Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: fgsms UI Common

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE GAV Highest Severity CVE Count CPE Confidence Evidence Count
avalon-framework-4.1.3.jar avalon-framework:avalon-framework:4.1.3   0 12
batik-awt-util-1.6.jar cpe:/a:apache:batik:1.6 batik:batik-awt-util:1.6 Medium 1 LOW 16
batik-dom-1.6.jar cpe:/a:apache:batik:1.6 batik:batik-dom:1.6 Medium 1 LOW 15
batik-svggen-1.6.jar cpe:/a:apache:batik:1.6 batik:batik-svggen:1.6 Medium 1 LOW 15
batik-util-1.6.jar cpe:/a:apache:batik:1.6 batik:batik-util:1.6 Medium 1 LOW 15
batik-xml-1.6.jar cpe:/a:apache:batik:1.6 batik:batik-xml:1.6 Medium 1 LOW 15
cewolf-1.2.4-java7.jar cewolf:cewolf:1.2.4-java7   0 14
commons-codec-1.10.jar commons-codec:commons-codec:1.10   0 25
commons-collections-3.2.jar cpe:/a:apache:commons_collections:3.2.1 commons-collections:commons-collections:3.2 High 1 LOW 19
commons-configuration-1.9.jar commons-configuration:commons-configuration:1.9   0 24
commons-lang-2.6.jar commons-lang:commons-lang:2.6   0 23
commons-logging-api-1.1.jar commons-logging:commons-logging-api:1.1   0 19
commons-logging-1.1.jar commons-logging:commons-logging:1.1   0 19
dom4j-1.6.1.jar dom4j:dom4j:1.6.1   0 18
servlet-api-2.5.jar javax.servlet:servlet-api:2.5   0 11
log4j-1.2.17.jar log4j:log4j:1.2.17   0 18
logkit-1.0.1.jar logkit:logkit:1.0.1   0 11
commons-lang3-3.5.jar org.apache.commons:commons-lang3:3.5   0 27
httpclient-4.3.3.jar cpe:/a:apache:httpclient:4.3.3 org.apache.httpcomponents:httpclient:4.3.3 Medium 2 HIGHEST 22
httpcore-4.3.2.jar org.apache.httpcomponents:httpcore:4.3.2   0 22
juddi-client-3.3.3.jar org.apache.juddi:juddi-client:3.3.3   0 16
uddi-ws-3.3.3.jar org.apache.juddi:uddi-ws:3.3.3   0 16
jcommon-1.0.23.jar org.jfree:jcommon:1.0.23   0 15
jfreechart-1.0.19.jar org.jfree:jfreechart:1.0.19   0 15
wsdl4j-1.6.2.jar wsdl4j:wsdl4j:1.6.2   0 15
xml-apis-1.4.01.jar xml-apis:xml-apis:1.4.01   0 43

Dependencies

avalon-framework-4.1.3.jar

File Path: C:\Users\Dad\.m2\repository\avalon-framework\avalon-framework\4.1.3\avalon-framework-4.1.3.jar
MD5: bef9f9be8ba066273fdef72b3503a307
SHA1: 92315ee1c4a4c90bee05055713811f28f8509075
Referenced In Project/Scope: fgsms UI Common:compile

Identifiers

batik-awt-util-1.6.jar

Description: Batik AWT Utilities

File Path: C:\Users\Dad\.m2\repository\batik\batik-awt-util\1.6\batik-awt-util-1.6.jar
MD5: 04013947d519c13fd4d82355cb496552
SHA1: 590750cc8d6a1ba0189b437172b6444578d79c99
Referenced In Project/Scope: fgsms UI Common:compile

Identifiers

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

batik-dom-1.6.jar

Description: Batik DOM

File Path: C:\Users\Dad\.m2\repository\batik\batik-dom\1.6\batik-dom-1.6.jar
MD5: ce481d746c345a3d3046dab157c8468f
SHA1: 27983405f0871f28d3b9ab35b44e62610a60564a
Referenced In Project/Scope: fgsms UI Common:compile

Identifiers

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

batik-svggen-1.6.jar

Description: Batik SVG Generator

File Path: C:\Users\Dad\.m2\repository\batik\batik-svggen\1.6\batik-svggen-1.6.jar
MD5: 918e775580eb37b9d57ea37c79fc8610
SHA1: 983914d5e27957145e34b55ad7f48df96eb6d280
Referenced In Project/Scope: fgsms UI Common:compile

Identifiers

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

batik-util-1.6.jar

Description: Batik Utilities

File Path: C:\Users\Dad\.m2\repository\batik\batik-util\1.6\batik-util-1.6.jar
MD5: 4a137ce0ce2f8eb24823b55ebb26cb24
SHA1: 7bea0185bb630bca235ffa904b1a03e8a4786a45
Referenced In Project/Scope: fgsms UI Common:compile

Identifiers

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

batik-xml-1.6.jar

Description: Batik XML

File Path: C:\Users\Dad\.m2\repository\batik\batik-xml\1.6\batik-xml-1.6.jar
MD5: d4d0b431411f67662618f9b87dbcddab
SHA1: 4f2c18a0d41b8804e6fd24f183a567b41c928ed0
Referenced In Project/Scope: fgsms UI Common:compile

Identifiers

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

cewolf-1.2.4-java7.jar

Description:  Cewolf is a tag library for JfreeChart. JFreeChart is a class library, written in Java, for generating charts. Utilising the Java2D APIs, it currently supports bar charts, pie charts, line charts, XY-plots and time series plots.

License:

GNU Lesser General Public License version 2.1 (LGPLv2.1): http://www.gnu.org/licenses/lgpl-2.1.txt
File Path: C:\Users\Dad\.m2\repository\cewolf\cewolf\1.2.4-java7\cewolf-1.2.4-java7.jar
MD5: 52336ab381cc46d082b893873707e011
SHA1: ceec652622da825768aa19f960021548fa6d0768
Referenced In Project/Scope: fgsms UI Common:compile

Identifiers

commons-codec-1.10.jar

Description:  The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Dad\.m2\repository\commons-codec\commons-codec\1.10\commons-codec-1.10.jar
MD5: 353cf6a2bdba09595ccfa073b78c7fcb
SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8
Referenced In Project/Scope: fgsms UI Common:compile

Identifiers

commons-collections-3.2.jar

Description: Types that extend and augment the Java Collections Framework.

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: C:\Users\Dad\.m2\repository\commons-collections\commons-collections\3.2\commons-collections-3.2.jar
MD5: 7b9216b608d550787bdf43a63d88bf3b
SHA1: f951934aa5ae5a88d7e6dfaa6d32307d834a88be
Referenced In Project/Scope: fgsms UI Common:compile

Identifiers

CVE-2015-6420  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Vulnerable Software & Versions: (show all)

commons-configuration-1.9.jar

Description:  Tools to assist in the reading of configuration/preferences files in various formats

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Dad\.m2\repository\commons-configuration\commons-configuration\1.9\commons-configuration-1.9.jar
MD5: a433303bae1cd9ec6313fe7bbac8fbe9
SHA1: 5e8a4890284cf7eaa9241ace2cc07518d9519d22
Referenced In Project/Scope: fgsms UI Common:compile

Identifiers

commons-lang-2.6.jar

Description:  Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Dad\.m2\repository\commons-lang\commons-lang\2.6\commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
Referenced In Project/Scope: fgsms UI Common:compile

Identifiers

commons-logging-api-1.1.jar

Description: Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: C:\Users\Dad\.m2\repository\commons-logging\commons-logging-api\1.1\commons-logging-api-1.1.jar
MD5: 4374238076ab08e60e0d296234480837
SHA1: 7d4cf5231d46c8524f9b9ed75bb2d1c69ab93322
Referenced In Project/Scope: fgsms UI Common:compile

Identifiers

commons-logging-1.1.jar

Description: Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: C:\Users\Dad\.m2\repository\commons-logging\commons-logging\1.1\commons-logging-1.1.jar
MD5: 6b62417e77b000a87de66ee3935edbf5
SHA1: ba24d5de831911b684c92cd289ed5ff826271824
Referenced In Project/Scope: fgsms UI Common:compile

Identifiers

dom4j-1.6.1.jar

Description: dom4j: the flexible XML framework for Java

License:

dom4j: http://repository.jboss.org/licenses/dom4j.txt
File Path: C:\Users\Dad\.m2\repository\dom4j\dom4j\1.6.1\dom4j-1.6.1.jar
MD5: 4d8f51d3fe3900efc6e395be48030d6d
SHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94
Referenced In Project/Scope: fgsms UI Common:compile

Identifiers

servlet-api-2.5.jar

File Path: C:\Users\Dad\.m2\repository\javax\servlet\servlet-api\2.5\servlet-api-2.5.jar
MD5: 116fc16f3f700d756a57a2b8ea7c1044
SHA1: e69999122202bb1c275a80ad3281c4f69f2ea0b2
Referenced In Project/Scope: fgsms UI Common:provided

Identifiers

  • maven: javax.servlet:servlet-api:2.5   Confidence:HIGH

log4j-1.2.17.jar

Description: Apache Log4j 1.2

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Dad\.m2\repository\log4j\log4j\1.2.17\log4j-1.2.17.jar
MD5: 04a41f0a068986f0f73485cf507c0f40
SHA1: 5af35056b4d257e4b64b9e8069c0746e8b08629f
Referenced In Project/Scope: fgsms UI Common:compile

Identifiers

logkit-1.0.1.jar

File Path: C:\Users\Dad\.m2\repository\logkit\logkit\1.0.1\logkit-1.0.1.jar
MD5: 32240100a5c15d53f00392fae4b0aab7
SHA1: aaf5649b523c5ffc925e746074979150bb74bfdc
Referenced In Project/Scope: fgsms UI Common:compile

Identifiers

commons-lang3-3.5.jar

Description:  Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Dad\.m2\repository\org\apache\commons\commons-lang3\3.5\commons-lang3-3.5.jar
MD5: 780b5a8b72eebe6d0dbff1c11b5658fa
SHA1: 6c6c702c89bfff3cd9e80b04d668c5e190d588c6
Referenced In Project/Scope: fgsms UI Common:compile

Identifiers

httpclient-4.3.3.jar

Description:  HttpComponents Client

File Path: C:\Users\Dad\.m2\repository\org\apache\httpcomponents\httpclient\4.3.3\httpclient-4.3.3.jar
MD5: 88cc3123fce88d61b7c2cdbfc33542c5
SHA1: 18f4247ff4572a074444572cee34647c43e7c9c7
Referenced In Project/Scope: fgsms UI Common:compile

Identifiers

CVE-2015-5262  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.

Vulnerable Software & Versions:

CVE-2014-3577  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.

Vulnerable Software & Versions: (show all)

httpcore-4.3.2.jar

Description:  HttpComponents Core (blocking I/O)

File Path: C:\Users\Dad\.m2\repository\org\apache\httpcomponents\httpcore\4.3.2\httpcore-4.3.2.jar
MD5: ee3d34dce4a30c7d3002cadf8c9172c1
SHA1: 31fbbff1ddbf98f3aa7377c94d33b0447c646b6e
Referenced In Project/Scope: fgsms UI Common:compile

Identifiers

juddi-client-3.3.3.jar

Description: jUDDI (pronounced "Judy") is an open source Java implementation of the Universal Description, Discovery, and Integration (UDDI) specification for Web Services.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Dad\.m2\repository\org\apache\juddi\juddi-client\3.3.3\juddi-client-3.3.3.jar
MD5: 97c5bdf27e8b2b177d0621f8476942fd
SHA1: 02956c0e30405af75c9866ccf1dba30697d19781
Referenced In Project/Scope: fgsms UI Common:compile

Identifiers

uddi-ws-3.3.3.jar

Description: jUDDI (pronounced "Judy") is an open source Java implementation of the Universal Description, Discovery, and Integration (UDDI) specification for Web Services.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Dad\.m2\repository\org\apache\juddi\uddi-ws\3.3.3\uddi-ws-3.3.3.jar
MD5: bb20c0b7902db12bc44154a7883ba79a
SHA1: ba7abcb195c7fe6048e734925fd29622b1959447
Referenced In Project/Scope: fgsms UI Common:compile

Identifiers

jcommon-1.0.23.jar

Description:  JCommon is a free general purpose Java class library that is used in several projects at www.jfree.org, including JFreeChart and JFreeReport.

License:

GNU Lesser General Public Licence: http://www.gnu.org/licenses/lgpl.txt
File Path: C:\Users\Dad\.m2\repository\org\jfree\jcommon\1.0.23\jcommon-1.0.23.jar
MD5: 1b059adc60fef2da40b7130f9a67f977
SHA1: a316f336ca996e0c6bec4e4fbd49be8f5e1c3968
Referenced In Project/Scope: fgsms UI Common:compile

Identifiers

jfreechart-1.0.19.jar

Description:  JFreeChart is a class library, written in Java, for generating charts. Utilising the Java2D APIs, it currently supports bar charts, pie charts, line charts, XY-plots and time series plots.

License:

GNU Lesser General Public Licence: http://www.gnu.org/licenses/lgpl.txt
File Path: C:\Users\Dad\.m2\repository\org\jfree\jfreechart\1.0.19\jfreechart-1.0.19.jar
MD5: 4ff3762bd04a7239cfb98de542134bec
SHA1: ba9ee7dbb2e4c57a6901c79f614ed2dea9cc0e20
Referenced In Project/Scope: fgsms UI Common:compile

Identifiers

wsdl4j-1.6.2.jar

Description: Java stub generator for WSDL

License:

CPL: http://www.opensource.org/licenses/cpl1.0.txt
File Path: C:\Users\Dad\.m2\repository\wsdl4j\wsdl4j\1.6.2\wsdl4j-1.6.2.jar
MD5: 2608a8ea3f07b0c08de8a7d3d0d3fc09
SHA1: dec1669fb6801b7328e01ad72fc9e10b69ea06c1
Referenced In Project/Scope: fgsms UI Common:compile

Identifiers

xml-apis-1.4.01.jar

Description: xml-commons provides an Apache-hosted set of DOM, SAX, and JAXP interfaces for use in other xml-based projects. Our hope is that we can standardize on both a common version and packaging scheme for these critical XML standards interfaces to make the lives of both our developers and users easier. The External Components portion of xml-commons contains interfaces that are defined by external standards organizations. For DOM, that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for JAXP it's Sun.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
The SAX License: http://www.saxproject.org/copying.html
The W3C License: http://www.w3.org/TR/2004/REC-DOM-Level-3-Core-20040407/java-binding.zip
File Path: C:\Users\Dad\.m2\repository\xml-apis\xml-apis\1.4.01\xml-apis-1.4.01.jar
MD5: 7eaad6fea5925cca6c36ee8b3e02ac9d
SHA1: 3789d9fada2d3d458c4ba2de349d48780f381ee3
Referenced In Project/Scope: fgsms UI Common:compile

Identifiers



This report contains data retrieved from the National Vulnerability Database.