Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: fgsms Automated Reporting Service

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE GAV Highest Severity CVE Count CPE Confidence Evidence Count
avalon-framework-4.1.3.jar avalon-framework:avalon-framework:4.1.3   0 12
batik-awt-util-1.6.jar cpe:/a:apache:batik:1.6 batik:batik-awt-util:1.6 Medium 1 LOW 16
batik-dom-1.6.jar cpe:/a:apache:batik:1.6 batik:batik-dom:1.6 Medium 1 LOW 15
batik-svggen-1.6-1.jar cpe:/a:apache:batik:1.6.1 batik:batik-svggen:1.6 Medium 1 LOW 15
batik-util-1.6.jar cpe:/a:apache:batik:1.6 batik:batik-util:1.6 Medium 1 LOW 15
batik-xml-1.6.jar cpe:/a:apache:batik:1.6 batik:batik-xml:1.6 Medium 1 LOW 15
cewolf-1.2.4-java7.jar cewolf:cewolf:1.2.4-java7   0 14
commons-logging-1.1.jar commons-logging:commons-logging:1.1   0 19
VectorGraphics2D-0.9.3.jar de.erichseifert.vectorgraphics2d:VectorGraphics2D:0.9.3   0 14
geronimo-spec-j2ee-connector-1.5-rc4.jar cpe:/a:apache:geronimo:1.5.rc4 geronimo-spec:geronimo-spec-j2ee-connector:1.5-rc4 High 2 LOW 14
activation-1.1.jar javax.activation:activation:1.1   0 17
ejb-api-3.0.jar javax.ejb:ejb-api:3.0   0 15
mail-1.4.7.jar cpe:/a:sun:javamail:1.4.7 javax.mail:mail:1.4.7   0 LOW 26
servlet-api-2.5.jar javax.servlet:servlet-api:2.5   0 11
log4j-1.2.17.jar log4j:log4j:1.2.17   0 18
logkit-1.0.1.jar logkit:logkit:1.0.1   0 11
commons-lang3-3.5.jar org.apache.commons:commons-lang3:3.5   0 27
qpid-client-6.0.0.jar cpe:/a:apache:qpid:6.0.0 org.apache.qpid:qpid-client:6.0.0   0 LOW 19
jcommon-1.0.23.jar org.jfree:jcommon:1.0.23   0 15
jfreechart-1.0.19.jar org.jfree:jfreechart:1.0.19   0 15
xchart-3.0.0.jar org.knowm.xchart:xchart:3.0.0   0 16
slf4j-api-1.7.7.jar org.slf4j:slf4j-api:1.7.7   0 20

Dependencies

avalon-framework-4.1.3.jar

File Path: C:\Users\Dad\.m2\repository\avalon-framework\avalon-framework\4.1.3\avalon-framework-4.1.3.jar
MD5: bef9f9be8ba066273fdef72b3503a307
SHA1: 92315ee1c4a4c90bee05055713811f28f8509075
Referenced In Project/Scope: fgsms Automated Reporting Service:compile

Identifiers

batik-awt-util-1.6.jar

Description: Batik AWT Utilities

File Path: C:\Users\Dad\.m2\repository\batik\batik-awt-util\1.6\batik-awt-util-1.6.jar
MD5: 04013947d519c13fd4d82355cb496552
SHA1: 590750cc8d6a1ba0189b437172b6444578d79c99
Referenced In Project/Scope: fgsms Automated Reporting Service:compile

Identifiers

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

batik-dom-1.6.jar

Description: Batik DOM

File Path: C:\Users\Dad\.m2\repository\batik\batik-dom\1.6\batik-dom-1.6.jar
MD5: ce481d746c345a3d3046dab157c8468f
SHA1: 27983405f0871f28d3b9ab35b44e62610a60564a
Referenced In Project/Scope: fgsms Automated Reporting Service:compile

Identifiers

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

batik-svggen-1.6-1.jar

Description: Batik SVG Generator

File Path: C:\Users\Dad\.m2\repository\batik\batik-svggen\1.6-1\batik-svggen-1.6-1.jar
MD5: 918e775580eb37b9d57ea37c79fc8610
SHA1: 983914d5e27957145e34b55ad7f48df96eb6d280
Referenced In Project/Scope: fgsms Automated Reporting Service:compile

Identifiers

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

batik-util-1.6.jar

Description: Batik Utilities

File Path: C:\Users\Dad\.m2\repository\batik\batik-util\1.6\batik-util-1.6.jar
MD5: 4a137ce0ce2f8eb24823b55ebb26cb24
SHA1: 7bea0185bb630bca235ffa904b1a03e8a4786a45
Referenced In Project/Scope: fgsms Automated Reporting Service:compile

Identifiers

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

batik-xml-1.6.jar

Description: Batik XML

File Path: C:\Users\Dad\.m2\repository\batik\batik-xml\1.6\batik-xml-1.6.jar
MD5: d4d0b431411f67662618f9b87dbcddab
SHA1: 4f2c18a0d41b8804e6fd24f183a567b41c928ed0
Referenced In Project/Scope: fgsms Automated Reporting Service:compile

Identifiers

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

cewolf-1.2.4-java7.jar

Description:  Cewolf is a tag library for JfreeChart. JFreeChart is a class library, written in Java, for generating charts. Utilising the Java2D APIs, it currently supports bar charts, pie charts, line charts, XY-plots and time series plots.

License:

GNU Lesser General Public License version 2.1 (LGPLv2.1): http://www.gnu.org/licenses/lgpl-2.1.txt
File Path: C:\Users\Dad\.m2\repository\cewolf\cewolf\1.2.4-java7\cewolf-1.2.4-java7.jar
MD5: 52336ab381cc46d082b893873707e011
SHA1: ceec652622da825768aa19f960021548fa6d0768
Referenced In Project/Scope: fgsms Automated Reporting Service:compile

Identifiers

commons-logging-1.1.jar

Description: Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: C:\Users\Dad\.m2\repository\commons-logging\commons-logging\1.1\commons-logging-1.1.jar
MD5: 6b62417e77b000a87de66ee3935edbf5
SHA1: ba24d5de831911b684c92cd289ed5ff826271824
Referenced In Project/Scope: fgsms Automated Reporting Service:compile

Identifiers

VectorGraphics2D-0.9.3.jar

Description: A library for adding vector export to Java(R) Graphics2D.

License:

GNU Library or Lesser General Public License (LGPL): http://www.gnu.org/licenses/lgpl.txt
File Path: C:\Users\Dad\.m2\repository\de\erichseifert\vectorgraphics2d\VectorGraphics2D\0.9.3\VectorGraphics2D-0.9.3.jar
MD5: 71a405d7f54cc94df0711d516abeca52
SHA1: 221c9d68940b9ff48cd88cdc0c4943d3710d8af1
Referenced In Project/Scope: fgsms Automated Reporting Service:compile

Identifiers

geronimo-spec-j2ee-connector-1.5-rc4.jar

File Path: C:\Users\Dad\.m2\repository\geronimo-spec\geronimo-spec-j2ee-connector\1.5-rc4\geronimo-spec-j2ee-connector-1.5-rc4.jar
MD5: 6a2ccbc1d0af6329c00b2089ae1a31d7
SHA1: 2f5310631817f11c5b170d3a0084a58766d49269
Referenced In Project/Scope: fgsms Automated Reporting Service:compile

Identifiers

CVE-2011-5034  

Severity: High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-20 Improper Input Validation

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.

Vulnerable Software & Versions: (show all)

CVE-2008-0732  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.

Vulnerable Software & Versions:

activation-1.1.jar

Description:  JavaBeans Activation Framework (JAF) is a standard extension to the Java platform that lets you take advantage of standard services to: determine the type of an arbitrary piece of data; encapsulate access to it; discover the operations available on it; and instantiate the appropriate bean to perform the operation(s).

License:

Common Development and Distribution License (CDDL) v1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: C:\Users\Dad\.m2\repository\javax\activation\activation\1.1\activation-1.1.jar
MD5: 8ae38e87cd4f86059c0294a8fe3e0b18
SHA1: e6cb541461c2834bdea3eb920f1884d1eb508b50
Referenced In Project/Scope: fgsms Automated Reporting Service:compile

Identifiers

ejb-api-3.0.jar

File Path: C:\Users\Dad\.m2\repository\javax\ejb\ejb-api\3.0\ejb-api-3.0.jar
MD5: bf9716b5dd34838c272aa44dfbab5fbc
SHA1: d4855ba9a1ecd993b751880567ec06ffcbd6fe06
Referenced In Project/Scope: fgsms Automated Reporting Service:compile

Identifiers

mail-1.4.7.jar

Description: JavaMail API (compat)

License:

http://www.sun.com/cddl, https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: C:\Users\Dad\.m2\repository\javax\mail\mail\1.4.7\mail-1.4.7.jar
MD5: 77f53ff0c78ba43c4812ecc9f53e20f8
SHA1: 9add058589d5d85adeb625859bf2c5eeaaedf12d
Referenced In Project/Scope: fgsms Automated Reporting Service:compile

Identifiers

servlet-api-2.5.jar

File Path: C:\Users\Dad\.m2\repository\javax\servlet\servlet-api\2.5\servlet-api-2.5.jar
MD5: 116fc16f3f700d756a57a2b8ea7c1044
SHA1: e69999122202bb1c275a80ad3281c4f69f2ea0b2
Referenced In Project/Scope: fgsms Automated Reporting Service:compile

Identifiers

  • maven: javax.servlet:servlet-api:2.5   Confidence:HIGH

log4j-1.2.17.jar

Description: Apache Log4j 1.2

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Dad\.m2\repository\log4j\log4j\1.2.17\log4j-1.2.17.jar
MD5: 04a41f0a068986f0f73485cf507c0f40
SHA1: 5af35056b4d257e4b64b9e8069c0746e8b08629f
Referenced In Project/Scope: fgsms Automated Reporting Service:compile

Identifiers

logkit-1.0.1.jar

File Path: C:\Users\Dad\.m2\repository\logkit\logkit\1.0.1\logkit-1.0.1.jar
MD5: 32240100a5c15d53f00392fae4b0aab7
SHA1: aaf5649b523c5ffc925e746074979150bb74bfdc
Referenced In Project/Scope: fgsms Automated Reporting Service:compile

Identifiers

commons-lang3-3.5.jar

Description:  Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Dad\.m2\repository\org\apache\commons\commons-lang3\3.5\commons-lang3-3.5.jar
MD5: 780b5a8b72eebe6d0dbff1c11b5658fa
SHA1: 6c6c702c89bfff3cd9e80b04d668c5e190d588c6
Referenced In Project/Scope: fgsms Automated Reporting Service:compile

Identifiers

qpid-client-6.0.0.jar

Description: JMS client supporting AMQP 0-8, 0-9, 0-9-1 and 0-10.

File Path: C:\Users\Dad\.m2\repository\org\apache\qpid\qpid-client\6.0.0\qpid-client-6.0.0.jar
MD5: 244a004182de831f2ff3774dbac2741f
SHA1: 0a4c3e81e2c4777bf3d50c293391831a5dd1acf9
Referenced In Project/Scope: fgsms Automated Reporting Service:compile

Identifiers

jcommon-1.0.23.jar

Description:  JCommon is a free general purpose Java class library that is used in several projects at www.jfree.org, including JFreeChart and JFreeReport.

License:

GNU Lesser General Public Licence: http://www.gnu.org/licenses/lgpl.txt
File Path: C:\Users\Dad\.m2\repository\org\jfree\jcommon\1.0.23\jcommon-1.0.23.jar
MD5: 1b059adc60fef2da40b7130f9a67f977
SHA1: a316f336ca996e0c6bec4e4fbd49be8f5e1c3968
Referenced In Project/Scope: fgsms Automated Reporting Service:compile

Identifiers

jfreechart-1.0.19.jar

Description:  JFreeChart is a class library, written in Java, for generating charts. Utilising the Java2D APIs, it currently supports bar charts, pie charts, line charts, XY-plots and time series plots.

License:

GNU Lesser General Public Licence: http://www.gnu.org/licenses/lgpl.txt
File Path: C:\Users\Dad\.m2\repository\org\jfree\jfreechart\1.0.19\jfreechart-1.0.19.jar
MD5: 4ff3762bd04a7239cfb98de542134bec
SHA1: ba9ee7dbb2e4c57a6901c79f614ed2dea9cc0e20
Referenced In Project/Scope: fgsms Automated Reporting Service:compile

Identifiers

xchart-3.0.0.jar

Description: The core XChart library

File Path: C:\Users\Dad\.m2\repository\org\knowm\xchart\xchart\3.0.0\xchart-3.0.0.jar
MD5: a0fa77ed0eeb3e8c7c5801b2d0b9c545
SHA1: 83f605b9d59f9e860e85c8c53cb6ed736eb99e85
Referenced In Project/Scope: fgsms Automated Reporting Service:compile

Identifiers

slf4j-api-1.7.7.jar

Description: The slf4j API

File Path: C:\Users\Dad\.m2\repository\org\slf4j\slf4j-api\1.7.7\slf4j-api-1.7.7.jar
MD5: ca4280bf93d64367723ae5c8d42dd0b9
SHA1: 2b8019b6249bb05d81d3a3094e468753e2b21311
Referenced In Project/Scope: fgsms Automated Reporting Service:compile

Identifiers



This report contains data retrieved from the National Vulnerability Database.