Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 1.4.5
Report Generated On: Mar 12, 2017 at 00:14:12 EST
Dependencies Scanned: 21 (21 unique)
Vulnerable Dependencies: 2
Vulnerabilities Found: 3
Vulnerabilities Suppressed: 0
...
CurrentEngineRelease:
NVD CVE 2002: 19/02/2017 03:25:58
NVD CVE 2003: 19/02/2017 03:24:25
NVD CVE 2004: 19/02/2017 03:23:59
NVD CVE 2005: 24/02/2017 03:12:32
NVD CVE 2006: 19/02/2017 03:20:36
NVD CVE 2007: 19/02/2017 03:18:20
NVD CVE 2008: 19/02/2017 03:16:18
NVD CVE 2009: 19/02/2017 03:14:03
NVD CVE 2010: 09/02/2017 03:09:26
NVD CVE 2011: 19/02/2017 03:11:57
NVD CVE 2012: 24/02/2017 03:11:07
NVD CVE 2013: 24/02/2017 03:09:00
NVD CVE 2014: 01/03/2017 03:07:38
NVD CVE 2015: 04/03/2017 03:06:02
NVD CVE 2016: 05/03/2017 03:02:53
NVD CVE 2017: 05/03/2017 03:00:24
NVD CVE Checked: 11/03/2017 23:34:50
NVD CVE Modified: 11/03/2017 20:00:24
VersionCheckOn: 1486838497071

Display: Showing Vulnerable Dependencies (click to show all)

Dependency	CPE	GAV	Highest Severity	CVE Count	CPE Confidence	Evidence Count
commons-codec-1.10.jar		commons-codec:commons-codec:1.10		0		25
commons-collections-3.2.jar	cpe:/a:apache:commons_collections:3.2.1	commons-collections:commons-collections:3.2	High	1	LOW	19
commons-configuration-1.9.jar		commons-configuration:commons-configuration:1.9		0		24
commons-daemon-1.0.15-bin-windows.zip: prunsrv.exe				0		1
commons-daemon-1.0.15-bin-windows.zip: prunsrv.exe				0		1
commons-daemon-1.0.15-bin-windows.zip: prunmgr.exe				0		1
commons-daemon-1.0.15-bin-windows.zip: prunsrv.exe				0		1
commons-lang-2.6.jar		commons-lang:commons-lang:2.6		0		23
commons-logging-api-1.1.jar		commons-logging:commons-logging-api:1.1		0		19
commons-logging-1.1.jar		commons-logging:commons-logging:1.1		0		19
dnsjava-2.0.6.jar		dnsjava:dnsjava:2.0.6		0		15
activation-1.1.jar		javax.activation:activation:1.1		0		17
mail-1.4.7.jar	cpe:/a:sun:javamail:1.4.7	javax.mail:mail:1.4.7		0	LOW	26
servlet-api-2.5.jar		javax.servlet:servlet-api:2.5		0		11
log4j-1.2.17.jar		log4j:log4j:1.2.17		0		18
commons-lang3-3.5.jar		org.apache.commons:commons-lang3:3.5		0		27
httpclient-4.3.3.jar	cpe:/a:apache:httpclient:4.3.3	org.apache.httpcomponents:httpclient:4.3.3	Medium	2	HIGHEST	22
httpcore-4.3.2.jar		org.apache.httpcomponents:httpcore:4.3.2		0		22
juddi-client-3.3.3.jar		org.apache.juddi:juddi-client:3.3.3		0		16
uddi-ws-3.3.3.jar		org.apache.juddi:uddi-ws:3.3.3		0		16
wsdl4j-1.6.2.jar		wsdl4j:wsdl4j:1.6.2		0		15

Dependencies

commons-codec-1.10.jar

Description: The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Dad\.m2\repository\commons-codec\commons-codec\1.10\commons-codec-1.10.jar
MD5: 353cf6a2bdba09595ccfa073b78c7fcb
SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8
Referenced In Project/Scope: fgsms Server Crash Alerter:compile

Evidence

Source	Name	Value
central	artifactid	commons-codec
central	groupid	commons-codec
central	version	1.10
file	name	commons-codec
file	version	1.10
manifest	Bundle-Description	The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
Manifest	bundle-docurl	http://commons.apache.org/proper/commons-codec/
Manifest	Bundle-Name	Apache Commons Codec
Manifest	bundle-symbolicname	org.apache.commons.codec
Manifest	implementation-build	trunk@r1637108; 2014-11-06 14:14:12+0000
Manifest	Implementation-Title	Apache Commons Codec
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	1.10
Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"
Manifest	specification-title	Apache Commons Codec
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	commons-codec
pom	description	The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
pom	groupid	commons-codec
pom	name	Apache Commons Codec
pom	parent-artifactid	commons-parent
pom	parent-groupid	org.apache.commons
pom	url	http://commons.apache.org/proper/commons-codec/
pom	version	1.10

Identifiers

maven: commons-codec:commons-codec:1.10 Confidence:HIGHEST

commons-collections-3.2.jar

Description: Types that extend and augment the Java Collections Framework.

License:

The Apache Software License, Version 2.0: /LICENSE.txt

File Path: C:\Users\Dad\.m2\repository\commons-collections\commons-collections\3.2\commons-collections-3.2.jar
MD5: 7b9216b608d550787bdf43a63d88bf3b
SHA1: f951934aa5ae5a88d7e6dfaa6d32307d834a88be
Referenced In Project/Scope: fgsms Server Crash Alerter:compile

Evidence

Source	Name	Value
central	artifactid	commons-collections
central	groupid	commons-collections
central	version	3.2
file	name	commons-collections
file	version	3.2
Manifest	extension-name	commons-collections
Manifest	Implementation-Title	Commons Collections
Manifest	Implementation-Vendor	Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	3.2
Manifest	specification-title	Commons Collections
Manifest	specification-vendor	Apache Software Foundation
pom	artifactid	commons-collections
pom	description	Types that extend and augment the Java Collections Framework.
pom	groupid	commons-collections
pom	name	Collections
pom	organization name	http://jakarta.apache.org
pom	url	http://jakarta.apache.org/commons/collections/
pom	version	3.2

Identifiers

maven: commons-collections:commons-collections:3.2 Confidence:HIGHEST
cpe: cpe:/a:apache:commons_collections:3.2.1 Confidence:LOW

Published Vulnerabilities

CVE-2015-6420

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Vulnerable Software & Versions: (show all)

cpe:/a:apache:commons_collections:3.2.1 and all previous versions
...
cpe:/a:apache:commons_collections:3.2.1 and all previous versions
cpe:/a:apache:commons_collections:4.0 and all previous versions

commons-configuration-1.9.jar

Description: Tools to assist in the reading of configuration/preferences files in various formats

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Dad\.m2\repository\commons-configuration\commons-configuration\1.9\commons-configuration-1.9.jar
MD5: a433303bae1cd9ec6313fe7bbac8fbe9
SHA1: 5e8a4890284cf7eaa9241ace2cc07518d9519d22
Referenced In Project/Scope: fgsms Server Crash Alerter:compile

Evidence

Source	Name	Value
central	artifactid	commons-configuration
central	groupid	commons-configuration
central	version	1.9
file	name	commons-configuration
file	version	1.9
manifest	Bundle-Description	Tools to assist in the reading of configuration/preferences files in various formats
Manifest	bundle-docurl	http://commons.apache.org/configuration/
Manifest	Bundle-Name	Commons Configuration
Manifest	bundle-symbolicname	org.apache.commons.configuration
Manifest	implementation-build	tags/CONFIGURATION_1_9RC1@r1369345; 2012-08-04 17:37:27+0200
Manifest	Implementation-Title	Commons Configuration
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	1.9
Manifest	specification-title	Commons Configuration
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	commons-configuration
pom	description	Tools to assist in the reading of configuration/preferences files in various formats
pom	groupid	commons-configuration
pom	name	Commons Configuration
pom	parent-artifactid	commons-parent
pom	parent-groupid	org.apache.commons
pom	url	http://commons.apache.org/configuration/
pom	version	1.9

Identifiers

maven: commons-configuration:commons-configuration:1.9 Confidence:HIGHEST

commons-daemon-1.0.15-bin-windows.zip: prunsrv.exe

File Path: C:\Users\Dad\.m2\repository\commons-daemon\commons-daemon\1.0.15\commons-daemon-1.0.15-bin-windows.zip\amd64\prunsrv.exe
MD5: c8a57f4ca413effd5897d8a20e05fc80
SHA1: aac510a623eeb46aad1af2a91930535e4fe28f91
Referenced In Project/Scope: fgsms Server Crash Alerter:provided

Evidence

Source	Name	Value
file	name	prunsrv

Identifiers

None

commons-daemon-1.0.15-bin-windows.zip: prunsrv.exe

File Path: C:\Users\Dad\.m2\repository\commons-daemon\commons-daemon\1.0.15\commons-daemon-1.0.15-bin-windows.zip\ia64\prunsrv.exe
MD5: 3b06d0e5454e6812bba21b39ecfc83ba
SHA1: 0715fee00e5fcc4ce1c2b3dabbbddc4f3fa13e7e
Referenced In Project/Scope: fgsms Server Crash Alerter:provided

Evidence

Source	Name	Value
file	name	prunsrv

Identifiers

None

commons-daemon-1.0.15-bin-windows.zip: prunmgr.exe

File Path: C:\Users\Dad\.m2\repository\commons-daemon\commons-daemon\1.0.15\commons-daemon-1.0.15-bin-windows.zip\prunmgr.exe
MD5: dcf47773e046ee212d937d5cabea5f4c
SHA1: 57483ea86f52ee8e529a9a53e2e18d7ddcd47e51
Referenced In Project/Scope: fgsms Server Crash Alerter:provided

Evidence

Source	Name	Value
file	name	prunmgr

Identifiers

None

commons-daemon-1.0.15-bin-windows.zip: prunsrv.exe

File Path: C:\Users\Dad\.m2\repository\commons-daemon\commons-daemon\1.0.15\commons-daemon-1.0.15-bin-windows.zip\prunsrv.exe
MD5: 0be207e358e5c198e7cb005c08e96e89
SHA1: 8c31d27449cee7bf326485987dc3145f17ffaa66
Referenced In Project/Scope: fgsms Server Crash Alerter:provided

Evidence

Source	Name	Value
file	name	prunsrv

Identifiers

None

commons-lang-2.6.jar

Description: Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Dad\.m2\repository\commons-lang\commons-lang\2.6\commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
Referenced In Project/Scope: fgsms Server Crash Alerter:compile

Evidence

Source	Name	Value
central	artifactid	commons-lang
central	groupid	commons-lang
central	version	2.6
file	name	commons-lang
file	version	2.6
manifest	Bundle-Description	Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.
Manifest	bundle-docurl	http://commons.apache.org/lang/
Manifest	Bundle-Name	Commons Lang
Manifest	bundle-symbolicname	org.apache.commons.lang
Manifest	Implementation-Title	Commons Lang
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	2.6
Manifest	specification-title	Commons Lang
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	commons-lang
pom	description	Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.
pom	groupid	commons-lang
pom	name	Commons Lang
pom	parent-artifactid	commons-parent
pom	parent-groupid	org.apache.commons
pom	url	http://commons.apache.org/lang/
pom	version	2.6

Identifiers

maven: commons-lang:commons-lang:2.6 Confidence:HIGHEST

commons-logging-api-1.1.jar

Description: Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.

License:

The Apache Software License, Version 2.0: /LICENSE.txt

File Path: C:\Users\Dad\.m2\repository\commons-logging\commons-logging-api\1.1\commons-logging-api-1.1.jar
MD5: 4374238076ab08e60e0d296234480837
SHA1: 7d4cf5231d46c8524f9b9ed75bb2d1c69ab93322
Referenced In Project/Scope: fgsms Server Crash Alerter:compile

Evidence

Source	Name	Value
central	artifactid	commons-logging-api
central	groupid	commons-logging
central	version	1.1
file	name	commons-logging-api
file	version	1.1
Manifest	extension-name	org.apache.commons.logging
Manifest	Implementation-Title	Jakarta Commons Logging
Manifest	Implementation-Vendor	Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	1.1
Manifest	specification-title	Jakarta Commons Logging
Manifest	specification-vendor	Apache Software Foundation
pom	artifactid	commons-logging-api
pom	description	Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.
pom	groupid	commons-logging
pom	name	Logging
pom	organization name	http://jakarta.apache.org
pom	url	http://jakarta.apache.org/commons/logging/
pom	version	1.1

Identifiers

maven: commons-logging:commons-logging-api:1.1 Confidence:HIGHEST

commons-logging-1.1.jar

Description: Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.

License:

The Apache Software License, Version 2.0: /LICENSE.txt

File Path: C:\Users\Dad\.m2\repository\commons-logging\commons-logging\1.1\commons-logging-1.1.jar
MD5: 6b62417e77b000a87de66ee3935edbf5
SHA1: ba24d5de831911b684c92cd289ed5ff826271824
Referenced In Project/Scope: fgsms Server Crash Alerter:compile

Evidence

Source	Name	Value
central	artifactid	commons-logging
central	groupid	commons-logging
central	version	1.1
file	name	commons-logging
file	version	1.1
Manifest	extension-name	org.apache.commons.logging
Manifest	Implementation-Title	Jakarta Commons Logging
Manifest	Implementation-Vendor	Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	1.1
Manifest	specification-title	Jakarta Commons Logging
Manifest	specification-vendor	Apache Software Foundation
pom	artifactid	commons-logging
pom	description	Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.
pom	groupid	commons-logging
pom	name	Logging
pom	organization name	http://jakarta.apache.org
pom	url	http://jakarta.apache.org/commons/${pom.artifactId.substring(8)}/
pom	version	1.1

Identifiers

maven: commons-logging:commons-logging:1.1 Confidence:HIGHEST

dnsjava-2.0.6.jar

Description: dnsjava is an implementation of DNS in Java

License:

BSD license: http://www.dnsjava.org/README

File Path: C:\Users\Dad\.m2\repository\dnsjava\dnsjava\2.0.6\dnsjava-2.0.6.jar
MD5: 3a783229899ea708d3a7c73624d305c4
SHA1: e367971f81d95e653552b5c8f3065d0fad724369
Referenced In Project/Scope: fgsms Server Crash Alerter:compile

Evidence

Source	Name	Value
central	artifactid	dnsjava
central	groupid	dnsjava
central	groupid	org.dnsjava
central	groupid	org.dspace.dnsjava
central	version	2.0.6
file	name	dnsjava
file	version	2.0.6
Manifest	Implementation-Title	dnsjava
Manifest	Implementation-Version	2.0.6
pom	artifactid	dnsjava
pom	description	dnsjava is an implementation of DNS in Java
pom	groupid	dnsjava
pom	name	dnsjava
pom	url	http://www.dnsjava.org
pom	version	2.0.6

Identifiers

maven: dnsjava:dnsjava:2.0.6 Confidence:HIGHEST
maven: org.dnsjava:dnsjava:2.0.6 Confidence:HIGHEST
maven: org.dspace.dnsjava:dnsjava:2.0.6 Confidence:HIGHEST

activation-1.1.jar

Description: JavaBeans Activation Framework (JAF) is a standard extension to the Java platform that lets you take advantage of standard services to: determine the type of an arbitrary piece of data; encapsulate access to it; discover the operations available on it; and instantiate the appropriate bean to perform the operation(s).

License:

Common Development and Distribution License (CDDL) v1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html

File Path: C:\Users\Dad\.m2\repository\javax\activation\activation\1.1\activation-1.1.jar
MD5: 8ae38e87cd4f86059c0294a8fe3e0b18
SHA1: e6cb541461c2834bdea3eb920f1884d1eb508b50
Referenced In Project/Scope: fgsms Server Crash Alerter:compile

Evidence

Source	Name	Value
central	artifactid	activation
central	groupid	javax.activation
central	version	1.1
file	name	activation
file	version	1.1
Manifest	extension-name	javax.activation
Manifest	Implementation-Vendor	Sun Microsystems, Inc.
Manifest	Implementation-Vendor-Id	com.sun
Manifest	Implementation-Version	1.1
Manifest	specification-title	JavaBeans(TM) Activation Framework Specification
Manifest	specification-vendor	Sun Microsystems, Inc.
pom	artifactid	activation
pom	description	JavaBeans Activation Framework (JAF) is a standard extension to the Java platform that lets you take advantage of standard services to: determine the type of an arbitrary piece of data; encapsulate access to it; discover the operations available on it; and instantiate the appropriate bean to perform the operation(s).
pom	groupid	javax.activation
pom	name	JavaBeans Activation Framework (JAF)
pom	url	http://java.sun.com/products/javabeans/jaf/index.jsp
pom	version	1.1

Identifiers

maven: javax.activation:activation:1.1 Confidence:HIGHEST

mail-1.4.7.jar

Description: JavaMail API (compat)

License:

http://www.sun.com/cddl, https://glassfish.java.net/public/CDDL+GPL_1_1.html

File Path: C:\Users\Dad\.m2\repository\javax\mail\mail\1.4.7\mail-1.4.7.jar
MD5: 77f53ff0c78ba43c4812ecc9f53e20f8
SHA1: 9add058589d5d85adeb625859bf2c5eeaaedf12d
Referenced In Project/Scope: fgsms Server Crash Alerter:compile

Evidence

Source	Name	Value
central	artifactid	mail
central	groupid	javax.mail
central	version	1.4.7
file	name	mail
file	version	1.4.7
manifest	Bundle-Description	JavaMail API (compat)
Manifest	bundle-docurl	http://www.oracle.com
Manifest	Bundle-Name	JavaMail API (compat)
Manifest	bundle-symbolicname	javax.mail
Manifest	extension-name	javax.mail
Manifest	Implementation-Title	javax.mail
Manifest	Implementation-Vendor	Oracle
Manifest	Implementation-Vendor-Id	com.sun
Manifest	Implementation-Version	1.4.7
Manifest	originally-created-by	1.7.0_15 (Oracle Corporation)
Manifest	probe-provider-xml-file-names	META-INF/gfprobe-provider.xml
Manifest	specification-title	JavaMail(TM) API Design Specification
Manifest	specification-vendor	Oracle
Manifest (hint)	Implementation-Vendor	sun
Manifest (hint)	specification-vendor	sun
pom	artifactid	mail
pom	groupid	javax.mail
pom	name	JavaMail API (compat)
pom	parent-artifactid	all
pom	parent-groupid	com.sun.mail
pom	version	1.4.7

Identifiers

cpe: cpe:/a:sun:javamail:1.4.7 Confidence:LOW
maven: javax.mail:mail:1.4.7 Confidence:HIGHEST

servlet-api-2.5.jar

File Path: C:\Users\Dad\.m2\repository\javax\servlet\servlet-api\2.5\servlet-api-2.5.jar
MD5: 116fc16f3f700d756a57a2b8ea7c1044
SHA1: e69999122202bb1c275a80ad3281c4f69f2ea0b2
Referenced In Project/Scope: fgsms Server Crash Alerter:compile

Evidence

Source	Name	Value
file	name	servlet-api
file	version	2.5
Manifest	extension-name	javax.servlet
Manifest	Implementation-Vendor	Sun Microsystems, Inc.
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	2.5
Manifest	specification-title	JavaServlet(TM) Specification
Manifest	specification-vendor	Sun Microsystems, Inc.
pom	artifactid	servlet-api
pom	groupid	javax.servlet
pom	version	2.5

Identifiers

maven: javax.servlet:servlet-api:2.5 Confidence:HIGH

log4j-1.2.17.jar

Description: Apache Log4j 1.2

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Dad\.m2\repository\log4j\log4j\1.2.17\log4j-1.2.17.jar
MD5: 04a41f0a068986f0f73485cf507c0f40
SHA1: 5af35056b4d257e4b64b9e8069c0746e8b08629f
Referenced In Project/Scope: fgsms Server Crash Alerter:compile

Evidence

Source	Name	Value
central	artifactid	log4j
central	groupid	log4j
central	version	1.2.17
file	name	log4j
file	version	1.2.17
manifest	Bundle-Description	Apache Log4j 1.2
Manifest	bundle-docurl	http://logging.apache.org/log4j/1.2
Manifest	Bundle-Name	Apache Log4j
Manifest	bundle-symbolicname	log4j
manifest: org.apache.log4j	Implementation-Title	log4j
manifest: org.apache.log4j	Implementation-Vendor	"Apache Software Foundation"
pom	artifactid	log4j
pom	description	Apache Log4j 1.2
pom	groupid	log4j
pom	name	Apache Log4j
pom	organization name	http://www.apache.org
pom	url	http://logging.apache.org/log4j/1.2/
pom	version	1.2.17

Identifiers

maven: log4j:log4j:1.2.17 Confidence:HIGHEST

commons-lang3-3.5.jar

Description: Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Dad\.m2\repository\org\apache\commons\commons-lang3\3.5\commons-lang3-3.5.jar
MD5: 780b5a8b72eebe6d0dbff1c11b5658fa
SHA1: 6c6c702c89bfff3cd9e80b04d668c5e190d588c6
Referenced In Project/Scope: fgsms Server Crash Alerter:compile

Evidence

Source	Name	Value
central	artifactid	commons-lang3
central	groupid	org.apache.commons
central	version	3.5
file	name	commons-lang3
file	version	3.5
manifest	Bundle-Description	Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.
Manifest	bundle-docurl	http://commons.apache.org/proper/commons-lang/
Manifest	Bundle-Name	Apache Commons Lang
Manifest	bundle-symbolicname	org.apache.commons.lang3
Manifest	implementation-build	release@r36f98d87b24c2f542b02abbf6ec1ee742f1b158b; 2016-10-13 19:52:17+0000
Manifest	Implementation-Title	Apache Commons Lang
Manifest	implementation-url	http://commons.apache.org/proper/commons-lang/
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	3.5
Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"
Manifest	specification-title	Apache Commons Lang
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	commons-lang3
pom	description	Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.
pom	groupid	apache.commons
pom	groupid	org.apache.commons
pom	name	Apache Commons Lang
pom	parent-artifactid	commons-parent
pom	parent-groupid	org.apache.commons
pom	url	http://commons.apache.org/proper/commons-lang/
pom	version	3.5

Identifiers

maven: org.apache.commons:commons-lang3:3.5 Confidence:HIGHEST

httpclient-4.3.3.jar

Description: HttpComponents Client

File Path: C:\Users\Dad\.m2\repository\org\apache\httpcomponents\httpclient\4.3.3\httpclient-4.3.3.jar
MD5: 88cc3123fce88d61b7c2cdbfc33542c5
SHA1: 18f4247ff4572a074444572cee34647c43e7c9c7
Referenced In Project/Scope: fgsms Server Crash Alerter:compile

Evidence

Source	Name	Value
central	artifactid	httpclient
central	groupid	org.apache.httpcomponents
central	version	4.3.3
file	name	httpclient
file	version	4.3.3
Manifest	implementation-build	tags/4.3.3-RC1/httpclient@r1570731; 2014-02-22 09:04:11-0500
Manifest	Implementation-Title	HttpComponents Apache HttpClient
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	4.3.3
Manifest	specification-title	HttpComponents Apache HttpClient
Manifest	specification-vendor	The Apache Software Foundation
Manifest	url	http://hc.apache.org/httpcomponents-client
pom	artifactid	httpclient
pom	description	HttpComponents Client
pom	groupid	apache.httpcomponents
pom	groupid	org.apache.httpcomponents
pom	name	Apache HttpClient
pom	parent-artifactid	httpcomponents-client
pom	parent-groupid	org.apache.httpcomponents
pom	url	http://hc.apache.org/httpcomponents-client
pom	version	4.3.3

Identifiers

cpe: cpe:/a:apache:httpclient:4.3.3 Confidence:HIGHEST
maven: org.apache.httpcomponents:httpclient:4.3.3 Confidence:HIGHEST

Published Vulnerabilities

CVE-2015-5262

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1626784
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1261538
CONFIRM - https://issues.apache.org/jira/browse/HTTPCLIENT-1478
FEDORA - FEDORA-2015-15588
FEDORA - FEDORA-2015-15589
FEDORA - FEDORA-2015-15590
SECTRACK - 1033743
UBUNTU - USN-2769-1

Vulnerable Software & Versions:

cpe:/a:apache:httpclient:4.3.5 and all previous versions

CVE-2014-3577

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.

BID - 69258
CONFIRM - https://access.redhat.com/solutions/1165533
CONFIRM - https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564
CONFIRM - https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05363782
FULLDISC - 20140818 CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack
MISC - http://packetstormsecurity.com/files/127913/Apache-HttpComponents-Man-In-The-Middle.html
OSVDB - 110143
REDHAT - RHSA-2014:1146
REDHAT - RHSA-2014:1166
REDHAT - RHSA-2014:1833
REDHAT - RHSA-2014:1834
REDHAT - RHSA-2014:1835
REDHAT - RHSA-2014:1836
REDHAT - RHSA-2014:1891
REDHAT - RHSA-2014:1892
REDHAT - RHSA-2015:0125
REDHAT - RHSA-2015:0158
REDHAT - RHSA-2015:0675
REDHAT - RHSA-2015:0720
REDHAT - RHSA-2015:0765
REDHAT - RHSA-2015:0850
REDHAT - RHSA-2015:0851
REDHAT - RHSA-2015:1176
REDHAT - RHSA-2015:1177
SECTRACK - 1030812
SECUNIA - 60466
UBUNTU - USN-2769-1
XF - apache-cve20143577-spoofing(95327)

Vulnerable Software & Versions: (show all)

httpcore-4.3.2.jar

Description: HttpComponents Core (blocking I/O)

File Path: C:\Users\Dad\.m2\repository\org\apache\httpcomponents\httpcore\4.3.2\httpcore-4.3.2.jar
MD5: ee3d34dce4a30c7d3002cadf8c9172c1
SHA1: 31fbbff1ddbf98f3aa7377c94d33b0447c646b6e
Referenced In Project/Scope: fgsms Server Crash Alerter:compile

Evidence

Source	Name	Value
central	artifactid	httpcore
central	groupid	org.apache.httpcomponents
central	version	4.3.2
file	name	httpcore
file	version	4.3.2
Manifest	implementation-build	UNKNOWN_BRANCH@r??????; 2014-02-12 21:43:05+0100
Manifest	Implementation-Title	HttpComponents Apache HttpCore
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	4.3.2
Manifest	specification-title	HttpComponents Apache HttpCore
Manifest	specification-vendor	The Apache Software Foundation
Manifest	url	http://hc.apache.org/httpcomponents-core-ga
pom	artifactid	httpcore
pom	description	HttpComponents Core (blocking I/O)
pom	groupid	apache.httpcomponents
pom	groupid	org.apache.httpcomponents
pom	name	Apache HttpCore
pom	parent-artifactid	httpcomponents-core
pom	parent-groupid	org.apache.httpcomponents
pom	url	http://hc.apache.org/httpcomponents-core-ga
pom	version	4.3.2

Identifiers

maven: org.apache.httpcomponents:httpcore:4.3.2 Confidence:HIGHEST

juddi-client-3.3.3.jar

Description: jUDDI (pronounced "Judy") is an open source Java implementation of the Universal Description, Discovery, and Integration (UDDI) specification for Web Services.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Dad\.m2\repository\org\apache\juddi\juddi-client\3.3.3\juddi-client-3.3.3.jar
MD5: 97c5bdf27e8b2b177d0621f8476942fd
SHA1: 02956c0e30405af75c9866ccf1dba30697d19781
Referenced In Project/Scope: fgsms Server Crash Alerter:compile

Evidence

Source	Name	Value
central	artifactid	juddi-client
central	groupid	org.apache.juddi
central	version	3.3.3
file	name	juddi-client
file	version	3.3.3
manifest	Bundle-Description	jUDDI (pronounced "Judy") is an open source Java implementation of the Universal Description, Discovery, and Integration (UDDI) specification for Web Services.
Manifest	bundle-docurl	http://www.apache.org/
Manifest	Bundle-Name	jUDDI Client side Code
Manifest	bundle-symbolicname	org.apache.juddi.client
pom	artifactid	juddi-client
pom	groupid	apache.juddi
pom	groupid	org.apache.juddi
pom	name	jUDDI Client side Code
pom	parent-artifactid	juddi-parent
pom	parent-groupid	org.apache.juddi
pom	version	3.3.3

Identifiers

maven: org.apache.juddi:juddi-client:3.3.3 Confidence:HIGHEST

uddi-ws-3.3.3.jar

Description: jUDDI (pronounced "Judy") is an open source Java implementation of the Universal Description, Discovery, and Integration (UDDI) specification for Web Services.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Dad\.m2\repository\org\apache\juddi\uddi-ws\3.3.3\uddi-ws-3.3.3.jar
MD5: bb20c0b7902db12bc44154a7883ba79a
SHA1: ba7abcb195c7fe6048e734925fd29622b1959447
Referenced In Project/Scope: fgsms Server Crash Alerter:compile

Evidence

Source	Name	Value
central	artifactid	uddi-ws
central	groupid	org.apache.juddi
central	version	3.3.3
file	name	uddi-ws
file	version	3.3.3
manifest	Bundle-Description	jUDDI (pronounced "Judy") is an open source Java implementation of the Universal Description, Discovery, and Integration (UDDI) specification for Web Services.
Manifest	bundle-docurl	http://www.apache.org/
Manifest	Bundle-Name	UDDIv2 and v3 WS Stubs and Schema Bindings Generated from WSDL
Manifest	bundle-symbolicname	org.apache.juddi.uddi-ws
pom	artifactid	uddi-ws
pom	groupid	apache.juddi
pom	groupid	org.apache.juddi
pom	name	UDDIv2 and v3 WS Stubs and Schema Bindings Generated from WSDL
pom	parent-artifactid	juddi-parent
pom	parent-groupid	org.apache.juddi
pom	version	3.3.3

Identifiers

maven: org.apache.juddi:uddi-ws:3.3.3 Confidence:HIGHEST

wsdl4j-1.6.2.jar

Description: Java stub generator for WSDL

License:

CPL: http://www.opensource.org/licenses/cpl1.0.txt

File Path: C:\Users\Dad\.m2\repository\wsdl4j\wsdl4j\1.6.2\wsdl4j-1.6.2.jar
MD5: 2608a8ea3f07b0c08de8a7d3d0d3fc09
SHA1: dec1669fb6801b7328e01ad72fc9e10b69ea06c1
Referenced In Project/Scope: fgsms Server Crash Alerter:compile

Evidence

Source	Name	Value
central	artifactid	wsdl4j
central	groupid	wsdl4j
central	version	1.6.2
file	name	wsdl4j
file	version	1.6.2
Manifest	Implementation-Title	WSDL4J
Manifest	Implementation-Vendor	IBM
Manifest	specification-title	JWSDL
Manifest	specification-vendor	IBM (Java Community Process)
pom	artifactid	wsdl4j
pom	description	Java stub generator for WSDL
pom	groupid	wsdl4j
pom	name	WSDL4J
pom	url	http://sf.net/projects/wsdl4j
pom	version	1.6.2

Identifiers

maven: wsdl4j:wsdl4j:1.6.2 Confidence:HIGHEST

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: fgsms Server Crash Alerter

Dependencies

commons-codec-1.10.jar

Evidence

Identifiers

commons-collections-3.2.jar

Evidence

Identifiers

Published Vulnerabilities

commons-configuration-1.9.jar

Evidence

Identifiers

commons-daemon-1.0.15-bin-windows.zip: prunsrv.exe

Evidence

Identifiers

commons-daemon-1.0.15-bin-windows.zip: prunsrv.exe

Evidence

Identifiers

commons-daemon-1.0.15-bin-windows.zip: prunmgr.exe

Evidence

Identifiers

commons-daemon-1.0.15-bin-windows.zip: prunsrv.exe

Evidence

Identifiers

commons-lang-2.6.jar

Evidence

Identifiers

commons-logging-api-1.1.jar

Evidence

Identifiers

commons-logging-1.1.jar

Evidence

Identifiers

dnsjava-2.0.6.jar

Evidence

Identifiers

activation-1.1.jar

Evidence

Identifiers

mail-1.4.7.jar

Evidence

Identifiers

servlet-api-2.5.jar

Evidence

Identifiers

log4j-1.2.17.jar

Evidence

Identifiers

commons-lang3-3.5.jar

Evidence

Identifiers

httpclient-4.3.3.jar

Evidence

Identifiers

Published Vulnerabilities

httpcore-4.3.2.jar

Evidence

Identifiers

juddi-client-3.3.3.jar

Evidence

Identifiers

uddi-ws-3.3.3.jar

Evidence

Identifiers

wsdl4j-1.6.2.jar

Evidence

Identifiers