Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: fgsms Status (Bueller) Agent

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE GAV Highest Severity CVE Count CPE Confidence Evidence Count
avalon-framework-4.1.3.jar avalon-framework:avalon-framework:4.1.3   0 12
commons-codec-1.10.jar commons-codec:commons-codec:1.10   0 25
commons-logging-1.1.jar commons-logging:commons-logging:1.1   0 19
geronimo-spec-j2ee-connector-1.5-rc4.jar cpe:/a:apache:geronimo:1.5.rc4 geronimo-spec:geronimo-spec-j2ee-connector:1.5-rc4 High 2 LOW 14
activation-1.1.jar javax.activation:activation:1.1   0 17
mail-1.4.7.jar cpe:/a:sun:javamail:1.4.7 javax.mail:mail:1.4.7   0 LOW 26
servlet-api-2.5.jar javax.servlet:servlet-api:2.5   0 11
log4j-1.2.17.jar log4j:log4j:1.2.17   0 18
logkit-1.0.1.jar logkit:logkit:1.0.1   0 11
commons-lang3-3.5.jar org.apache.commons:commons-lang3:3.5   0 27
geronimo-j2ee_1.4_spec-1.1.jar org.apache.geronimo.specs:geronimo-j2ee_1.4_spec:1.1   0 8
httpclient-4.3.3.jar cpe:/a:apache:httpclient:4.3.3 org.apache.httpcomponents:httpclient:4.3.3 Medium 2 HIGHEST 22
httpcore-4.3.2.jar org.apache.httpcomponents:httpcore:4.3.2   0 22
qpid-client-6.0.0.jar cpe:/a:apache:qpid:6.0.0 org.apache.qpid:qpid-client:6.0.0   0 LOW 19
slf4j-api-1.7.7.jar org.slf4j:slf4j-api:1.7.7   0 20

Dependencies

avalon-framework-4.1.3.jar

File Path: C:\Users\Dad\.m2\repository\avalon-framework\avalon-framework\4.1.3\avalon-framework-4.1.3.jar
MD5: bef9f9be8ba066273fdef72b3503a307
SHA1: 92315ee1c4a4c90bee05055713811f28f8509075
Referenced In Project/Scope: fgsms Status (Bueller) Agent:compile

Identifiers

commons-codec-1.10.jar

Description:  The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Dad\.m2\repository\commons-codec\commons-codec\1.10\commons-codec-1.10.jar
MD5: 353cf6a2bdba09595ccfa073b78c7fcb
SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8
Referenced In Project/Scope: fgsms Status (Bueller) Agent:compile

Identifiers

commons-logging-1.1.jar

Description: Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: C:\Users\Dad\.m2\repository\commons-logging\commons-logging\1.1\commons-logging-1.1.jar
MD5: 6b62417e77b000a87de66ee3935edbf5
SHA1: ba24d5de831911b684c92cd289ed5ff826271824
Referenced In Project/Scope: fgsms Status (Bueller) Agent:compile

Identifiers

geronimo-spec-j2ee-connector-1.5-rc4.jar

File Path: C:\Users\Dad\.m2\repository\geronimo-spec\geronimo-spec-j2ee-connector\1.5-rc4\geronimo-spec-j2ee-connector-1.5-rc4.jar
MD5: 6a2ccbc1d0af6329c00b2089ae1a31d7
SHA1: 2f5310631817f11c5b170d3a0084a58766d49269
Referenced In Project/Scope: fgsms Status (Bueller) Agent:compile

Identifiers

CVE-2011-5034  

Severity: High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-20 Improper Input Validation

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.

Vulnerable Software & Versions: (show all)

CVE-2008-0732  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.

Vulnerable Software & Versions:

activation-1.1.jar

Description:  JavaBeans Activation Framework (JAF) is a standard extension to the Java platform that lets you take advantage of standard services to: determine the type of an arbitrary piece of data; encapsulate access to it; discover the operations available on it; and instantiate the appropriate bean to perform the operation(s).

License:

Common Development and Distribution License (CDDL) v1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: C:\Users\Dad\.m2\repository\javax\activation\activation\1.1\activation-1.1.jar
MD5: 8ae38e87cd4f86059c0294a8fe3e0b18
SHA1: e6cb541461c2834bdea3eb920f1884d1eb508b50
Referenced In Project/Scope: fgsms Status (Bueller) Agent:compile

Identifiers

mail-1.4.7.jar

Description: JavaMail API (compat)

License:

http://www.sun.com/cddl, https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: C:\Users\Dad\.m2\repository\javax\mail\mail\1.4.7\mail-1.4.7.jar
MD5: 77f53ff0c78ba43c4812ecc9f53e20f8
SHA1: 9add058589d5d85adeb625859bf2c5eeaaedf12d
Referenced In Project/Scope: fgsms Status (Bueller) Agent:compile

Identifiers

servlet-api-2.5.jar

File Path: C:\Users\Dad\.m2\repository\javax\servlet\servlet-api\2.5\servlet-api-2.5.jar
MD5: 116fc16f3f700d756a57a2b8ea7c1044
SHA1: e69999122202bb1c275a80ad3281c4f69f2ea0b2
Referenced In Project/Scope: fgsms Status (Bueller) Agent:compile

Identifiers

  • maven: javax.servlet:servlet-api:2.5   Confidence:HIGH

log4j-1.2.17.jar

Description: Apache Log4j 1.2

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Dad\.m2\repository\log4j\log4j\1.2.17\log4j-1.2.17.jar
MD5: 04a41f0a068986f0f73485cf507c0f40
SHA1: 5af35056b4d257e4b64b9e8069c0746e8b08629f
Referenced In Project/Scope: fgsms Status (Bueller) Agent:compile

Identifiers

logkit-1.0.1.jar

File Path: C:\Users\Dad\.m2\repository\logkit\logkit\1.0.1\logkit-1.0.1.jar
MD5: 32240100a5c15d53f00392fae4b0aab7
SHA1: aaf5649b523c5ffc925e746074979150bb74bfdc
Referenced In Project/Scope: fgsms Status (Bueller) Agent:compile

Identifiers

commons-lang3-3.5.jar

Description:  Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Dad\.m2\repository\org\apache\commons\commons-lang3\3.5\commons-lang3-3.5.jar
MD5: 780b5a8b72eebe6d0dbff1c11b5658fa
SHA1: 6c6c702c89bfff3cd9e80b04d668c5e190d588c6
Referenced In Project/Scope: fgsms Status (Bueller) Agent:compile

Identifiers

geronimo-j2ee_1.4_spec-1.1.jar

File Path: C:\Users\Dad\.m2\repository\org\apache\geronimo\specs\geronimo-j2ee_1.4_spec\1.1\geronimo-j2ee_1.4_spec-1.1.jar
MD5: e543bc5784a12d37bdac8eafa49164d6
SHA1: eca7ea0d0683f270bc7e67bb4d7714835962f16c
Referenced In Project/Scope: fgsms Status (Bueller) Agent:compile

Identifiers

httpclient-4.3.3.jar

Description:  HttpComponents Client

File Path: C:\Users\Dad\.m2\repository\org\apache\httpcomponents\httpclient\4.3.3\httpclient-4.3.3.jar
MD5: 88cc3123fce88d61b7c2cdbfc33542c5
SHA1: 18f4247ff4572a074444572cee34647c43e7c9c7
Referenced In Project/Scope: fgsms Status (Bueller) Agent:compile

Identifiers

CVE-2015-5262  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.

Vulnerable Software & Versions:

CVE-2014-3577  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.

Vulnerable Software & Versions: (show all)

httpcore-4.3.2.jar

Description:  HttpComponents Core (blocking I/O)

File Path: C:\Users\Dad\.m2\repository\org\apache\httpcomponents\httpcore\4.3.2\httpcore-4.3.2.jar
MD5: ee3d34dce4a30c7d3002cadf8c9172c1
SHA1: 31fbbff1ddbf98f3aa7377c94d33b0447c646b6e
Referenced In Project/Scope: fgsms Status (Bueller) Agent:compile

Identifiers

qpid-client-6.0.0.jar

Description: JMS client supporting AMQP 0-8, 0-9, 0-9-1 and 0-10.

File Path: C:\Users\Dad\.m2\repository\org\apache\qpid\qpid-client\6.0.0\qpid-client-6.0.0.jar
MD5: 244a004182de831f2ff3774dbac2741f
SHA1: 0a4c3e81e2c4777bf3d50c293391831a5dd1acf9
Referenced In Project/Scope: fgsms Status (Bueller) Agent:compile

Identifiers

slf4j-api-1.7.7.jar

Description: The slf4j API

File Path: C:\Users\Dad\.m2\repository\org\slf4j\slf4j-api\1.7.7\slf4j-api-1.7.7.jar
MD5: ca4280bf93d64367723ae5c8d42dd0b9
SHA1: 2b8019b6249bb05d81d3a3094e468753e2b21311
Referenced In Project/Scope: fgsms Status (Bueller) Agent:compile

Identifiers



This report contains data retrieved from the National Vulnerability Database.