf\cxf-rt-transports-http-jetty\2.7.11\cxf-rt-transports-http-jetty-2.7.11.jar
SHA1: 203e21877a14cc5aec4d834f40ad7d83b56807d6
MD5: eac4d672f23531ef01d7c153b845e74f
maven: org.apache.cxf:cxf-rt-transports-http-jetty:2.7.11
cxf-rt-transports-http-2.7.11.jar
File Path: C:\Users\Dad\.m2\repository\org\apache\cxf\cxf-rt-transports-http\2.7.11\cxf-rt-transports-http-2.7.11.jar
SHA1: d3499d88a28120ef6b4fa2430f36acd399d5e83d
MD5: c194c1056706ddb0f2866af322ec3bcc
maven: org.apache.cxf:cxf-rt-transports-http:2.7.11
cxf-rt-ws-addr-2.7.11.jar
File Path: C:\Users\Dad\.m2\repository\org\apache\cxf\cxf-rt-ws-addr\2.7.11\cxf-rt-ws-addr-2.7.11.jar
SHA1: d6dd43de3ecab8f9f603efb02fb8239250165d2a
MD5: dc5a8fc838e5755e87afc5b654569928
maven: org.apache.cxf:cxf-rt-ws-addr:2.7.11
cxf-rt-ws-policy-2.7.11.jar
File Path: C:\Users\Dad\.m2\repository\org\apache\cxf\cxf-rt-ws-policy\2.7.11\cxf-rt-ws-policy-2.7.11.jar
SHA1: b70f5e108339cfb1170c3b809ab04054bd22bc65
MD5: ff885b84c6a4cd3fdca63140dbc2ed24
maven: org.apache.cxf:cxf-rt-ws-policy:2.7.11
cxf-tools-common-2.7.11.jar
File Path: C:\Users\Dad\.m2\repository\org\apache\cxf\cxf-tools-common\2.7.11\cxf-tools-common-2.7.11.jar
SHA1: d2a3812c0762f77047b10e6005a5de815480982d
MD5: 4d001a005b7587fdd37900e7f3de3347
maven: org.apache.cxf:cxf-tools-common:2.7.11
Published Vulnerabilities
CVE-2015-5253 suppress
Severity:
Medium
The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack."
Vulnerable Software & Versions: (show all )
CVE-2014-3623 suppress
Severity:
Medium
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.
Vulnerable Software & Versions: (show all )
CVE-2012-5786 suppress
Severity:
Medium
The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Vulnerable Software & Versions: (show all )
Description: Javamail 1.4 Specification
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: C:\Users\Dad\.m2\repository\org\apache\geronimo\specs\geronimo-javamail_1.4_spec\1.7.1\geronimo-javamail_1.4_spec-1.7.1.jar
MD5: f3b9d8c9a79eefdc0ebe07c34612646d
SHA1: 43ad4090b1a07a11c82ac40c01fc4e2fbad20013
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid geronimo-javamail_1.4_spec central groupid org.apache.geronimo.specs central version 1.7.1 file name geronimo-javamail_1.4_spec-1.7.1 manifest Bundle-Description Javamail 1.4 Specification Manifest bundle-docurl http://geronimo.apache.org/maven/specs/geronimo-javamail_1.4_spec/1.7.1 Manifest Bundle-Name JavaMail 1.4 Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-javamail_1.4_spec;singleton=true Manifest Implementation-Title JavaMail 1.4 Manifest Implementation-Version 1.7.1 Manifest specification-title JSR-919 Javamail API 1.4 Manifest specification-vendor Sun Microsystems, Inc. pom artifactid geronimo-javamail_1.4_spec pom description Javamail 1.4 Specification pom groupid apache.geronimo.specs pom groupid org.apache.geronimo.specs pom name JavaMail 1.4 pom parent-artifactid genesis-java5-flava pom parent-groupid org.apache.geronimo.genesis pom url http://geronimo.apache.org/maven/${siteId}/${version} pom version 1.7.1
Description: Java API for XML Web Services 2.2
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: C:\Users\Dad\.m2\repository\org\apache\geronimo\specs\geronimo-jaxws_2.2_spec\1.1\geronimo-jaxws_2.2_spec-1.1.jar
MD5: d5cbeee473208a649112127e3dc528d3
SHA1: 90745e1423874010d561588c944efeb9552a0091
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid geronimo-jaxws_2.2_spec central groupid org.apache.geronimo.specs central version 1.1 file name geronimo-jaxws_2.2_spec-1.1 manifest Bundle-Description Java API for XML Web Services 2.2 Manifest bundle-docurl http://geronimo.apache.org/maven/specs/geronimo-jaxws_2.2_spec/1.1 Manifest Bundle-Name Apache Geronimo JAX-WS Spec 2.2 Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-jaxws_2.2_spec;singleton=true Manifest Implementation-Title Apache Geronimo JAX-WS Spec 2.2 Manifest Implementation-Version 1.1 Manifest specification-title JSR-224 Java API for XML based Web Services 2.2 Manifest specification-vendor Sun Microsystems, Inc. pom artifactid geronimo-jaxws_2.2_spec pom description Java API for XML Web Services 2.2 pom groupid apache.geronimo.specs pom groupid org.apache.geronimo.specs pom name Apache Geronimo JAX-WS Spec 2.2 pom parent-artifactid genesis-java5-flava pom parent-groupid org.apache.geronimo.genesis pom url http://geronimo.apache.org/maven/${siteId}/${version} pom version 1.1
Description: Provides open-source implementations of Sun specifications.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: C:\Users\Dad\.m2\repository\org\apache\geronimo\specs\geronimo-jms_1.1_spec\1.1.1\geronimo-jms_1.1_spec-1.1.1.jar
MD5: d80ce71285696d36c1add1989b94f084
SHA1: c872b46c601d8dc03633288b81269f9e42762cea
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid geronimo-jms_1.1_spec central groupid org.apache.geronimo.specs central version 1.1.1 file name geronimo-jms_1.1_spec-1.1.1 manifest Bundle-Description Provides open-source implementations of Sun specifications. Manifest bundle-docurl http://www.apache.org Manifest Bundle-Name geronimo-jms_1.1_spec Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-jms_1.1_spec Manifest Implementation-Title Apache Geronimo Manifest Implementation-Version 1.1.1 pom artifactid geronimo-jms_1.1_spec pom groupid apache.geronimo.specs pom groupid org.apache.geronimo.specs pom name JMS 1.1 pom parent-artifactid specs pom parent-groupid org.apache.geronimo.specs pom version 1.1.1
Description: Servlet 3.0 API
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: C:\Users\Dad\.m2\repository\org\apache\geronimo\specs\geronimo-servlet_3.0_spec\1.0\geronimo-servlet_3.0_spec-1.0.jar
MD5: 10d92f2ddb23703f0f48d046016e3e9d
SHA1: 0d45e479fd200236c71182c5f6b6077a5fb53f89
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid geronimo-servlet_3.0_spec central groupid org.apache.geronimo.specs central version 1.0 file name geronimo-servlet_3.0_spec-1.0 manifest Bundle-Description Servlet 3.0 API Manifest bundle-docurl http://geronimo.apache.org/maven/specs/geronimo-servlet_3.0_spec/1.0 Manifest Bundle-Name Servlet 3.0 Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-servlet_3.0_spec Manifest Implementation-Title Servlet 3.0 Manifest Implementation-Version 1.0 pom artifactid geronimo-servlet_3.0_spec pom description Servlet 3.0 API pom groupid apache.geronimo.specs pom groupid org.apache.geronimo.specs pom name Servlet 3.0 pom parent-artifactid genesis-java5-flava pom parent-groupid org.apache.geronimo.genesis pom url http://geronimo.apache.org/maven/${siteId}/${version} pom version 1.0
Description:
HttpComponents AsyncClient (base module)
File Path: C:\Users\Dad\.m2\repository\org\apache\httpcomponents\httpasyncclient\4.0-beta3\httpasyncclient-4.0-beta3.jarMD5: 0d7de844d1e348bf2d01ea84da612edfSHA1: c841ffe78b77d6ca1fd38f744e2b107b5f6f74d6
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid httpasyncclient central groupid org.apache.httpcomponents central version 4.0-beta3 file name httpasyncclient Manifest implementation-build tags/4.0-beta3-RC1/httpasyncclient@r1389512; 2012-09-24 20:03:55+0100 Manifest Implementation-Title HttpComponents HttpAsyncClient Manifest Implementation-Vendor The Apache Software Foundation Manifest Implementation-Vendor-Id org.apache Manifest Implementation-Version 4.0-beta3 Manifest specification-title HttpComponents HttpAsyncClient Manifest specification-vendor The Apache Software Foundation Manifest url http://hc.apache.org/httpcomponents-asyncclient pom artifactid httpasyncclient pom description
HttpComponents AsyncClient (base module)
pom groupid apache.httpcomponents pom groupid org.apache.httpcomponents pom name HttpAsyncClient pom parent-artifactid httpcomponents-asyncclient pom parent-groupid org.apache.httpcomponents pom url http://hc.apache.org/httpcomponents-asyncclient pom version 4.0-beta3
Published Vulnerabilities
CVE-2014-3577 suppress
Severity:
Medium
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.
Vulnerable Software & Versions: (show all )
Description:
HttpComponents Client
File Path: C:\Users\Dad\.m2\repository\org\apache\httpcomponents\httpclient\4.3.3\httpclient-4.3.3.jarMD5: 88cc3123fce88d61b7c2cdbfc33542c5SHA1: 18f4247ff4572a074444572cee34647c43e7c9c7
Referenced In Project/Scope:
fgsms Apache CXF Agent:compile
Evidence
Source Name Value central artifactid httpclient central groupid org.apache.httpcomponents central version 4.3.3 file name httpclient file version 4.3.3 Manifest implementation-build tags/4.3.3-RC1/httpclient@r1570731; 2014-02-22 09:04:11-0500 Manifest Implementation-Title HttpComponents Apache HttpClient Manifest Implementation-Vendor The Apache Software Foundation Manifest Implementation-Vendor-Id org.apache Manifest Implementation-Version 4.3.3 Manifest specification-title HttpComponents Apache HttpClient Manifest specification-vendor The Apache Software Foundation Manifest url http://hc.apache.org/httpcomponents-client pom artifactid httpclient pom description
HttpComponents Client
pom groupid apache.httpcomponents pom groupid org.apache.httpcomponents pom name Apache HttpClient pom parent-artifactid httpcomponents-client pom parent-groupid org.apache.httpcomponents pom url http://hc.apache.org/httpcomponents-client pom version 4.3.3
Published Vulnerabilities
CVE-2015-5262 suppress
Severity:
Medium
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
Vulnerable Software & Versions:
CVE-2014-3577 suppress
Severity:
Medium
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.
Vulnerable Software & Versions: (show all )
Description:
HttpComponents Core (non-blocking I/O)
File Path: C:\Users\Dad\.m2\repository\org\apache\httpcomponents\httpcore-nio\4.2.4\httpcore-nio-4.2.4.jarMD5: db3f32abe8abad5b442e77d624db666fSHA1: 78afeee7048b6f541f0b2290a926b2af5768410f
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid httpcore-nio central groupid org.apache.httpcomponents central version 4.2.4 file name httpcore-nio file version 4.2.4 Manifest implementation-build tags/4.2.4-RC2/httpcore-nio@r1458734; 2013-03-20 17:11:49+0100 Manifest Implementation-Title HttpComponents HttpCore NIO Manifest Implementation-Vendor The Apache Software Foundation Manifest Implementation-Vendor-Id org.apache Manifest Implementation-Version 4.2.4 Manifest specification-title HttpComponents HttpCore NIO Manifest specification-vendor The Apache Software Foundation Manifest url http://hc.apache.org/httpcomponents-core-ga pom artifactid httpcore-nio pom description
HttpComponents Core (non-blocking I/O)
pom groupid apache.httpcomponents pom groupid org.apache.httpcomponents pom name HttpCore NIO pom parent-artifactid httpcomponents-core pom parent-groupid org.apache.httpcomponents pom url http://hc.apache.org/httpcomponents-core-ga pom version 4.2.4
Description:
HttpComponents Core (blocking I/O)
File Path: C:\Users\Dad\.m2\repository\org\apache\httpcomponents\httpcore\4.2.4\httpcore-4.2.4.jarMD5: 6ccb86231d8a8b99c551b4ddf926ddd1SHA1: 3b7f38df6de5dd8b500e602ae8c2dd5ee446f883
Referenced In Project/Scope:
fgsms Apache CXF Agent:compile
Evidence
Source Name Value central artifactid httpcore central groupid org.apache.httpcomponents central version 4.2.4 file name httpcore file version 4.2.4 Manifest implementation-build tags/4.2.4-RC2/httpcore@r1458734; 2013-03-20 17:11:49+0100 Manifest Implementation-Title HttpComponents HttpCore Manifest Implementation-Vendor The Apache Software Foundation Manifest Implementation-Vendor-Id org.apache Manifest Implementation-Version 4.2.4 Manifest specification-title HttpComponents HttpCore Manifest specification-vendor The Apache Software Foundation Manifest url http://hc.apache.org/httpcomponents-core-ga pom artifactid httpcore pom description
HttpComponents Core (blocking I/O)
pom groupid apache.httpcomponents pom groupid org.apache.httpcomponents pom name HttpCore pom parent-artifactid httpcomponents-core pom parent-groupid org.apache.httpcomponents pom url http://hc.apache.org/httpcomponents-core-ga pom version 4.2.4
Description: jUDDI (pronounced "Judy") is an open source Java implementation of the Universal Description, Discovery, and Integration (UDDI) specification for Web Services.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: C:\Users\Dad\.m2\repository\org\apache\juddi\juddi-client\3.3.3\juddi-client-3.3.3.jar
MD5: 97c5bdf27e8b2b177d0621f8476942fd
SHA1: 02956c0e30405af75c9866ccf1dba30697d19781
Referenced In Project/Scope:
fgsms Apache CXF Agent:compile
Evidence
Source Name Value central artifactid juddi-client central groupid org.apache.juddi central version 3.3.3 file name juddi-client file version 3.3.3 manifest Bundle-Description jUDDI (pronounced "Judy") is an open source Java implementation of the Universal Description, Discovery, and Integration (UDDI) specification for Web Services. Manifest bundle-docurl http://www.apache.org/ Manifest Bundle-Name jUDDI Client side Code Manifest bundle-symbolicname org.apache.juddi.client pom artifactid juddi-client pom groupid apache.juddi pom groupid org.apache.juddi pom name jUDDI Client side Code pom parent-artifactid juddi-parent pom parent-groupid org.apache.juddi pom version 3.3.3
Description: jUDDI (pronounced "Judy") is an open source Java implementation of the Universal Description, Discovery, and Integration (UDDI) specification for Web Services.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: C:\Users\Dad\.m2\repository\org\apache\juddi\uddi-ws\3.3.3\uddi-ws-3.3.3.jar
MD5: bb20c0b7902db12bc44154a7883ba79a
SHA1: ba7abcb195c7fe6048e734925fd29622b1959447
Referenced In Project/Scope:
fgsms Apache CXF Agent:compile
Evidence
Source Name Value central artifactid uddi-ws central groupid org.apache.juddi central version 3.3.3 file name uddi-ws file version 3.3.3 manifest Bundle-Description jUDDI (pronounced "Judy") is an open source Java implementation of the Universal Description, Discovery, and Integration (UDDI) specification for Web Services. Manifest bundle-docurl http://www.apache.org/ Manifest Bundle-Name UDDIv2 and v3 WS Stubs and Schema Bindings Generated from WSDL Manifest bundle-symbolicname org.apache.juddi.uddi-ws pom artifactid uddi-ws pom groupid apache.juddi pom groupid org.apache.juddi pom name UDDIv2 and v3 WS Stubs and Schema Bindings Generated from WSDL pom parent-artifactid juddi-parent pom parent-groupid org.apache.juddi pom version 3.3.3
Description: Apache MINA is a network application framework which helps users develop high performance and highly scalable network applications easily. It provides an abstract event-driven asynchronous API over various transports such as TCP/IP and UDP/IP via Java NIO.
License:
http://www.apache.org/licenses/LICENSE-2.0 File Path: C:\Users\Dad\.m2\repository\org\apache\mina\mina-core\2.0.7\mina-core-2.0.7.jar
MD5: f4e43e7fa0514a9bc88968d64a6322d8
SHA1: c878e2aa82de748474a624ec3933e4604e446dec
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid mina-core central groupid org.apache.mina central version 2.0.7 file name mina-core file version 2.0.7 manifest Bundle-Description Apache MINA is a network application framework which helps users develop high performance and highly scalable network applications easily. It provides an abstract event-driven asynchronous API over various transports ... Manifest bundle-docurl http://mina.apache.org/ Manifest Bundle-Name Apache MINA Core Manifest bundle-symbolicname org.apache.mina.core pom artifactid mina-core pom groupid apache.mina pom groupid org.apache.mina pom name Apache MINA Core pom parent-artifactid mina-parent pom parent-groupid org.apache.mina pom version 2.0.7
Description: Apache Neethi provides general framework for the programmers to use WS Policy. It is compliant with latest WS Policy specification which was published in March 2006. This framework is specifically written to enable the Apache Web services stack to use WS Policy as a way of expressing it's requirements and capabilities.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Dad\.m2\repository\org\apache\neethi\neethi\3.0.3\neethi-3.0.3.jar
MD5: 8a81813a03e2899ccd31f0e92f6cc691
SHA1: ee37a38bbf9f355ee88ba554a85c9220b75ba500
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid neethi central groupid org.apache.neethi central version 3.0.3 file name neethi file version 3.0.3 manifest Bundle-Description Apache Neethi provides general framework for the programmers to use WS Policy. It is compliant with latest WS Policy specification which was published in March 2006. This framework is specifically written to enable the Apache Web services stack to use WS Policy as a way of expressing it's requirements and capabilities. Manifest bundle-docurl http://www.apache.org/ Manifest Bundle-Name Apache Neethi Manifest bundle-symbolicname org.apache.neethi Manifest Implementation-Title Apache Neethi Manifest Implementation-Vendor The Apache Software Foundation Manifest Implementation-Vendor-Id org.apache Manifest Implementation-Version 3.0.3 Manifest specification-title Apache Neethi Manifest specification-vendor The Apache Software Foundation pom artifactid neethi pom description Apache Neethi provides general framework for the programmers to use WS Policy. It is compliant with latest WS Policy specification which was published in March 2006. This framework is specifically written to enable the Apache Web services stack to use WS Policy as a way of expressing it's requirements and capabilities. pom groupid apache.neethi pom groupid org.apache.neethi pom name Apache Neethi pom organization name http://www.apache.org/
pom parent-artifactid apache pom parent-groupid org.apache pom url http://ws.apache.org/neethi/ pom version 3.0.3
Description:
Apache XML Security for Java supports XML-Signature Syntax and Processing,
W3C Recommendation 12 February 2002, and XML Encryption Syntax and
Processing, W3C Recommendation 10 December 2002. As of version 1.4,
the library supports the standard Java API JSR-105: XML Digital Signature APIs.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Dad\.m2\repository\org\apache\santuario\xmlsec\1.5.6\xmlsec-1.5.6.jar
MD5: 592e0d74b5d62663ff1eb0ca95b410cc
SHA1: 0586cd437eaf166640b632eb6cfcfec2ebf52474
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid xmlsec central groupid org.apache.santuario central version 1.5.6 file name xmlsec file version 1.5.6 manifest Bundle-Description Apache XML Security for Java supports XML-Signature Syntax and Processing, W3C Recommendation 12 February 2002, and XML Encryption Syntax and Processing, W3C Recommendation 10 December 2002. As of version 1.4, the library supports the standard Java API JSR-105: XML Digital Signature APIs. Manifest bundle-docurl http://www.apache.org/ Manifest Bundle-Name Apache XML Security for Java Manifest bundle-symbolicname org.apache.santuario.xmlsec Manifest Implementation-Title Apache XML Security for Java Manifest Implementation-Vendor The Apache Software Foundation Manifest Implementation-Vendor-Id org.apache.santuario Manifest Implementation-Version 1.5.6 Manifest specification-title Apache XML Security for Java Manifest specification-vendor The Apache Software Foundation pom artifactid xmlsec pom description Apache XML Security for Java supports XML-Signature Syntax and Processing, W3C Recommendation 12 February 2002, and XML Encryption Syntax and Processing, W3C Recommendation 10 December 2002. As of version 1.4, the library supports the standard Java API JSR-105: XML Digital Signature APIs. pom groupid apache.santuario pom groupid org.apache.santuario pom name Apache XML Security for Java pom organization name http://www.apache.org/
pom parent-artifactid apache pom parent-groupid org.apache pom url http://santuario.apache.org/ pom version 1.5.6
Description: Apache Velocity is a general purpose template engine.
File Path: C:\Users\Dad\.m2\repository\org\apache\velocity\velocity\1.7\velocity-1.7.jarMD5: 3692dd72f8367cb35fb6280dc2916725SHA1: 2ceb567b8f3f21118ecdec129fe1271dbc09aa7a
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid velocity central groupid org.apache.velocity central version 1.7 file name velocity file version 1.7 Manifest Bundle-Name Apache Velocity Manifest bundle-symbolicname org.apache.velocity Manifest extension-name velocity Manifest Implementation-Title org.apache.velocity Manifest Implementation-Vendor Apache Software Foundation Manifest Implementation-Vendor-Id org.apache Manifest Implementation-Version 1.7 Manifest specification-title Velocity is a Java-based template engine Manifest specification-vendor Apache Software Foundation pom artifactid velocity pom description Apache Velocity is a general purpose template engine. pom groupid apache.velocity pom groupid org.apache.velocity pom name Apache Velocity pom parent-artifactid apache pom parent-groupid org.apache pom url http://velocity.apache.org/engine/devel/ pom version 1.7
Description:
The Apache WSS4J project provides a Java implementation of the primary security standards
for Web Services, namely the OASIS Web Services Security (WS-Security) specifications
from the OASIS Web Services Security TC.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Dad\.m2\repository\org\apache\ws\security\wss4j\1.6.15\wss4j-1.6.15.jar
MD5: 33fb88ebda6899f82a0a1a9b6279d8f8
SHA1: aa3313807a4cdd2dcc4c984643619d9f8df4a267
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid wss4j central groupid org.apache.ws.security central version 1.6.15 file name wss4j file version 1.6.15 manifest Bundle-Description The Apache WSS4J project provides a Java implementation of the primary security standards for Web Services, namely the OASIS Web Services Security (WS-Security) specifications from the OASIS Web Services Security TC. Manifest bundle-docurl http://www.apache.org/ Manifest Bundle-Name Apache WSS4J Manifest bundle-symbolicname org.apache.ws.security.wss4j Manifest Implementation-Title Apache WSS4J Manifest Implementation-Vendor The Apache Software Foundation Manifest Implementation-Vendor-Id org.apache Manifest Implementation-Version 1.6.15 Manifest specification-title Apache WSS4J Manifest specification-vendor The Apache Software Foundation pom artifactid wss4j pom description The Apache WSS4J project provides a Java implementation of the primary security standards for Web Services, namely the OASIS Web Services Security (WS-Security) specifications from the OASIS Web Services Security TC. pom groupid apache.ws.security pom groupid org.apache.ws.security pom name Apache WSS4J pom organization name http://www.apache.org/
pom parent-artifactid apache pom parent-groupid org.apache pom url http://ws.apache.org/wss4j/ pom version 1.6.15
Published Vulnerabilities
CVE-2015-0227 suppress
Severity:
Medium
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."
Vulnerable Software & Versions: (show all )
CVE-2014-3623 suppress
Severity:
Medium
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.
Vulnerable Software & Versions: (show all )
Description: Commons XMLSchema is a light weight schema object model that can be used to manipulate or
generate XML schema.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: C:\Users\Dad\.m2\repository\org\apache\ws\xmlschema\xmlschema-core\2.1.0\xmlschema-core-2.1.0.jar
MD5: 0856f69b09dcb6e0f47f1aee13c9b74d
SHA1: 93415557e2867469c33be98ab330655dd714297d
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid xmlschema-core central groupid org.apache.ws.xmlschema central version 2.1.0 file name xmlschema-core file version 2.1.0 manifest Bundle-Description Commons XMLSchema is a light weight schema object model that can be used to manipulate or generate XML schema. Manifest bundle-docurl http://www.apache.org/ Manifest Bundle-Name XmlSchema Core Manifest bundle-symbolicname org.apache.ws.xmlschema.core pom artifactid xmlschema-core pom description Commons XMLSchema is a light weight schema object model that can be used to manipulate or generate XML schema. pom groupid apache.ws.xmlschema pom groupid org.apache.ws.xmlschema pom name XmlSchema Core pom parent-artifactid xmlschema pom parent-groupid org.apache.ws.xmlschema pom version 2.1.0
Description: XmlBeans main jar
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Dad\.m2\repository\org\apache\xmlbeans\xmlbeans\2.6.0\xmlbeans-2.6.0.jar
MD5: 6591c08682d613194dacb01e95c78c2c
SHA1: 29e80d2dd51f9dcdef8f9ffaee0d4dc1c9bbfc87
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid xmlbeans central groupid org.apache.xmlbeans central version 2.6.0 file name xmlbeans file version 2.6.0 manifest: org/apache/xmlbeans/ Implementation-Title org.apache.xmlbeans manifest: org/apache/xmlbeans/ Implementation-Vendor Apache Software Foundation pom artifactid xmlbeans pom description XmlBeans main jar pom groupid apache.xmlbeans pom groupid org.apache.xmlbeans pom name XmlBeans pom organization name http://xmlbeans.apache.org/
pom url http://xmlbeans.apache.org pom version 2.6.0
Description: tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API.
License:
The BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: C:\Users\Dad\.m2\repository\org\codehaus\woodstox\stax2-api\3.1.4\stax2-api-3.1.4.jar
MD5: c08e89de601b0a78f941b2c29db565c3
SHA1: ac19014b1e6a7c08aad07fe114af792676b685b7
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid stax2-api central groupid org.codehaus.woodstox central version 3.1.4 file name stax2-api file version 3.1.4 manifest Bundle-Description tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API. Manifest bundle-docurl http://fasterxml.com Manifest Bundle-Name Stax2 API Manifest bundle-symbolicname stax2-api pom artifactid stax2-api pom description tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API. pom groupid codehaus.woodstox pom groupid org.codehaus.woodstox pom name Stax2 API pom organization name http://fasterxml.com
pom url http://wiki.fasterxml.com/WoodstoxStax2 pom version 3.1.4
Description: Woodstox is a high-performance XML processor that
implements Stax (JSR-173) and SAX2 APIs
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Dad\.m2\repository\org\codehaus\woodstox\woodstox-core-asl\4.2.1\woodstox-core-asl-4.2.1.jar
MD5: 767eb8001863dd8bf101c6756e7feed2
SHA1: 0ce8115adb515bc740dbe726a918983c48c9752d
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid woodstox-core-asl central groupid org.codehaus.woodstox central version 4.2.1 file name woodstox-core-asl file version 4.2.1 Manifest Bundle-Name Woodstox XML-processor Manifest bundle-requiredexecutionenvironment J2SE-1.4 Manifest bundle-symbolicname woodstox-core-asl Manifest Implementation-Title Woodstox XML-processor Manifest Implementation-Vendor http://woodstox.codehaus.org Manifest Implementation-Version 4.2.1 Manifest specification-title Stax 1.0 API Manifest specification-vendor http://jcp.org/en/jsr/detail?id=173 pom artifactid woodstox-core-asl pom description Woodstox is a high-performance XML processor that
implements Stax (JSR-173) and SAX2 APIs pom groupid codehaus.woodstox pom groupid org.codehaus.woodstox pom name Woodstox pom organization name http://www.codehaus.org/
pom url http://woodstox.codehaus.org pom version 4.2.1
Description: Administrative parent pom for Jetty modules
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php File Path: C:\Users\Dad\.m2\repository\org\eclipse\jetty\jetty-http\8.1.14.v20131031\jetty-http-8.1.14.v20131031.jar
MD5: b8fe3573099f356c3d4af675e05f1790
SHA1: 8dd4e01b374e16cf0335b7975a7aa0a57396d5da
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid jetty-http central groupid org.eclipse.jetty central version 8.1.14.v20131031 file name jetty-http file version 8.1.14.v20131031 Manifest bundle-copyright Copyright (c) 2008-2012 Mort Bay Consulting Pty. Ltd. manifest Bundle-Description Administrative parent pom for Jetty modules Manifest bundle-docurl http://www.eclipse.org/jetty Manifest Bundle-Name Jetty :: Http Utility Manifest bundle-requiredexecutionenvironment J2SE-1.5 Manifest bundle-symbolicname org.eclipse.jetty.http Manifest Implementation-Vendor Eclipse.org - Jetty Manifest Implementation-Version 8.1.14.v20131031 Manifest url http://www.eclipse.org/jetty pom artifactid jetty-http pom groupid eclipse.jetty pom groupid org.eclipse.jetty pom name Jetty :: Http Utility pom parent-artifactid jetty-project pom parent-groupid org.eclipse.jetty pom url http://www.eclipse.org/jetty pom version 8.1.14.v20131031
Related Dependencies
jetty-continuation-8.1.14.v20131031.jar
File Path: C:\Users\Dad\.m2\repository\org\eclipse\jetty\jetty-continuation\8.1.14.v20131031\jetty-continuation-8.1.14.v20131031.jar
SHA1: e3396abd21360191c2277e848eff489b58bba45d
MD5: 357ae1274620514ed1ef0c9d6aa0b495
maven: org.eclipse.jetty:jetty-continuation:8.1.14.v20131031
jetty-security-8.1.14.v20131031.jar
File Path: C:\Users\Dad\.m2\repository\org\eclipse\jetty\jetty-security\8.1.14.v20131031\jetty-security-8.1.14.v20131031.jar
SHA1: d6fd7add8e6015a95558b67b43edf7752a925884
MD5: b17854f63e7e9b643bfc6840deda9f32
maven: org.eclipse.jetty:jetty-security:8.1.14.v20131031
jetty-server-8.1.14.v20131031.jar
File Path: C:\Users\Dad\.m2\repository\org\eclipse\jetty\jetty-server\8.1.14.v20131031\jetty-server-8.1.14.v20131031.jar
SHA1: 7f7f9b929b9d9169dd68f36327c819ab9a03a661
MD5: 66cf44a05a3590a888d74249887981c5
maven: org.eclipse.jetty:jetty-server:8.1.14.v20131031
jetty-util-8.1.14.v20131031.jar
File Path: C:\Users\Dad\.m2\repository\org\eclipse\jetty\jetty-util\8.1.14.v20131031\jetty-util-8.1.14.v20131031.jar
SHA1: 43063284480a41eca024dc8852452eedf6379c16
MD5: 40b85a1c68dd0254ac48e901767d8d61
maven: org.eclipse.jetty:jetty-util:8.1.14.v20131031
Description: Administrative parent pom for Jetty modules
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php File Path: C:\Users\Dad\.m2\repository\org\eclipse\jetty\jetty-io\8.1.14.v20131031\jetty-io-8.1.14.v20131031.jar
MD5: e62180200f8e3cf6be6aebc4b5988723
SHA1: 12f6f92d7e58349501f2cfc0716b8f1c6a2962eb
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid jetty-io central groupid org.eclipse.jetty central version 8.1.14.v20131031 file name jetty-io file version 8.1.14.v20131031 Manifest bundle-copyright Copyright (c) 2008-2012 Mort Bay Consulting Pty. Ltd. manifest Bundle-Description Administrative parent pom for Jetty modules Manifest bundle-docurl http://www.eclipse.org/jetty Manifest Bundle-Name Jetty :: IO Utility Manifest bundle-requiredexecutionenvironment J2SE-1.5 Manifest bundle-symbolicname org.eclipse.jetty.io Manifest Implementation-Vendor Eclipse.org - Jetty Manifest Implementation-Version 8.1.14.v20131031 Manifest url http://www.eclipse.org/jetty pom artifactid jetty-io pom groupid eclipse.jetty pom groupid org.eclipse.jetty pom name Jetty :: IO Utility pom parent-artifactid jetty-project pom parent-groupid org.eclipse.jetty pom url http://www.eclipse.org/jetty pom version 8.1.14.v20131031
Description:
The OpenSAML-J library provides tools to support developers working with the Security Assertion Markup Language
(SAML).
File Path: C:\Users\Dad\.m2\repository\org\opensaml\opensaml\2.6.1\opensaml-2.6.1.jarMD5: ba52e68b7522c3804fc196f56e31ca64SHA1: 66992ce167f18e4552b79bc38d412f53ad2d80a1
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid opensaml central groupid org.opensaml central version 2.6.1 file name opensaml file version 2.6.1 manifest: org/opensaml/ Implementation-Title opensaml manifest: org/opensaml/ Implementation-Vendor www.opensaml.org manifest: org/opensaml/saml1/ Specification-Title Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V1.1 manifest: org/opensaml/saml2/ Specification-Title Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2.0 manifest: org/opensaml/xacml/ Specification-Title eXtensible Access Control Markup Language (XACML) Version 2.0 manifest: org/opensaml/xacml/profile/saml/ Specification-Title SAML 2.0 Profile of XACML, Version 2 pom artifactid opensaml pom description The OpenSAML-J library provides tools to support developers working with the Security Assertion Markup Language (SAML). pom groupid opensaml pom groupid org.opensaml pom name OpenSAML-J pom parent-artifactid parent-v2 pom parent-groupid net.shibboleth pom version 2.6.1
Description:
The OpenWS library provides a growing set of tools to work with web services at a low level. These tools include
classes for creating and reading SOAP messages, transport-independent clients for connecting to web services,
and various transports for use with those clients.
File Path: C:\Users\Dad\.m2\repository\org\opensaml\openws\1.5.1\openws-1.5.1.jarMD5: 4a6340e00990a21cc822e9430c70e022SHA1: 5e9b1075c477871f78983d1c24eb3dacf6b2aa65
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid openws central groupid org.opensaml central version 1.5.1 file name openws file version 1.5.1 manifest: org/opensaml/ws/ Implementation-Title openws manifest: org/opensaml/ws/ Implementation-Vendor www.opensaml.org manifest: org/opensaml/ws/soap/soap11/ Specification-Title Simple Object Access Protocol (SOAP) 1.1 manifest: org/opensaml/ws/wsaddressing/ Specification-Title WS-Addressing manifest: org/opensaml/ws/wsfed/ Specification-Title WS-Federation manifest: org/opensaml/ws/wspolicy/ Specification-Title WS-Policy manifest: org/opensaml/ws/wssecurity/ Specification-Title WS-Security manifest: org/opensaml/ws/wstrust/ Specification-Title WS-Trust pom artifactid openws pom description The OpenWS library provides a growing set of tools to work with web services at a low level. These tools include classes for creating and reading SOAP messages, transport-independent clients for connecting to web services, and various transports for use with those clients. pom groupid opensaml pom groupid org.opensaml pom name OpenWS pom parent-artifactid parent-v2 pom parent-groupid net.shibboleth pom version 1.5.1
Description: XMLTooling-J is a low-level library that may be used to construct libraries that allow developers to work with XML in a Java beans manner.
File Path: C:\Users\Dad\.m2\repository\org\opensaml\xmltooling\1.4.1\xmltooling-1.4.1.jarMD5: 5f29a776cece576a6bf8a2529d3b8419SHA1: aa39174a71035bdd28b3a3c890cac86b705c4980
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid xmltooling central groupid org.opensaml central version 1.4.1 file name xmltooling file version 1.4.1 manifest: org/opensaml/xml/ Implementation-Title xmltooling manifest: org/opensaml/xml/ Implementation-Vendor www.opensaml.org manifest: org/opensaml/xml/encryption/ Specification-Title XML Encryption Syntax and Processing manifest: org/opensaml/xml/signature/ Specification-Title XML Signature Syntax and Processing pom artifactid xmltooling pom description XMLTooling-J is a low-level library that may be used to construct libraries that allow developers to work with XML in a Java beans manner. pom groupid opensaml pom groupid org.opensaml pom name XMLTooling-J pom parent-artifactid parent-v2 pom parent-groupid net.shibboleth pom version 1.4.1
Description: The slf4j API
File Path: C:\Users\Dad\.m2\repository\org\slf4j\slf4j-api\1.7.7\slf4j-api-1.7.7.jarMD5: ca4280bf93d64367723ae5c8d42dd0b9SHA1: 2b8019b6249bb05d81d3a3094e468753e2b21311
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid slf4j-api central groupid org.slf4j central version 1.7.7 file name slf4j-api file version 1.7.7 manifest Bundle-Description The slf4j API Manifest Bundle-Name slf4j-api Manifest bundle-requiredexecutionenvironment J2SE-1.3 Manifest bundle-symbolicname slf4j.api Manifest Implementation-Title slf4j-api Manifest Implementation-Version 1.7.7 pom artifactid slf4j-api pom description The slf4j API pom groupid org.slf4j pom groupid slf4j pom name SLF4J API Module pom parent-artifactid slf4j-parent pom parent-groupid org.slf4j pom url http://www.slf4j.org pom version 1.7.7
File Path: C:\Users\Dad\.m2\repository\org\springframework\spring-aop\3.0.7.RELEASE\spring-aop-3.0.7.RELEASE.jarMD5: 833e6c239fa50bada08e5cb82582c82bSHA1: e52176ba360e47d132bbc80dc144a916dd75eee7
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid spring-aop central groupid org.springframework central version 3.0.7.RELEASE file name spring-aop Manifest Bundle-Name Spring AOP Manifest bundle-symbolicname org.springframework.aop Manifest Implementation-Title org.springframework.aop Manifest Implementation-Version 3.0.7.RELEASE pom artifactid spring-aop pom groupid org.springframework pom groupid springframework pom parent-artifactid spring-parent pom parent-groupid org.springframework pom version 3.0.7.RELEASE
File Path: C:\Users\Dad\.m2\repository\org\springframework\spring-asm\3.0.7.RELEASE\spring-asm-3.0.7.RELEASE.jarMD5: 5d479c7bf32d4bb3cb3b81dfdf3080f7SHA1: cadd0ed7b1aeea0c2858ada0d6397e8423aad6a3
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid spring-asm central groupid org.springframework central version 3.0.7.RELEASE file name spring-asm Manifest Bundle-Name Spring ASM Manifest bundle-symbolicname org.springframework.asm Manifest Implementation-Title org.springframework.asm Manifest Implementation-Vendor France Telecom R&D Manifest Implementation-Version 3.0.7.RELEASE pom artifactid spring-asm pom groupid org.springframework pom groupid springframework pom parent-artifactid spring-parent pom parent-groupid org.springframework pom version 3.0.7.RELEASE
File Path: C:\Users\Dad\.m2\repository\org\springframework\spring-beans\3.0.7.RELEASE\spring-beans-3.0.7.RELEASE.jarMD5: 0b9954842f12133fcff91bd90235182dSHA1: 5915c3eee8dc193b19b648719d653439c57fc0d8
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid spring-beans central groupid org.springframework central version 3.0.7.RELEASE file name spring-beans Manifest Bundle-Name Spring Beans Manifest bundle-symbolicname org.springframework.beans Manifest Implementation-Title org.springframework.beans Manifest Implementation-Version 3.0.7.RELEASE pom artifactid spring-beans pom groupid org.springframework pom groupid springframework pom parent-artifactid spring-parent pom parent-groupid org.springframework pom version 3.0.7.RELEASE
Description: Spring Context
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Dad\.m2\repository\org\springframework\spring-context\3.2.8.RELEASE\spring-context-3.2.8.RELEASE.jar
MD5: 062fd8c0edb7b69c4886946f884217ae
SHA1: 7edfc6e4283b549504793682cab1f8c37d9f1890
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid spring-context central groupid org.springframework central version 3.2.8.RELEASE file name spring-context Manifest Implementation-Title spring-context Manifest Implementation-Version 3.2.8.RELEASE pom artifactid spring-context pom description Spring Context pom groupid org.springframework pom groupid springframework pom name Spring Context pom organization name http://springsource.org/spring-framework
pom url https://github.com/SpringSource/spring-framework pom version 3.2.8.RELEASE
File Path: C:\Users\Dad\.m2\repository\org\springframework\spring-core\3.0.7.RELEASE\spring-core-3.0.7.RELEASE.jarMD5: feeca5dd71af07bda262b0ed14dc1951SHA1: 2c90825834a037aab6f6a71bbd05d81680832c49
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid spring-core central groupid org.springframework central version 3.0.7.RELEASE file name spring-core hint analyzer product springsource_spring_framework hint analyzer vendor pivotal software hint analyzer vendor SpringSource hint analyzer vendor vmware Manifest Bundle-Name Spring Core Manifest bundle-symbolicname org.springframework.core Manifest Implementation-Title org.springframework.core Manifest Implementation-Version 3.0.7.RELEASE pom artifactid spring-core pom groupid org.springframework pom groupid springframework pom parent-artifactid spring-parent pom parent-groupid org.springframework pom version 3.0.7.RELEASE
Published Vulnerabilities
CVE-2016-9878 suppress
Severity:
Medium
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
Vulnerable Software & Versions: (show all )
CVE-2014-3625 suppress
Severity:
Medium
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
Vulnerable Software & Versions: (show all )
CVE-2014-3578 suppress
Severity:
Medium
Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.
Vulnerable Software & Versions: (show all )
CVE-2014-1904 suppress
Severity:
Medium
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.
Vulnerable Software & Versions: (show all )
CVE-2014-0054 suppress
Severity:
Medium
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
Vulnerable Software & Versions: (show all )
CVE-2013-7315 suppress
Severity:
Medium
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
Vulnerable Software & Versions: (show all )
CVE-2013-6429 suppress
Severity:
Medium
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.
Vulnerable Software & Versions: (show all )
CVE-2013-4152 suppress
Severity:
Medium
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all )
File Path: C:\Users\Dad\.m2\repository\org\springframework\spring-expression\3.0.7.RELEASE\spring-expression-3.0.7.RELEASE.jarMD5: 7880f6d36ee0352560700517d59e80a1SHA1: 61999bb2e1e5f7a1c13e91a58761c48dc1d71cf9
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid spring-expression central groupid org.springframework central version 3.0.7.RELEASE file name spring-expression Manifest Bundle-Name Spring Expression Language Manifest bundle-symbolicname org.springframework.expression Manifest Implementation-Title org.springframework.expression Manifest Implementation-Version 3.0.7.RELEASE pom artifactid spring-expression pom groupid org.springframework pom groupid springframework pom parent-artifactid spring-parent pom parent-groupid org.springframework pom version 3.0.7.RELEASE
File Path: C:\Users\Dad\.m2\repository\org\springframework\spring-jms\3.0.7.RELEASE\spring-jms-3.0.7.RELEASE.jarMD5: bb872e0744176677ae65705317efa46fSHA1: 1647b17010e96c713f589ec1b0265556443db00e
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid spring-jms central groupid org.springframework central version 3.0.7.RELEASE file name spring-jms Manifest Bundle-Name Spring JMS Manifest bundle-symbolicname org.springframework.jms Manifest Implementation-Title org.springframework.jms Manifest Implementation-Version 3.0.7.RELEASE pom artifactid spring-jms pom groupid org.springframework pom groupid springframework pom parent-artifactid spring-parent pom parent-groupid org.springframework pom version 3.0.7.RELEASE
File Path: C:\Users\Dad\.m2\repository\org\springframework\spring-tx\3.0.7.RELEASE\spring-tx-3.0.7.RELEASE.jarMD5: 9d8af113502df57b03734164654df6a3SHA1: c340bf8606f6bf235bc1277d25315df1abe51c31
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid spring-tx central groupid org.springframework central version 3.0.7.RELEASE file name spring-tx Manifest Bundle-Name Spring Transaction Manifest bundle-symbolicname org.springframework.transaction Manifest Implementation-Title org.springframework.transaction Manifest Implementation-Version 3.0.7.RELEASE pom artifactid spring-tx pom groupid org.springframework pom groupid springframework pom parent-artifactid spring-parent pom parent-groupid org.springframework pom version 3.0.7.RELEASE
Description: Rhino is an open-source implementation of JavaScript written entirely in Java. It is typically embedded into Java applications to provide scripting to end users.
License:
Mozilla Public License: http://www.mozilla.org/MPL/MPL-1.1.html
File Path: C:\Users\Dad\.m2\repository\rhino\js\1.7R2\js-1.7R2.jar
MD5: a4166cafe6e5d37c363b6795ee92c92c
SHA1: b95d5212ff4cea92cee1c3c6fa50aa82c9d4905b
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid js central groupid rhino central version 1.7R2 file name js file version 1.7.r2 jar package name javascript jar package name mozilla pom artifactid js pom description Rhino is an open-source implementation of JavaScript written entirely in Java. It is typically embedded into Java applications to provide scripting to end users. pom groupid rhino pom name Rhino pom url http://www.mozilla.org/rhino/ pom version 1.7R2
Description: Java stub generator for WSDL
License:
CPL: http://www.opensource.org/licenses/cpl1.0.txt
File Path: C:\Users\Dad\.m2\repository\wsdl4j\wsdl4j\1.6.3\wsdl4j-1.6.3.jar
MD5: cfc28d89625c5e88589aec7a9aee0208
SHA1: 6d106a6845a3d3477a1560008479312888e94f2f
Referenced In Project/Scope:
fgsms Apache CXF Agent:compile
Evidence
Source Name Value central artifactid wsdl4j central groupid wsdl4j central version 1.6.3 file name wsdl4j file version 1.6.3 Manifest Implementation-Title WSDL4J Manifest Implementation-Vendor IBM Manifest Implementation-Version 1.6.3 Manifest specification-title JWSDL Manifest specification-vendor IBM (Java Community Process) pom artifactid wsdl4j pom description Java stub generator for WSDL pom groupid wsdl4j pom name WSDL4J pom url http://sf.net/projects/wsdl4j pom version 1.6.3
Description:
Serializer to write out XML, HTML etc. as a stream of characters from an input DOM or from input
SAX events.
File Path: C:\Users\Dad\.m2\repository\xalan\serializer\2.7.1\serializer-2.7.1.jarMD5: a6b64dfe58229bdd810263fa0cc54cffSHA1: 4b4b18df434451249bb65a63f2fb69e215a6a020
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid serializer central groupid xalan central version 2.7.1 file name serializer file version 2.7.1 manifest: org/apache/xml/serializer/ Implementation-Title org.apache.xml.serializer manifest: org/apache/xml/serializer/ Implementation-Vendor Apache Software Foundation manifest: org/apache/xml/serializer/ Specification-Title XSL Transformations (XSLT), at http://www.w3.org/TR/xslt manifest: org/apache/xml/serializer/utils/ Implementation-Title org.apache.xml.serializer.utils manifest: org/apache/xml/serializer/utils/ Implementation-Vendor Apache Software Foundation pom artifactid serializer pom description Serializer to write out XML, HTML etc. as a stream of characters from an input DOM or from input SAX events. pom groupid xalan pom name Xalan Java Serializer pom parent-artifactid apache pom parent-groupid org.apache pom url http://xml.apache.org/xalan-j/ pom version 2.7.1
Published Vulnerabilities
CVE-2014-0107 suppress
Severity:
High
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.
Vulnerable Software & Versions: (show all )
Description: xml-commons provides an Apache-hosted set of DOM, SAX, and
JAXP interfaces for use in other xml-based projects. Our hope is that we
can standardize on both a common version and packaging scheme for these
critical XML standards interfaces to make the lives of both our developers
and users easier.
File Path: C:\Users\Dad\.m2\repository\xml-resolver\xml-resolver\1.2\xml-resolver-1.2.jarMD5: 706c533146c1f4ee46b66659ea14583aSHA1: 3d0f97750b3a03e0971831566067754ba4bfd68c
Referenced In Project/Scope:
fgsms Apache CXF Agent:provided
Evidence
Source Name Value central artifactid xml-resolver central groupid xml-resolver central version 1.2 file name xml-resolver file version 1.2 manifest: org/apache/xml/resolver Implementation-Title org.apache.xml.resolver.Catalog manifest: org/apache/xml/resolver Implementation-Vendor Apache Software Foundation pom artifactid xml-resolver pom description xml-commons provides an Apache-hosted set of DOM, SAX, and JAXP interfaces for use in other xml-based projects. Our hope is that we can standardize on both a common version and packaging scheme for these critical XML standards interfaces to make the lives of both our developers and users easier. pom groupid xml-resolver pom name XML Commons Resolver Component pom parent-artifactid apache pom parent-groupid org.apache pom url http://xml.apache.org/commons/components/resolver/ pom version 1.2