Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

Project: root project 'ofbiz'

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
asciidoctorj-pdf-1.5.0-alpha.16.jarpkg:maven/org.asciidoctor/asciidoctorj-pdf@1.5.0-alpha.16 012
asciidoctorj-groovy-dsl-1.6.0.jarpkg:maven/org.asciidoctor/asciidoctorj-groovy-dsl@1.6.0 020
asciidoctorj-1.6.2.jarcpe:2.3:a:asciidoctor:asciidoctor:1.6.2:*:*:*:*:*:*:*pkg:maven/org.asciidoctor/asciidoctorj@1.6.2 0Low16
jruby-complete-9.2.7.0.jarcpe:2.3:a:jruby:jruby:9.2.7.0:*:*:*:*:*:*:*pkg:maven/org.jruby/jruby-complete@9.2.7.0 0Highest34
asciidoctorj-api-1.6.2.jarcpe:2.3:a:asciidoctor:asciidoctor:1.6.2:*:*:*:*:*:*:*pkg:maven/org.asciidoctor/asciidoctorj-api@1.6.2 0Low16
jcommander-1.35.jarpkg:maven/com.beust/jcommander@1.35 022
groovy-2.4.15.jarcpe:2.3:a:apache:groovy:2.4.15:*:*:*:*:*:*:*pkg:maven/org.codehaus.groovy/groovy@2.4.15 0Highest29
xercesImpl-2.9.1.jarpkg:maven/apache-xerces/xercesImpl@2.9.10.0162
core-3.4.0.jarpkg:maven/com.google.zxing/core@3.4.0 035
concurrentlinkedhashmap-lru-1.4.2.jarpkg:maven/com.googlecode.concurrentlinkedhashmap/concurrentlinkedhashmap-lru@1.4.2 025
ez-vcard-0.9.10.jarpkg:maven/com.googlecode.ez-vcard/ez-vcard@0.9.10MEDIUM129
owasp-java-html-sanitizer-20180219.1.jarcpe:2.3:a:owasp-java-html-sanitizer_project:owasp-java-html-sanitizer:20180219.1:*:*:*:*:*:*:*pkg:maven/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer@20180219.1 0Highest24
libphonenumber-8.10.16.jarpkg:maven/com.googlecode.libphonenumber/libphonenumber@8.10.16 026
icu4j-64.2.jarpkg:maven/com.ibm.icu/icu4j@64.2 026
itext-2.1.7.jarpkg:maven/com.lowagie/itext@2.1.7 012
javax.mail-1.6.2.jarpkg:maven/com.sun.mail/javax.mail@1.6.2 049
com.springsource.com.sun.syndication-0.9.0.jarpkg:maven/com.sun.syndication/com.springsource.com.sun.syndication@0.9.0 028
xstream-1.4.11.1.jarcpe:2.3:a:xstream_project:xstream:1.4.11.1:*:*:*:*:*:*:*pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 0Highest61
solr-core-8.2.0.jarpkg:maven/org.apache.solr/solr-core@8.2.0 023
viewservlets-4.5.0.jarcpe:2.3:a:eclipse:birt:4.5.0:*:*:*:*:*:*:*pkg:maven/org.eclipse.birt.runtime/viewservlets@4.5.0 0Low12
org.eclipse.birt.runtime-4.4.1.jarcpe:2.3:a:eclipse:birt:4.4.1:*:*:*:*:*:*:*pkg:maven/org.eclipse.birt.runtime/org.eclipse.birt.runtime@4.4.1 0Low20
commons-cli-1.4.jarpkg:maven/commons-cli/commons-cli@1.4 043
axis2-kernel-1.7.9.jarcpe:2.3:a:apache:axis2:1.7.9:*:*:*:*:*:*:*pkg:maven/org.apache.axis2/axis2-kernel@1.7.9 0Highest35
esapi-2.2.0.0.jarcpe:2.3:a:owasp:enterprise_security_api:2.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:security-framework_project:security-framework:2.2.0.0:*:*:*:*:*:*:*		pkg:maven/org.owasp.esapi/esapi@2.2.0.0 0Low31
commons-fileupload-1.4.jarcpe:2.3:a:apache:commons_fileupload:1.4:*:*:*:*:*:*:*pkg:maven/commons-fileupload/commons-fileupload@1.4 0Highest43
commons-net-3.6.jarpkg:maven/commons-net/commons-net@3.6 059
commons-validator-1.6.jarpkg:maven/commons-validator/commons-validator@1.6 043
juel-impl-2.2.7.jarpkg:maven/de.odysseus.juel/juel-impl@2.2.7 026
javax.el-api-3.0.1-b06.jarpkg:maven/javax.el/javax.el-api@3.0.1-b06 039
javax.servlet-api-4.0.1.jarpkg:maven/javax.servlet/javax.servlet-api@4.0.1 039
javax.servlet.jsp-api-2.3.3.jarcpe:2.3:a:oracle:jsp:2.3.3:*:*:*:*:*:*:*pkg:maven/javax.servlet.jsp/javax.servlet.jsp-api@2.3.3 0High42
ical4j-1.0-rc3-atlassian-11.jarpkg:maven/net.fortuna.ical4j/ical4j@1.0-rc3-atlassian-11 026
ant-junit-1.10.6.jarpkg:maven/org.apache.ant/ant-junit@1.10.6 021
tika-parsers-1.22.jarcpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*pkg:maven/org.apache.tika/tika-parsers@1.22 0Highest45
poi-excelant-4.1.0.jarcpe:2.3:a:apache:poi:4.1.0:*:*:*:*:*:*:*pkg:maven/org.apache.poi/poi-excelant@4.1.0 0Highest21
poi-ooxml-4.1.0.jarcpe:2.3:a:apache:poi:4.1.0:*:*:*:*:*:*:*pkg:maven/org.apache.poi/poi-ooxml@4.1.0 0Highest19
poi-scratchpad-4.1.0.jarcpe:2.3:a:apache:poi:4.1.0:*:*:*:*:*:*:*pkg:maven/org.apache.poi/poi-scratchpad@4.1.0 0Highest18
poi-4.1.0.jarcpe:2.3:a:apache:poi:4.1.0:*:*:*:*:*:*:*pkg:maven/org.apache.poi/poi@4.1.0 0Highest18
commons-collections4-4.4.jarcpe:2.3:a:apache:commons_collections:4.4:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-collections4@4.4 0Highest43
commons-csv-1.7.jarpkg:maven/org.apache.commons/commons-csv@1.7 043
commons-dbcp2-2.7.0.jarpkg:maven/org.apache.commons/commons-dbcp2@2.7.0 044
commons-text-1.7.jarpkg:maven/org.apache.commons/commons-text@1.7 043
geronimo-transaction-3.1.4.jarpkg:maven/org.apache.geronimo.components/geronimo-transaction@3.1.4 035
geronimo-jms_1.1_spec-1.1.1.jarpkg:maven/org.apache.geronimo.specs/geronimo-jms_1.1_spec@1.1.1 027
httpclient-cache-4.5.9.jarcpe:2.3:a:apache:httpclient:4.5.9:*:*:*:*:*:*:*pkg:maven/org.apache.httpcomponents/httpclient-cache@4.5.9 0Highest36
log4j-1.2-api-2.11.2.jarcpe:2.3:a:apache:log4j:2.11.2:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.11.2 0Highest34
log4j-web-2.11.2.jarcpe:2.3:a:apache:log4j:2.11.2:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-web@2.11.2 0Highest48
log4j-core-2.11.2.jarcpe:2.3:a:apache:log4j:2.11.2:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-core@2.11.2 0Highest52
log4j-slf4j-impl-2.11.2.jarcpe:2.3:a:apache:log4j:2.11.2:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.11.2 0Highest46
log4j-api-2.12.1.jarcpe:2.3:a:apache:log4j:2.12.1:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-api@2.12.1 0Highest48
shiro-core-1.4.1.jarcpe:2.3:a:apache:shiro:1.4.1:*:*:*:*:*:*:*pkg:maven/org.apache.shiro/shiro-core@1.4.1 0Highest38
sshd-core-1.7.0.jarcpe:2.3:a:apache:mina:1.7.0:*:*:*:*:*:*:*pkg:maven/org.apache.sshd/sshd-core@1.7.0 0Low38
tika-core-1.22.jarcpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*pkg:maven/org.apache.tika/tika-core@1.22 0Highest46
tomcat-catalina-ha-9.0.22.jarcpe:2.3:a:apache:tomcat:9.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache_software_foundation:tomcat:9.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.22:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat/tomcat-catalina-ha@9.0.22HIGH1Highest30
tomcat-catalina-9.0.22.jarcpe:2.3:a:apache:tomcat:9.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache_software_foundation:tomcat:9.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.22:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.22HIGH1Highest30
tomcat-jasper-9.0.22.jarcpe:2.3:a:apache:tomcat:9.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache_software_foundation:tomcat:9.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.22:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat/tomcat-jasper@9.0.22HIGH1Highest30
tomcat-tribes-9.0.22.jarcpe:2.3:a:apache:tomcat:9.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache_software_foundation:tomcat:9.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.22:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat/tomcat-tribes@9.0.22HIGH1Highest30
fop-2.3.jarpkg:maven/org.apache.xmlgraphics/fop@2.3 020
xmlrpc-client-3.1.3.jarcpe:2.3:a:apache:xml-rpc:3.1.3:*:*:*:*:*:*:*pkg:maven/org.apache.xmlrpc/xmlrpc-client@3.1.3HIGH1Highest30
xmlrpc-server-3.1.3.jarcpe:2.3:a:apache:xml-rpc:3.1.3:*:*:*:*:*:*:*pkg:maven/org.apache.xmlrpc/xmlrpc-server@3.1.3HIGH1Highest30
groovy-all-2.4.16.jarcpe:2.3:a:apache:groovy:2.4.16:*:*:*:*:*:*:*pkg:maven/org.codehaus.groovy/groovy-all@2.4.16 0Highest29
freemarker-2.3.29.jarpkg:maven/org.freemarker/freemarker@2.3.29 026
spring-test-5.1.9.RELEASE.jarcpe:2.3:a:pivotal_software:spring_framework:5.1.9:*:*:*:*:*:*:*pkg:maven/org.springframework/spring-test@5.1.9.RELEASE 0Low19
jackson-databind-java-optional-2.6.1.jarpkg:maven/org.zapodot/jackson-databind-java-optional@2.6.1 025
oro-2.0.8.jarpkg:maven/oro/oro@2.0.8 019
wsdl4j-1.6.3.jarpkg:maven/wsdl4j/wsdl4j@1.6.3 016
jsoup-1.12.1.jarcpe:2.3:a:jsoup:jsoup:1.12.1:*:*:*:*:*:*:*pkg:maven/org.jsoup/jsoup@1.12.1 0Highest33
java-jwt-3.8.2.jarpkg:maven/com.auth0/java-jwt@3.8.2 011
jackson-databind-2.9.9.1.jarcpe:2.3:a:fasterxml:jackson:2.9.9.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.9.1:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.9.1CRITICAL6Highest44
jackson-core-2.9.9.jarcpe:2.3:a:fasterxml:jackson:2.9.9:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.9 0Highest49
netcdf4-4.5.5.jarpkg:maven/edu.ucar/netcdf4@4.5.5 027
grib-4.5.5.jarpkg:maven/edu.ucar/grib@4.5.5 031
cdm-4.5.5.jarpkg:maven/edu.ucar/cdm@4.5.5 030
guava-28.0-jre.jarcpe:2.3:a:google:guava:28.0:*:*:*:*:*:*:*pkg:maven/com.google.guava/guava@28.0-jre 0Highest29
bcmail-jdk14-138.jarpkg:maven/bouncycastle/bcmail-jdk14@138 016
bcprov-jdk14-138.jarcpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.38:*:*:*:*:*:*:*pkg:maven/bouncycastle/bcprov-jdk14@138CRITICAL13High17
cas-server-core-3.3.5.jarpkg:maven/org.jasig.cas/cas-server-core@3.3.5 027
person-directory-impl-1.5.0-RC5.jarpkg:maven/org.jasig.service/person-directory-impl@1.5.0-RC5 024
jaxb-impl-2.1.9.jarpkg:maven/com.sun.xml.bind/jaxb-impl@2.1.9 027
jaxb-api-2.1.jarpkg:maven/javax.xml.bind/jaxb-api@2.1 023
activation-1.1.jarpkg:maven/javax.activation/activation@1.1 021
com.springsource.org.jdom-1.0.0.jarpkg:maven/org.jdom/com.springsource.org.jdom@1.0.0 014
xmlpull-1.1.3.1.jarpkg:maven/xmlpull/xmlpull@1.1.3.1 010
xpp3_min-1.1.4c.jarpkg:maven/xpp3/xpp3_min@1.1.4c 010
batik-transcoder-1.10.jarcpe:2.3:a:apache:batik:1.10:*:*:*:*:*:*:*pkg:maven/org.apache.xmlgraphics/batik-transcoder@1.10 0Highest26
batik-extension-1.10.jarcpe:2.3:a:apache:batik:1.10:*:*:*:*:*:*:*pkg:maven/org.apache.xmlgraphics/batik-extension@1.10 0Highest27
batik-bridge-1.10.jarcpe:2.3:a:apache:batik:1.10:*:*:*:*:*:*:*pkg:maven/org.apache.xmlgraphics/batik-bridge@1.10 0Highest26
batik-script-1.10.jarcpe:2.3:a:apache:batik:1.10:*:*:*:*:*:*:*pkg:maven/org.apache.xmlgraphics/batik-script@1.10 0Highest26
batik-anim-1.10.jarcpe:2.3:a:apache:batik:1.10:*:*:*:*:*:*:*pkg:maven/org.apache.xmlgraphics/batik-anim@1.10 0Highest27
batik-svg-dom-1.10.jarcpe:2.3:a:apache:batik:1.10:*:*:*:*:*:*:*pkg:maven/org.apache.xmlgraphics/batik-svg-dom@1.10 0Highest29
batik-gvt-1.10.jarcpe:2.3:a:apache:batik:1.10:*:*:*:*:*:*:*pkg:maven/org.apache.xmlgraphics/batik-gvt@1.10 0Highest26
batik-parser-1.10.jarcpe:2.3:a:apache:batik:1.10:*:*:*:*:*:*:*pkg:maven/org.apache.xmlgraphics/batik-parser@1.10 0Highest26
batik-svggen-1.10.jarcpe:2.3:a:apache:batik:1.10:*:*:*:*:*:*:*pkg:maven/org.apache.xmlgraphics/batik-svggen@1.10 0Highest26
batik-awt-util-1.10.jarcpe:2.3:a:apache:batik:1.10:*:*:*:*:*:*:*pkg:maven/org.apache.xmlgraphics/batik-awt-util@1.10 0Highest27
antisamy-1.5.8.jarcpe:2.3:a:antisamy_project:antisamy:1.5.8:*:*:*:*:*:*:*pkg:maven/org.owasp.antisamy/antisamy@1.5.8 0Highest26
batik-dom-1.10.jarcpe:2.3:a:apache:batik:1.10:*:*:*:*:*:*:*pkg:maven/org.apache.xmlgraphics/batik-dom@1.10 0Highest26
batik-css-1.11.jarcpe:2.3:a:apache:batik:1.11:*:*:*:*:*:*:*pkg:maven/org.apache.xmlgraphics/batik-css@1.11 0Highest29
xmlgraphics-commons-2.3.jarpkg:maven/org.apache.xmlgraphics/xmlgraphics-commons@2.3 014
commons-io-2.6.jarpkg:maven/commons-io/commons-io@2.6 043
shiro-config-ogdl-1.4.1.jarcpe:2.3:a:apache:shiro:1.4.1:*:*:*:*:*:*:*pkg:maven/org.apache.shiro/shiro-config-ogdl@1.4.1 0Highest39
commons-beanutils-1.9.3.jarcpe:2.3:a:apache:commons_beanutils:1.9.3:*:*:*:*:*:*:*pkg:maven/commons-beanutils/commons-beanutils@1.9.3HIGH1Highest44
commons-digester-1.8.1.jarpkg:maven/commons-digester/commons-digester@1.8.1 040
axiom-api-1.2.21.jarpkg:maven/org.apache.ws.commons.axiom/axiom-api@1.2.21 039
woden-core-1.0M10.jarpkg:maven/org.apache.woden/woden-core@1.0M10 031
httpservices-4.5.5.jarpkg:maven/edu.ucar/httpservices@4.5.5 027
httpmime-4.5.9.jarpkg:maven/org.apache.httpcomponents/httpmime@4.5.9 034
httpclient-4.5.9.jarcpe:2.3:a:apache:httpclient:4.5.9:*:*:*:*:*:*:*pkg:maven/org.apache.httpcomponents/httpclient@4.5.9 0Highest36
pdfbox-2.0.16.jarcpe:2.3:a:apache:pdfbox:2.0.16:*:*:*:*:*:*:*pkg:maven/org.apache.pdfbox/pdfbox@2.0.16 0Highest37
fontbox-2.0.16.jarpkg:maven/org.apache.pdfbox/fontbox@2.0.16 037
commons-discovery-0.5.jarpkg:maven/commons-discovery/commons-discovery@0.5 038
spring-orm-2.5.6.SEC01.jarcpe:2.3:a:pivotal_software:spring_framework:2.5.6.sec01:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.5.6.sec01:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_framework:2.5.6.sec01:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-orm@2.5.6.SEC01CRITICAL8Highest21
spring-jdbc-2.5.6.SEC01.jarcpe:2.3:a:pivotal_software:spring_framework:2.5.6.sec01:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.5.6.sec01:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_framework:2.5.6.sec01:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-jdbc@2.5.6.SEC01CRITICAL8Highest21
spring-webmvc-2.5.6.SEC01.jarcpe:2.3:a:pivotal_software:spring_framework:2.5.6.sec01:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.5.6.sec01:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_framework:2.5.6.sec01:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-webmvc@2.5.6.SEC01CRITICAL8Highest25
hibernate-annotations-3.3.1.GA.jarpkg:maven/org.hibernate/hibernate-annotations@3.3.1.GA 019
inspektr-core-0.7.0.jarpkg:maven/org.inspektr/inspektr-core@0.7.0 022
spring-webflow-1.0.6.jarpkg:maven/org.springframework/spring-webflow@1.0.6 013
spring-tx-2.5.6.SEC01.jarcpe:2.3:a:pivotal_software:spring_framework:2.5.6.sec01:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.5.6.sec01:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_framework:2.5.6.sec01:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-tx@2.5.6.SEC01CRITICAL8Highest21
spring-context-support-2.5.6.SEC01.jarcpe:2.3:a:pivotal_software:spring_framework:2.5.6.sec01:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.5.6.sec01:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_framework:2.5.6.sec01:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-context-support@2.5.6.SEC01CRITICAL8Highest17
spring-web-2.5.6.SEC01.jarcpe:2.3:a:pivotal_software:spring_framework:2.5.6.sec01:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.5.6.sec01:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_framework:2.5.6.sec01:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-web@2.5.6.SEC01CRITICAL8Highest21
spring-context-2.5.6.SEC01.jarcpe:2.3:a:pivotal_software:spring_framework:2.5.6.sec01:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.5.6.sec01:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_framework:2.5.6.sec01:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-context@2.5.6.SEC01CRITICAL8Highest19
spring-beans-2.5.6.jarcpe:2.3:a:pivotal_software:spring_framework:2.5.6:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:2.5.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_framework:2.5.6:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-beans@2.5.6CRITICAL9Highest23
hibernate-3.2.6.ga.jarpkg:maven/org.hibernate/hibernate@3.2.6.ga 010
hibernate-commons-annotations-3.0.0.ga.jarpkg:maven/org.hibernate/hibernate-commons-annotations@3.0.0.ga 020
spring-binding-1.0.6.jarpkg:maven/org.springframework/spring-binding@1.0.6 013
ehcache-1.2.3.jarpkg:maven/net.sf.ehcache/ehcache@1.2.3 012
commons-logging-1.2.jarpkg:maven/commons-logging/commons-logging@1.2 039
commons-collections-3.2.2.jarcpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*pkg:maven/commons-collections/commons-collections@3.2.2 0Highest44
backport-util-concurrent-3.1.jarpkg:maven/backport-util-concurrent/backport-util-concurrent@3.1 013
cxf-rt-rs-client-3.3.2.jarcpe:2.3:a:apache:cxf:3.3.2:*:*:*:*:*:*:*pkg:maven/org.apache.cxf/cxf-rt-rs-client@3.3.2 0Highest44
cxf-rt-frontend-jaxrs-3.3.2.jarcpe:2.3:a:apache:cxf:3.3.2:*:*:*:*:*:*:*pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.2 0Highest44
cxf-rt-transports-http-3.3.2.jarcpe:2.3:a:apache:cxf:3.3.2:*:*:*:*:*:*:*pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.3.2 0Highest47
cxf-rt-security-3.3.2.jarcpe:2.3:a:apache:cxf:3.3.2:*:*:*:*:*:*:*pkg:maven/org.apache.cxf/cxf-rt-security@3.3.2 0Highest43
cxf-core-3.3.2.jarcpe:2.3:a:apache:cxf:3.3.2:*:*:*:*:*:*:*pkg:maven/org.apache.cxf/cxf-core@3.3.2 0Highest49
jaxb-xjc-2.3.2.jarpkg:maven/org.glassfish.jaxb/jaxb-xjc@2.3.2 036
istack-commons-tools-3.0.8.jarpkg:maven/com.sun.istack/istack-commons-tools@3.0.8 034
ant-1.10.6.jarpkg:maven/org.apache.ant/ant@1.10.6 020
xmlrpc-common-3.1.3.jarcpe:2.3:a:apache:xml-rpc:3.1.3:*:*:*:*:*:*:*pkg:maven/org.apache.xmlrpc/xmlrpc-common@3.1.3HIGH1Highest30
ws-commons-util-1.0.2.jarpkg:maven/org.apache.ws.commons.util/ws-commons-util@1.0.2 033
junit-4.12.jarpkg:maven/junit/junit@4.12 012
geronimo-ws-metadata_2.0_spec-1.1.2.jarpkg:maven/org.apache.geronimo.specs/geronimo-ws-metadata_2.0_spec@1.1.2 025
geronimo-jta_1.1_spec-1.1.1.jarpkg:maven/org.apache.geronimo.specs/geronimo-jta_1.1_spec@1.1.1 025
servlet-api-2.4.jarpkg:maven/javax.servlet/servlet-api@2.4 016
xmlschema-core-2.2.4.jarpkg:maven/org.apache.ws.xmlschema/xmlschema-core@2.2.4 032
neethi-3.0.3.jarpkg:maven/org.apache.neethi/neethi@3.0.3 042
jsr311-api-1.1.1.jarpkg:maven/javax.ws.rs/jsr311-api@1.1.1 036
commons-pool2-2.7.0.jarpkg:maven/org.apache.commons/commons-pool2@2.7.0 044
commons-lang3-3.9.jarpkg:maven/org.apache.commons/commons-lang3@3.9 043
geronimo-j2ee-connector_1.6_spec-1.0.jarpkg:maven/org.apache.geronimo.specs/geronimo-j2ee-connector_1.6_spec@1.0 029
commons-codec-1.12.jarpkg:maven/commons-codec/commons-codec@1.12 045
commons-math3-3.6.1.jarpkg:maven/org.apache.commons/commons-math3@3.6.1 045
shiro-cache-1.4.1.jarcpe:2.3:a:apache:shiro:1.4.1:*:*:*:*:*:*:*pkg:maven/org.apache.shiro/shiro-cache@1.4.1 0Highest39
shiro-crypto-hash-1.4.1.jarcpe:2.3:a:apache:shiro:1.4.1:*:*:*:*:*:*:*pkg:maven/org.apache.shiro/shiro-crypto-hash@1.4.1 0Highest41
shiro-crypto-cipher-1.4.1.jarcpe:2.3:a:apache:shiro:1.4.1:*:*:*:*:*:*:*pkg:maven/org.apache.shiro/shiro-crypto-cipher@1.4.1 0Highest39
shiro-config-core-1.4.1.jarcpe:2.3:a:apache:shiro:1.4.1:*:*:*:*:*:*:*pkg:maven/org.apache.shiro/shiro-config-core@1.4.1 0Highest39
shiro-event-1.4.1.jarcpe:2.3:a:apache:shiro:1.4.1:*:*:*:*:*:*:*pkg:maven/org.apache.shiro/shiro-event@1.4.1 0Highest39
shiro-crypto-core-1.4.1.jarcpe:2.3:a:apache:shiro:1.4.1:*:*:*:*:*:*:*pkg:maven/org.apache.shiro/shiro-crypto-core@1.4.1 0Highest39
shiro-lang-1.4.1.jarcpe:2.3:a:apache:shiro:1.4.1:*:*:*:*:*:*:*pkg:maven/org.apache.shiro/shiro-lang@1.4.1 0Highest37
jmatio-1.5.jarpkg:maven/org.tallison/jmatio@1.5 020
parso-2.0.11.jarcpe:2.3:a:parso_project:parso:2.0.11:*:*:*:*:*:*:*pkg:maven/com.epam/parso@2.0.11 0Low12
rome-1.12.1.jarpkg:maven/com.rometools/rome@1.12.1 041
jul-to-slf4j-1.7.26.jarpkg:maven/org.slf4j/jul-to-slf4j@1.7.26 030
jcl-over-slf4j-1.7.26.jarpkg:maven/org.slf4j/jcl-over-slf4j@1.7.26 027
rome-utils-1.12.1.jarpkg:maven/com.rometools/rome-utils@1.12.1 023
quartz-2.2.0.jarpkg:maven/org.quartz-scheduler/quartz@2.2.0 044
ehcache-core-2.6.2.jarpkg:maven/net.sf.ehcache/ehcache-core@2.6.2 024
slf4j-api-1.7.26.jarpkg:maven/org.slf4j/slf4j-api@1.7.26 029
jaxb-runtime-2.3.2.jarpkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.2 034
jakarta.activation-1.2.1.jarpkg:maven/com.sun.activation/jakarta.activation@1.2.1 039
xercesImpl-2.12.0.jarpkg:maven/xerces/xercesImpl@2.12.0 070
javax.annotation-api-1.3.2.jarpkg:maven/javax.annotation/javax.annotation-api@1.3.2 042
vorbis-java-tika-0.8.jarpkg:maven/org.gagravarr/vorbis-java-tika@0.8 026
apache-mime4j-dom-0.8.3.jarcpe:2.3:a:apache:james:0.8.3:*:*:*:*:*:*:*pkg:maven/org.apache.james/apache-mime4j-dom@0.8.3 0High37
apache-mime4j-core-0.8.3.jarcpe:2.3:a:apache:james:0.8.3:*:*:*:*:*:*:*pkg:maven/org.apache.james/apache-mime4j-core@0.8.3 0High37
commons-compress-1.18.jarcpe:2.3:a:apache:commons-compress:1.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:commons_compress:1.18:*:*:*:*:*:*:*		pkg:maven/org.apache.commons/commons-compress@1.18HIGH1Highest47
xz-1.8.jarcpe:2.3:a:tukaani:xz:1.8:*:*:*:*:*:*:*pkg:maven/org.tukaani/xz@1.8 0Highest23
dec-0.1.2.jarpkg:maven/org.brotli/dec@0.1.2 027
pdfbox-tools-2.0.16.jarcpe:2.3:a:apache:pdfbox:2.0.16:*:*:*:*:*:*:*pkg:maven/org.apache.pdfbox/pdfbox-tools@2.0.16 0Highest31
jempbox-1.8.16.jarcpe:2.3:a:apache:pdfbox:1.8.16:*:*:*:*:*:*:*pkg:maven/org.apache.pdfbox/jempbox@1.8.16 0Medium37
bcmail-jdk15on-1.62.jarpkg:maven/org.bouncycastle/bcmail-jdk15on@1.62 043
bcpkix-jdk15on-1.62.jarcpe:2.3:a:oracle:jdk:1.62:*:*:*:*:*:*:*pkg:maven/org.bouncycastle/bcpkix-jdk15on@1.62 0Low39
bcprov-jdk15on-1.62.jarcpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.62.0:*:*:*:*:*:*:*pkg:maven/org.bouncycastle/bcprov-jdk15on@1.62 0Highest40
jackcess-3.0.1.jarpkg:maven/com.healthmarketscience.jackcess/jackcess@3.0.1 033
jackcess-encrypt-3.0.0.jarpkg:maven/com.healthmarketscience.jackcess/jackcess-encrypt@3.0.0 032
tagsoup-1.2.1.jarpkg:maven/org.ccil.cowan.tagsoup/tagsoup@1.2.1 013
asm-7.2-beta.jarpkg:maven/org.ow2.asm/asm@7.2-beta 021
isoparser-1.1.22.jarpkg:maven/com.googlecode.mp4parser/isoparser@1.1.22 024
metadata-extractor-2.11.0.jarcpe:2.3:a:metadataextractor_project:metadataextractor:2.11.0:*:*:*:*:*:*:*pkg:maven/com.drewnoakes/metadata-extractor@2.11.0 0Low30
boilerpipe-1.1.0.jarpkg:maven/de.l3s.boilerpipe/boilerpipe@1.1.0 012
vorbis-java-core-0.8.jarpkg:maven/org.gagravarr/vorbis-java-core@0.8 026
juniversalchardet-1.0.3.jarpkg:maven/com.googlecode.juniversalchardet/juniversalchardet@1.0.3 022
jhighlight-1.0.3.jarpkg:maven/org.codelibs/jhighlight@1.0.3 022
java-libpst-0.8.1.jarpkg:maven/com.pff/java-libpst@0.8.1 018
junrar-4.0.0.jarcpe:2.3:a:junrar_project:junrar:4.0.0:*:*:*:*:*:*:*pkg:maven/com.github.junrar/junrar@4.0.0 0Highest23
commons-exec-1.3.jarpkg:maven/org.apache.commons/commons-exec@1.3 041
opennlp-tools-1.9.1.jarcpe:2.3:a:apache:opennlp:1.9.1:*:*:*:*:*:*:*pkg:maven/org.apache.opennlp/opennlp-tools@1.9.1 0Highest40
json-simple-1.1.1.jarpkg:maven/com.googlecode.json-simple/json-simple@1.1.1 023
openjson-1.0.11.jarpkg:maven/com.github.openjson/openjson@1.0.11 035
gson-2.8.5.jarpkg:maven/com.google.code.gson/gson@2.8.5 031
jdom2-2.0.6.jarpkg:maven/org.jdom/jdom2@2.0.6 043
jna-5.3.1.jarpkg:maven/net.java.dev.jna/jna@5.3.1 041
protobuf-java-3.9.0.jarpkg:maven/com.google.protobuf/protobuf-java@3.9.0 029
c3p0-0.9.5.4.jarcpe:2.3:a:mchange:c3p0:0.9.5.4:*:*:*:*:*:*:*pkg:maven/com.mchange/c3p0@0.9.5.4 0Highest22
sis-netcdf-0.8.jarpkg:maven/org.apache.sis.storage/sis-netcdf@0.8 036
sis-storage-0.8.jarpkg:maven/org.apache.sis.storage/sis-storage@0.8 034
sis-feature-0.8.jarpkg:maven/org.apache.sis.core/sis-feature@0.8 034
sis-referencing-0.8.jarpkg:maven/org.apache.sis.core/sis-referencing@0.8 039
sis-metadata-0.8.jarpkg:maven/org.apache.sis.core/sis-metadata@0.8 038
sis-utility-0.8.jarpkg:maven/org.apache.sis.core/sis-utility@0.8 036
geoapi-3.0.1.jarpkg:maven/org.opengis/geoapi@3.0.1 033
sentiment-analysis-parser-0.1.jarpkg:maven/edu.usc.ir/sentiment-analysis-parser@0.1 036
jackson-annotations-2.9.9.jarcpe:2.3:a:fasterxml:jackson:2.9.9:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.9 0Highest44
jbig2-imageio-3.0.2.jarcpe:2.3:a:apache:pdfbox:3.0.2:*:*:*:*:*:*:*pkg:maven/org.apache.pdfbox/jbig2-imageio@3.0.2 0Highest38
jai-imageio-core-1.4.0.jarpkg:maven/com.github.jai-imageio/jai-imageio-core@1.4.0 038
tomcat-coyote-9.0.22.jarcpe:2.3:a:apache:tomcat:9.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache_software_foundation:tomcat:9.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.22:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.22HIGH1Highest32
tomcat-jsp-api-9.0.22.jarcpe:2.3:a:apache:tomcat:4:*:*:*:*:*:*:*
cpe:2.3:a:apache_software_foundation:tomcat:9.0.22:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.22HIGH18Low37
tomcat-util-scan-9.0.22.jarcpe:2.3:a:apache:tomcat:9.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache_software_foundation:tomcat:9.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.22:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat/tomcat-util-scan@9.0.22HIGH1Highest33
tomcat-api-9.0.22.jarcpe:2.3:a:apache:tomcat:9.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache_software_foundation:tomcat:9.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.22:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat/tomcat-api@9.0.22HIGH1Highest30
tomcat-servlet-api-9.0.22.jarpkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.22 036
tomcat-util-9.0.22.jarcpe:2.3:a:apache:tomcat:9.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache_software_foundation:tomcat:9.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.22:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat/tomcat-util@9.0.22HIGH1Highest32
tomcat-juli-9.0.22.jarcpe:2.3:a:apache_software_foundation:tomcat:9.0.22:*:*:*:*:*:*:*pkg:maven/org.apache.tomcat/tomcat-juli@9.0.22 0Highest28
tomcat-embed-websocket-9.0.22.jarcpe:2.3:a:apache:tomcat:9.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache_software_foundation:tomcat:9.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.22:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@9.0.22 0Highest32
tomcat-embed-core-9.0.22.jarcpe:2.3:a:apache:tomcat:9.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache_software_foundation:tomcat:9.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.22:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.22 0Highest29
tomcat-annotations-api-9.0.22.jarpkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.22 034
tomcat-jni-9.0.22.jarcpe:2.3:a:apache:tomcat:9.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache_software_foundation:tomcat:9.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.22:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat/tomcat-jni@9.0.22HIGH1Highest32
tomcat-jaspic-api-9.0.22.jarcpe:2.3:a:apache:tomcat:4:*:*:*:*:*:*:*
cpe:2.3:a:apache_software_foundation:tomcat:9.0.22:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.22HIGH18Low39
tomcat-jasper-el-9.0.22.jarcpe:2.3:a:apache:tomcat:9.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache_software_foundation:tomcat:9.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.22:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.22HIGH1Highest30
tomcat-el-api-9.0.22.jarpkg:maven/org.apache.tomcat/tomcat-el-api@9.0.22 035
ecj-3.18.0.jarpkg:maven/org.eclipse.jdt/ecj@3.18.0 025
batik-ext-1.10.jarcpe:2.3:a:apache:batik:1.10:*:*:*:*:*:*:*pkg:maven/org.apache.xmlgraphics/batik-ext@1.10 0Highest24
avalon-framework-impl-4.3.1.jarpkg:maven/org.apache.avalon.framework/avalon-framework-impl@4.3.1 029
avalon-framework-api-4.3.1.jarpkg:maven/org.apache.avalon.framework/avalon-framework-api@4.3.1 029
xom-1.2.10.jarpkg:maven/com.io7m.xom/xom@1.2.10 044
commons-configuration-1.10.jarpkg:maven/commons-configuration/commons-configuration@1.10 039
commons-lang-2.6.jarpkg:maven/commons-lang/commons-lang@2.6 038
log4j-1.2.17.jarcpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*pkg:maven/log4j/log4j@1.2.17 0Highest32
bsh-2.0b6.jarcpe:2.3:a:beanshell:beanshell:2.0.b6:*:*:*:*:*:*:*pkg:maven/org.apache-extras.beanshell/bsh@2.0b6 0Low14
xalan-2.7.2.jarcpe:2.3:a:apache:xalan-java:2.7.2:*:*:*:*:*:*:*pkg:maven/xalan/xalan@2.7.2 0Low45
serializer-2.7.2.jarpkg:maven/xalan/serializer@2.7.2 024
xml-apis-1.4.01.jarpkg:maven/xml-apis/xml-apis@1.4.01 070
spring-core-5.1.9.RELEASE.jarcpe:2.3:a:pivotal_software:spring_framework:5.1.9:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.1.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_framework:5.1.9:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-core@5.1.9.RELEASE 0Low20
lucene-queryparser-8.2.0.jarcpe:2.3:a:apache:lucene:8.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.lucene/lucene-queryparser@8.2.0 0Low25
lucene-analyzers-common-8.2.0.jarcpe:2.3:a:apache:lucene:8.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.lucene/lucene-analyzers-common@8.2.0 0Low23
lucene-core-8.2.0.jarcpe:2.3:a:apache:lucene:8.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.lucene/lucene-core@8.2.0 0Low26
jug-2.0.0-asl.jarpkg:maven/org.safehaus.jug/jug@2.0.0 015
poi-ooxml-schemas-4.1.0.jarcpe:2.3:a:apache:poi:4.1.0:*:*:*:*:*:*:*pkg:maven/org.apache.poi/poi-ooxml-schemas@4.1.0 0Highest15
bctsp-jdk14-1.38.jarpkg:maven/org.bouncycastle/bctsp-jdk14@1.38 016
ant-launcher-1.10.6.jarpkg:maven/org.apache.ant/ant-launcher@1.10.6 013
hamcrest-core-1.3.jarpkg:maven/org.hamcrest/hamcrest-core@1.3 014
geronimo-activation_1.1_spec-1.1.jarpkg:maven/org.apache.geronimo.specs/geronimo-activation_1.1_spec@1.1 037
jaxen-1.1.6.jarpkg:maven/jaxen/jaxen@1.1.6 029
geronimo-stax-api_1.0_spec-1.0.1.jarpkg:maven/org.apache.geronimo.specs/geronimo-stax-api_1.0_spec@1.0.1 027
httpcore-4.4.11.jarpkg:maven/org.apache.httpcomponents/httpcore@4.4.11 036
failureaccess-1.0.1.jarcpe:2.3:a:google:guava:1.0.1:*:*:*:*:*:*:*pkg:maven/com.google.guava/failureaccess@1.0.1 0High34
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jarcpe:2.3:a:google:guava:9999.0:*:*:*:*:*:*:*pkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava 0High17
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 019
checker-qual-2.8.1.jarpkg:maven/org.checkerframework/checker-qual@2.8.1 025
error_prone_annotations-2.3.2.jarpkg:maven/com.google.errorprone/error_prone_annotations@2.3.2 028
j2objc-annotations-1.3.jarpkg:maven/com.google.j2objc/j2objc-annotations@1.3 026
animal-sniffer-annotations-1.17.jarpkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.17 027
stax-ex-1.8.1.jarpkg:maven/org.jvnet.staxex/stax-ex@1.8.1 036
jakarta.xml.bind-api-2.3.2.jarpkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@2.3.2 032
txw2-2.3.2.jarpkg:maven/org.glassfish.jaxb/txw2@2.3.2 036
istack-commons-runtime-3.0.8.jarpkg:maven/com.sun.istack/istack-commons-runtime@3.0.8 032
FastInfoset-1.2.16.jarpkg:maven/com.sun.xml.fastinfoset/FastInfoset@1.2.16 040
xmpcore-5.1.3.jarpkg:maven/com.adobe.xmp/xmpcore@5.1.3 037
udunits-4.5.5.jarpkg:maven/edu.ucar/udunits@4.5.5 027
jcip-annotations-1.0.jarpkg:maven/net.jcip/jcip-annotations@1.0 012
bzip2-0.9.1.jarpkg:maven/org.itadaki/bzip2@0.9.1 022
joda-time-2.2.jarpkg:maven/joda-time/joda-time@2.2 037
mchange-commons-java-0.2.15.jarpkg:maven/com.mchange/mchange-commons-java@0.2.15 014
unit-api-1.0.jarpkg:maven/javax.measure/unit-api@1.0 040
batik-xml-1.10.jarcpe:2.3:a:apache:batik:1.10:*:*:*:*:*:*:*pkg:maven/org.apache.xmlgraphics/batik-xml@1.10 0Highest26
batik-util-1.11.jarcpe:2.3:a:apache:batik:1.11:*:*:*:*:*:*:*pkg:maven/org.apache.xmlgraphics/batik-util@1.11 0Highest26
xml-apis-ext-1.3.04.jarpkg:maven/xml-apis/xml-apis-ext@1.3.04 029
nekohtml-1.9.22.jarpkg:maven/net.sourceforge.nekohtml/nekohtml@1.9.22 016
spring-jcl-5.1.9.RELEASE.jarcpe:2.3:a:pivotal_software:spring_framework:5.1.9:*:*:*:*:*:*:*pkg:maven/org.springframework/spring-jcl@5.1.9.RELEASE 0Low17
axis-1.4.jarcpe:2.3:a:apache:axis:1.4:*:*:*:*:*:*:*pkg:maven/org.apache.axis/axis@1.4HIGH4Highest16
jdom-1.0.jarpkg:maven/jdom/jdom@1.0 044
opensaml-1.1b.jarcpe:2.3:a:shibboleth:opensaml:1.1b:*:*:*:*:*:*:*pkg:maven/org.opensaml/opensaml@1.1bHIGH4Low10
persistence-api-1.0.jarpkg:maven/javax.persistence/persistence-api@1.0 019
xmldsig-1.0.jarpkg:maven/javax.xml/xmldsig@1.0 028
lucene-queries-8.2.0.jarcpe:2.3:a:apache:lucene:8.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.lucene/lucene-queries@8.2.0 0Low25
lucene-sandbox-8.2.0.jarcpe:2.3:a:apache:lucene:8.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.lucene/lucene-sandbox@8.2.0 0Low27
curvesapi-1.06.jarpkg:maven/com.github.virtuald/curvesapi@1.06 018
xmlbeans-3.1.0.jarpkg:maven/org.apache.xmlbeans/xmlbeans@3.1.0 018
lucene-analyzers-kuromoji-8.2.0.jarcpe:2.3:a:apache:lucene:8.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.lucene/lucene-analyzers-kuromoji@8.2.0 0Low24
lucene-analyzers-nori-8.2.0.jarcpe:2.3:a:apache:lucene:8.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.lucene/lucene-analyzers-nori@8.2.0 0Low24
lucene-analyzers-phonetic-8.2.0.jarcpe:2.3:a:apache:lucene:8.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.lucene/lucene-analyzers-phonetic@8.2.0 0Low25
lucene-backward-codecs-8.2.0.jarcpe:2.3:a:apache:lucene:8.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.lucene/lucene-backward-codecs@8.2.0 0Low25
lucene-classification-8.2.0.jarcpe:2.3:a:apache:lucene:8.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.lucene/lucene-classification@8.2.0 0Low24
lucene-codecs-8.2.0.jarcpe:2.3:a:apache:lucene:8.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.lucene/lucene-codecs@8.2.0 0Low28
lucene-expressions-8.2.0.jarcpe:2.3:a:apache:lucene:8.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.lucene/lucene-expressions@8.2.0 0Low25
lucene-grouping-8.2.0.jarcpe:2.3:a:apache:lucene:8.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.lucene/lucene-grouping@8.2.0 0Low26
lucene-highlighter-8.2.0.jarcpe:2.3:a:apache:lucene:8.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.lucene/lucene-highlighter@8.2.0 0Low24
lucene-join-8.2.0.jarcpe:2.3:a:apache:lucene:8.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.lucene/lucene-join@8.2.0 0Low26
lucene-memory-8.2.0.jarcpe:2.3:a:apache:lucene:8.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.lucene/lucene-memory@8.2.0 0Low29
lucene-misc-8.2.0.jarcpe:2.3:a:apache:lucene:8.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.lucene/lucene-misc@8.2.0 0Low27
lucene-spatial-extras-8.2.0.jarcpe:2.3:a:apache:lucene:8.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.lucene/lucene-spatial-extras@8.2.0 0Low24
lucene-spatial3d-8.2.0.jarcpe:2.3:a:apache:lucene:8.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.lucene/lucene-spatial3d@8.2.0 0Low25
lucene-suggest-8.2.0.jarcpe:2.3:a:apache:lucene:8.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.lucene/lucene-suggest@8.2.0 0Low26
solr-solrj-8.2.0.jarpkg:maven/org.apache.solr/solr-solrj@8.2.0 025
hppc-0.8.1.jarpkg:maven/com.carrotsearch/hppc@0.8.1 031
jackson-dataformat-smile-2.9.8.jarcpe:2.3:a:fasterxml:jackson:2.9.8:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-smile@2.9.8 0Highest45
caffeine-2.4.0.jarpkg:maven/com.github.ben-manes.caffeine/caffeine@2.4.0 023
re2j-1.2.jarpkg:maven/com.google.re2j/re2j@1.2 010
json-path-2.4.0.jarpkg:maven/com.jayway.jsonpath/json-path@2.4.0 024
disruptor-3.4.2.jarpkg:maven/com.lmax/disruptor@3.4.2 024
t-digest-3.1.jarpkg:maven/com.tdunning/t-digest@3.1 022
metrics-core-4.0.5.jarpkg:maven/io.dropwizard.metrics/metrics-core@4.0.5 028
metrics-graphite-4.0.5.jarpkg:maven/io.dropwizard.metrics/metrics-graphite@4.0.5 030
metrics-jetty9-4.0.5.jarcpe:2.3:a:jetty:jetty:4.0.5:*:*:*:*:*:*:*pkg:maven/io.dropwizard.metrics/metrics-jetty9@4.0.5 0Highest30
metrics-jmx-4.0.5.jarpkg:maven/io.dropwizard.metrics/metrics-jmx@4.0.5 030
metrics-jvm-4.0.5.jarpkg:maven/io.dropwizard.metrics/metrics-jvm@4.0.5 030
opentracing-api-0.33.0.jarpkg:maven/io.opentracing/opentracing-api@0.33.0 021
opentracing-noop-0.33.0.jarpkg:maven/io.opentracing/opentracing-noop@0.33.0 023
opentracing-util-0.33.0.jarpkg:maven/io.opentracing/opentracing-util@0.33.0 023
s2-geometry-library-java-1.0.0.jarpkg:maven/io.sgr/s2-geometry-library-java@1.0.0 026
eigenbase-properties-1.1.5.jarpkg:maven/net.hydromatic/eigenbase-properties@1.1.5 030
antlr4-runtime-4.5.1-1.jarpkg:maven/org.antlr/antlr4-runtime@4.5.1-1 031
calcite-core-1.18.0.jarpkg:maven/org.apache.calcite/calcite-core@1.18.0 031
calcite-linq4j-1.18.0.jarpkg:maven/org.apache.calcite/calcite-linq4j@1.18.0 031
avatica-core-1.13.0.jarpkg:maven/org.apache.calcite.avatica/avatica-core@1.13.0 031
commons-configuration2-2.1.1.jarpkg:maven/org.apache.commons/commons-configuration2@2.1.1 046
curator-client-2.13.0.jarpkg:maven/org.apache.curator/curator-client@2.13.0 027
curator-framework-2.13.0.jarpkg:maven/org.apache.curator/curator-framework@2.13.0 031
curator-recipes-2.13.0.jarpkg:maven/org.apache.curator/curator-recipes@2.13.0 029
hadoop-annotations-3.2.0.jarcpe:2.3:a:apache:hadoop:3.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.hadoop/hadoop-annotations@3.2.0 0Highest26
hadoop-auth-3.2.0.jarcpe:2.3:a:apache:hadoop:3.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.hadoop/hadoop-auth@3.2.0 0Highest27
hadoop-common-3.2.0.jarcpe:2.3:a:apache:hadoop:3.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.hadoop/hadoop-common@3.2.0 0Highest24
hadoop-hdfs-client-3.2.0.jarcpe:2.3:a:apache:hadoop:3.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.hadoop/hadoop-hdfs-client@3.2.0 0Highest31
htrace-core4-4.1.0-incubating.jarpkg:maven/org.apache.htrace/htrace-core4@4.1.0-incubating 028
kerb-core-1.0.1.jarpkg:maven/org.apache.kerby/kerb-core@1.0.1 031
kerb-util-1.0.1.jarpkg:maven/org.apache.kerby/kerb-util@1.0.1 031
kerby-asn1-1.0.1.jarpkg:maven/org.apache.kerby/kerby-asn1@1.0.1 031
kerby-pkix-1.0.1.jarpkg:maven/org.apache.kerby/kerby-pkix@1.0.1 031
zookeeper-3.5.5.jarpkg:maven/org.apache.zookeeper/zookeeper@3.5.5 031
zookeeper-jute-3.5.5.jarpkg:maven/org.apache.zookeeper/zookeeper-jute@3.5.5 031
jose4j-0.6.5.jarpkg:maven/org.bitbucket.b_c/jose4j@0.6.5 035
commons-compiler-3.0.9.jarpkg:maven/org.codehaus.janino/commons-compiler@3.0.9 037
janino-3.0.9.jarpkg:maven/org.codehaus.janino/janino@3.0.9 034
woodstox-core-5.0.3.jarpkg:maven/com.fasterxml.woodstox/woodstox-core@5.0.3 043
stax2-api-3.1.4.jarpkg:maven/org.codehaus.woodstox/stax2-api@3.1.4 033
woodstox-core-asl-4.4.1.jarpkg:maven/org.codehaus.woodstox/woodstox-core-asl@4.4.1 020
jetty-alpn-client-9.4.19.v20190610.jarcpe:2.3:a:eclipse:jetty:9.4.19:20190610:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:9.4.19.v20190610:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:9.4.19:20190610:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-alpn-client@9.4.19.v20190610 0Highest47
jetty-alpn-java-client-9.4.19.v20190610.jarcpe:2.3:a:eclipse:jetty:9.4.19:20190610:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:9.4.19.v20190610:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:9.4.19:20190610:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-alpn-java-client@9.4.19.v20190610 0Highest49
jetty-alpn-java-server-9.4.19.v20190610.jarcpe:2.3:a:eclipse:jetty:9.4.19:20190610:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:9.4.19.v20190610:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:9.4.19:20190610:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-alpn-java-server@9.4.19.v20190610 0Highest49
jetty-alpn-server-9.4.19.v20190610.jarcpe:2.3:a:eclipse:jetty:9.4.19:20190610:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:9.4.19.v20190610:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:9.4.19:20190610:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.19.v20190610 0Highest47
jetty-client-9.4.19.v20190610.jarcpe:2.3:a:async-http-client_project:async-http-client:9.4.19.v20190610:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.19:20190610:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:9.4.19.v20190610:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:9.4.19:20190610:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-client@9.4.19.v20190610 0Highest49
jetty-continuation-9.4.19.v20190610.jarcpe:2.3:a:eclipse:jetty:9.4.19:20190610:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:9.4.19.v20190610:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:9.4.19:20190610:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-continuation@9.4.19.v20190610 0Highest47
jetty-deploy-9.4.19.v20190610.jarcpe:2.3:a:eclipse:jetty:9.4.19:20190610:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:9.4.19.v20190610:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:9.4.19:20190610:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-deploy@9.4.19.v20190610 0Highest47
jetty-http-9.4.19.v20190610.jarcpe:2.3:a:eclipse:jetty:9.4.19:20190610:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:9.4.19.v20190610:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:9.4.19:20190610:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-http@9.4.19.v20190610 0Highest50
jetty-io-9.4.19.v20190610.jarcpe:2.3:a:mortbay_jetty:jetty:9.4.19:20190610:*:*:*:*:*:*pkg:maven/org.eclipse.jetty/jetty-io@9.4.19.v20190610 0Highest47
jetty-jmx-9.4.19.v20190610.jarcpe:2.3:a:eclipse:jetty:9.4.19:20190610:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:9.4.19.v20190610:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:9.4.19:20190610:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-jmx@9.4.19.v20190610 0Highest47
jetty-rewrite-9.4.19.v20190610.jarcpe:2.3:a:eclipse:jetty:9.4.19:20190610:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:9.4.19.v20190610:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:9.4.19:20190610:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-rewrite@9.4.19.v20190610 0Highest49
jetty-security-9.4.19.v20190610.jarcpe:2.3:a:eclipse:jetty:9.4.19:20190610:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:9.4.19.v20190610:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:9.4.19:20190610:*:*:*:*:*:*
cpe:2.3:a:security-framework_project:security-framework:9.4.19.v20190610:*:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-security@9.4.19.v20190610 0Highest47
jetty-server-9.4.19.v20190610.jarcpe:2.3:a:eclipse:jetty:9.4.19:20190610:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:9.4.19.v20190610:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:9.4.19:20190610:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-server@9.4.19.v20190610 0Highest47
jetty-servlet-9.4.19.v20190610.jarcpe:2.3:a:eclipse:jetty:9.4.19:20190610:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:9.4.19.v20190610:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:9.4.19:20190610:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-servlet@9.4.19.v20190610 0Highest47
jetty-servlets-9.4.19.v20190610.jarcpe:2.3:a:eclipse:jetty:9.4.19:20190610:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:9.4.19.v20190610:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:9.4.19:20190610:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.19.v20190610 0Highest47
jetty-util-9.4.19.v20190610.jarcpe:2.3:a:eclipse:jetty:9.4.19:20190610:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:9.4.19.v20190610:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:9.4.19:20190610:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-util@9.4.19.v20190610 0Highest48
jetty-webapp-9.4.19.v20190610.jarcpe:2.3:a:eclipse:jetty:9.4.19:20190610:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:9.4.19.v20190610:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:9.4.19:20190610:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.19.v20190610 0Highest47
jetty-xml-9.4.19.v20190610.jarcpe:2.3:a:eclipse:jetty:9.4.19:20190610:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:9.4.19.v20190610:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:9.4.19:20190610:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-xml@9.4.19.v20190610 0Highest48
http2-client-9.4.19.v20190610.jarcpe:2.3:a:eclipse:jetty:9.4.19:20190610:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:9.4.19.v20190610:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:9.4.19:20190610:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty.http2/http2-client@9.4.19.v20190610 0Highest47
http2-common-9.4.19.v20190610.jarcpe:2.3:a:eclipse:jetty:9.4.19:20190610:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:9.4.19.v20190610:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:9.4.19:20190610:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.19.v20190610 0Highest45
http2-hpack-9.4.19.v20190610.jarcpe:2.3:a:eclipse:jetty:9.4.19:20190610:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:9.4.19:20190610:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.19.v20190610 0Highest49
http2-http-client-transport-9.4.19.v20190610.jarcpe:2.3:a:eclipse:jetty:9.4.19:20190610:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:9.4.19.v20190610:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:9.4.19:20190610:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty.http2/http2-http-client-transport@9.4.19.v20190610 0Highest47
http2-server-9.4.19.v20190610.jarcpe:2.3:a:eclipse:jetty:9.4.19:20190610:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:9.4.19.v20190610:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:9.4.19.v20190610:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:9.4.19:20190610:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.19.v20190610 0Highest47
spatial4j-0.7.jarpkg:maven/org.locationtech.spatial4j/spatial4j@0.7 032
asm-commons-5.1.jarpkg:maven/org.ow2.asm/asm-commons@5.1 026
org.restlet-2.3.0.jarcpe:2.3:a:restlet:restlet:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet_framework:2.3.0:*:*:*:*:*:*:*		pkg:maven/org.restlet.jee/org.restlet@2.3.0HIGH2Low10
org.restlet.ext.servlet-2.3.0.jarcpe:2.3:a:restlet:restlet:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet_framework:2.3.0:*:*:*:*:*:*:*		pkg:maven/org.restlet.jee/org.restlet.ext.servlet@2.3.0HIGH2Low13
rrd4j-3.5.jarpkg:maven/org.rrd4j/rrd4j@3.5 024
jakarta.ws.rs-api-2.1.5.jarpkg:maven/jakarta.ws.rs/jakarta.ws.rs-api@2.1.5 039
c3p0-0.9.1.1.jarcpe:2.3:a:mchange:c3p0:0.9.1.1:*:*:*:*:*:*:*pkg:maven/c3p0/c3p0@0.9.1.1HIGH1Highest20
batik-constants-1.11.jarcpe:2.3:a:apache:batik:1.11:*:*:*:*:*:*:*pkg:maven/org.apache.xmlgraphics/batik-constants@1.11 0Highest27
batik-i18n-1.11.jarcpe:2.3:a:apache:batik:1.11:*:*:*:*:*:*:*pkg:maven/org.apache.xmlgraphics/batik-i18n@1.11 0Highest26
org.eclipse.core.expressions-3.4.500.v20130515-1343.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.core.expressions@3.4.500.v20130515-1343 033
org.eclipse.emf.ecore.xmi-2.10.1.v20140901-1043.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.emf.ecore.xmi@2.10.1.v20140901-1043 038
org.eclipse.datatools.connectivity.oda.design-3.3.6.v201212070447.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.connectivity.oda.design@3.3.6.v201212070447 036
org.eclipse.datatools.enablement.oda.xml-1.2.5.v201305031101.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.enablement.oda.xml@1.2.5.v201305031101 038
org.eclipse.datatools.enablement.oda.ws-1.2.6.v201403131825.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.enablement.oda.ws@1.2.6.v201403131825 039
org.eclipse.core.runtime-3.9.0.v20130326-1255.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.core.runtime@3.9.0.v20130326-1255 037
org.eclipse.equinox.app-1.3.100.v20130327-1442.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.equinox.app@1.3.100.v20130327-1442 042
com.ibm.icu-50.1.1.v201304230130.jarcpe:2.3:a:property_pro:property_pro:50.1.1.v20130423:*:*:*:*:*:*:*pkg:maven/org.eclipse.birt.runtime/com.ibm.icu@50.1.1.v201304230130 0Low30
org.eclipse.equinox.registry-3.5.400.v20140428-1507.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.equinox.registry@3.5.400.v20140428-1507 037
org.eclipse.datatools.connectivity.dbdefinition.genericJDBC-1.0.1.v201107221459.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.connectivity.dbdefinition.genericJDBC@1.0.1.v201107221459 017
org.eclipse.osgi-3.10.1.v20140909-1633.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.osgi@3.10.1.v20140909-1633 038
org.eclipse.emf.common-2.10.1.v20140901-1043.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.emf.common@2.10.1.v20140901-1043 034
org.eclipse.datatools.connectivity.sqm.core-1.2.8.v201401230755.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.connectivity.sqm.core@1.2.8.v201401230755 038
org.eclipse.datatools.connectivity.oda.consumer-3.2.6.v201305170644.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.connectivity.oda.consumer@3.2.6.v201305170644 037
org.eclipse.core.jobs-3.6.0.v20140424-0053.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.core.jobs@3.6.0.v20140424-0053 032
org.eclipse.datatools.enablement.ibm.db2.luw.dbdefinition-1.0.4.v201107221502.jarcpe:2.3:a:ibm:db2:1.0.4.v20110722:*:*:*:*:*:*:*pkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.enablement.ibm.db2.luw.dbdefinition@1.0.4.v201107221502HIGH21Low17
org.eclipse.osgi.services-3.3.100.v20130513-1956.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.osgi.services@3.3.100.v20130513-1956 025
org.eclipse.core.contenttype-3.4.200.v20130326-1255.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.core.contenttype@3.4.200.v20130326-1255 030
org.eclipse.emf.ecore.change-2.10.0.v20140901-1043.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.emf.ecore.change@2.10.0.v20140901-1043 038
org.eclipse.datatools.connectivity.oda.profile-3.2.9.v201403131814.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.connectivity.oda.profile@3.2.9.v201403131814 037
org.eclipse.core.filesystem-1.4.0.v20130514-1240.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.core.filesystem@1.4.0.v20130514-1240 032
org.eclipse.datatools.connectivity-1.2.11.v201401230755.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.connectivity@1.2.11.v201401230755 035
org.eclipse.equinox.preferences-3.5.100.v20130422-1538.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.equinox.preferences@3.5.100.v20130422-1538 040
org.eclipse.emf.ecore-2.10.1.v20140901-1043.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.emf.ecore@2.10.1.v20140901-1043 038
org.eclipse.core.resources-3.9.1.v20140825-1431.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.core.resources@3.9.1.v20140825-1431 033
org.eclipse.datatools.connectivity.oda.flatfile-3.1.8.v201403010906.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.connectivity.oda.flatfile@3.1.8.v201403010906 039
org.eclipse.datatools.enablement.ibm.db2.luw-1.0.2.v201107221502.jarcpe:2.3:a:ibm:db2:1.0.2.v20110722:*:*:*:*:*:*:*pkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.enablement.ibm.db2.luw@1.0.2.v201107221502HIGH21Low37
org.eclipse.update.configurator-3.3.200.v20130326-1319.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.update.configurator@3.3.200.v20130326-1319 034
org.eclipse.datatools.connectivity.oda-3.4.3.v201405301249.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.connectivity.oda@3.4.3.v201405301249 034
org.eclipse.emf-2.6.0.v20140901-1055.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.emf@2.6.0.v20140901-1055 017
org.w3c.dom.smil-1.0.0.jarpkg:maven/org.eclipse.birt.runtime.3_7_1/org.w3c.dom.smil@1.0.0 027
org.eclipse.datatools.enablement.hsqldb.dbdefinition-1.0.0.v201107221502.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.enablement.hsqldb.dbdefinition@1.0.0.v201107221502 017
org.eclipse.datatools.modelbase.derby-1.0.0.v201107221519.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.modelbase.derby@1.0.0.v201107221519 038
org.apache.batik.parser-1.6.0.jarcpe:2.3:a:apache:batik:1.6.0:*:*:*:*:*:*:*pkg:maven/org.eclipse.birt.runtime.3_7_1/org.apache.batik.parser@1.6.0CRITICAL3Low30
org.eclipse.equinox.common-3.6.200.v20130402-1505.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.equinox.common@3.6.200.v20130402-1505 032
org.apache.batik.util.gui-1.6.0.jarcpe:2.3:a:apache:batik:1.6.0:*:*:*:*:*:*:*pkg:maven/org.eclipse.birt.runtime.3_7_1/org.apache.batik.util.gui@1.6.0CRITICAL3Low29
javax.xml.stream-1.0.1.v201004272200.jarpkg:maven/org.eclipse.birt.runtime/javax.xml.stream@1.0.1.v201004272200 024
org.eclipse.datatools.enablement.ibm.informix-1.0.1.v201107221502.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.enablement.ibm.informix@1.0.1.v201107221502 037
org.apache.batik.svggen-1.6.0.jarcpe:2.3:a:apache:batik:1.6.0:*:*:*:*:*:*:*pkg:maven/org.eclipse.birt.runtime.3_7_1/org.apache.batik.svggen@1.6.0CRITICAL3Low30
org.apache.batik.dom-1.6.0.jarcpe:2.3:a:apache:batik:1.6.0:*:*:*:*:*:*:*pkg:maven/org.eclipse.birt.runtime.3_7_1/org.apache.batik.dom@1.6.0CRITICAL3Low32
org.apache.batik.css-1.6.0.jarcpe:2.3:a:apache:batik:1.6.0:*:*:*:*:*:*:*pkg:maven/org.eclipse.birt.runtime.3_7_1/org.apache.batik.css@1.6.0CRITICAL3Low34
org.eclipse.datatools.enablement.mysql-1.0.4.v201212120617.jarcpe:2.3:a:dbd-mysql_project:dbd-mysql:1.0.4:20121212:*:*:*:*:*:*pkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.enablement.mysql@1.0.4.v201212120617 0Low35
org.eclipse.datatools.connectivity.db.generic-1.0.1.v201107221459.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.connectivity.db.generic@1.0.1.v201107221459 038
org.eclipse.datatools.enablement.hsqldb-1.0.0.v201107221502.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.enablement.hsqldb@1.0.0.v201107221502 037
org.eclipse.datatools.enablement.msft.sqlserver.dbdefinition-1.0.1.v201201240505.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.enablement.msft.sqlserver.dbdefinition@1.0.1.v201201240505 017
org.apache.xml.resolver-1.2.0.jarpkg:maven/org.eclipse.birt.runtime.3_7_1/org.apache.xml.resolver@1.2.0 026
org.eclipse.datatools.enablement.ibm.informix.dbdefinition-1.0.4.v201107221502.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.enablement.ibm.informix.dbdefinition@1.0.4.v201107221502 017
org.eclipse.datatools.modelbase.sql-1.0.6.v201208230744.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.modelbase.sql@1.0.6.v201208230744 036
org.w3c.dom.svg-1.1.0.jarpkg:maven/org.eclipse.birt.runtime.3_7_1/org.w3c.dom.svg@1.1.0 030
org.apache.batik.dom.svg-1.6.0.jarcpe:2.3:a:apache:batik:1.6.0:*:*:*:*:*:*:*pkg:maven/org.eclipse.birt.runtime.3_7_1/org.apache.batik.dom.svg@1.6.0CRITICAL3Low35
org.apache.batik.ext.awt-1.6.0.jarcpe:2.3:a:apache:batik:1.6.0:*:*:*:*:*:*:*pkg:maven/org.eclipse.birt.runtime.3_7_1/org.apache.batik.ext.awt@1.6.0CRITICAL3Low33
org.mozilla.javascript-1.7.2.jarpkg:maven/org.eclipse.birt.runtime.3_7_1/org.mozilla.javascript@1.7.2 022
org.eclipse.datatools.enablement.postgresql-1.1.1.v201205252207.jarcpe:2.3:a:postgresql:postgresql:1.1.1.v20120525:*:*:*:*:*:*:*pkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.enablement.postgresql@1.1.1.v201205252207CRITICAL22Low37
org.apache.batik.transcoder-1.6.0.jarcpe:2.3:a:apache:batik:1.6.0:*:*:*:*:*:*:*pkg:maven/org.eclipse.birt.runtime.3_7_1/org.apache.batik.transcoder@1.6.0CRITICAL3Low30
org.eclipse.datatools.connectivity.apache.derby.dbdefinition-1.0.2.v201107221459.jarcpe:2.3:a:apache:derby:1.0.2.v20110722:*:*:*:*:*:*:*pkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.connectivity.apache.derby.dbdefinition@1.0.2.v201107221459MEDIUM2Low17
org.eclipse.datatools.enablement.oracle-1.0.0.v201107221506.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.enablement.oracle@1.0.0.v201107221506 035
org.apache.batik.util-1.6.0.jarcpe:2.3:a:apache:batik:1.6.0:*:*:*:*:*:*:*pkg:maven/org.eclipse.birt.runtime.3_7_1/org.apache.batik.util@1.6.0CRITICAL3Low33
org.eclipse.datatools.enablement.oracle.dbdefinition-1.0.103.v201206010214.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.enablement.oracle.dbdefinition@1.0.103.v201206010214 017
org.apache.batik.xml-1.6.0.jarcpe:2.3:a:apache:batik:1.6.0:*:*:*:*:*:*:*pkg:maven/org.eclipse.birt.runtime.3_7_1/org.apache.batik.xml@1.6.0CRITICAL3Low30
org.apache.xml.serializer-2.7.1.jarpkg:maven/org.eclipse.birt.runtime.3_7_1/org.apache.xml.serializer@2.7.1 026
org.apache.xerces-2.9.0.jarpkg:maven/org.eclipse.birt.runtime.3_7_1/org.apache.xerces@2.9.0 031
org.eclipse.datatools.modelbase.sql.query-1.1.4.v201212120619.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.modelbase.sql.query@1.1.4.v201212120619 037
org.eclipse.datatools.modelbase.dbdefinition-1.0.2.v201107221519.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.modelbase.dbdefinition@1.0.2.v201107221519 038
org.eclipse.datatools.enablement.mysql.dbdefinition-1.0.4.v201109022331.jarcpe:2.3:a:dbd-mysql_project:dbd-mysql:1.0.4:20110902:*:*:*:*:*:*pkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.enablement.mysql.dbdefinition@1.0.4.v201109022331 0Low17
org.eclipse.orbit.mongodb-2.10.1.v20130422-1135.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.orbit.mongodb@2.10.1.v20130422-1135 016
javax.wsdl-1.5.1.jarpkg:maven/org.eclipse.birt.runtime.3_7_1/javax.wsdl@1.5.1 029
Tidy-1.jarpkg:maven/org.eclipse.birt.runtime.3_7_1/Tidy@1 010
org.eclipse.datatools.enablement.postgresql.dbdefinition-1.0.2.v201110070445.jarcpe:2.3:a:postgresql:postgresql:1.0.2.v20111007:*:*:*:*:*:*:*pkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.enablement.postgresql.dbdefinition@1.0.2.v201110070445CRITICAL22Low17
org.w3c.css.sac-1.3.0.jarpkg:maven/org.eclipse.birt.runtime.3_7_1/org.w3c.css.sac@1.3.0 026
org.eclipse.datatools.enablement.msft.sqlserver-1.0.2.v201212120617.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.enablement.msft.sqlserver@1.0.2.v201212120617 035
flute-1.3.jarpkg:maven/org.milyn/flute@1.3 013
org.eclipse.datatools.connectivity.apache.derby-1.0.103.v201212070447.jarcpe:2.3:a:apache:derby:1.0.103.v20121207:*:*:*:*:*:*:*pkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.connectivity.apache.derby@1.0.103.v201212070447MEDIUM2Low38
org.eclipse.datatools.connectivity.console.profile-1.0.10.v201109250955.jarpkg:maven/org.eclipse.birt.runtime/org.eclipse.datatools.connectivity.console.profile@1.0.10.v201109250955 038
org.apache.commons.codec-1.3.0.jarpkg:maven/org.eclipse.birt.runtime.3_7_1/org.apache.commons.codec@1.3.0 026
com.lowagie.text-2.1.7.jarpkg:maven/org.eclipse.birt.runtime.3_7_1/com.lowagie.text@2.1.7 024
org.apache.batik.bridge-1.6.0.jarcpe:2.3:a:apache:batik:1.6.0:*:*:*:*:*:*:*pkg:maven/org.eclipse.birt.runtime.3_7_1/org.apache.batik.bridge@1.6.0CRITICAL3Low30
aopalliance-1.0.jarpkg:maven/aopalliance/aopalliance@1.0 010
person-directory-api-1.5.0-RC5.jarpkg:maven/org.jasig.service/person-directory-api@1.5.0-RC5 024
ejb3-persistence-1.0.1.GA.jarpkg:maven/org.hibernate/ejb3-persistence@1.0.1.GA 015
aspectjrt-1.5.3.jarpkg:maven/aspectj/aspectjrt@1.5.3 018
ognl-2.6.9.jarcpe:2.3:a:ognl_project:ognl:2.6.9:*:*:*:*:*:*:*pkg:maven/ognl/ognl@2.6.9MEDIUM1Highest9
jakarta.activation-api-1.2.1.jarpkg:maven/jakarta.activation/jakarta.activation-api@1.2.1 035
xsom-2.3.2.jarpkg:maven/org.glassfish.jaxb/xsom@2.3.2 029
codemodel-2.3.2.jarpkg:maven/org.glassfish.jaxb/codemodel@2.3.2 026
rngom-2.3.2.jarpkg:maven/com.sun.xml.bind.external/rngom@2.3.2 025
dtd-parser-1.4.1.jarpkg:maven/com.sun.xml.dtd-parser/dtd-parser@1.4.1 040
relaxng-datatype-2.3.2.jarpkg:maven/com.sun.xml.bind.external/relaxng-datatype@2.3.2 029
jta-1.0.1B.jarpkg:maven/javax.transaction/jta@1.0.1B 010
asm-attrs-1.5.3.jarpkg:maven/asm/asm-attrs@1.5.3 014
dom4j-1.6.1.jarcpe:2.3:a:dom4j_project:dom4j:1.6.1:*:*:*:*:*:*:*pkg:maven/dom4j/dom4j@1.6.1HIGH1Highest15
antlr-2.7.6.jarpkg:maven/antlr/antlr@2.7.6 08
cglib-2.1_3.jarpkg:maven/cglib/cglib@2.1_3 012
asm-1.5.3.jarpkg:maven/asm/asm@1.5.3 012
stax-api-1.0-2.jarpkg:maven/javax.xml.stream/stax-api@1.0-2 012
barcode4j-fop-ext-2.1.jarpkg:maven/net.sf.barcode4j/barcode4j-fop-ext@2.1 018
barcode4j-2.1.jarpkg:maven/net.sf.barcode4j/barcode4j@2.1 024
axis2-transport-http-1.7.9.jarcpe:2.3:a:apache:axis2:1.7.9:*:*:*:*:*:*:*pkg:maven/org.apache.axis2/axis2-transport-http@1.7.9 0Highest33
axis2-transport-local-1.7.9.jarcpe:2.3:a:apache:axis2:1.7.9:*:*:*:*:*:*:*pkg:maven/org.apache.axis2/axis2-transport-local@1.7.9 0Highest33
log4j-1.2-api-2.12.1.jarcpe:2.3:a:apache:log4j:2.12.1:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.12.1 0Highest34
log4j-slf4j-impl-2.12.1.jarcpe:2.3:a:apache:log4j:2.12.1:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.12.1 0Highest46
log4j-core-2.12.1.jarcpe:2.3:a:apache:log4j:2.12.1:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-core@2.12.1 0Highest52
log4j-jul-2.12.1.jarcpe:2.3:a:apache:log4j:2.12.1:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-jul@2.12.1 0Highest48
javax.xml.soap-api-1.4.0.jarpkg:maven/javax.xml.soap/javax.xml.soap-api@1.4.0 046
juel-spi-2.2.7.jarpkg:maven/de.odysseus.juel/juel-spi@2.2.7 011
derby-10.14.2.0.jarcpe:2.3:a:apache:derby:10.14.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.derby/derby@10.14.2.0 0Low19
geronimo-jaxrpc_1.1_spec-1.1.jarcpe:2.3:a:apache:xml-rpc:1.1:*:*:*:*:*:*:*pkg:maven/org.apache.geronimo.specs/geronimo-jaxrpc_1.1_spec@1.1 0Low22
batik-all-1.8pre-r1084380.jarcpe:2.3:a:apache:batik:1.8pre:*:*:*:*:*:*:*pkg:maven/org.codeartisans.thirdparties.swing/batik-all@1.8pre-r1084380 0Low17
jackson-databind-2.9.9.3.jarcpe:2.3:a:fasterxml:jackson:2.9.9.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.9.9.3:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.9.3HIGH4Highest44
axiom-impl-1.2.21.jarpkg:maven/org.apache.ws.commons.axiom/axiom-impl@1.2.21 033
commons-httpclient-3.1.jarcpe:2.3:a:apache:commons-httpclient:3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:httpclient:3.1:*:*:*:*:*:*:*		pkg:maven/commons-httpclient/commons-httpclient@3.1 0Low21
xmlsec-1.4.3.jarpkg:maven/org.apache.santuario/xmlsec@1.4.3MEDIUM119
avalon-framework-impl-4.2.0.jarpkg:maven/avalon-framework/avalon-framework-impl@4.2.0 022
aspectjweaver-1.5.3.jarpkg:maven/aspectj/aspectjweaver@1.5.3 019
asciidoctorj-pdf-1.5.0-alpha.16.jar: jruby_cache_backend.jar 08
org.eclipse.birt.runtime-4.4.1.jar: SVGActionMenu.js 00
org.eclipse.birt.runtime-4.4.1.jar: ImageActionMenu.js 00
ehcache-core-2.6.2.jar: sizeof-agent.jarpkg:maven/net.sf.ehcache/sizeof-agent@1.0.1 028
jna-5.3.1.jar: jnidispatch.dll 02
jna-5.3.1.jar: jnidispatch.dll 02
asciidoctorj-1.6.2.jar: concurrent_ruby_ext.jar 07
org.eclipse.core.resources-3.9.1.v20140825-1431.jar: resources-ant.jar 08
jruby-complete-9.2.7.0.jar: jffi-1.2.dll 04
jruby-complete-9.2.7.0.jar: jffi-1.2.dll 04
jruby-complete-9.2.7.0.jar: jruby.dll 02
jruby-complete-9.2.7.0.jar: jruby.exe 02
jruby-complete-9.2.7.0.jar: jrubyw.exe 02
jruby-complete-9.2.7.0.jar: jline-2.14.6.jarpkg:maven/jline/jline@2.14.6 018
jruby-complete-9.2.7.0.jar: jopenssl.jar 07
jruby-complete-9.2.7.0.jar: generator.jar 05
jruby-complete-9.2.7.0.jar: parser.jar 05
jruby-complete-9.2.7.0.jar: bcpkix-jdk15on-1.61.jar 035
jruby-complete-9.2.7.0.jar: bcprov-jdk15on-1.61.jarcpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.61.0:*:*:*:*:*:*:* 0Highest36
jruby-complete-9.2.7.0.jar: bctls-jdk15on-1.61.jar 039
jruby-complete-9.2.7.0.jar: snakeyaml-1.23.jarpkg:maven/org.yaml/snakeyaml@1.23 025
jruby-complete-9.2.7.0.jar: psych.jar 07
jruby-complete-9.2.7.0.jar: cparse-jruby.jar 05
jruby-complete-9.2.7.0.jar: darkfish.js 00
jruby-complete-9.2.7.0.jar: jquery.jspkg:javascript/jquery@1.6.4MEDIUM33
jruby-complete-9.2.7.0.jar: search.js 00
jruby-complete-9.2.7.0.jar: navigation.js 00
jruby-complete-9.2.7.0.jar: searcher.js 00
jruby-complete-9.2.7.0.jar: readline.jar 07
jruby-complete-9.2.7.0.jar: jline-2.14.6.jar: jansi.dll 02
jruby-complete-9.2.7.0.jar: jline-2.14.6.jar: jansi.dll 02
jruby-complete-9.2.7.0.jar (shaded: com.github.jnr:jffi:1.2.18)pkg:maven/com.github.jnr/jffi@1.2.18 09
jruby-complete-9.2.7.0.jar (shaded: com.github.jnr:jnr-constants:0.9.12)pkg:maven/com.github.jnr/jnr-constants@0.9.12 09
jruby-complete-9.2.7.0.jar (shaded: com.github.jnr:jnr-enxio:0.19)pkg:maven/com.github.jnr/jnr-enxio@0.19 09
jruby-complete-9.2.7.0.jar (shaded: com.github.jnr:jnr-ffi:2.1.9)pkg:maven/com.github.jnr/jnr-ffi@2.1.9 09
jruby-complete-9.2.7.0.jar (shaded: com.github.jnr:jnr-netdb:1.1.6)pkg:maven/com.github.jnr/jnr-netdb@1.1.6 09
jruby-complete-9.2.7.0.jar (shaded: com.github.jnr:jnr-posix:3.0.49)pkg:maven/com.github.jnr/jnr-posix@3.0.49 07
jruby-complete-9.2.7.0.jar (shaded: com.github.jnr:jnr-unixsocket:0.20)pkg:maven/com.github.jnr/jnr-unixsocket@0.20 09
jruby-complete-9.2.7.0.jar (shaded: com.headius:backport9:1.2)pkg:maven/com.headius/backport9@1.2 05
jruby-complete-9.2.7.0.jar (shaded: com.headius:invokebinder:1.11)pkg:maven/com.headius/invokebinder@1.11 09
jruby-complete-9.2.7.0.jar (shaded: com.headius:options:1.4)pkg:maven/com.headius/options@1.4 09
jruby-complete-9.2.7.0.jar (shaded: com.jcraft:jzlib:1.1.3)cpe:2.3:a:jcraft:jzlib:1.1.3:*:*:*:*:*:*:*pkg:maven/com.jcraft/jzlib@1.1.3 0Highest13
jruby-complete-9.2.7.0.jar (shaded: com.martiansoftware:nailgun-server:0.9.1)pkg:maven/com.martiansoftware/nailgun-server@0.9.1 013
jruby-complete-9.2.7.0.jar (shaded: joda-time:joda-time:2.9.9)pkg:maven/joda-time/joda-time@2.9.9 013
jruby-complete-9.2.7.0.jar (shaded: me.qmx.jitescript:jitescript:0.4.1)pkg:maven/me.qmx.jitescript/jitescript@0.4.1 09
jruby-complete-9.2.7.0.jar (shaded: org.jruby.jcodings:jcodings:1.0.43)pkg:maven/org.jruby.jcodings/jcodings@1.0.43 07
jruby-complete-9.2.7.0.jar (shaded: org.jruby.joni:joni:2.1.26)pkg:maven/org.jruby.joni/joni@2.1.26 07
jruby-complete-9.2.7.0.jar (shaded: org.jruby:jruby-core:9.2.7.0)cpe:2.3:a:jruby:jruby:9.2.7.0:*:*:*:*:*:*:*pkg:maven/org.jruby/jruby-core@9.2.7.0 0Highest11
jruby-complete-9.2.7.0.jar (shaded: org.jruby:jruby-stdlib:9.2.7.0)cpe:2.3:a:jruby:jruby:9.2.7.0:*:*:*:*:*:*:*pkg:maven/org.jruby/jruby-stdlib@9.2.7.0 0Highest11
htrace-core4-4.1.0-incubating.jar (shaded: com.fasterxml.jackson.core:jackson-core:2.4.0)cpe:2.3:a:fasterxml:jackson:2.4.0:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.4.0 0Highest14
htrace-core4-4.1.0-incubating.jar (shaded: com.fasterxml.jackson.core:jackson-databind:2.4.0)cpe:2.3:a:fasterxml:jackson:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.4.0:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.4.0CRITICAL19Highest14
htrace-core4-4.1.0-incubating.jar (shaded: com.fasterxml.jackson.core:jackson-annotations:2.4.0)cpe:2.3:a:fasterxml:jackson:2.4.0:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.4.0 0Highest14
htrace-core4-4.1.0-incubating.jar (shaded: commons-logging:commons-logging:1.1.1)pkg:maven/commons-logging/commons-logging@1.1.1 014
axiom-impl-1.2.21.jar (shaded: org.apache.ws.commons.axiom:om-aspects:1.2.21)pkg:maven/org.apache.ws.commons.axiom/om-aspects@1.2.21 013
axiom-impl-1.2.21.jar (shaded: org.apache.ws.commons.axiom:core-aspects:1.2.21)pkg:maven/org.apache.ws.commons.axiom/core-aspects@1.2.21 013
axiom-impl-1.2.21.jar (shaded: org.apache.ws.commons.axiom:shared-aspects:1.2.21)pkg:maven/org.apache.ws.commons.axiom/shared-aspects@1.2.21 013
axiom-impl-1.2.21.jar (shaded: org.apache.ws.commons.axiom:xml-utils:1.2.21)pkg:maven/org.apache.ws.commons.axiom/xml-utils@1.2.21 011

Dependencies

asciidoctorj-pdf-1.5.0-alpha.16.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.asciidoctor\asciidoctorj-pdf\1.5.0-alpha.16\63c4f64106a00e316f0e9e54182a1c8581eff4b\asciidoctorj-pdf-1.5.0-alpha.16.jar
MD5: b3ed32005de74360e4441916d0216575
SHA1: 063c4f64106a00e316f0e9e54182a1c8581eff4b
SHA256:f247dc045283d84d18f4cb08bad74c51933db5e99b7c80fca38b7c61248776c8
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

asciidoctorj-groovy-dsl-1.6.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.asciidoctor\asciidoctorj-groovy-dsl\1.6.0\b7cedff6545eb60284c3105777615050e304f9f8\asciidoctorj-groovy-dsl-1.6.0.jar
MD5: c8a944aca01222542b10364b9eb3a5ba
SHA1: b7cedff6545eb60284c3105777615050e304f9f8
SHA256:27252c9c4b15546c6c036cee11733510085b6aebd40a436bf1d6dbf1e32e0bb2
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

asciidoctorj-1.6.2.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.asciidoctor\asciidoctorj\1.6.2\899c972f69febedc39dca5108d83b9294ceeeff8\asciidoctorj-1.6.2.jar
MD5: 4dab81e9470273f35b7c2ac1f703579c
SHA1: 899c972f69febedc39dca5108d83b9294ceeeff8
SHA256:1e4f533e0083416ccbddb2a5c4daa00ea51fe1a1d9c52a9838390b7e7dba945b
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

jruby-complete-9.2.7.0.jar

Description:

JRuby 9.2.7.0 OSGi bundle

License:

http://www.gnu.org/licenses/gpl-2.0-standalone.html, http://www.gnu.org/licenses/lgpl-2.1-standalone.html, http://www.eclipse.org/legal/epl-v20.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar
MD5: 923069f2e71a044fc62f478d013adce4
SHA1: 308120bca38f617e7b275af8ce0cbd9f0be66218
SHA256:a43125f921e707eef861713028d79f60d2f4b024ea6af71a992395ee9e697c22
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

asciidoctorj-api-1.6.2.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.asciidoctor\asciidoctorj-api\1.6.2\3af7648a5222cd34fec40ce69711fa7e3821ebe7\asciidoctorj-api-1.6.2.jar
MD5: c63897a8fc41ee9243abd4ea8211dddd
SHA1: 3af7648a5222cd34fec40ce69711fa7e3821ebe7
SHA256:0ba99b17e2e62c17c2623466f59a89e095541ab85195c87cf4a11c693907c9d7
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

jcommander-1.35.jar

Description:

A Java framework to parse command line options with annotations.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.beust\jcommander\1.35\47592e181b0bdbbeb63029e08c5e74f6803c4edd\jcommander-1.35.jar
MD5: 90216444fab67357c5bdf3293b47107e
SHA1: 47592e181b0bdbbeb63029e08c5e74f6803c4edd
SHA256:019c12fec1ce5c02cbabb150f6ac8a86d92a0ecc9c89a549e5537283e863000c
Referenced In Projects/Scopes:
  • ofbiz:asciidoctor
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

groovy-2.4.15.jar

Description:

Groovy Runtime

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codehaus.groovy\groovy\2.4.15\74b7e0b99526c569e3a59cb84dbcc6204d601ee6\groovy-2.4.15.jar
MD5: 820e79e7cf9b9b0e7d49357be03ab8fd
SHA1: 74b7e0b99526c569e3a59cb84dbcc6204d601ee6
SHA256:2205b6649976295bc24a751b1f7b5192e9d28d3815efe39505de8dbbb99ed952
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

xercesImpl-2.9.1.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\apache-xerces\xercesImpl\2.9.1\7bc7e49ddfe4fb5f193ed37ecc96c12292c8ceb6\xercesImpl-2.9.1.jar
MD5: f807f86d7d9db25edbfc782aca7ca2a9
SHA1: 7bc7e49ddfe4fb5f193ed37ecc96c12292c8ceb6
SHA256:6ae540a7c85c814ac64bea48016b3a6f45c95d4765f547fcc0053dc36c94ed5c
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2009-2625 (OSSINDEX)  

> A denial of service flaw was found in the way the JRE processes XML. A remote attacker could use this flaw to supply crafted XML that would lead to a denial of service.
>
> -- [redhat.com](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2625)
null

  • Severity: 0.0

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:apache-xerces:xercesImpl:2.9.1:*:*:*:*:*:*:*

core-3.4.0.jar

Description:

Core barcode encoding/decoding library

License:

"The Apache Software License, Version 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.google.zxing\core\3.4.0\5264296c46634347890ec9250bc65f14b7362bf8\core-3.4.0.jar
MD5: 8542da29497cf33e80d7630e62d58a81
SHA1: 5264296c46634347890ec9250bc65f14b7362bf8
SHA256:65004806a669234c698fbe0755258100375fb01fe93b538455f3903713d4a50d
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

concurrentlinkedhashmap-lru-1.4.2.jar

Description:

    A high performance version of java.util.LinkedHashMap for use as a software cache.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.googlecode.concurrentlinkedhashmap\concurrentlinkedhashmap-lru\1.4.2\2eaf3d3c9746d526ff7e5b93931d482c3887e6ac\concurrentlinkedhashmap-lru-1.4.2.jar
MD5: 5edf6ccb727854204b7cc3405fbc5f01
SHA1: 2eaf3d3c9746d526ff7e5b93931d482c3887e6ac
SHA256:56a95fb5b54c661a7efde073b8792f63a8c317e389102673d8d976c7c8f36945
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

ez-vcard-0.9.10.jar

Description:

A library that reads and writes vCards, supporting all versions of the vCard standard (2.1, 3.0, and 4.0) as well as xCard (XML-encoded vCards), hCard (HTML-encoded vCards), and jCard (JSON-encoded vCards).

License:

FreeBSD License: http://opensource.org/licenses/bsd-license.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.googlecode.ez-vcard\ez-vcard\0.9.10\1997520f849718ec99a92aa67c17e408e5cca32a\ez-vcard-0.9.10.jar
MD5: 0a1ca155833e526131774263e949b13b
SHA1: 1997520f849718ec99a92aa67c17e408e5cca32a
SHA256:f23116bfd56cee3b2c9fb0b0066b5e30589a5a83cb2893e76dfbd45c7f269e1c
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CWE-611: Improper Restriction of XML External Entity Reference ('XXE') (OSSINDEX)  

The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv3:
  • Base Score: MEDIUM (5.4)
  • Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.googlecode.ez-vcard:ez-vcard:0.9.10:*:*:*:*:*:*:*

owasp-java-html-sanitizer-20180219.1.jar

Description:

    Takes third-party HTML and produces HTML that is safe to embed in
    your web application.
    Fast and easy to configure.

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.googlecode.owasp-java-html-sanitizer\owasp-java-html-sanitizer\20180219.1\d712a56cb2fecdb2d6d8d30db409284fdb87e339\owasp-java-html-sanitizer-20180219.1.jar
MD5: 350e4e0b6b0b7da3e63bf83aadff0372
SHA1: d712a56cb2fecdb2d6d8d30db409284fdb87e339
SHA256:88b484a98742d70fd33d4153ba568e2413d467e72793a1e45330053722736b78
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

libphonenumber-8.10.16.jar

Description:

Google's common Java library for parsing, formatting, storing and validating international phone numbers.    Optimized for running on smartphones.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.googlecode.libphonenumber\libphonenumber\8.10.16\4cb2887a2cc51f66240085253a9057c197202a2a\libphonenumber-8.10.16.jar
MD5: 1eab6e5c794015f69cb9656c116daddc
SHA1: 4cb2887a2cc51f66240085253a9057c197202a2a
SHA256:b645f61b285f897ab6cf8a41827c06569726d352a9763fd1cf9def8bebdbb413
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

icu4j-64.2.jar

Description:

International Components for Unicode for Java

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.ibm.icu\icu4j\64.2\1d2b0ed49ba380d0c69c0a912a9909c1dbcc3d7c\icu4j-64.2.jar
MD5: 56a4015e1362c79dee5bd06feabc3116
SHA1: 1d2b0ed49ba380d0c69c0a912a9909c1dbcc3d7c
SHA256:ec5a7d92495a2c0f0a09506aef935cca6a68ce8ac18fbae105381a38288127e3
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

itext-2.1.7.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.lowagie\itext\2.1.7\892bfb3e97074a61123b3b2d7caa2db112750864\itext-2.1.7.jar
MD5: 7587a618197a065eac4a453d173d4ed6
SHA1: 892bfb3e97074a61123b3b2d7caa2db112750864
SHA256:7d82c6b097a31cdf5a6d49a327bf582fdec7304da69308f9f6abf54aa9fd9055
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

javax.mail-1.6.2.jar

Description:

JavaMail API

License:

https://javaee.github.io/javamail/LICENSE
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.sun.mail\javax.mail\1.6.2\935151eb71beff17a2ffac15dd80184a99a0514f\javax.mail-1.6.2.jar
MD5: 0b81d022797740d72d21620781841374
SHA1: 935151eb71beff17a2ffac15dd80184a99a0514f
SHA256:45b515e7104944c09e45b9c7bb1ce5dff640486374852dd2b2e80cc3752dfa11
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

com.springsource.com.sun.syndication-0.9.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.sun.syndication\com.springsource.com.sun.syndication\0.9.0\2c8daab3471d3060d115cdcf4af2a88cb04744c1\com.springsource.com.sun.syndication-0.9.0.jar
MD5: 1c5121f30c06d4ec0d5c68dc5e119929
SHA1: 2c8daab3471d3060d115cdcf4af2a88cb04744c1
SHA256:edfdd15a2ae4bf33299abfdf62cba071b1bbe61a58f34c275e69a74013a742e2
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

xstream-1.4.11.1.jar

Description:

XStream is a serialization library from Java objects to XML and back.

License:

http://x-stream.github.io/license.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.thoughtworks.xstream\xstream\1.4.11.1\6c120c45a8c480bb2fea5b56502e3993ddd74fd2\xstream-1.4.11.1.jar
MD5: 0eb564c0c83b6d4fea7ff1a9cc5bc6bc
SHA1: 6c120c45a8c480bb2fea5b56502e3993ddd74fd2
SHA256:5e59757590948b5a08ec946f6eb69fb25927c465125370b1a7861261dafc6b36
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

solr-core-8.2.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.solr\solr-core\8.2.0\46de90f4e94cd0d4ab07e121c57141c3c019bbf4\solr-core-8.2.0.jar
MD5: f8d231c1b6d0cdc58c9e09a51240b996
SHA1: 46de90f4e94cd0d4ab07e121c57141c3c019bbf4
SHA256:44a46c451bae4ac0dd1405314f4148c005d1701f809f8df323b159260b0c1ffd
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

viewservlets-4.5.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\viewservlets\4.5.0\59c773f6cd138d08b18c47ed2c1581283f573fd\viewservlets-4.5.0.jar
MD5: fca067702a5dcaaa9715924cbd616735
SHA1: 059c773f6cd138d08b18c47ed2c1581283f573fd
SHA256:817b6617aca4a4640030a417c74fcc17521155d0fad4ff2f5a5bda2543ea2a13
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.birt.runtime-4.4.1.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.birt.runtime\4.4.1\d7f5495359184868842e469c1929109a0f69d87a\org.eclipse.birt.runtime-4.4.1.jar
MD5: bf28ed4bebc04a32e84e8982d80fa9fd
SHA1: d7f5495359184868842e469c1929109a0f69d87a
SHA256:689fd772b89bfe22701de9c66c2873bab93763333be48bbdd79088844e909648
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

commons-cli-1.4.jar

Description:

    Apache Commons CLI provides a simple API for presenting, processing and validating a command line interface.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-cli\commons-cli\1.4\c51c00206bb913cd8612b24abd9fa98ae89719b1\commons-cli-1.4.jar
MD5: c966d7e03507c834d5b09b848560174e
SHA1: c51c00206bb913cd8612b24abd9fa98ae89719b1
SHA256:fd3c7c9545a9cdb2051d1f9155c4f76b1e4ac5a57304404a6eedb578ffba7328
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

axis2-kernel-1.7.9.jar

Description:

Core Parts of Axis2. This includes Axis2 engine, Client API, Addressing support, etc.,

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.axis2\axis2-kernel\1.7.9\1547c1ce2606392c18a74ef59ae85e0606e61d0c\axis2-kernel-1.7.9.jar
MD5: 9d2296a21f29e9a824c3911bd3164d08
SHA1: 1547c1ce2606392c18a74ef59ae85e0606e61d0c
SHA256:089ff5073b82b8efa3fd9145eaadb69fcfcdf6f94d86bc660ab301eb7476b700
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

esapi-2.2.0.0.jar

Description:

The Enterprise Security API (ESAPI) project is an OWASP project
        to create simple strong security controls for every web platform.
        Security controls are not simple to build. You can read about the
        hundreds of pitfalls for unwary developers on the OWASP web site. By
        providing developers with a set of strong controls, we aim to
        eliminate some of the complexity of creating secure web applications.
        This can result in significant cost savings across the SDLC.

License:

BSD: http://www.opensource.org/licenses/bsd-license.php
Creative Commons 3.0 BY-SA: http://creativecommons.org/licenses/by-sa/3.0/
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.owasp.esapi\esapi\2.2.0.0\721cbbf80e2bf1cc3d87d4a791e4c7bc827fca95\esapi-2.2.0.0.jar
MD5: f845693f635056a9a0248163d8aa662c
SHA1: 721cbbf80e2bf1cc3d87d4a791e4c7bc827fca95
SHA256:a406cb7883eb049fe1d7a62e26a37f480673d3578b32ac884ac83aab59c6d662
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

commons-fileupload-1.4.jar

Description:

    The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart
    file upload functionality to servlets and web applications.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-fileupload\commons-fileupload\1.4\f95188e3d372e20e7328706c37ef366e5d7859b0\commons-fileupload-1.4.jar
MD5: 0c3b924dcaaa90c3fb93fe04ae96a35e
SHA1: f95188e3d372e20e7328706c37ef366e5d7859b0
SHA256:a4ec02336f49253ea50405698b79232b8c5cbf02cb60df3a674d77a749a1def7
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

commons-net-3.6.jar

Description:

Apache Commons Net library contains a collection of network utilities and protocol implementations.
Supported protocols include: Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Telnet, Whois

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-net\commons-net\3.6\b71de00508dcb078d2b24b5fa7e538636de9b3da\commons-net-3.6.jar
MD5: b46661b01cc7aeec501f1cd3775509f1
SHA1: b71de00508dcb078d2b24b5fa7e538636de9b3da
SHA256:d3b3866c61a47ba3bf040ab98e60c3010d027da0e7a99e1755e407dd47bc2702
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

commons-validator-1.6.jar

Description:

    Apache Commons Validator provides the building blocks for both client side validation and server side data validation.
    It may be used standalone or with a framework like Struts.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-validator\commons-validator\1.6\e989d1e87cdd60575df0765ed5bac65c905d7908\commons-validator-1.6.jar
MD5: 3fd5efd8dcdd601035c123638a897833
SHA1: e989d1e87cdd60575df0765ed5bac65c905d7908
SHA256:bd62795d7068a69cbea333f6dbf9c9c1a6ad7521443fb57202a44874f240ba25
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

juel-impl-2.2.7.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\de.odysseus.juel\juel-impl\2.2.7\97958467acef4c2b230b72354a4eefc66628dd99\juel-impl-2.2.7.jar
MD5: c5d7a62edafb5706b6beadbbcfd8f57d
SHA1: 97958467acef4c2b230b72354a4eefc66628dd99
SHA256:f9fb17a3794a8bee0b59eb7ae50963b40a73d874419c28e8df64acb94820a146
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

javax.el-api-3.0.1-b06.jar

Description:

Expression Language 3.0 API

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.el\javax.el-api\3.0.1-b06\9c4c2400f2d8e35c62d636c13012e1f68c370a00\javax.el-api-3.0.1-b06.jar
MD5: d3f4b29e557c5b2c2a3bff5b19081ff7
SHA1: 9c4c2400f2d8e35c62d636c13012e1f68c370a00
SHA256:0b46b36709ecbb9791ac4ba44d16125b9d65b576112afdaaa286052b6e498bc4
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

javax.servlet-api-4.0.1.jar

Description:

Java(TM) Servlet 4.0 API Design Specification

License:

CDDL + GPLv2 with classpath exception: https://oss.oracle.com/licenses/CDDL+GPL-1.1
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.servlet\javax.servlet-api\4.0.1\a27082684a2ff0bf397666c3943496c44541d1ca\javax.servlet-api-4.0.1.jar
MD5: b80414033bf3397de334b95e892a2f44
SHA1: a27082684a2ff0bf397666c3943496c44541d1ca
SHA256:83a03dd877d3674576f0da7b90755c8524af099ccf0607fc61aa971535ad7c60
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

javax.servlet.jsp-api-2.3.3.jar

Description:

Java.net - The Source for Java Technology Collaboration

License:

CDDL + GPLv2 with classpath exception: ://oss.oracle.com/licenses/CDDL+GPL-1.1
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.servlet.jsp\javax.servlet.jsp-api\2.3.3\81191ab80e342912dc9cea735c30ff4eddc64de3\javax.servlet.jsp-api-2.3.3.jar
MD5: f6676a5961328c41c5e722da5e48d047
SHA1: 81191ab80e342912dc9cea735c30ff4eddc64de3
SHA256:409a534d275ef0958a2c1692472da30e3706bfe6933d56c039376f53f13689b7
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

ical4j-1.0-rc3-atlassian-11.jar

Description:

		A Java library for reading and writing iCalendar (*.ics) files

License:

iCal4j - License: LICENSE
File Path: Z:\Gradle\caches\modules-2\files-2.1\net.fortuna.ical4j\ical4j\1.0-rc3-atlassian-11\cc4aa02f5cc8773876aad173517d20438b1b60ea\ical4j-1.0-rc3-atlassian-11.jar
MD5: 62338bf588ceb0a7404746cd751f5db9
SHA1: cc4aa02f5cc8773876aad173517d20438b1b60ea
SHA256:f7302b15c2830ff642f25d0c458cac9e7ea1135256d17a9dcc3fafee228711f7
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

ant-junit-1.10.6.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ant\ant-junit\1.10.6\719c53bf9a5ef304ad5980a2d795a8da83a9d213\ant-junit-1.10.6.jar
MD5: 5e11a25f5d24416be99096722e707731
SHA1: 719c53bf9a5ef304ad5980a2d795a8da83a9d213
SHA256:f4719bdfdcc686a30ae49adf1bb9101206f221cc34f6ea48e008180a0d7761d6
Referenced In Projects/Scopes:

  • ofbiz:junitReport
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

tika-parsers-1.22.jar

Description:

Apache Tika is a toolkit for detecting and extracting metadata and    structured text content from various documents using existing parser    libraries.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tika\tika-parsers\1.22\b8a823128f6165882ae41de3ded8655609d62d88\tika-parsers-1.22.jar
MD5: 688b25cce3d2ba79d4172309ef5a4e58
SHA1: b8a823128f6165882ae41de3ded8655609d62d88
SHA256:756e77987077cc485763beeac77925001b9b4993e58978be09b8e6c510770aea
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

poi-excelant-4.1.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.poi\poi-excelant\4.1.0\d21424eafcff95be69731c8e36f42ff165d92eee\poi-excelant-4.1.0.jar
MD5: 664c87ab4b7f696fc0c3b0ec3f75f9e4
SHA1: d21424eafcff95be69731c8e36f42ff165d92eee
SHA256:b91c34f54a8eff65936678f0bdc8d9e7ef0a9d6bd589db903c37f19418820336
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

poi-ooxml-4.1.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.poi\poi-ooxml\4.1.0\42d7913de1a6360058e8d14bb7769a33633a639b\poi-ooxml-4.1.0.jar
MD5: fd6f7aa27923816712a39ecb8123a86f
SHA1: 42d7913de1a6360058e8d14bb7769a33633a639b
SHA256:6efc47195a2af7db6331ef94338d2fab8a405dde7df89a164292935d70f91ec9
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

poi-scratchpad-4.1.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.poi\poi-scratchpad\4.1.0\a000ba60895a7aede6ebd5bb7f7d8d1c8f9ac735\poi-scratchpad-4.1.0.jar
MD5: ff9f0033d89142377ae3af7874890f9e
SHA1: a000ba60895a7aede6ebd5bb7f7d8d1c8f9ac735
SHA256:9b88117286be44a69919a44aac44e6166628e69b742ec806269fbd814b2393e8
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

poi-4.1.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.poi\poi\4.1.0\66ea82c8e7cd87e9ae8bceca45daf01328c8d623\poi-4.1.0.jar
MD5: 2d38a6074de57cf93d86e7c5b988c31d
SHA1: 66ea82c8e7cd87e9ae8bceca45daf01328c8d623
SHA256:0d578177f2bde41aa2b68dbac743186208b7a00ccef3c767d5f3271bed2731bf
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

commons-collections4-4.4.jar

Description:

The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.commons\commons-collections4\4.4\62ebe7544cb7164d87e0637a2a6a2bdc981395e8\commons-collections4-4.4.jar
MD5: 4a37023740719b391f10030362c86be6
SHA1: 62ebe7544cb7164d87e0637a2a6a2bdc981395e8
SHA256:1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

commons-csv-1.7.jar

Description:

The Apache Commons CSV library provides a simple interface for reading and writing
CSV files of various types.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.commons\commons-csv\1.7\cb5d05520f8fe1b409aaf29962e47dc5764f8f39\commons-csv-1.7.jar
MD5: 2565c6a73ddefd0ceb9e130063f9e51e
SHA1: cb5d05520f8fe1b409aaf29962e47dc5764f8f39
SHA256:25f5e7914729a3cb9cbb83918b5f1116625cca63ce38a50f0fe596f837b9a524
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

commons-dbcp2-2.7.0.jar

Description:

Apache Commons DBCP software implements Database Connection Pooling

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.commons\commons-dbcp2\2.7.0\ac3c5077659b4b9140e8fa63e855e0437fe94357\commons-dbcp2-2.7.0.jar
MD5: 9390c07a47bf4a0215120d3838df090a
SHA1: ac3c5077659b4b9140e8fa63e855e0437fe94357
SHA256:b32117135876ff484e56e25e359cccf6ca84cce7b28c85a86deb53bc166d1ae0
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

commons-text-1.7.jar

Description:

Apache Commons Text is a library focused on algorithms working on strings.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.commons\commons-text\1.7\4d7d6dc210f80d0bff18645cc534a0c45324d0d6\commons-text-1.7.jar
MD5: b621c9817128bb34db92a04c6137379d
SHA1: 4d7d6dc210f80d0bff18645cc534a0c45324d0d6
SHA256:8434bbfb887e7a0f3dfef92ac84e783f847bc0f0f43b8cc9e026646b137b6065
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

geronimo-transaction-3.1.4.jar

Description:

Apache Geronimo Transaction Manager

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.geronimo.components\geronimo-transaction\3.1.4\7db43d2032d5f38a47a39801903df8c97bd54155\geronimo-transaction-3.1.4.jar
MD5: 006175afd65d98a99b47ce08f972ec91
SHA1: 7db43d2032d5f38a47a39801903df8c97bd54155
SHA256:34e853caade6a6fbc40481bd32836489c3192e4ad6a58b09f11379d592bfacef
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

geronimo-jms_1.1_spec-1.1.1.jar

Description:

Provides open-source implementations of Sun specifications.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.geronimo.specs\geronimo-jms_1.1_spec\1.1.1\c872b46c601d8dc03633288b81269f9e42762cea\geronimo-jms_1.1_spec-1.1.1.jar
MD5: d80ce71285696d36c1add1989b94f084
SHA1: c872b46c601d8dc03633288b81269f9e42762cea
SHA256:18d9ff7b9066aa99cf89843f5055d2fe58b1abe4346ee9df0daf4ac18ca232d7
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

httpclient-cache-4.5.9.jar

Description:

   Apache HttpComponents HttpClient - Cache

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.httpcomponents\httpclient-cache\4.5.9\be2cef53d73dcd7e0cae8bb687ccdbe1ac1d4d37\httpclient-cache-4.5.9.jar
MD5: f3bd9589f72d1dc99f9968262df8d83f
SHA1: be2cef53d73dcd7e0cae8bb687ccdbe1ac1d4d37
SHA256:eda887ce3aae3bc7024afb4876581aeda686250ffc90ac3e96d72319a8a2e7f5
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

log4j-1.2-api-2.11.2.jar

Description:

The Apache Log4j 1.x Compatibility API

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.logging.log4j\log4j-1.2-api\2.11.2\afb9ef0baba766725c3733e6a2626877dba72715\log4j-1.2-api-2.11.2.jar
MD5: 6ee42937b85f15186ce61af06d7fc2a0
SHA1: afb9ef0baba766725c3733e6a2626877dba72715
SHA256:8559a0372f91eba3453b8eb75b9f2242b07408833ecd2ced7680e33f2e9f7737
Referenced In Project/Scope:ofbiz:compileClasspath

Identifiers

log4j-web-2.11.2.jar

Description:

The Apache Log4j support for web servlet containers

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.logging.log4j\log4j-web\2.11.2\d11ebc03fdf773d32143e0f7ea0fc131c21311e7\log4j-web-2.11.2.jar
MD5: 7246a64d13290259978801f0802223df
SHA1: d11ebc03fdf773d32143e0f7ea0fc131c21311e7
SHA256:dbf3e8ca56d77b7bc887c0ee875e7462ecf649dd494ee350af001a54f6d9ed89
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

log4j-core-2.11.2.jar

Description:

The Apache Log4j Implementation

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.logging.log4j\log4j-core\2.11.2\6c2fb3f5b7cd27504726aef1b674b542a0c9cf53\log4j-core-2.11.2.jar
MD5: c8bd8b5c5aaaa07a3dcbf57de01c9266
SHA1: 6c2fb3f5b7cd27504726aef1b674b542a0c9cf53
SHA256:d4748cd5d8d67f513de7634fa202740490d7e0ab546f4bf94e5c4d4a11e3edbc
Referenced In Project/Scope:ofbiz:compileClasspath

Identifiers

log4j-slf4j-impl-2.11.2.jar

Description:

The Apache Log4j SLF4J API binding to Log4j 2 Core

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.logging.log4j\log4j-slf4j-impl\2.11.2\4d44e4edc4a7fb39f09b95b09f560a15976fa1ba\log4j-slf4j-impl-2.11.2.jar
MD5: 362ea49cf465dc99c9dfe4a1b1e54dc8
SHA1: 4d44e4edc4a7fb39f09b95b09f560a15976fa1ba
SHA256:9e14eeb17454821788c5d7b789b2d5b055d51809c0c3761505f6f57ad04a658e
Referenced In Project/Scope:ofbiz:compileClasspath

Identifiers

log4j-api-2.12.1.jar

Description:

The Apache Log4j API

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.logging.log4j\log4j-api\2.12.1\a55e6d987f50a515c9260b0451b4fa217dc539cb\log4j-api-2.12.1.jar
MD5: 4a6f276d4fb426c8d489343c0325bb75
SHA1: a55e6d987f50a515c9260b0451b4fa217dc539cb
SHA256:429534d03bdb728879ab551d469e26f6f7ff4c8a8627f59ac68ab6ef26063515
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

shiro-core-1.4.1.jar

Description:

Apache Shiro is a powerful and flexible open-source security framework that cleanly handles        authentication, authorization, enterprise session management, single sign-on and cryptography services.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-core\1.4.1\4825f3cd3156d197c17edca51061675e4a72260d\shiro-core-1.4.1.jar
MD5: 5d45800f7db4260ff200f4a2f80696cd
SHA1: 4825f3cd3156d197c17edca51061675e4a72260d
SHA256:44b7175173d46d7d3f2a3018d2e725da2ac7003ed373dd75c01bd97844143767
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

sshd-core-1.7.0.jar

Description:

The Apache Software Foundation provides support for the Apache community of open-source software projects.    The Apache projects are characterized by a collaborative, consensus based development process, an open and    pragmatic software license, and a desire to create high quality software that leads the way in its field.    We consider ourselves not simply a group of projects sharing a server, but rather a community of developers    and users.

License:

http://www.apache.org/licenses/LICENSE-2.0
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.sshd\sshd-core\1.7.0\2e8b14f6d841b098e46bf407b6fdccab4c19fa41\sshd-core-1.7.0.jar
MD5: b4c3e672cf85f34c4a87fbedfb669b62
SHA1: 2e8b14f6d841b098e46bf407b6fdccab4c19fa41
SHA256:2b4793548bdf172705686c34615c5397b2258d07dd1492f4de936e09985aa3c7
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

tika-core-1.22.jar

Description:

This is the core Apache Tika™ toolkit library from which all other modules inherit functionality. It also
    includes the core facades for the Tika API.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tika\tika-core\1.22\b193f1f977e64ff77025a4cecd7997cff344c4bc\tika-core-1.22.jar
MD5: 078d3798a32e444b3e3425457402dce3
SHA1: b193f1f977e64ff77025a4cecd7997cff344c4bc
SHA256:81a9e28c9fa9d6b00d1e5d85795403fb773d4c571175487b35b83a8c02599dd7
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

tomcat-catalina-ha-9.0.22.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-catalina-ha\9.0.22\70bc72e8cbb8cde6d5d3ffd3fd941f398ed09426\tomcat-catalina-ha-9.0.22.jar
MD5: 7bdedec8511087c73b1fa4b9170e03ca
SHA1: 70bc72e8cbb8cde6d5d3ffd3fd941f398ed09426
SHA256:1e07402fca6660d622b058e4f03851ef5dc20d9860f763884d7cd86275a57db0
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2016-5425  

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: HIGH (7.2)
  • Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: /AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

tomcat-catalina-9.0.22.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-catalina\9.0.22\f83ebe592ea642c7ce302b04e56bc961087b2144\tomcat-catalina-9.0.22.jar
MD5: ef174e15a9c1611b9d5f162f3eff7f5d
SHA1: f83ebe592ea642c7ce302b04e56bc961087b2144
SHA256:be81a11e6b80f72d39720d963dc39cc68aa60f0c75cbf1c0783b1b6b35b4dd3a
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2016-5425  

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: HIGH (7.2)
  • Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: /AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

tomcat-jasper-9.0.22.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-jasper\9.0.22\55988b9c54c92b82b63845f9c1a18317ee5fc46c\tomcat-jasper-9.0.22.jar
MD5: 2e4d07495ede78aa3a67051404bc7217
SHA1: 55988b9c54c92b82b63845f9c1a18317ee5fc46c
SHA256:4601306fcb7c384d7f8d615be2b2903a70aa344eb0ac040e7aae2952ce5c4458
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2016-5425  

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: HIGH (7.2)
  • Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: /AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

tomcat-tribes-9.0.22.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-tribes\9.0.22\85a55699d00e4638daa753e5b4011beb0245eae1\tomcat-tribes-9.0.22.jar
MD5: 7b44c9a9ecd41a7de8289d4b6456df5a
SHA1: 85a55699d00e4638daa753e5b4011beb0245eae1
SHA256:d8b2398d04c1bec79221bdfcad367eb4e257f324416da40edbd5cd8cf95f87c7
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2016-5425  

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: HIGH (7.2)
  • Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: /AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

fop-2.3.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\fop\2.3\3e29d7693cdda2053db86bdedabb1beccc83f6f\fop-2.3.jar
MD5: 984d0e5221ec59ca0b3ce4262f071566
SHA1: 03e29d7693cdda2053db86bdedabb1beccc83f6f
SHA256:5c040abf3372c6d3643bfa1d0889c52abbbddb6c4689adc5351e696e1cd5bd12
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

xmlrpc-client-3.1.3.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlrpc\xmlrpc-client\3.1.3\e486ad917028b52265610206fb5a1e2b5914b94b\xmlrpc-client-3.1.3.jar
MD5: e304ace736f9812b950f69788bb38a9d
SHA1: e486ad917028b52265610206fb5a1e2b5914b94b
SHA256:0ec351e5475d5b438132ffd7985269ad43f4d22767cd65902437b487b27c57fb
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2016-5002  

XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: HIGH (9.3)
  • Vector: /AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: /AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

xmlrpc-server-3.1.3.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlrpc\xmlrpc-server\3.1.3\e4ddf1852cb162139230ef733223633e362cf301\xmlrpc-server-3.1.3.jar
MD5: e83289e85123bbe87cd162a9f871439a
SHA1: e4ddf1852cb162139230ef733223633e362cf301
SHA256:7e3d4fa3c4bda0b5b4c325f2e680e0c28e9d7919f336c72c4faf1b7d2283272a
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2016-5002  

XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: HIGH (9.3)
  • Vector: /AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: /AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

groovy-all-2.4.16.jar

Description:

Groovy Runtime

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codehaus.groovy\groovy-all\2.4.16\aa30a6479a3f6efc2ba8cd810cc2caf22a613b19\groovy-all-2.4.16.jar
MD5: a2e132662063969b646d1c8bcfa584b9
SHA1: aa30a6479a3f6efc2ba8cd810cc2caf22a613b19
SHA256:42106c60e08eb147c294722b9c26bad26a148636ef244ab8d6092f5a09fa409e
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

freemarker-2.3.29.jar

License:

Apache License, Version 2.0; see: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.freemarker\freemarker\2.3.29\46005eeee02e4458520c85d0bcf5001467b053c3\freemarker-2.3.29.jar
MD5: e7b12d592512f9a0a2712112f67ef4f3
SHA1: 46005eeee02e4458520c85d0bcf5001467b053c3
SHA256:ce9ffbcd065cbce1d5bf295755965167cdbaea4d13039a09e842cea32f0d7655
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

spring-test-5.1.9.RELEASE.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-test\5.1.9.RELEASE\653fa9de816677b3318e7058af54e7ee56866b09\spring-test-5.1.9.RELEASE.jar
MD5: bf3c96b7d46cf2f9bba748256293f63b
SHA1: 653fa9de816677b3318e7058af54e7ee56866b09
SHA256:b19f49554014cec06bd637ecb2e9b6fcf4b06107f7f6a3e79c16232fe063c094
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jackson-databind-java-optional-2.6.1.jar

Description:

Jackson Databind module for serializing and deserializing Java 8 java.util.Option objects.
        This tool is forked from original source created by @realjenius

License:

Apache License, Version 2.0: license.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.zapodot\jackson-databind-java-optional\2.6.1\c323ff3dcd35ec5e059f709bb21172dfd958bb5b\jackson-databind-java-optional-2.6.1.jar
MD5: 06e9eba92ae613c3a8ad6cf11618ecc0
SHA1: c323ff3dcd35ec5e059f709bb21172dfd958bb5b
SHA256:705185576eadf9b7232d9247bb278527cf3a90c4ec9b5474749d011bd0c666db
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

oro-2.0.8.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\oro\oro\2.0.8\5592374f834645c4ae250f4c9fbb314c9369d698\oro-2.0.8.jar
MD5: 42e940d5d2d822f4dc04c65053e630ab
SHA1: 5592374f834645c4ae250f4c9fbb314c9369d698
SHA256:e00ccdad5df7eb43fdee44232ef64602bf63807c2d133a7be83ba09fd49af26e
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

wsdl4j-1.6.3.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\wsdl4j\wsdl4j\1.6.3\6d106a6845a3d3477a1560008479312888e94f2f\wsdl4j-1.6.3.jar
MD5: cfc28d89625c5e88589aec7a9aee0208
SHA1: 6d106a6845a3d3477a1560008479312888e94f2f
SHA256:740f448e6b3bc110e02f4a1e56fb57672e732d2ecaf29ae15835051ae8af4725
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jsoup-1.12.1.jar

Description:

jsoup is a Java library for working with real-world HTML. It provides a very convenient API for extracting and manipulating data, using the best of DOM, CSS, and jquery-like methods. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do.

License:

The MIT License: https://jsoup.org/license
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jsoup\jsoup\1.12.1\55819a28fc834c2f2bcf4dcdb278524dc3cf088f\jsoup-1.12.1.jar
MD5: 79bb9e9e8b50ef80a18bd46426befc5a
SHA1: 55819a28fc834c2f2bcf4dcdb278524dc3cf088f
SHA256:4f961f68e47740dd7576c9685774a7b25b92f1017af24e2f707b30e893abade3
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

java-jwt-3.8.2.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.auth0\java-jwt\3.8.2\4be7685016c80ce43c5a5c5b721f89b031f8e852\java-jwt-3.8.2.jar
MD5: 9aa58673c612fc4e1aea01733c3e2185
SHA1: 4be7685016c80ce43c5a5c5b721f89b031f8e852
SHA256:27c1330e97c30d1912bb22476226318bdda25985693adf6dff55f5d39a449491
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jackson-databind-2.9.9.1.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.fasterxml.jackson.core\jackson-databind\2.9.9.1\211dfab27bdd15a569247fee4690a07a177044f8\jackson-databind-2.9.9.1.jar
MD5: b175a952610f86d7410b624a4768f024
SHA1: 211dfab27bdd15a569247fee4690a07a177044f8
SHA256:68947ff0aac95854f267945129851ea0fb8afdd1a2089505f18c0e094b67fd41
Referenced In Project/Scope:ofbiz:compileClasspath

Identifiers

CVE-2019-14379  

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14439  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
CWE-200 Information Exposure

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14540  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions:

CVE-2019-16335  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions:

CVE-2019-16942  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions:

CVE-2019-16943  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions:

jackson-core-2.9.9.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.fasterxml.jackson.core\jackson-core\2.9.9\bfff5af9fb8347d26bbb7959cb9b4fe9a2b0ca5e\jackson-core-2.9.9.jar
MD5: 838a3bb7e24666059eb08952136f530d
SHA1: bfff5af9fb8347d26bbb7959cb9b4fe9a2b0ca5e
SHA256:3083079be6088db2ed0a0c6ff92204e0aa48fa1de9db5b59c468f35acf882c2c
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

netcdf4-4.5.5.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\edu.ucar\netcdf4\4.5.5\675d63ecc857c50dd50858011b670160aa30b62\netcdf4-4.5.5.jar
MD5: 5f14df469295650fd65748a003c9ba56
SHA1: 0675d63ecc857c50dd50858011b670160aa30b62
SHA256:131e3983dcf001677be069a7471797a4a9ad2c9783e88db56e32506cf1039635
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

grib-4.5.5.jar

Description:

    Decoder for the GRIB format.

File Path: Z:\Gradle\caches\modules-2\files-2.1\edu.ucar\grib\4.5.5\cfe552910e9a8d57ce71134796abb281a74ead16\grib-4.5.5.jar
MD5: 0cb80276d8ea89cacc1d5632dbf39fe9
SHA1: cfe552910e9a8d57ce71134796abb281a74ead16
SHA256:1e0492135f421f554c4651a95225f27f2a3230e993329f69348110f8521c32d9
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

cdm-4.5.5.jar

Description:

    The NetCDF-Java Library is a Java interface to NetCDF files,
    as well as to many other types of scientific data formats.

File Path: Z:\Gradle\caches\modules-2\files-2.1\edu.ucar\cdm\4.5.5\af1748a3d024069cb7fd3fc2591efe806c914589\cdm-4.5.5.jar
MD5: 7770c86aabbd0ec5e12ed1f0600d5492
SHA1: af1748a3d024069cb7fd3fc2591efe806c914589
SHA256:74ea183cda0f7aa06fae2f3cfa8c3c6c64d013ce8cb87bde4a06de6676eacfdb
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

guava-28.0-jre.jar

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, google's collections, io classes, and much
    much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.google.guava\guava\28.0-jre\54fed371b4b8a8cce1e94a9abd9620982d3aa54b\guava-28.0-jre.jar
MD5: 6eb33b6c6d29d7f6cfece0543f13fad3
SHA1: 54fed371b4b8a8cce1e94a9abd9620982d3aa54b
SHA256:73e4d6ae5f0e8f9d292a4db83a2479b5468f83d972ac1ff36d6d0b43943b4f91
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

bcmail-jdk14-138.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\bouncycastle\bcmail-jdk14\138\14ff2dfec8578f5f6838c4d6a77a86789afe5382\bcmail-jdk14-138.jar
MD5: e2c72e958b82b9373c13739c9f14009c
SHA1: 14ff2dfec8578f5f6838c4d6a77a86789afe5382
SHA256:389f405cfa66b26004484733937a22624782a5d86456e0c35e007b60ebc8e359
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

bcprov-jdk14-138.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\bouncycastle\bcprov-jdk14\138\de366c3243a586eb3c0e2bcde1ed9bb1bfb985ff\bcprov-jdk14-138.jar
MD5: 2cb031d0966bfebbdb7c60f799b24dc9
SHA1: de366c3243a586eb3c0e2bcde1ed9bb1bfb985ff
SHA256:d60b88c5d1932de8d98edd5a3ae2d5d5647793de3eb6157015807ee523cd2bee
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2013-1624  

The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
CWE-310 Cryptographic Issues

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2016-1000338  

In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
CWE-347 Improper Verification of Cryptographic Signature

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions:

CVE-2016-1000339  

In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate.
CWE-310 Cryptographic Issues

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2016-1000341  

In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well.
CWE-361 7PK - Time and State

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2016-1000342  

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
CWE-347 Improper Verification of Cryptographic Signature

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions:

CVE-2016-1000343  

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.
CWE-310 Cryptographic Issues

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2016-1000344  

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
CWE-310 Cryptographic Issues

CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.4)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions:

CVE-2016-1000345  

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding.
CWE-361 7PK - Time and State

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2016-1000346  

In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.
CWE-320 Key Management Errors

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: LOW (3.7)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2016-1000352  

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
CWE-310 Cryptographic Issues

CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.4)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions:

CVE-2017-13098  

BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT."
CWE-203 Information Exposure Through Discrepancy

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2018-1000613  

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

CVE-2018-5382  

Bouncy Castle BKS version 1 keystore (BKS-V1) files use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS-V1 keystore. All BKS-V1 keystores are vulnerable. Bouncy Castle release 1.47 introduces BKS version 2, which uses a 160-bit MAC.
CWE-354 Improper Validation of Integrity Check Value

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

cas-server-core-3.3.5.jar

Description:

CAS core

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jasig.cas\cas-server-core\3.3.5\c47163c27b1a7617af14182c168d2b5b54cdd66\cas-server-core-3.3.5.jar
MD5: 14e8ad0fdfb00b8213bfdd2c36304e59
SHA1: 0c47163c27b1a7617af14182c168d2b5b54cdd66
SHA256:46785adf127cab380e20c343edad61d45cc6cc3b263e595e6b332062b10e940d
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

person-directory-impl-1.5.0-RC5.jar

Description:

Provides implementations of the Person Directory API that have the capability of aggregating attributes from multiple data sources into a single view.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jasig.service\person-directory-impl\1.5.0-RC5\512831d6195409f9de30bcd06e1a3ce31fc4304f\person-directory-impl-1.5.0-RC5.jar
MD5: 05082275b6865cad22812017040483e2
SHA1: 512831d6195409f9de30bcd06e1a3ce31fc4304f
SHA256:8cfb5246d37d46df3148d037d012f3685a38d3b8493de628bc526bae9369707a
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jaxb-impl-2.1.9.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.sun.xml.bind\jaxb-impl\2.1.9\9c137963871ba7296643806b01083e4cf1703769\jaxb-impl-2.1.9.jar
MD5: 8f7f2e5ceca330ebfeea5db52a891f8f
SHA1: 9c137963871ba7296643806b01083e4cf1703769
SHA256:4d94e8529c5700166889458c15500a38778d12e2c9799adbc5bf856a9268a18f
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jaxb-api-2.1.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.xml.bind\jaxb-api\2.1\b2dfeed54ac106bcd714ba59c1f52ef9167d56e\jaxb-api-2.1.jar
MD5: 63f750861245626b7338e2d2e6a33068
SHA1: 0b2dfeed54ac106bcd714ba59c1f52ef9167d56e
SHA256:c462ed6d75c17aea65f9311b66d2d12b1f99ca85a18907ed7f64860286e190d7
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

activation-1.1.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.activation\activation\1.1\e6cb541461c2834bdea3eb920f1884d1eb508b50\activation-1.1.jar
MD5: 8ae38e87cd4f86059c0294a8fe3e0b18
SHA1: e6cb541461c2834bdea3eb920f1884d1eb508b50
SHA256:2881c79c9d6ef01c58e62beea13e9d1ac8b8baa16f2fc198ad6e6776defdcdd3
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

com.springsource.org.jdom-1.0.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jdom\com.springsource.org.jdom\1.0.0\32e7389479349a9d30cab805d83486b1e865aeaa\com.springsource.org.jdom-1.0.0.jar
MD5: 9741e6528d37b38ac5c953f3d1892aa4
SHA1: 32e7389479349a9d30cab805d83486b1e865aeaa
SHA256:51db1b80da451a83d46bbfbe06f34856dff07ef83bcc5899d8d91a56a0fa99fc
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

xmlpull-1.1.3.1.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\xmlpull\xmlpull\1.1.3.1\2b8e230d2ab644e4ecaa94db7cdedbc40c805dfa\xmlpull-1.1.3.1.jar
MD5: cc57dacc720eca721a50e78934b822d2
SHA1: 2b8e230d2ab644e4ecaa94db7cdedbc40c805dfa
SHA256:34e08ee62116071cbb69c0ed70d15a7a5b208d62798c59f2120bb8929324cb63
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

xpp3_min-1.1.4c.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\xpp3\xpp3_min\1.1.4c\19d4e90b43059058f6e056f794f0ea4030d60b86\xpp3_min-1.1.4c.jar
MD5: dcd95bcb84b09897b2b66d4684c040da
SHA1: 19d4e90b43059058f6e056f794f0ea4030d60b86
SHA256:bfc90e9e32d0eab1f397fb974b5f150a815188382ac41f372a7149d5bc178008
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

batik-transcoder-1.10.jar

Description:

Batik SVG transcoder

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-transcoder\1.10\66d3c8025f50c77834ff4bb09055278fe95070fa\batik-transcoder-1.10.jar
MD5: 0527845d35b32093869e539c7e108d8a
SHA1: 66d3c8025f50c77834ff4bb09055278fe95070fa
SHA256:f9fc3012576133ecbd73cb79dce463fc8daf5796b49a09d9edf89ed34c90e3ac
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

batik-extension-1.10.jar

Description:

Batik Extension Support

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-extension\1.10\cda753abfb5d8bd4315c7b6f30f1c948a945ccac\batik-extension-1.10.jar
MD5: 5b75a861b61db14ef5ae975a69ffd31e
SHA1: cda753abfb5d8bd4315c7b6f30f1c948a945ccac
SHA256:2fc0a592d78be6f88789932292a978bfb7c42bf6826b38a16c264ab66e688304
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

batik-bridge-1.10.jar

Description:

Batik bridge

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-bridge\1.10\53cdf9504d1eefe0ee3bcf616a882d5a2b93ffd4\batik-bridge-1.10.jar
MD5: e73ac3a9cd9e27c4b7713a6bde291bb3
SHA1: 53cdf9504d1eefe0ee3bcf616a882d5a2b93ffd4
SHA256:6728c53e575c90a246ad5eae4a77e87c60fc8816a9c0b16b69d15626be9c4548
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

batik-script-1.10.jar

Description:

Batik script language support

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-script\1.10\76c0790c695c9cec110163aef89f1de05c5d0a96\batik-script-1.10.jar
MD5: b233a1927e4c872f636bc107223c6e96
SHA1: 76c0790c695c9cec110163aef89f1de05c5d0a96
SHA256:2cb7e7570f6ca415214670d14fb3991f5c79b3aa631232ff277fd4cffde2a180
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

batik-anim-1.10.jar

Description:

Batik animation engine

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-anim\1.10\e301c476768a53a33ec473b265fbdceb45dce464\batik-anim-1.10.jar
MD5: 4e1e080715ca199ea280e5ed0d4450ff
SHA1: e301c476768a53a33ec473b265fbdceb45dce464
SHA256:bf45e218ffe1fe559c977f77f098340df226c27d1cc694fc48f3d81aa56a2ac6
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

batik-svg-dom-1.10.jar

Description:

Batik SVG DOM implementation

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-svg-dom\1.10\98b083931c3a9d3fa4b544ea927940689899eb5e\batik-svg-dom-1.10.jar
MD5: 03930ef294f3e6604b994564665c9019
SHA1: 98b083931c3a9d3fa4b544ea927940689899eb5e
SHA256:482df89aa9f57e7f34eed6c7bc2019647a21753bdc17d02fd1c16d7251f53168
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

batik-gvt-1.10.jar

Description:

Batik Graphics Vector Tree (GVT)

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-gvt\1.10\7091974abb3f57141f29aa94d2fbf8a06d22f837\batik-gvt-1.10.jar
MD5: 1ea6ba911349a3fe461d8e888d7a4752
SHA1: 7091974abb3f57141f29aa94d2fbf8a06d22f837
SHA256:08ee7b5caf6c854343098247af9a993b8368f406d4ead22ae108243a41812e90
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

batik-parser-1.10.jar

Description:

Batik SVG microsyntax parser

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-parser\1.10\afe740ee774eb7f94a3f9ae056724dff0d84d7e1\batik-parser-1.10.jar
MD5: ef565da75fa4c932b919703eedce158b
SHA1: afe740ee774eb7f94a3f9ae056724dff0d84d7e1
SHA256:323d8bc4e31d046518f6eb480ba51ce96fbf3c087f4872500b0897dcebad181a
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

batik-svggen-1.10.jar

Description:

Batik Java2D SVG generator

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-svggen\1.10\1657ee1418304ade24a213e028d89a18e9dec13b\batik-svggen-1.10.jar
MD5: 39f07ca240269d1d5b17deafda99d73e
SHA1: 1657ee1418304ade24a213e028d89a18e9dec13b
SHA256:a51d3a8528991df805b469f144a60f29c855860ed7773831cc12c504d06fe6b7
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

batik-awt-util-1.10.jar

Description:

Batik AWT utilities

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-awt-util\1.10\32712076ffee3eb533bc32f45f5c4b3f25b82749\batik-awt-util-1.10.jar
MD5: d52d59dc75f782a062544579ab58786b
SHA1: 32712076ffee3eb533bc32f45f5c4b3f25b82749
SHA256:ca50d95a2445dfe6a5d7e15d9bc4877b2cf78df5431c54fe18b633f65858e9e4
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

antisamy-1.5.8.jar

Description:

A library for performing fast, configurable cleansing of HTML coming from untrusted sources.

License:

BSD 3: https://opensource.org/licenses/BSD-3-Clause
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.owasp.antisamy\antisamy\1.5.8\e2cc141122896835c097a183f2e4c04df16639bf\antisamy-1.5.8.jar
MD5: 75b366516b0450f9b015142f1cb13f7f
SHA1: e2cc141122896835c097a183f2e4c04df16639bf
SHA256:733bc9bea954e13ab46e9b702eb8c0a7320529cc5c6bb553f3688f7152d159cf
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

batik-dom-1.10.jar

Description:

Batik DOM implementation

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-dom\1.10\5f94e491f3b4653c834201dcb36fa7b2169a4af9\batik-dom-1.10.jar
MD5: ba6e3d7f3048f61077804ab6122de819
SHA1: 5f94e491f3b4653c834201dcb36fa7b2169a4af9
SHA256:f6740942a0744b5624b8ddace3c3d3d26b629288b925e1653f6a419eebdd40eb
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

batik-css-1.11.jar

Description:

Batik CSS engine

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-css\1.11\7b71fba5df4992ba6ead8176fc1c87bdfdf92d59\batik-css-1.11.jar
MD5: 9356c37d1878ff2825a9462ea95640f0
SHA1: 7b71fba5df4992ba6ead8176fc1c87bdfdf92d59
SHA256:094f62b03eba53e418809578f0f8460d210e626248fda040f28ddc3df310a16e
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

xmlgraphics-commons-2.3.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\xmlgraphics-commons\2.3\f0b77d80c4d8f02538512b4d505af0cf5286eb7f\xmlgraphics-commons-2.3.jar
MD5: 3edc187a769f9ff50e53f095bccb20cd
SHA1: f0b77d80c4d8f02538512b4d505af0cf5286eb7f
SHA256:1fb91bac2795f7a768a7665f40cde996023a489ecc43e5ee67ad40fbaa79e194
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

commons-io-2.6.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-io\commons-io\2.6\815893df5f31da2ece4040fe0a12fd44b577afaf\commons-io-2.6.jar
MD5: 467c2a1f64319c99b5faf03fc78572af
SHA1: 815893df5f31da2ece4040fe0a12fd44b577afaf
SHA256:f877d304660ac2a142f3865badfc971dec7ed73c747c7f8d5d2f5139ca736513
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

shiro-config-ogdl-1.4.1.jar

Description:

Support for Shiro's Object Graph Definition Language (mostly used in Ini configuration) where
        declared name/value pairs are interpreted to create an object graph

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-config-ogdl\1.4.1\c097cd47e0fc9d50a3a4507d2f49155c78c01fea\shiro-config-ogdl-1.4.1.jar
MD5: 15ce318a27b2c600355d46b613726049
SHA1: c097cd47e0fc9d50a3a4507d2f49155c78c01fea
SHA256:24f5a85342b7104869b67dc5aa0c69d7cbc4297a005cc3d1808a38f1ffdf83c7
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

commons-beanutils-1.9.3.jar

Description:

Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-beanutils\commons-beanutils\1.9.3\c845703de334ddc6b4b3cd26835458cb1cba1f3d\commons-beanutils-1.9.3.jar
MD5: 4a105c9d029a7edc6f2b16567d37eab6
SHA1: c845703de334ddc6b4b3cd26835458cb1cba1f3d
SHA256:c058e39c7c64203d3a448f3adb588cb03d6378ed808485618f26e137f29dae73
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2019-10086  

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.3)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References:

Vulnerable Software & Versions:

commons-digester-1.8.1.jar

Description:

    The Digester package lets you configure an XML to Java object mapping module
    which triggers certain actions called rules whenever a particular
    pattern of nested XML elements is recognized.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-digester\commons-digester\1.8.1\3dec9b9c7ea9342d4dbe8c38560080d85b44a015\commons-digester-1.8.1.jar
MD5: 5002ecf033f5a79e398155823badb36a
SHA1: 3dec9b9c7ea9342d4dbe8c38560080d85b44a015
SHA256:b97b72b4201137262215dca60ceb84e6b664bf7fe428a4d62729de0239cafdb6
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

axiom-api-1.2.21.jar

Description:

The Axiom API

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ws.commons.axiom\axiom-api\1.2.21\412c30149292a0a4e0fdd323418b2ba653996b61\axiom-api-1.2.21.jar
MD5: 5bb0099bf785f2e8e8e15deda66a8c35
SHA1: 412c30149292a0a4e0fdd323418b2ba653996b61
SHA256:97f1945d9aefbaf478791e507aa93836483c328da9e12ebc5a664269e39c68de
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

woden-core-1.0M10.jar

Description:

The Woden project is a subproject of the Apache Web Services Project to      develop a Java class library for reading, manipulating, creating and writing WSDL documents,      initially to support WSDL 2.0 but with the longer term aim of supporting past, present and      future versions of WSDL.      There are two main deliverables: an API and an implementation. The Woden API consists of      a set of Java interfaces. The WSDL 2.0-specific portion of the Woden API conforms to the      W3C WSDL 2.0 specification. The implementation will be a high performance implementation      directly usable in other Apache projects such as Axis2.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.woden\woden-core\1.0M10\ffed89bc39eb7fce6b74765b3417c6844d8003a2\woden-core-1.0M10.jar
MD5: 7b04937efc02bbc6cb0b73afb5d48b78
SHA1: ffed89bc39eb7fce6b74765b3417c6844d8003a2
SHA256:71ab01b4a4557e18c9c354546283bff1099121d62e64088961b368b290e17309
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

httpservices-4.5.5.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\edu.ucar\httpservices\4.5.5\ee5f217be599e5e03f7f0e55e03f9e721a154f62\httpservices-4.5.5.jar
MD5: c5207827b8b7e6045b2af7e1e8c5b1d4
SHA1: ee5f217be599e5e03f7f0e55e03f9e721a154f62
SHA256:8334da7adc9ed7a7b941a780f4d22054f8a11d03973be83ae8399400d55300e4
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

httpmime-4.5.9.jar

Description:

   Apache HttpComponents HttpClient - MIME coded entities

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.httpcomponents\httpmime\4.5.9\c5302bb51f3316b96c0111254ce26994358fb1cc\httpmime-4.5.9.jar
MD5: e1786a53def7a4e6925a38e95d65d34b
SHA1: c5302bb51f3316b96c0111254ce26994358fb1cc
SHA256:0683c8fa6ed4528dadd5fe57621629fc246113c6fa7dcfb2288aa8eac235e615
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

httpclient-4.5.9.jar

Description:

   Apache HttpComponents Client

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.httpcomponents\httpclient\4.5.9\a25c1be5ce99d0ce99aa43eb982868c796dd0775\httpclient-4.5.9.jar
MD5: 62fce5f1f44f9df4a68d9a390b8982eb
SHA1: a25c1be5ce99d0ce99aa43eb982868c796dd0775
SHA256:6c7e3bb423d8c5574f28157fe42b4c38d6a3477bfa2954cfe5f330b14ecad8a9
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

pdfbox-2.0.16.jar

Description:

        The Apache PDFBox library is an open source Java tool for working with PDF documents.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.pdfbox\pdfbox\2.0.16\5dce5e41fc472d02800df5ef060a1f3a58c36902\pdfbox-2.0.16.jar
MD5: 0f1782f92a3c66df7d821ab251f2cb89
SHA1: 5dce5e41fc472d02800df5ef060a1f3a58c36902
SHA256:f53d8e869042296703f6753a6dc48e4823d45b7fc1e9c30bf7d20907f0180068
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

fontbox-2.0.16.jar

Description:

    The Apache FontBox library is an open source Java tool to obtain low level information
    from font files. FontBox is a subproject of Apache PDFBox.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.pdfbox\fontbox\2.0.16\3f7819279a0b90a01b07a870d1d27dffd8de24db\fontbox-2.0.16.jar
MD5: 08bfafc724b3ac2682a8cac0dccedc5d
SHA1: 3f7819279a0b90a01b07a870d1d27dffd8de24db
SHA256:a0934197824808d612d494cac653256f2877665607cd63313ceecefb15479f9c
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

commons-discovery-0.5.jar

Description:

The Apache Commons Discovery component is about discovering, or finding,
  implementations for pluggable interfaces.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-discovery\commons-discovery\0.5\3a8ac816bbe02d2f88523ef22cbf2c4abd71d6a8\commons-discovery-0.5.jar
MD5: b35120680c3a22cec7a037fce196cd97
SHA1: 3a8ac816bbe02d2f88523ef22cbf2c4abd71d6a8
SHA256:e5b7d58ae62e5b309d5c0ffa5a5b1d9d1e0f0c4c3cc18d1fe3103fd29f90149d
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

spring-orm-2.5.6.SEC01.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-orm\2.5.6.SEC01\255bd5a5d6d456792bb928e1cced60755f1fe513\spring-orm-2.5.6.SEC01.jar
MD5: cfb974095eb2430ba94a1137a4ee2313
SHA1: 255bd5a5d6d456792bb928e1cced60755f1fe513
SHA256:18c2eac4402261972374219f5ba53cfb42b43421079b348232adcef758f1282a
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2011-2730  

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection." Per update to Hyperlink Record 1199655 (http://support.springsource.com/security/cve-2011-2730), the score has been adjusted based on remote code execution Per update to http://support.springsource.com/security/cve-2011-2730
CWE-16 Configuration

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2013-4152  

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2013-7315  

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152.  NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0054  

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
CWE-352 Cross-Site Request Forgery (CSRF)

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2016-9878  

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1270  

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
CWE-358 Improperly Implemented Security Check for Standard

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1271  

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1272  

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (6.0)
  • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

spring-jdbc-2.5.6.SEC01.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-jdbc\2.5.6.SEC01\74f28b32f9678dd3093643a268af767ddfcc337d\spring-jdbc-2.5.6.SEC01.jar
MD5: c07e1949e888106ff976e0d8f3d2d594
SHA1: 74f28b32f9678dd3093643a268af767ddfcc337d
SHA256:aab6f4fab48ed2396c3222d59c60071a6f692c7a7e9a52f14cf513bd28771892
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2011-2730  

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection." Per update to Hyperlink Record 1199655 (http://support.springsource.com/security/cve-2011-2730), the score has been adjusted based on remote code execution Per update to http://support.springsource.com/security/cve-2011-2730
CWE-16 Configuration

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2013-4152  

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2013-7315  

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152.  NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0054  

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
CWE-352 Cross-Site Request Forgery (CSRF)

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2016-9878  

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1270  

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
CWE-358 Improperly Implemented Security Check for Standard

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1271  

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1272  

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (6.0)
  • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

spring-webmvc-2.5.6.SEC01.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-webmvc\2.5.6.SEC01\1a48edcf8dcfc76882c821931eb0529db9af5d9b\spring-webmvc-2.5.6.SEC01.jar
MD5: 843c40ce4f66dc53e6fa635aff914933
SHA1: 1a48edcf8dcfc76882c821931eb0529db9af5d9b
SHA256:a432fa403f568e02e39effd52f2fe1672155a1c2c6273535d80aeee61ddd9a11
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2011-2730  

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection." Per update to Hyperlink Record 1199655 (http://support.springsource.com/security/cve-2011-2730), the score has been adjusted based on remote code execution Per update to http://support.springsource.com/security/cve-2011-2730
CWE-16 Configuration

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2013-4152  

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2013-7315  

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152.  NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0054  

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
CWE-352 Cross-Site Request Forgery (CSRF)

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2016-9878  

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1270  

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
CWE-358 Improperly Implemented Security Check for Standard

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1271  

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1272  

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (6.0)
  • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

hibernate-annotations-3.3.1.GA.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.hibernate\hibernate-annotations\3.3.1.GA\2083b277c76037253189d17e68ba86d2da478440\hibernate-annotations-3.3.1.GA.jar
MD5: ac93aaf6dad9f72e1ca73eb4069b4cd0
SHA1: 2083b277c76037253189d17e68ba86d2da478440
SHA256:a86d21e642ad4f6859699e2056e49f3eec78ce09a77d87c643a494c90c61f713
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

inspektr-core-0.7.0.jar

Description:

Inspektr Core

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.inspektr\inspektr-core\0.7.0\1d6851b0970de19593e8cdcbf7e593ca5c2db324\inspektr-core-0.7.0.jar
MD5: 36528ac75d74ab43a13aad6055146d60
SHA1: 1d6851b0970de19593e8cdcbf7e593ca5c2db324
SHA256:2aa58bdf8949753f60b2a51dc9f30ef141d8bf2c4404fab40edfc906cf244dce
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

spring-webflow-1.0.6.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-webflow\1.0.6\73a9cef54005fe7c23947f13300eb0e0bf0f265a\spring-webflow-1.0.6.jar
MD5: 29723d7337b93020528ced714cf7a364
SHA1: 73a9cef54005fe7c23947f13300eb0e0bf0f265a
SHA256:d30ed61fccbb4a61dbb91e695cc46812b03db7104649d1b7b75b37773ec6b1e1
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

spring-tx-2.5.6.SEC01.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-tx\2.5.6.SEC01\4af6ff118eb394f804fe3a96f3e3f323a5de5ff6\spring-tx-2.5.6.SEC01.jar
MD5: d3823f3cc0feeb18a6e89a1ff833a08e
SHA1: 4af6ff118eb394f804fe3a96f3e3f323a5de5ff6
SHA256:3875b9353060e08ba320f94c82c0c824a7787e70f1893b100e86c4ab92841868
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2011-2730  

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection." Per update to Hyperlink Record 1199655 (http://support.springsource.com/security/cve-2011-2730), the score has been adjusted based on remote code execution Per update to http://support.springsource.com/security/cve-2011-2730
CWE-16 Configuration

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2013-4152  

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2013-7315  

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152.  NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0054  

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
CWE-352 Cross-Site Request Forgery (CSRF)

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2016-9878  

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1270  

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
CWE-358 Improperly Implemented Security Check for Standard

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1271  

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1272  

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (6.0)
  • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

spring-context-support-2.5.6.SEC01.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-context-support\2.5.6.SEC01\3a88bce8e22a274f116d4fb3dcc936d088fff014\spring-context-support-2.5.6.SEC01.jar
MD5: e3f6c6bd31d9bca3d9c73693ce37f55c
SHA1: 3a88bce8e22a274f116d4fb3dcc936d088fff014
SHA256:c7ab81faca9c5616459b0c434764661bdd35d3174a2833ca2998f09b2f0e02d0
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2011-2730  

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection." Per update to Hyperlink Record 1199655 (http://support.springsource.com/security/cve-2011-2730), the score has been adjusted based on remote code execution Per update to http://support.springsource.com/security/cve-2011-2730
CWE-16 Configuration

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2013-4152  

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2013-7315  

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152.  NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0054  

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
CWE-352 Cross-Site Request Forgery (CSRF)

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2016-9878  

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1270  

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
CWE-358 Improperly Implemented Security Check for Standard

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1271  

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1272  

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (6.0)
  • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

spring-web-2.5.6.SEC01.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-web\2.5.6.SEC01\6a5711a5a29cf25603892c2bace8bbe3bf062834\spring-web-2.5.6.SEC01.jar
MD5: 042b8195b45e7a61c017e8304b3c6dd1
SHA1: 6a5711a5a29cf25603892c2bace8bbe3bf062834
SHA256:fce36d4af9e602159211b6c5e8d2c00b715ed944b2fcf37efb56c4ec1dd38111
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2011-2730  

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection." Per update to Hyperlink Record 1199655 (http://support.springsource.com/security/cve-2011-2730), the score has been adjusted based on remote code execution Per update to http://support.springsource.com/security/cve-2011-2730
CWE-16 Configuration

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2013-4152  

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2013-7315  

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152.  NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0054  

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
CWE-352 Cross-Site Request Forgery (CSRF)

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2016-9878  

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1270  

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
CWE-358 Improperly Implemented Security Check for Standard

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1271  

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1272  

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (6.0)
  • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

spring-context-2.5.6.SEC01.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-context\2.5.6.SEC01\30ab3c56aa2ca6d9e4a194a36ac0679df2fd108\spring-context-2.5.6.SEC01.jar
MD5: fc87e3ecd8faa9306fe3657955e35315
SHA1: 030ab3c56aa2ca6d9e4a194a36ac0679df2fd108
SHA256:49d73a6767ea472e35dbb7e2ad9384dc82ac50f7030cb83adcd3a7ae51a77b24
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2011-2730  

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection." Per update to Hyperlink Record 1199655 (http://support.springsource.com/security/cve-2011-2730), the score has been adjusted based on remote code execution Per update to http://support.springsource.com/security/cve-2011-2730
CWE-16 Configuration

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2013-4152  

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2013-7315  

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152.  NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0054  

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
CWE-352 Cross-Site Request Forgery (CSRF)

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2016-9878  

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1270  

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
CWE-358 Improperly Implemented Security Check for Standard

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1271  

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1272  

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (6.0)
  • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

spring-beans-2.5.6.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-beans\2.5.6\449ea46b27426eb846611a90b2fb8b4dcf271191\spring-beans-2.5.6.jar
MD5: 25c0752852205167af8f31a1eb019975
SHA1: 449ea46b27426eb846611a90b2fb8b4dcf271191
SHA256:d33246bb33527685d04f23536ebf91b06ad7fa8b371fcbeb12f01523eb610104
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2010-1622  

SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file. The previous CVSS assessment 5.1 (AV:N/AC:M/Au:N/C:P/I:P/A:P) was provided at the time of initial analysis based on the best available published information at that time.  The score has be updated to reflect the impact to Oracle products per <a href=http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html> Oracle Critical Patch Update Advisory - October 2015 </a>. Other products listed as vulnerable may or may not be similarly impacted.
CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv2:
  • Base Score: MEDIUM (6.0)
  • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2011-2730  

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection." Per update to Hyperlink Record 1199655 (http://support.springsource.com/security/cve-2011-2730), the score has been adjusted based on remote code execution Per update to http://support.springsource.com/security/cve-2011-2730
CWE-16 Configuration

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2013-4152  

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2013-7315  

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152.  NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0054  

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
CWE-352 Cross-Site Request Forgery (CSRF)

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2016-9878  

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1270  

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
CWE-358 Improperly Implemented Security Check for Standard

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1271  

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1272  

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (6.0)
  • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

hibernate-3.2.6.ga.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.hibernate\hibernate\3.2.6.ga\dd982c3d5c28c956aa4fa9112258cb3013606ddd\hibernate-3.2.6.ga.jar
MD5: 5fc853b674c28384719ad7f846ea4dce
SHA1: dd982c3d5c28c956aa4fa9112258cb3013606ddd
SHA256:d916b78300296b55262e2efc7ca7561b27f26af9a95d71e238732bdd4da8e587
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

hibernate-commons-annotations-3.0.0.ga.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.hibernate\hibernate-commons-annotations\3.0.0.ga\c8f53732fe3b75935f0550bdc3ba92bc9345360f\hibernate-commons-annotations-3.0.0.ga.jar
MD5: 1ccefbe43fedffc16835ceb1a777d199
SHA1: c8f53732fe3b75935f0550bdc3ba92bc9345360f
SHA256:32c186f34a3e0f8bbf3e8c78124bc3b03d1fbd623c4baadb495254aa172e8044
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

spring-binding-1.0.6.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-binding\1.0.6\c2789e5215ed30d4d9e06873097c8bab8ae97109\spring-binding-1.0.6.jar
MD5: a8bca088c4e5ef2a395b5d784c6aa180
SHA1: c2789e5215ed30d4d9e06873097c8bab8ae97109
SHA256:2768d1a3bce3dee79909f8b028fc65ff97e72b272ac719896499f0be5f94cfeb
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

ehcache-1.2.3.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\net.sf.ehcache\ehcache\1.2.3\461752b4e3d73a5815737df243782ac70112b489\ehcache-1.2.3.jar
MD5: e26a78a6249bb308dc13c2c5a7980567
SHA1: 461752b4e3d73a5815737df243782ac70112b489
SHA256:d234073597b1468147f321fb097f6c4b975316a40f9d646ba2d084b366318c2f
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

commons-logging-1.2.jar

Description:

Apache Commons Logging is a thin adapter allowing configurable bridging to other,
    well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-logging\commons-logging\1.2\4bfc12adfe4842bf07b657f0369c4cb522955686\commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256:daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

commons-collections-3.2.2.jar

Description:

Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-collections\commons-collections\3.2.2\8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5\commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256:eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

backport-util-concurrent-3.1.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\backport-util-concurrent\backport-util-concurrent\3.1\682f7ac17fed79e92f8e87d8455192b63376347b\backport-util-concurrent-3.1.jar
MD5: 748bb0cbf4780b2e3121dc9c12e10cd9
SHA1: 682f7ac17fed79e92f8e87d8455192b63376347b
SHA256:f5759b7fcdfc83a525a036deedcbd32e5b536b625ebc282426f16ca137eb5902
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

cxf-rt-rs-client-3.3.2.jar

Description:

Apache CXF JAX-RS Client

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.cxf\cxf-rt-rs-client\3.3.2\f42c65c811406f2b1257fdf58ed7245dd5fc149d\cxf-rt-rs-client-3.3.2.jar
MD5: de8765ee600ba00ec7e3f935407d6ee2
SHA1: f42c65c811406f2b1257fdf58ed7245dd5fc149d
SHA256:1a994d33e592ff540073fb5705fcad9805426902f58eaaa70875a7eefdbaad91
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

cxf-rt-frontend-jaxrs-3.3.2.jar

Description:

Apache CXF Runtime JAX-RS Frontend

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.cxf\cxf-rt-frontend-jaxrs\3.3.2\1c1af3bb2336ecc8fa40e32ffd267e57f9897a5c\cxf-rt-frontend-jaxrs-3.3.2.jar
MD5: 5436018ee6d06362a07af60b532645e2
SHA1: 1c1af3bb2336ecc8fa40e32ffd267e57f9897a5c
SHA256:a1697ed8a8e2d78da9e903636f12949d9352ec4b6df837984ffa47c2d640cec7
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

cxf-rt-transports-http-3.3.2.jar

Description:

Apache CXF Runtime HTTP Transport

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.cxf\cxf-rt-transports-http\3.3.2\f1e5689e63f764c28981904e1facea5b2b6dc694\cxf-rt-transports-http-3.3.2.jar
MD5: c34973e602b59a698f53405ee795185a
SHA1: f1e5689e63f764c28981904e1facea5b2b6dc694
SHA256:4da589f0b048824ae1e9ef955cc51865a9ff935d0a4797d9005ca223fdcff81b
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

cxf-rt-security-3.3.2.jar

Description:

Apache CXF Runtime Security functionality

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.cxf\cxf-rt-security\3.3.2\ad866a793fc373b6bbcc563fe79da58bb184c731\cxf-rt-security-3.3.2.jar
MD5: a5e811f0fc0fcb5e99ec334d4d1e9714
SHA1: ad866a793fc373b6bbcc563fe79da58bb184c731
SHA256:b7aea08231e757ef338462d581e654c635dafa474d3189238746f2e94d868513
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

cxf-core-3.3.2.jar

Description:

Apache CXF Core

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.cxf\cxf-core\3.3.2\791ab517f6d4716a103ea7562ba014f4b256fec0\cxf-core-3.3.2.jar
MD5: 468696dd72102a7d063c72924945fcb8
SHA1: 791ab517f6d4716a103ea7562ba014f4b256fec0
SHA256:9f1ba13fe5316f403039c6108267514fe5d514835006e96cec36e90a6cc0df7d
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jaxb-xjc-2.3.2.jar

Description:

        JAXB Binding Compiler. Contains source code needed for binding customization files into java sources.
        In other words: the *tool* to generate java classes for the given xml representation.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.glassfish.jaxb\jaxb-xjc\2.3.2\9cfd86529359747d07251c017d4e46254faa2c2b\jaxb-xjc-2.3.2.jar
MD5: 1c78df3990145ef0acfeb83c1d2ae567
SHA1: 9cfd86529359747d07251c017d4e46254faa2c2b
SHA256:b68ad7eeb5c0b514114897c37ff7efb8885419d03fd6e8e5fae2d4ce76f51d89
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

istack-commons-tools-3.0.8.jar

Description:

istack common utility code

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.sun.istack\istack-commons-tools\3.0.8\a9bb4e2d83d50623bb2dd26cde8d7dd88e6b7104\istack-commons-tools-3.0.8.jar
MD5: 920af7b9915c9724948517228e727a11
SHA1: a9bb4e2d83d50623bb2dd26cde8d7dd88e6b7104
SHA256:3b0e0a85924ebb91303175f2a2183c7f9246fa00342be95205397e73434008ec
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

ant-1.10.6.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ant\ant\1.10.6\67d0e4aa9696c463c91178c3bd2928e1c3088bd6\ant-1.10.6.jar
MD5: eb128d42d3caec7b13460916beb7117c
SHA1: 67d0e4aa9696c463c91178c3bd2928e1c3088bd6
SHA256:6c5cbd88c10bb7ad624e5637a0375b010f4067f6497cd8fce70b5a5f10d3b41a
Referenced In Projects/Scopes:

  • ofbiz:junitReport
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

xmlrpc-common-3.1.3.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlrpc\xmlrpc-common\3.1.3\415daf1f1473a947452588906dc9f5b3575fb44d\xmlrpc-common-3.1.3.jar
MD5: 22f90fb4f397b588b43a8b306167f371
SHA1: 415daf1f1473a947452588906dc9f5b3575fb44d
SHA256:c372d20a757d8dd69f4ff1f7e7cda18fea8ccabc4c524168cedcc85fe209697f
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2016-5002  

XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: HIGH (9.3)
  • Vector: /AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: /AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

ws-commons-util-1.0.2.jar

Description:

      This is a small collection of utility classes, that allow high performance XML
      processing based on SAX. Basically, it is assumed, that you are using an JAXP
      1.1 compliant XML parser and nothing else. In particular, no dependency on the
      javax.xml.transform package is introduced.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ws.commons.util\ws-commons-util\1.0.2\3f478e6def772c19d1053f61198fa1f6a6119238\ws-commons-util-1.0.2.jar
MD5: e0d2efe441e2dec803c7749c10725f61
SHA1: 3f478e6def772c19d1053f61198fa1f6a6119238
SHA256:97c183d35b596c6a010dfea967ca1e67f67696806535dcef5be17ffb2692cfd6
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

junit-4.12.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\junit\junit\4.12\2973d150c0dc1fefe998f834810d68f278ea58ec\junit-4.12.jar
MD5: 5b38c40c97fbd0adee29f91e60405584
SHA1: 2973d150c0dc1fefe998f834810d68f278ea58ec
SHA256:59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a
Referenced In Projects/Scopes:

  • ofbiz:junitReport
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

geronimo-ws-metadata_2.0_spec-1.1.2.jar

Description:

Provides open-source implementations of Sun specifications.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.geronimo.specs\geronimo-ws-metadata_2.0_spec\1.1.2\7be9f049b4f0f0cf045675be5a0ff709d57cbc6a\geronimo-ws-metadata_2.0_spec-1.1.2.jar
MD5: 3d0fbbca45e8877dee74e83bc83317d5
SHA1: 7be9f049b4f0f0cf045675be5a0ff709d57cbc6a
SHA256:94820ccdb04c7c64290938f16cc577cdd8ded6a4d12ed2fbfd03318feff97579
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

geronimo-jta_1.1_spec-1.1.1.jar

Description:

Provides open-source implementations of Sun specifications.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.geronimo.specs\geronimo-jta_1.1_spec\1.1.1\aabab3165b8ea936b9360abbf448459c0d04a5a4\geronimo-jta_1.1_spec-1.1.1.jar
MD5: 4aa8d50456bcec0bf6f032ceb182ad64
SHA1: aabab3165b8ea936b9360abbf448459c0d04a5a4
SHA256:3a0c3c1bbc2efe8383969574922791959670ef547d6c897496915617025c3023
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

servlet-api-2.4.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.servlet\servlet-api\2.4\3fc542fe8bb8164e8d3e840fe7403bc0518053c0\servlet-api-2.4.jar
MD5: f6cf3fde0b992589ed3d87fa9674015f
SHA1: 3fc542fe8bb8164e8d3e840fe7403bc0518053c0
SHA256:243f8b5577f59bffdd30fd15cc25fc13004a6b08773a61cc32e48726c3633b7c
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

xmlschema-core-2.2.4.jar

Description:

Commons XMLSchema is a light weight schema object model that can be used to manipulate or
        generate XML schema.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ws.xmlschema\xmlschema-core\2.2.4\cbbd6a372e1302a584177ca7729d0e0e4b3fbca6\xmlschema-core-2.2.4.jar
MD5: 70875c756e4cadee689b24fc77bb0371
SHA1: cbbd6a372e1302a584177ca7729d0e0e4b3fbca6
SHA256:3dbd360b5ffe6171ab2f4d6863e90ac4bb989cc326baceedee65b7e4ef1234af
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

neethi-3.0.3.jar

Description:

Apache Neethi provides general framework for the programmers to use WS Policy. It is compliant with latest WS Policy specification which was published in March 2006. This framework is specifically written to enable the Apache Web services stack to use WS Policy as a way of expressing it's requirements and capabilities.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.neethi\neethi\3.0.3\ee37a38bbf9f355ee88ba554a85c9220b75ba500\neethi-3.0.3.jar
MD5: 8a81813a03e2899ccd31f0e92f6cc691
SHA1: ee37a38bbf9f355ee88ba554a85c9220b75ba500
SHA256:f45144260c7baee820bd9315c0c11a772ae4412cd0fd309cc149d7dd549ca03f
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jsr311-api-1.1.1.jar

License:

                CDDL License
            : http://www.opensource.org/licenses/cddl1.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.ws.rs\jsr311-api\1.1.1\59033da2a1afd56af1ac576750a8d0b1830d59e6\jsr311-api-1.1.1.jar
MD5: c9803468299ec255c047a280ddec510f
SHA1: 59033da2a1afd56af1ac576750a8d0b1830d59e6
SHA256:ab1534b73b5fa055808e6598a5e73b599ccda28c3159c3c0908977809422ee4a
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

commons-pool2-2.7.0.jar

Description:

The Apache Commons Object Pooling Library.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.commons\commons-pool2\2.7.0\7f9ccfaaf76b0ba8b4200480971a170364a9c361\commons-pool2-2.7.0.jar
MD5: f4c036f0baf058b3320b35c0b04a7a29
SHA1: 7f9ccfaaf76b0ba8b4200480971a170364a9c361
SHA256:6b54c675c7387e157d28c7098873f2e772c223c7a35bc9b13717367c9753a1e4
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

commons-lang3-3.9.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.commons\commons-lang3\3.9\122c7cee69b53ed4a7681c03d4ee4c0e2765da5\commons-lang3-3.9.jar
MD5: fa752c3cb5474b05e14bf2ed7e242020
SHA1: 0122c7cee69b53ed4a7681c03d4ee4c0e2765da5
SHA256:de2e1dcdcf3ef917a8ce858661a06726a9a944f28e33ad7f9e08bea44dc3c230
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

geronimo-j2ee-connector_1.6_spec-1.0.jar

Description:

Java 2 Connector Architecture API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.geronimo.specs\geronimo-j2ee-connector_1.6_spec\1.0\a1a1cb635415af603ffba27987ffcd3422fb7801\geronimo-j2ee-connector_1.6_spec-1.0.jar
MD5: f4add9eb4ff4b8c4d7591852e6d04e5f
SHA1: a1a1cb635415af603ffba27987ffcd3422fb7801
SHA256:633ab94004fb3085e6fa1ad742a0ea704f6c564af7a327d5ddd3fe0ba056b275
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

commons-codec-1.12.jar

Description:

     The Apache Commons Codec package contains simple encoder and decoders for
     various formats such as Base64 and Hexadecimal.  In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-codec\commons-codec\1.12\47a28ef1ed31eb182b44e15d49300dee5fadcf6a\commons-codec-1.12.jar
MD5: 9bd59ca0beb26bb00e49b7fdbf1a12c3
SHA1: 47a28ef1ed31eb182b44e15d49300dee5fadcf6a
SHA256:23df58fae9c83d1bcd277b99f9429e9d8c134f0600b73e2e86b2385ed793c81e
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

commons-math3-3.6.1.jar

Description:

The Apache Commons Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.commons\commons-math3\3.6.1\e4ba98f1d4b3c80ec46392f25e094a6a2e58fcbf\commons-math3-3.6.1.jar
MD5: 5b730d97e4e6368069de1983937c508e
SHA1: e4ba98f1d4b3c80ec46392f25e094a6a2e58fcbf
SHA256:1e56d7b058d28b65abd256b8458e3885b674c1d588fa43cd7d1cbb9c7ef2b308
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

shiro-cache-1.4.1.jar

Description:

Apache Shiro is a powerful and flexible open-source security framework that cleanly handles        authentication, authorization, enterprise session management, single sign-on and cryptography services.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-cache\1.4.1\a93c6de86c911dddbf05ab54fcab73ae525b4592\shiro-cache-1.4.1.jar
MD5: 02ee5da02f918e115c6cec651d92cf46
SHA1: a93c6de86c911dddbf05ab54fcab73ae525b4592
SHA256:2f88b00b15f73b29daa497e9af41d9e907c72e77c86d17dfd5eccbd683402bc1
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

shiro-crypto-hash-1.4.1.jar

Description:

Apache Shiro is a powerful and flexible open-source security framework that cleanly handles        authentication, authorization, enterprise session management, single sign-on and cryptography services.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-crypto-hash\1.4.1\8cf0d831999b586a9ee8a64a28cb674646c409c7\shiro-crypto-hash-1.4.1.jar
MD5: a194882eabbb7466d3a3ac9cc5123e2b
SHA1: 8cf0d831999b586a9ee8a64a28cb674646c409c7
SHA256:72f2cf7a77c07c669f8fcbe7dc38fb53b560ff69348abd933a98f6ef494f00f0
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

shiro-crypto-cipher-1.4.1.jar

Description:

Apache Shiro is a powerful and flexible open-source security framework that cleanly handles        authentication, authorization, enterprise session management, single sign-on and cryptography services.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-crypto-cipher\1.4.1\518da6768f9565c592e230291e9e7ea2485b1c35\shiro-crypto-cipher-1.4.1.jar
MD5: c0dab40ed5d59ddb7a06e528f53bd453
SHA1: 518da6768f9565c592e230291e9e7ea2485b1c35
SHA256:d8334a2430e3cab4a782c2b93ffdeec9212ade8cbde515e7f44d39521ee4870a
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

shiro-config-core-1.4.1.jar

Description:

Apache Shiro is a powerful and flexible open-source security framework that cleanly handles        authentication, authorization, enterprise session management, single sign-on and cryptography services.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-config-core\1.4.1\ad768337fd1516c2bd379bc9f27d5f7922960c5\shiro-config-core-1.4.1.jar
MD5: 655e68d534b479f65fc0b238de44f8eb
SHA1: 0ad768337fd1516c2bd379bc9f27d5f7922960c5
SHA256:dd48ae6f67b7e706cf33751b42191b2372e1b8e3a772d3aacbf4d6aed67cdb64
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

shiro-event-1.4.1.jar

Description:

Apache Shiro is a powerful and flexible open-source security framework that cleanly handles        authentication, authorization, enterprise session management, single sign-on and cryptography services.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-event\1.4.1\a6e9b78b3c0d6381db941bc1446a8b0ae5a6edd\shiro-event-1.4.1.jar
MD5: c6d7cb35e8bc73e63a35fd9ddb30a70d
SHA1: 0a6e9b78b3c0d6381db941bc1446a8b0ae5a6edd
SHA256:aeac87e07546cb6db58a285270f43e1187e8740150994c01cb84f3ffc731627e
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

shiro-crypto-core-1.4.1.jar

Description:

Apache Shiro is a powerful and flexible open-source security framework that cleanly handles        authentication, authorization, enterprise session management, single sign-on and cryptography services.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-crypto-core\1.4.1\3e3110cec2a4bf262c965b3c635757882110f594\shiro-crypto-core-1.4.1.jar
MD5: 5db66724cc3c9d81f2c5271ddc9d5f6d
SHA1: 3e3110cec2a4bf262c965b3c635757882110f594
SHA256:12911735850bf20e7ec4701275f697329d8acdccdafe76ec577d922e3f0380b4
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

shiro-lang-1.4.1.jar

Description:

        The lang module encapsulates only language-specific utilities that are used by various
        other modules.  It exists to augment what we would have liked to see in the JDK but does not exist.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-lang\1.4.1\bc711ec9fd41d8c1b967aa41385522e9bef2fa8b\shiro-lang-1.4.1.jar
MD5: 535510fb8d4d0843d3a0319d289cdfcd
SHA1: bc711ec9fd41d8c1b967aa41385522e9bef2fa8b
SHA256:26d14029f699e6b902726d68b7d3f37d66887d453cf75f84e299e61e99b322b8
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jmatio-1.5.jar

Description:

Matlab's MAT-file I/O API in JAVA. Supports Matlab 5 MAT-flie format reading and writing. Written in pure JAVA.

License:

BSD: http://www.linfo.org/bsdlicense.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.tallison\jmatio\1.5\517d932cc87a3b564f3f7a07ac347b725b619ab4\jmatio-1.5.jar
MD5: 6eccf45b3a4bb3dd0518afcf37b8ed35
SHA1: 517d932cc87a3b564f3f7a07ac347b725b619ab4
SHA256:70db8cf9a1818072f290fd464f14a8369c9c58993e6640128a6e8a6379d67ac7
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

parso-2.0.11.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.epam\parso\2.0.11\3cd3dde9ace470e102bb344e05467ce308108a8e\parso-2.0.11.jar
MD5: 5600fb69b3bb3ca4c0270941fa80bf10
SHA1: 3cd3dde9ace470e102bb344e05467ce308108a8e
SHA256:c3042420664fccf8634f77d99bd75e1d2ec03af985e1bf9f1c7a9f4cc79c8fe8
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

rome-1.12.1.jar

Description:

All Roads Lead to ROME. ROME is a set of Atom/RSS Java utilities that make it
        easy to work in Java with most syndication formats. Today it accepts all flavors of RSS
        (0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0), Atom 0.3 and Atom 1.0 feeds. Rome includes
        a set of parsers and generators for the various flavors of feeds, as well as converters
        to convert from one format to another. The parsers can give you back Java objects that
        are either specific for the format you want to work with, or a generic normalized
        SyndFeed object that lets you work on with the data without bothering about the
        underlying format.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.rometools\rome\1.12.1\e9038b34b001007b2a1f3823c532f3524222075f\rome-1.12.1.jar
MD5: ff2b10fb031f44513e5c291817aca032
SHA1: e9038b34b001007b2a1f3823c532f3524222075f
SHA256:13414d70a6c185e1374588321861c6e9eb7928eee502d032094ef3ca0fd921ae
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jul-to-slf4j-1.7.26.jar

Description:

JUL to SLF4J bridge

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.slf4j\jul-to-slf4j\1.7.26\8031352b2bb0a49e67818bf04c027aa92e645d5c\jul-to-slf4j-1.7.26.jar
MD5: 2bb060120bc3feda3d964bf5be845fbf
SHA1: 8031352b2bb0a49e67818bf04c027aa92e645d5c
SHA256:0f3b6dfbfb261e3e2b71ea88574452f36c46fec016063439eb8f60083291918e
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jcl-over-slf4j-1.7.26.jar

Description:

JCL 1.2 implemented over SLF4J

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.slf4j\jcl-over-slf4j\1.7.26\33fbc2d93de829fa5e263c5ce97f5eab8f57d53e\jcl-over-slf4j-1.7.26.jar
MD5: 06ceba253db8a4d836921324015c9ca5
SHA1: 33fbc2d93de829fa5e263c5ce97f5eab8f57d53e
SHA256:2800417ecc5c927cce2b8a2cd22f0933e4006023c4e4fb255985a27746f5573c
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

rome-utils-1.12.1.jar

Description:

Utility classes for ROME projects

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.rometools\rome-utils\1.12.1\e14b9757402f0971fabe245f8a3ee7c889151f26\rome-utils-1.12.1.jar
MD5: 6772713213cee7862e5e9ac1a8c0b79c
SHA1: e14b9757402f0971fabe245f8a3ee7c889151f26
SHA256:d65ce5f0926ee80e1ed19b176428846098000fc4db09360a1b4dd3a1a36ed477
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

quartz-2.2.0.jar

Description:

Enterprise Job Scheduler

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
Apache Software License, Version 2.0
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.quartz-scheduler\quartz\2.2.0\2eb16fce055d5f3c9d65420f6fc4efd3a079a3d8\quartz-2.2.0.jar
MD5: 56d748f33fa07cb50c86eb72f53141b5
SHA1: 2eb16fce055d5f3c9d65420f6fc4efd3a079a3d8
SHA256:ad9fbd38399b2c5c5931b9a9161ca07ec5ba916b22f4292bd9791259c5c1f1d6
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

ehcache-core-2.6.2.jar

Description:

This is the ehcache core module. Pair it with other modules for added functionality.

License:

The Apache Software License, Version 2.0: src/assemble/EHCACHE-CORE-LICENSE.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\net.sf.ehcache\ehcache-core\2.6.2\3baecd92015a9f8fe4cf51c8b5d3a5bddcdd3e86\ehcache-core-2.6.2.jar
MD5: b6abecd2c01070700a9001b33b94b3f4
SHA1: 3baecd92015a9f8fe4cf51c8b5d3a5bddcdd3e86
SHA256:df61f1a1724aa674d922dce21965b907df8f77e730679ae1abe92679390a2fd6
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

slf4j-api-1.7.26.jar

Description:

The slf4j API

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.slf4j\slf4j-api\1.7.26\77100a62c2e6f04b53977b9f541044d7d722693d\slf4j-api-1.7.26.jar
MD5: 60ec8751be37d54a2aa1b6178f87b968
SHA1: 77100a62c2e6f04b53977b9f541044d7d722693d
SHA256:6d9e5b86cfd1dd44c676899285b5bb4fa0d371cf583e8164f9c8a0366553242b
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jaxb-runtime-2.3.2.jar

Description:

JAXB (JSR 222) Reference Implementation

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.glassfish.jaxb\jaxb-runtime\2.3.2\5528bc882ea499a09d720b42af11785c4fc6be2a\jaxb-runtime-2.3.2.jar
MD5: 9c3bf13a58e56c1b955bf5a365ca10b2
SHA1: 5528bc882ea499a09d720b42af11785c4fc6be2a
SHA256:e6e0a1e89fb6ff786279e6a0082d5cef52dc2ebe67053d041800737652b4fd1b
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jakarta.activation-1.2.1.jar

Description:

JavaBeans Activation Framework

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.sun.activation\jakarta.activation\1.2.1\8013606426a73d8ba6b568370877251e91a38b89\jakarta.activation-1.2.1.jar
MD5: dc519b1f09bbaf9274ea5da358a00110
SHA1: 8013606426a73d8ba6b568370877251e91a38b89
SHA256:d84d4ba8b55cdb7fdcbb885e6939386367433f56f5ab8cfdc302a7c3587fa92b
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

xercesImpl-2.12.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\xerces\xercesImpl\2.12.0\f02c844149fd306601f20e0b34853a670bef7fa2\xercesImpl-2.12.0.jar
MD5: b89632b53c4939a2982bcb52806f6dec
SHA1: f02c844149fd306601f20e0b34853a670bef7fa2
SHA256:b50d3a4ca502faa4d1c838acb8aa9480446953421f7327e338c5dda3da5e76d0
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

javax.annotation-api-1.3.2.jar

Description:

Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.annotation/blob/master/LICENSE
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.annotation\javax.annotation-api\1.3.2\934c04d3cfef185a8008e7bf34331b79730a9d43\javax.annotation-api-1.3.2.jar
MD5: 2ab1973eefffaa2aeec47d50b9e40b9d
SHA1: 934c04d3cfef185a8008e7bf34331b79730a9d43
SHA256:e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

vorbis-java-tika-0.8.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.gagravarr\vorbis-java-tika\0.8\4ddbb27ac5884a0f0398a63d46a89d3bc87dc457\vorbis-java-tika-0.8.jar
MD5: 85c7b34d5f94e66bf0c79f5d673db750
SHA1: 4ddbb27ac5884a0f0398a63d46a89d3bc87dc457
SHA256:a1b62281a99aec10dc69db1d2f8250952dca5841eedf1167b6b6f9585e2d0d26
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

apache-mime4j-dom-0.8.3.jar

Description:

Java MIME Document Object Model

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.james\apache-mime4j-dom\0.8.3\e80733714eb6a70895bfc74a9528c658504c2c83\apache-mime4j-dom-0.8.3.jar
MD5: 13a1a7be7b85c9b03f6cba68e72d83c2
SHA1: e80733714eb6a70895bfc74a9528c658504c2c83
SHA256:b7f85517887b268d94fd16b13267d9e37a151440eff8acefab3a29ef30977435
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

apache-mime4j-core-0.8.3.jar

Description:

Java stream based MIME message parser

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.james\apache-mime4j-core\0.8.3\1179b56c9919c1a8e20d3a528ee4c6cee19bcbe0\apache-mime4j-core-0.8.3.jar
MD5: dc03793d8d9e208f4a21a36b78f922f0
SHA1: 1179b56c9919c1a8e20d3a528ee4c6cee19bcbe0
SHA256:910002bd8d2fc413220386cd656a33b32f0007850dd53c2c0f30f90801eba6c6
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

commons-compress-1.18.jar

Description:

Apache Commons Compress software defines an API for working with
compression and archive formats.  These include: bzip2, gzip, pack200,
lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.commons\commons-compress\1.18\1191f9f2bc0c47a8cce69193feb1ff0a8bcb37d5\commons-compress-1.18.jar
MD5: bcbecfff4bdb0d3d0cdead3d995da2ef
SHA1: 1191f9f2bc0c47a8cce69193feb1ff0a8bcb37d5
SHA256:5f2df1e467825e4cac5996d44890c4201c000b43c0b23cffc0782d28a0beb9b0
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2019-12402  

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
CWE-399 Resource Management Errors

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

xz-1.8.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.tukaani\xz\1.8\c4f7d054303948eb6a4066194253886c8af07128\xz-1.8.jar
MD5: 5f982127e0de85b785c4b2abad21aa2e
SHA1: c4f7d054303948eb6a4066194253886c8af07128
SHA256:8c7964b36fe3f0cbe644b04fcbff84e491ce81917db2f5bfa0cba8e9548aff5d
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

dec-0.1.2.jar

Description:

Brotli is a generic-purpose lossless compression algorithm.

License:

http://www.opensource.org/licenses/mit-license.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.brotli\dec\0.1.2\c26a897ae0d524809eef1c786cc6183b4ddcc3b\dec-0.1.2.jar
MD5: 4b1cd14cf29733941cc536b27e6aedfa
SHA1: 0c26a897ae0d524809eef1c786cc6183b4ddcc3b
SHA256:615c0c3efef990d77831104475fba6a1f7971388691d4bad1471ad84101f6d52
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

pdfbox-tools-2.0.16.jar

Description:

    The Apache PDFBox library is an open source Java tool for working with PDF documents.
    This artefact contains commandline tools using Apache PDFBox.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.pdfbox\pdfbox-tools\2.0.16\ef25df47cf8e3776db0ca1007616573e2061295b\pdfbox-tools-2.0.16.jar
MD5: ade022f4ede7f37ff82d182c5b9bfaaa
SHA1: ef25df47cf8e3776db0ca1007616573e2061295b
SHA256:ab192bd897c94e3759603ca1de8d7e82b03552a824b0c02a22af3bc3b83476c8
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jempbox-1.8.16.jar

Description:

    The Apache JempBox library is an open source Java tool that implements Adobe's XMP(TM)
    specification. JempBox is a subproject of Apache PDFBox.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.pdfbox\jempbox\1.8.16\1f41de81768ef84ca2d8cda4cb79e9272c8ee966\jempbox-1.8.16.jar
MD5: 1cb997cdd8302c7e19131c81ba0b7ee2
SHA1: 1f41de81768ef84ca2d8cda4cb79e9272c8ee966
SHA256:ebef7cca5a5a77768e686972b4a89f0ffce7b46907fd96ac3d4f6ce2fa038055
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

bcmail-jdk15on-1.62.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.bouncycastle\bcmail-jdk15on\1.62\311ff1738f5134fd860ef1f9b7558111195b3bfb\bcmail-jdk15on-1.62.jar
MD5: 1a3cb3f7257b890111a4c8cdbbd90a96
SHA1: 311ff1738f5134fd860ef1f9b7558111195b3bfb
SHA256:c3dbe0d9c15a965ed6a5081d32a13e680fc3b7d970945515b1943f5779cf2760
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

bcpkix-jdk15on-1.62.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.bouncycastle\bcpkix-jdk15on\1.62\3d2e8f5827257331cfe82487f5bab392994e6e32\bcpkix-jdk15on-1.62.jar
MD5: c488e97d0a455ef687b1b8d46795554f
SHA1: 3d2e8f5827257331cfe82487f5bab392994e6e32
SHA256:a3f033b5d761974e865ead3473656bb2e1a4049e3ef4eb0742225b1e1f4032db
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

bcprov-jdk15on-1.62.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.bouncycastle\bcprov-jdk15on\1.62\633b6739ef8f07f2e71f8eebd1c6f25b17a4ec7d\bcprov-jdk15on-1.62.jar
MD5: 01b1a8cff910fdb9328cef5c437ff2f9
SHA1: 633b6739ef8f07f2e71f8eebd1c6f25b17a4ec7d
SHA256:2fa0ab71b154da29ac134097bc6bbacd90987dd4c4005516159e6494d1d52ea2
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jackcess-3.0.1.jar

Description:

A pure Java library for reading from and writing to MS Access databases.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.healthmarketscience.jackcess\jackcess\3.0.1\e753ed760d06a0b6849c02d3d4c603ae6c8e05c8\jackcess-3.0.1.jar
MD5: e787e04bfd785b16d366021373309617
SHA1: e753ed760d06a0b6849c02d3d4c603ae6c8e05c8
SHA256:743bfe830de83f2a64b0ff23337c18f1412c3caf35f98c5f6668f65c109993d7
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jackcess-encrypt-3.0.0.jar

Description:

An add-on to the Jackcess library for handling encryption in MS Access files.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.healthmarketscience.jackcess\jackcess-encrypt\3.0.0\24ee9302d731e7c66e828049bb055ca710e29f03\jackcess-encrypt-3.0.0.jar
MD5: 4e12f5c0713e5e1b38b74f8946d17c27
SHA1: 24ee9302d731e7c66e828049bb055ca710e29f03
SHA256:d624d55b3090ab733192041a758727b94a3136031660ab794998f3bd72b4c213
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

tagsoup-1.2.1.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.ccil.cowan.tagsoup\tagsoup\1.2.1\5584627487e984c03456266d3f8802eb85a9ce97\tagsoup-1.2.1.jar
MD5: ae73a52cdcbec10cd61d9ef22fab5936
SHA1: 5584627487e984c03456266d3f8802eb85a9ce97
SHA256:ac97f7b4b1d8e9337edfa0e34044f8d0efe7223f6ad8f3a85d54cc1018ea2e04
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

asm-7.2-beta.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.ow2.asm\asm\7.2-beta\42e26c6613fc9cb3002b55897802ab605c92dc44\asm-7.2-beta.jar
MD5: 11be68755323a89d5d9cf33ee306416a
SHA1: 42e26c6613fc9cb3002b55897802ab605c92dc44
SHA256:00acf26a20b0c032b3d19ea0fbc079d6694b56de46e018ecf90e68cb7dd5caa2
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

isoparser-1.1.22.jar

Description:

A generic parser and writer for all ISO 14496 based files (MP4, Quicktime, DCF, PDCF, ...)

License:

Apache Software License - Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.googlecode.mp4parser\isoparser\1.1.22\70b5c26b52c120d2e94643717a764c4a67640fd6\isoparser-1.1.22.jar
MD5: b6cb35cf16232e5850de5900f753ed91
SHA1: 70b5c26b52c120d2e94643717a764c4a67640fd6
SHA256:f37f0a997dcc494409b60aeb48cef319348503f84efcd1edcb0fcfb81148fc2d
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

metadata-extractor-2.11.0.jar

Description:

Java library for extracting EXIF, IPTC, XMP, ICC and other metadata from image files.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.drewnoakes\metadata-extractor\2.11.0\5f11883f6d06a16ca5fb8a9edf7c6c1237a92da0\metadata-extractor-2.11.0.jar
MD5: e95f394e786c0c7f22e61bff2e54ff8d
SHA1: 5f11883f6d06a16ca5fb8a9edf7c6c1237a92da0
SHA256:f5ec56c6b01afbfd7019e2da73bdec5d22c60d620c0e8043e6a85adb554d0df7
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

boilerpipe-1.1.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\de.l3s.boilerpipe\boilerpipe\1.1.0\f62cb75ed52455a9e68d1d05b84c500673340eb2\boilerpipe-1.1.0.jar
MD5: 0616568083786d0f49e2cb07a5d09fe4
SHA1: f62cb75ed52455a9e68d1d05b84c500673340eb2
SHA256:088203df4326c4dcc42cec1253a2b41e03dc8904984eae744543b48e2cc63846
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

vorbis-java-core-0.8.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.gagravarr\vorbis-java-core\0.8\7e9937c2575cda2e3fc116415117c74f23e43fa6\vorbis-java-core-0.8.jar
MD5: 71b623b57f56daf112bddb3337ee896d
SHA1: 7e9937c2575cda2e3fc116415117c74f23e43fa6
SHA256:879bb0c8923fea686609e207fd9050ab246e001868341c725929405e755cf68e
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

juniversalchardet-1.0.3.jar

Description:

Java port of universalchardet

License:

Mozilla Public License 1.1 (MPL 1.1): http://www.mozilla.org/MPL/MPL-1.1.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.googlecode.juniversalchardet\juniversalchardet\1.0.3\cd49678784c46aa8789c060538e0154013bb421b\juniversalchardet-1.0.3.jar
MD5: d9ea0a9a275336c175b343f2e4cd8f27
SHA1: cd49678784c46aa8789c060538e0154013bb421b
SHA256:757bfe906193b8b651e79dc26cd67d6b55d0770a2cdfb0381591504f779d4a76
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jhighlight-1.0.3.jar

Description:

    JHighlight is an embeddable pure Java syntax highlighting
    library that supports Java, HTML, XHTML, XML and LZX
    languages and outputs to XHTML.

    It also supports RIFE templates tags and highlights them
    clearly so that you can easily identify the difference
    between your RIFE markup and the actual marked up source.

License:

CDDL, v1.0: http://www.opensource.org/licenses/cddl1.php
LGPL, v2.1 or later: http://www.opensource.org/licenses/lgpl-license.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codelibs\jhighlight\1.0.3\88831dce3d56aa53a1bfcba78518e8939b8d4779\jhighlight-1.0.3.jar
MD5: 318e72a07b2bbe089f0c41df45d2f484
SHA1: 88831dce3d56aa53a1bfcba78518e8939b8d4779
SHA256:34405394e068b5d8c40ed45928ce077f8b5140bf33851a55b9cb53116ded43e5
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

java-libpst-0.8.1.jar

Description:

A library to read PST files with java, without need for external libraries.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.pff\java-libpst\0.8.1\ad31986653dac9cb5132ea5b2999c20b4b286255\java-libpst-0.8.1.jar
MD5: 6be27662e0b06154e5f05938937d16b7
SHA1: ad31986653dac9cb5132ea5b2999c20b4b286255
SHA256:a3f7b3c934f477b0fc3c0eadebc3d24872bbebc3ac5a22ab575e5f476ea34757
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

junrar-4.0.0.jar

Description:

rar decompression library in plain java

License:

UnRar License: https://raw.github.com/junrar/junrar/master/license.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.github.junrar\junrar\4.0.0\93f9b74e1507db9c55c5bdd35369376a474e4db5\junrar-4.0.0.jar
MD5: 38103347e0c3e06ee52ce032cee9e902
SHA1: 93f9b74e1507db9c55c5bdd35369376a474e4db5
SHA256:2eafa4571dfebe4e42e686657f9e597aaa86bb68942b590d5af9902e7caddb20
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

commons-exec-1.3.jar

Description:

Apache Commons Exec is a library to reliably execute external processes from within the JVM.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.commons\commons-exec\1.3\8dfb9facd0830a27b1b5f29f84593f0aeee7773b\commons-exec-1.3.jar
MD5: 8bb8fa2edfd60d5c7ed6bf9923d14aa8
SHA1: 8dfb9facd0830a27b1b5f29f84593f0aeee7773b
SHA256:cb49812dc1bfb0ea4f20f398bcae1a88c6406e213e67f7524fb10d4f8ad9347b
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

opennlp-tools-1.9.1.jar

Description:

The Apache Software Foundation provides support for the Apache community of open-source software projects.    The Apache projects are characterized by a collaborative, consensus based development process, an open and    pragmatic software license, and a desire to create high quality software that leads the way in its field.    We consider ourselves not simply a group of projects sharing a server, but rather a community of developers    and users.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.opennlp\opennlp-tools\1.9.1\8145429d82a4b811fdd3390557dbe6546b0153ad\opennlp-tools-1.9.1.jar
MD5: d7c38308f18fcbba1bd87d0d8991ed82
SHA1: 8145429d82a4b811fdd3390557dbe6546b0153ad
SHA256:79711328756f4c8a909d7ae36d62bf2f949cca685d98bfd46b052e24b15df7e2
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

json-simple-1.1.1.jar

Description:

A simple Java toolkit for JSON

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.googlecode.json-simple\json-simple\1.1.1\c9ad4a0850ab676c5c64461a05ca524cdfff59f1\json-simple-1.1.1.jar
MD5: 5cc2c478d73e8454b4c369cee66c5bc7
SHA1: c9ad4a0850ab676c5c64461a05ca524cdfff59f1
SHA256:4e69696892b88b41c55d49ab2fdcc21eead92bf54acc588c0050596c3b75199c
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

openjson-1.0.11.jar

Description:

A clean-room Apache-licensed implementation of simple JSON processing

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.github.openjson\openjson\1.0.11\89d80fba6ebca174f23614cdfd6e50331c676d26\openjson-1.0.11.jar
MD5: adea05d96e2b300d8d93d87877bbfc0c
SHA1: 89d80fba6ebca174f23614cdfd6e50331c676d26
SHA256:6086e8c4219281e42c4ccb3dbf207995bd10787d27b01aaf00ac1f9b0dd34c9f
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

gson-2.8.5.jar

Description:

Gson JSON library

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.google.code.gson\gson\2.8.5\f645ed69d595b24d4cf8b3fbb64cc505bede8829\gson-2.8.5.jar
MD5: 089104cb90d8b4e1aa00b1f5faef0742
SHA1: f645ed69d595b24d4cf8b3fbb64cc505bede8829
SHA256:233a0149fc365c9f6edbd683cfe266b19bdc773be98eabdaf6b3c924b48e7d81
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jdom2-2.0.6.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jdom\jdom2\2.0.6\6f14738ec2e9dd0011e343717fa624a10f8aab64\jdom2-2.0.6.jar
MD5: 86a30c9b1ddc08ca155747890db423b7
SHA1: 6f14738ec2e9dd0011e343717fa624a10f8aab64
SHA256:1345f11ba606d15603d6740551a8c21947c0215640770ec67271fe78bea97cf5
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jna-5.3.1.jar

Description:

JNA Library

File Path: Z:\Gradle\caches\modules-2\files-2.1\net.java.dev.jna\jna\5.3.1\6eb9d07456c56b9c2560722e90382252f0f98405\jna-5.3.1.jar
MD5: df3ad04f50fb50840eeb674210200f64
SHA1: 6eb9d07456c56b9c2560722e90382252f0f98405
SHA256:01cb505c0698d0f7acf3524c7e73acb7dc424a5bae5e9c86ce44075ab32bc4ee
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

protobuf-java-3.9.0.jar

Description:

    Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an
    efficient yet extensible format.

License:

https://opensource.org/licenses/BSD-3-Clause
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.google.protobuf\protobuf-java\3.9.0\2adef7d20542c18530c46295b32bc26371dfd9b1\protobuf-java-3.9.0.jar
MD5: 50ccaf350e1e9730d74f37bad077a537
SHA1: 2adef7d20542c18530c46295b32bc26371dfd9b1
SHA256:6c96d85eac237fea84d9d5e7413c85b62f2df0b9f7b17b0168bd1e28b09ff0e8
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

c3p0-0.9.5.4.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.mchange\c3p0\0.9.5.4\a21a1d37ae0b59efce99671544f51c34ed1e8def\c3p0-0.9.5.4.jar
MD5: 45fd4a89c9fd671a0d1dc97c0ec77abe
SHA1: a21a1d37ae0b59efce99671544f51c34ed1e8def
SHA256:60cf2906cd6ad6771f514a3e848b74b3e3da99c1806f2a63c38e2dd8da5ef11f
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

sis-netcdf-0.8.jar

Description:

Bridge between netCDF Climate and Forecast (CF) convention and ISO 19115 metadata.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.sis.storage\sis-netcdf\0.8\aa44675239c11eeb598ef054efdf2673cd4953a\sis-netcdf-0.8.jar
MD5: 2096511e5dac7016da8eacd3a4914e99
SHA1: 0aa44675239c11eeb598ef054efdf2673cd4953a
SHA256:a6477f4437c0a0ed623664739b6c9ada0cceba01d5163d0793eadb5b23677511
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

sis-storage-0.8.jar

Description:

Provides the interfaces and base classes to be implemented by various storage formats.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.sis.storage\sis-storage\0.8\53b323f55881b4cd6fe1ecf9464a7066a3ae2eb6\sis-storage-0.8.jar
MD5: 5f3238f3d977f9299174e18c45cfaba2
SHA1: 53b323f55881b4cd6fe1ecf9464a7066a3ae2eb6
SHA256:7cade99264a96233e11f1fd888c23f647d94673cab0275a3d81d0d990bd204e5
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

sis-feature-0.8.jar

Description:

Representations of geographic features.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.sis.core\sis-feature\0.8\65ea6ab21713dee99a0d2fd7196b80dd631a7e02\sis-feature-0.8.jar
MD5: abcd6da5f22d8a177f7f86ad9de6779b
SHA1: 65ea6ab21713dee99a0d2fd7196b80dd631a7e02
SHA256:c90e420f46c407060b11f62787a088b1127d9e6adb7c79d65ff5a6a99dabd9e2
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

sis-referencing-0.8.jar

Description:

Implementations of Coordinate Reference Systems (CRS), conversion and transformation services derived from ISO 19111.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.sis.core\sis-referencing\0.8\8c9eb6766665eea110f47c53787b7a9bc1310400\sis-referencing-0.8.jar
MD5: c0bbeebdff505844f3d7181a127abcbb
SHA1: 8c9eb6766665eea110f47c53787b7a9bc1310400
SHA256:f194d08bdda2509e104ea32004384298014ecd664aa7d7c30dacf0ee41bfa2f9
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

sis-metadata-0.8.jar

Description:

Implementations of metadata derived from ISO 19115. This module provides both an implementation of the metadata interfaces defined in GeoAPI, and a framework for handling those metadata through Java reflection.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.sis.core\sis-metadata\0.8\b5d309428e78ebdaf1ea04aec8747a2093689e20\sis-metadata-0.8.jar
MD5: de28abdfc0d83256a87db3ceb6b094c2
SHA1: b5d309428e78ebdaf1ea04aec8747a2093689e20
SHA256:d04e98ee08441d30663d1bc45582da9672360b1a148a4faccbb55a5e1437da7c
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

sis-utility-0.8.jar

Description:

Miscellaneous utilities.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.sis.core\sis-utility\0.8\4ad2d0805780c5a2cebc0dadbfb8307f94c91c4f\sis-utility-0.8.jar
MD5: 10e3a9e45b8256c21eb143e7f6060474
SHA1: 4ad2d0805780c5a2cebc0dadbfb8307f94c91c4f
SHA256:add922cad9d64c14ff2098c8c599dcdad8f8593978ee94a68e2278aa0b0dff41
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

geoapi-3.0.1.jar

Description:


The development community in building GIS solutions is sustaining an enormous level
 of effort. The GeoAPI project aims to reduce duplication and increase interoperability
 by providing neutral, interface-only APIs derived from OGC/ISO Standards.

License:

https://raw.githubusercontent.com/opengeospatial/geoapi/master/LICENSE.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.opengis\geoapi\3.0.1\a69b261841b0794b82b8d42fcd6e9a370eb62809\geoapi-3.0.1.jar
MD5: fa9a86892774b94b2bde0446ebbebd62
SHA1: a69b261841b0794b82b8d42fcd6e9a370eb62809
SHA256:ca1dfeba112d0dea575c7abba76a8ecd6ea7818e508de964302a9cfc4779b837
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

sentiment-analysis-parser-0.1.jar

Description:

Combines Apache OpenNLP and Apache Tika and provides facilities for automatically deriving sentiment from text.

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\edu.usc.ir\sentiment-analysis-parser\0.1\20d1524a1270c1d26e3314d2ee71a12e6a29a27d\sentiment-analysis-parser-0.1.jar
MD5: 69727e01cb8165e2e5d637e527ea82d4
SHA1: 20d1524a1270c1d26e3314d2ee71a12e6a29a27d
SHA256:035a28b4d65993b405ddcc98b4bb67cd038d4617e5c8e5c2f4d16d34c8f49e2b
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jackson-annotations-2.9.9.jar

Description:

Core annotations used for value types, used by Jackson data binding package.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.fasterxml.jackson.core\jackson-annotations\2.9.9\2ea299c145207161c212e28abbc8f513fa245940\jackson-annotations-2.9.9.jar
MD5: e044b1d4b083337fd466de78128e0d39
SHA1: 2ea299c145207161c212e28abbc8f513fa245940
SHA256:1100a5884ddc4439a77165e1b9668c6063c07447cd2f6c9f69e3688ee76080c1
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jbig2-imageio-3.0.2.jar

Description:

	Java Image I/O plugin for reading JBIG2-compressed image data.
	Formerly known as the levigo JBig2 ImageIO plugin (com.levigo.jbig2:levigo-jbig2-imageio).

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.pdfbox\jbig2-imageio\3.0.2\46a53edceceabcdf9b81cd6d14f052bdfa171f4b\jbig2-imageio-3.0.2.jar
MD5: 75dacf14cc468045f89d7f5fff1aa494
SHA1: 46a53edceceabcdf9b81cd6d14f052bdfa171f4b
SHA256:3dc510cd41511f2e2382eb7ac3550b2f94e21847f0b7221be8ddd0f2252a8fe4
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jai-imageio-core-1.4.0.jar

Description:

    Java Advanced Imaging Image I/O Tools API core, but without the classes
    involved with javax.media.jai dependencies, JPEG2000 or
    codecLibJIIO, meaning that this library can be distributed under the
    modified BSD license and should be GPL compatible.

License:

BSD 3-clause License w/nuclear disclaimer: LICENSE.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.github.jai-imageio\jai-imageio-core\1.4.0\fb6d79b929556362a241b2f65a04e538062f0077\jai-imageio-core-1.4.0.jar
MD5: 6978d733bfb55c0a82639f724fe5f3bb
SHA1: fb6d79b929556362a241b2f65a04e538062f0077
SHA256:8ad3c68e9efffb10ac87ff8bc589adf64b04a729c5194c079efd0643607fd72a
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

tomcat-coyote-9.0.22.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-coyote\9.0.22\d2a5df6c6aa03190b98ffe34e7bf2a8a0e455855\tomcat-coyote-9.0.22.jar
MD5: 2255062d1452a2745e9247790c51646c
SHA1: d2a5df6c6aa03190b98ffe34e7bf2a8a0e455855
SHA256:b64e21da6f23aced3e113ee81b4e37790b43f89ba45b06e14bc8bec54e94cd20
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2016-5425  

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: HIGH (7.2)
  • Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: /AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

tomcat-jsp-api-9.0.22.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-jsp-api\9.0.22\f23f5c46af531a6c13d9d96048f6d3eec3b4ef50\tomcat-jsp-api-9.0.22.jar
MD5: b68efb4404a622a1bb3792186a92ee5f
SHA1: f23f5c46af531a6c13d9d96048f6d3eec3b4ef50
SHA256:f0782e1cb869dfb2ad51784b6432f410a1162b5f7b1c77282a40741d67a7a309
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2005-4838  

Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp.  NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2006-7196  

Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors.  NOTE: this may be related to CVE-2006-0254.1.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2007-1358  

Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: LOW (2.6)
  • Vector: /AV:N/AC:H/Au:N/C:N/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2007-2449  

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2008-0128  

The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
CWE-16 Configuration

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions:

CVE-2009-2696  

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2012-5568  

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
CWE-16 Configuration

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2013-2185  

** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186.  NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2013-4286  

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2013-4322  

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2013-4444  

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.
CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2013-4590  

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CWE-200 Information Exposure

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2013-6357  

** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI.  NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator."
CWE-352 Cross-Site Request Forgery (CSRF)

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0075  

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
CWE-189 Numeric Errors

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0096  

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0099  

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
CWE-189 Numeric Errors

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0119  

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2016-5425  

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: HIGH (7.2)
  • Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: /AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

tomcat-util-scan-9.0.22.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-util-scan\9.0.22\715f3afaacab6d32cf6e5a503e2429985f908876\tomcat-util-scan-9.0.22.jar
MD5: 10867fcaed914fcc145c65220fd9a394
SHA1: 715f3afaacab6d32cf6e5a503e2429985f908876
SHA256:e448a490500fe22fa5f4c4501278a135d269bbdbb66b8fa7f07176676fe9fc7c
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2016-5425  

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: HIGH (7.2)
  • Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: /AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

tomcat-api-9.0.22.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-api\9.0.22\2c83446b44fe05724b0266e111d9fbe2f834d25b\tomcat-api-9.0.22.jar
MD5: 7ce37f903733aa20acde062ef451c379
SHA1: 2c83446b44fe05724b0266e111d9fbe2f834d25b
SHA256:47a05c8a42045c60a11ce6970c774a99148f34934b85ce77ee4d2ac4b744d20b
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2016-5425  

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: HIGH (7.2)
  • Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: /AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

tomcat-servlet-api-9.0.22.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-servlet-api\9.0.22\19c6afe754fa976cf9795b1bec7a3f6ef0ead8a0\tomcat-servlet-api-9.0.22.jar
MD5: a75a42dcf8873f2148869a97e4af5ea5
SHA1: 19c6afe754fa976cf9795b1bec7a3f6ef0ead8a0
SHA256:b3bb3020c4ec247401dfe9544449c8f08a38bed32795dfdb5163818029dc4c8c
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

tomcat-util-9.0.22.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-util\9.0.22\8601bd8c02293380d4525ba8777957f87c19508\tomcat-util-9.0.22.jar
MD5: c25a3a60faae2c2404088621b85f5d99
SHA1: 08601bd8c02293380d4525ba8777957f87c19508
SHA256:d144bab25d2c1c02e8f03ccb7ef6763c5a36240ff85eaefcc5a598b43a42b33a
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2016-5425  

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: HIGH (7.2)
  • Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: /AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

tomcat-juli-9.0.22.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-juli\9.0.22\c1ce57ee6bf944837773b0b3f8a7047c054fd718\tomcat-juli-9.0.22.jar
MD5: 7ef2b68bba7bbe2c130b79f5d5b494a2
SHA1: c1ce57ee6bf944837773b0b3f8a7047c054fd718
SHA256:b193b33f72292566b0b0ef6a757bd841b92ea7b0bb67699680555a80029b5880
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

tomcat-embed-websocket-9.0.22.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat.embed\tomcat-embed-websocket\9.0.22\45974d3443cc15ad9d10239d762d5e15759e6364\tomcat-embed-websocket-9.0.22.jar
MD5: dc5a8107223132defe9d86b94734b468
SHA1: 45974d3443cc15ad9d10239d762d5e15759e6364
SHA256:383495fd9be9601fa7c4f60d9a10997e63cdeba6ea3ad7b92d65f77eb2939b6a
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

tomcat-embed-core-9.0.22.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat.embed\tomcat-embed-core\9.0.22\79f39903498b28adacb18fe2ea046edd306295a6\tomcat-embed-core-9.0.22.jar
MD5: e5fc8866efc888c760f888feaa6544f9
SHA1: 79f39903498b28adacb18fe2ea046edd306295a6
SHA256:449993e5c9caf23fc4cec3c9bde18837107c86af160ee1dd5720dcc022f47a64
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

tomcat-annotations-api-9.0.22.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-annotations-api\9.0.22\e4302075d12d7210741b676b8dd94f851d7b1ef6\tomcat-annotations-api-9.0.22.jar
MD5: 8168c299d4abce0efbb6a6f91a525323
SHA1: e4302075d12d7210741b676b8dd94f851d7b1ef6
SHA256:43a88378eb1ab058d290fa03cfcb2b74a7ef46d4bf7e0a631ac50bff92195a1b
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

tomcat-jni-9.0.22.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-jni\9.0.22\47a3b5cbc2c01d346b06b01908a5aaa138a9d0e0\tomcat-jni-9.0.22.jar
MD5: 75bf9b2427d86680791c88d74a512363
SHA1: 47a3b5cbc2c01d346b06b01908a5aaa138a9d0e0
SHA256:32cdf57ad54864a799dcb70e5ce48f28f56635373a0b126781436df646708047
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2016-5425  

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: HIGH (7.2)
  • Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: /AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

tomcat-jaspic-api-9.0.22.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-jaspic-api\9.0.22\201d2fc839d3e7c0d9932135ceec5210c9cdbe8d\tomcat-jaspic-api-9.0.22.jar
MD5: b654ff9885a6dd21cffedb7c62eb0dd6
SHA1: 201d2fc839d3e7c0d9932135ceec5210c9cdbe8d
SHA256:3ea751c2d3e2609a77581074c2ccbc71e534a58ef62a041fa6a03c9860ab0370
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2005-4838  

Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp.  NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2006-7196  

Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors.  NOTE: this may be related to CVE-2006-0254.1.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2007-1358  

Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: LOW (2.6)
  • Vector: /AV:N/AC:H/Au:N/C:N/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2007-2449  

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2008-0128  

The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
CWE-16 Configuration

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions:

CVE-2009-2696  

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2012-5568  

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
CWE-16 Configuration

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2013-2185  

** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186.  NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2013-4286  

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2013-4322  

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2013-4444  

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.
CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2013-4590  

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CWE-200 Information Exposure

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2013-6357  

** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI.  NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator."
CWE-352 Cross-Site Request Forgery (CSRF)

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0075  

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
CWE-189 Numeric Errors

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0096  

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0099  

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
CWE-189 Numeric Errors

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0119  

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2016-5425  

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: HIGH (7.2)
  • Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: /AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

tomcat-jasper-el-9.0.22.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-jasper-el\9.0.22\55c79ee93e888344026a959d0485ec0b20ee8186\tomcat-jasper-el-9.0.22.jar
MD5: 8d7ef94638f3b71a53230c105610f52c
SHA1: 55c79ee93e888344026a959d0485ec0b20ee8186
SHA256:65717ea2006d43376bd257a1ff47bbb60a3a37827bfb1273135a0eb53ca1585e
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2016-5425  

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: HIGH (7.2)
  • Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: /AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

tomcat-el-api-9.0.22.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-el-api\9.0.22\129a050d263437b1d59cc456aabcd0738c04e4d2\tomcat-el-api-9.0.22.jar
MD5: 3c530926b837af1f72cabfcc0dcda848
SHA1: 129a050d263437b1d59cc456aabcd0738c04e4d2
SHA256:654cef047ce280a12a85f44b55d6639e69b813f3657231abd6f90d122dff199b
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

ecj-3.18.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jdt\ecj\3.18.0\4d5d0911b30db24c8eb844702c8adf8e434314ff\ecj-3.18.0.jar
MD5: 527b1e43cb5ddb2da99a6f79c206819d
SHA1: 4d5d0911b30db24c8eb844702c8adf8e434314ff
SHA256:69dad18a1fcacd342a7d44c5abf74f50e7529975553a24c64bce0b29b86af497
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

batik-ext-1.10.jar

Description:

Batik external code

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-ext\1.10\23a27a446965644ff5593dab2003221936ca2499\batik-ext-1.10.jar
MD5: c2451a3583ea84a732a563149c7a20a5
SHA1: 23a27a446965644ff5593dab2003221936ca2499
SHA256:bf643bc8692768662f1f0c328ec32ddef94958b498fb114863afdf22b2f71448
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

avalon-framework-impl-4.3.1.jar

Description:

Avalon Framework Implementation

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.avalon.framework\avalon-framework-impl\4.3.1\2d5f5a07fd14513ce6d7a7bfaff69419c26dbd0b\avalon-framework-impl-4.3.1.jar
MD5: 004ac42a2cda8c444451ef187b24284f
SHA1: 2d5f5a07fd14513ce6d7a7bfaff69419c26dbd0b
SHA256:1a429bd5ba87c55b9c84648d0404eb6499b7c05a2c9f21b1bb9621fbf117589f
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

avalon-framework-api-4.3.1.jar

Description:

Avalon Framework API

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.avalon.framework\avalon-framework-api\4.3.1\2dacadeb49bc14420990b1f28897d46f96e2181d\avalon-framework-api-4.3.1.jar
MD5: 7c543869a7eb2bad323a54e873973acf
SHA1: 2dacadeb49bc14420990b1f28897d46f96e2181d
SHA256:bca4c94b5e53acee3c97fe11cce0749d682d5591bf4a217cd45273adeb08c60f
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

xom-1.2.10.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.io7m.xom\xom\1.2.10\4165e25bef19aad134f6498cc277110b9bc5e52b\xom-1.2.10.jar
MD5: 89d8543cd3ac8c78600cb1415008d48f
SHA1: 4165e25bef19aad134f6498cc277110b9bc5e52b
SHA256:35134150151dc4d3295c7a617fcce35b1b9537cca92179f48bf97655bae6782f
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

commons-configuration-1.10.jar

Description:

Tools to assist in the reading of configuration/preferences files in various formats.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-configuration\commons-configuration\1.10\2b36e4adfb66d966c5aef2d73deb6be716389dc9\commons-configuration-1.10.jar
MD5: b16511ce540fefd53981245f5f21c5f8
SHA1: 2b36e4adfb66d966c5aef2d73deb6be716389dc9
SHA256:95d4e6711e88ce78992c82c25bc03c8df9ecf5a357f0de0bec72a26db3399374
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

commons-lang-2.6.jar

Description:

        Commons Lang, a package of Java utility classes for the
        classes that are in java.lang's hierarchy, or are considered to be so
        standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-lang\commons-lang\2.6\ce1edb914c94ebc388f086c6827e8bdeec71ac2\commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
SHA256:50f11b09f877c294d56f24463f47d28f929cf5044f648661c0f0cfbae9a2f49c
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

log4j-1.2.17.jar

Description:

Apache Log4j 1.2

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\log4j\log4j\1.2.17\5af35056b4d257e4b64b9e8069c0746e8b08629f\log4j-1.2.17.jar
MD5: 04a41f0a068986f0f73485cf507c0f40
SHA1: 5af35056b4d257e4b64b9e8069c0746e8b08629f
SHA256:1d31696445697720527091754369082a6651bd49781b6005deb94e56753406f9
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

bsh-2.0b6.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache-extras.beanshell\bsh\2.0b6\fb418f9b33a0b951e9a2978b4b6ee93b2707e72f\bsh-2.0b6.jar
MD5: 0f27117d5b4cfeea1d0634125313fac0
SHA1: fb418f9b33a0b951e9a2978b4b6ee93b2707e72f
SHA256:a17955976070c0573235ee662f2794a78082758b61accffce8d3f8aedcd91047
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

xalan-2.7.2.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\xalan\xalan\2.7.2\d55d3f02a56ec4c25695fe67e1334ff8c2ecea23\xalan-2.7.2.jar
MD5: 6aa6607802502c8016b676f25f8e4873
SHA1: d55d3f02a56ec4c25695fe67e1334ff8c2ecea23
SHA256:a44bd80e82cb0f4cfac0dac8575746223802514e3cec9dc75235bc0de646af14
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

serializer-2.7.2.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\xalan\serializer\2.7.2\24247f3bb052ee068971393bdb83e04512bb1c3c\serializer-2.7.2.jar
MD5: e8325763fd4235f174ab7b72ed815db1
SHA1: 24247f3bb052ee068971393bdb83e04512bb1c3c
SHA256:e8f5b4340d3b12a0cfa44ac2db4be4e0639e479ae847df04c4ed8b521734bb4a
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

xml-apis-1.4.01.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\xml-apis\xml-apis\1.4.01\3789d9fada2d3d458c4ba2de349d48780f381ee3\xml-apis-1.4.01.jar
MD5: 7eaad6fea5925cca6c36ee8b3e02ac9d
SHA1: 3789d9fada2d3d458c4ba2de349d48780f381ee3
SHA256:a840968176645684bb01aed376e067ab39614885f9eee44abe35a5f20ebe7fad
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

spring-core-5.1.9.RELEASE.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-core\5.1.9.RELEASE\dc3815439579b4fa0c19970e6b8e5d774af8d988\spring-core-5.1.9.RELEASE.jar
MD5: fad0a88be0f6d46008bd84ebb153ebce
SHA1: dc3815439579b4fa0c19970e6b8e5d774af8d988
SHA256:427406f5423e032e08e5d43e5d3eccfbc83350b0d7c6ec22db839755ff1120de
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

lucene-queryparser-8.2.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-queryparser\8.2.0\8925df7b104e78e308e236ff0740a064dd93cadd\lucene-queryparser-8.2.0.jar
MD5: 26da5109a008179e59c6f3c39b46a5da
SHA1: 8925df7b104e78e308e236ff0740a064dd93cadd
SHA256:cb2284c88b953b6d8e58edc1af99d404c98c167e72a6dcef4e2dbf76afc92a28
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

lucene-analyzers-common-8.2.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-analyzers-common\8.2.0\8e8abc90572ed74b110c75b546c675153aecc570\lucene-analyzers-common-8.2.0.jar
MD5: 67e169936aefc775697cdf759794e31b
SHA1: 8e8abc90572ed74b110c75b546c675153aecc570
SHA256:9b86f9af4479e52d5beaea577122d22f966b703662b29b9512e06f8f15bcf114
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

lucene-core-8.2.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-core\8.2.0\f6da40436d3633de272810fae1e339c237adfcf6\lucene-core-8.2.0.jar
MD5: 38017372e81035c484ad5cf94d88d8ea
SHA1: f6da40436d3633de272810fae1e339c237adfcf6
SHA256:25564b27cebe18a5f0e988b5aeee342e1dd163b2dfca888eb1cea4dcadb32dd2
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jug-2.0.0-asl.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.safehaus.jug\jug\2.0.0\adf11f76e51f057e9d6903dd9a916162620386c9\jug-2.0.0-asl.jar
MD5: fe4231b92c5e4ffdc6ec308a9fd23f6a
SHA1: adf11f76e51f057e9d6903dd9a916162620386c9
SHA256:455d4bb841134a72a5ab481b590aef0541b375fb3e9424e326735a4e3ec00e60
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

poi-ooxml-schemas-4.1.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.poi\poi-ooxml-schemas\4.1.0\6a2a0dfa19db33f4fba5b0a0261bb517a86cb56\poi-ooxml-schemas-4.1.0.jar
MD5: ebc100eb62204029b5595666bb6cc157
SHA1: 06a2a0dfa19db33f4fba5b0a0261bb517a86cb56
SHA256:f31a38cf88e3c94ed3b6a73fddccac372b8d355163721bdef8c579a81eba002b
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

bctsp-jdk14-1.38.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.bouncycastle\bctsp-jdk14\1.38\4821122f8390d15f4b5ee652621e2a2bb1f1bf16\bctsp-jdk14-1.38.jar
MD5: 7eb22fff640e0631b6af47ebd6de4924
SHA1: 4821122f8390d15f4b5ee652621e2a2bb1f1bf16
SHA256:ecbbe4d19c256e4dbfec3454b82b4d24b149f90f3f9c90e6aaef229463cd4da8
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

ant-launcher-1.10.6.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ant\ant-launcher\1.10.6\7f7521e38c3faab57529892ba30d268d70d232d1\ant-launcher-1.10.6.jar
MD5: bea04ecd4e538c0b2b396ceb8e61ce7d
SHA1: 7f7521e38c3faab57529892ba30d268d70d232d1
SHA256:c03aa18da4b01c9efdd64198364bc2fcf2fb9ea584971615ba9f1a09a4685026
Referenced In Projects/Scopes:

  • ofbiz:junitReport
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

hamcrest-core-1.3.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.hamcrest\hamcrest-core\1.3\42a25dc3219429f0e5d060061f71acb49bf010a0\hamcrest-core-1.3.jar
MD5: 6393363b47ddcbba82321110c3e07519
SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0
SHA256:66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9
Referenced In Projects/Scopes:

  • ofbiz:junitReport
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

geronimo-activation_1.1_spec-1.1.jar

Description:

Java Activation Spec API 1.1

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.geronimo.specs\geronimo-activation_1.1_spec\1.1\f15af1b53fba7f23ce5e9de4fb57a88585aa9eee\geronimo-activation_1.1_spec-1.1.jar
MD5: 6f2756f073402855a1567c1523f66b9b
SHA1: f15af1b53fba7f23ce5e9de4fb57a88585aa9eee
SHA256:3910d9f8b331b2ae573e16591ac246058e088cac97f3ec064f46b10a8801fcb9
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jaxen-1.1.6.jar

Description:

Jaxen is a universal Java XPath engine.

License:

http://jaxen.codehaus.org/license.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\jaxen\jaxen\1.1.6\3f8c36d9a0578e8e98f030c662b69888b1430ac0\jaxen-1.1.6.jar
MD5: a140517286b56eea981e188dcc3a13f6
SHA1: 3f8c36d9a0578e8e98f030c662b69888b1430ac0
SHA256:5ac9c74bbb3964b34a886ba6b1b6c0b0dc3ebeebc1dc4a44942a76634490b3eb
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

geronimo-stax-api_1.0_spec-1.0.1.jar

Description:

Provides open-source implementations of Sun specifications.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.geronimo.specs\geronimo-stax-api_1.0_spec\1.0.1\1c171093a8b43aa550c6050ac441abe713ebb4f2\geronimo-stax-api_1.0_spec-1.0.1.jar
MD5: b7c2a715cd3d1c43dc4ccfae426e8e2e
SHA1: 1c171093a8b43aa550c6050ac441abe713ebb4f2
SHA256:124235815fba376b0c20ed37f79d691fa26b4e00297a4ab27b6ca05ceb591348
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

httpcore-4.4.11.jar

Description:

   Apache HttpComponents Core (blocking I/O)

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.httpcomponents\httpcore\4.4.11\de748cf874e4e193b42eceea9fe5574fabb9d4df\httpcore-4.4.11.jar
MD5: 9299550b06219959d0f2223b1a8bb337
SHA1: de748cf874e4e193b42eceea9fe5574fabb9d4df
SHA256:d799522d579aac06b170603f8f080f6e3248dadc01f9652cdd7ea7bc318c21ce
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

failureaccess-1.0.1.jar

Description:

    Contains
    com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
    InternalFutures. Most users will never need to use this artifact. Its
    classes is conceptually a part of Guava, but they're in this separate
    artifact so that Android libraries can use them without pulling in all of
    Guava (just as they can use ListenableFuture by depending on the
    listenablefuture artifact).

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.google.guava\failureaccess\1.0.1\1dcf1de382a0bf95a3d8b0849546c88bac1292c9\failureaccess-1.0.1.jar
MD5: 091883993ef5bfa91da01dcc8fc52236
SHA1: 1dcf1de382a0bf95a3d8b0849546c88bac1292c9
SHA256:a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar

Description:

    An empty artifact that Guava depends on to signal that it is providing
    ListenableFuture -- but is also available in a second "version" that
    contains com.google.common.util.concurrent.ListenableFuture class, without
    any other Guava classes. The idea is:

    - If users want only ListenableFuture, they depend on listenablefuture-1.0.

    - If users want all of Guava, they depend on guava, which, as of Guava
    27.0, depends on
    listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-...
    version number is enough for some build systems (notably, Gradle) to select
    that empty artifact over the "real" listenablefuture-1.0 -- avoiding a
    conflict with the copy of ListenableFuture in guava itself. If users are
    using an older version of Guava or a build system other than Gradle, they
    may see class conflicts. If so, they can solve them by manually excluding
    the listenablefuture artifact or manually forcing their build systems to
    use 9999.0-....

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.google.guava\listenablefuture\9999.0-empty-to-avoid-conflict-with-guava\b421526c5f297295adef1c886e5246c39d4ac629\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
MD5: d094c22570d65e132c19cea5d352e381
SHA1: b421526c5f297295adef1c886e5246c39d4ac629
SHA256:b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.google.code.findbugs\jsr305\3.0.2\25ea2e8b0c338a877313bd4672d3fe056ea78f0d\jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

checker-qual-2.8.1.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.checkerframework\checker-qual\2.8.1\eb2e8ab75598548cc8acf9a1ca227e480e01881e\checker-qual-2.8.1.jar
MD5: e1c060246b024c4f260c6904e55a62a3
SHA1: eb2e8ab75598548cc8acf9a1ca227e480e01881e
SHA256:9103499008bcecd4e948da29b17864abb64304e15706444ae209d17ebe0575df
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

error_prone_annotations-2.3.2.jar

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.google.errorprone\error_prone_annotations\2.3.2\d1a0c5032570e0f64be6b4d9c90cdeb103129029\error_prone_annotations-2.3.2.jar
MD5: 42c8312a7eb4b6ff612049c4f7b514a6
SHA1: d1a0c5032570e0f64be6b4d9c90cdeb103129029
SHA256:357cd6cfb067c969226c442451502aee13800a24e950fdfde77bcdb4565a668d
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

j2objc-annotations-1.3.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.google.j2objc\j2objc-annotations\1.3\ba035118bc8bac37d7eff77700720999acd9986d\j2objc-annotations-1.3.jar
MD5: 5fa4ec4ec0c5aa70af8a7d4922df1931
SHA1: ba035118bc8bac37d7eff77700720999acd9986d
SHA256:21af30c92267bd6122c0e0b4d20cccb6641a37eaf956c6540ec471d584e64a7b
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

animal-sniffer-annotations-1.17.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codehaus.mojo\animal-sniffer-annotations\1.17\f97ce6decaea32b36101e37979f8b647f00681fb\animal-sniffer-annotations-1.17.jar
MD5: 7ca108b790cf6ab5dbf5422cc79f0d89
SHA1: f97ce6decaea32b36101e37979f8b647f00681fb
SHA256:92654f493ecfec52082e76354f0ebf87648dc3d5cec2e3c3cdb947c016747a53
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

stax-ex-1.8.1.jar

Description:

Extensions to JSR-173 StAX API.

License:

Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jvnet.staxex\stax-ex\1.8.1\78011e483a21102fb4858f3e8f269a677e50aa23\stax-ex-1.8.1.jar
MD5: 8fea4418fa80e957e39c174cec08053c
SHA1: 78011e483a21102fb4858f3e8f269a677e50aa23
SHA256:20522549056e9e50aa35ef0b445a2e47a53d06be0b0a9467d704e2483ffb049a
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jakarta.xml.bind-api-2.3.2.jar

Description:

JAXB (JSR 222) API

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\jakarta.xml.bind\jakarta.xml.bind-api\2.3.2\8d49996a4338670764d7ca4b85a1c4ccf7fe665d\jakarta.xml.bind-api-2.3.2.jar
MD5: dabb40ba58199304c640b7bd8bb2fbac
SHA1: 8d49996a4338670764d7ca4b85a1c4ccf7fe665d
SHA256:69156304079bdeed9fc0ae3b39389f19b3cc4ba4443bc80508995394ead742ea
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

txw2-2.3.2.jar

Description:

        TXW is a library that allows you to write XML documents.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.glassfish.jaxb\txw2\2.3.2\ce5be7da2e442c25ec14c766cb60cb802741727b\txw2-2.3.2.jar
MD5: 3f278f148c5d27dc608c25cb7d093b94
SHA1: ce5be7da2e442c25ec14c766cb60cb802741727b
SHA256:4a6a9f483388d461b81aa9a28c685b8b74c0597993bf1884b04eddbca95f48fe
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

istack-commons-runtime-3.0.8.jar

Description:

istack common utility code

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.sun.istack\istack-commons-runtime\3.0.8\d6a97364045aa6b99bf2d3c566a3f98599c2d296\istack-commons-runtime-3.0.8.jar
MD5: d8555a2f242c55d6727b4d0e82ab8446
SHA1: d6a97364045aa6b99bf2d3c566a3f98599c2d296
SHA256:4ffabb06be454a05e4398e20c77fa2b6308d4b88dfbef7ca30a76b5b7d5505ef
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

FastInfoset-1.2.16.jar

Description:

Open Source implementation of the Fast Infoset Standard for Binary XML (http://www.itu.int/ITU-T/asn1/).

License:

http://www.opensource.org/licenses/apache2.0.php, http://www.eclipse.org/org/documents/edl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.sun.xml.fastinfoset\FastInfoset\1.2.16\4eb6a0adad553bf759ffe86927df6f3b848c8bea\FastInfoset-1.2.16.jar
MD5: f7f4be4695e2501a6d585beca305c74c
SHA1: 4eb6a0adad553bf759ffe86927df6f3b848c8bea
SHA256:056f3a1e144409f21ed16afc26805f58e9a21f3fce1543c42d400719d250c511
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

xmpcore-5.1.3.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.adobe.xmp\xmpcore\5.1.3\57e70c3b10ff269fff9adfa7a31d61af0df30757\xmpcore-5.1.3.jar
MD5: 08d154cf297e87471637df85172f93e6
SHA1: 57e70c3b10ff269fff9adfa7a31d61af0df30757
SHA256:821be907f1e514ebb50f0ca04b2c098370a3cb5e5f9ddcc2ecf81e73eb265daa
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

udunits-4.5.5.jar

Description:

The ucar.units Java package is for decoding and encoding
    formatted unit specifications (e.g. "m/s"), converting numeric values
    between compatible units (e.g. between "m/s" and "knot"), and for
    performing arithmetic operations on units (e.g. dividing one unit by
    another, raising a unit to a power).

File Path: Z:\Gradle\caches\modules-2\files-2.1\edu.ucar\udunits\4.5.5\d8c8d65ade13666eedcf764889c69321c247f153\udunits-4.5.5.jar
MD5: 025ffadf77de73601443c8262c995df0
SHA1: d8c8d65ade13666eedcf764889c69321c247f153
SHA256:fb641ad901d1526d53f2b13bc86baec703c57d58e6001cfa54ca7734c97fb30d
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jcip-annotations-1.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\net.jcip\jcip-annotations\1.0\afba4942caaeaf46aab0b976afd57cc7c181467e\jcip-annotations-1.0.jar
MD5: 9d5272954896c5a5d234f66b7372b17a
SHA1: afba4942caaeaf46aab0b976afd57cc7c181467e
SHA256:be5805392060c71474bf6c9a67a099471274d30b83eef84bfc4e0889a4f1dcc0
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

bzip2-0.9.1.jar

Description:

jbzip2 is a Java bzip2 compression/decompression library. It can be used as a replacement for the Apache CBZip2InputStream / CBZip2OutputStream classes.

License:

MIT License (MIT): http://opensource.org/licenses/mit-license.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.itadaki\bzip2\0.9.1\47ca95f71e3ccae756c4a24354d48069c58f475c\bzip2-0.9.1.jar
MD5: ddd5eb3a035655cbbb536e9b86907a00
SHA1: 47ca95f71e3ccae756c4a24354d48069c58f475c
SHA256:865a7a13dd33ef0388f675993adaf4c6f95632ba80d609d42e9d42e6343aae77
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

joda-time-2.2.jar

Description:

Date and time library to replace JDK date handling

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\joda-time\joda-time\2.2\a5f29a7acaddea3f4af307e8cf2d0cc82645fd7d\joda-time-2.2.jar
MD5: 226f5207543c490f10f234e82108b998
SHA1: a5f29a7acaddea3f4af307e8cf2d0cc82645fd7d
SHA256:e5183ca131f7195bde5b27e4cd18deeb6d14f8bc5c483b1431421132927240af
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

mchange-commons-java-0.2.15.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.mchange\mchange-commons-java\0.2.15\6ef5abe5f1b94ac45b7b5bad42d871da4fda6bbc\mchange-commons-java-0.2.15.jar
MD5: 97c4575d9d49d9afb71492e6bb4417da
SHA1: 6ef5abe5f1b94ac45b7b5bad42d871da4fda6bbc
SHA256:2b8fce65e95a3e968d5ab3507e2833f43df3daee0635ee51c7ce33343bb3a21c
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

unit-api-1.0.jar

Description:

Units of Measurement Standard - This JSR specifies Java packages for modeling and working with measurement values, quantities and their corresponding units.

License:

BSD: LICENSE.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.measure\unit-api\1.0\6b960260278588d7ff02fe376e5aad39a9c7440b\unit-api-1.0.jar
MD5: 0e62b80ee212b7bb9d3cd150ff988a93
SHA1: 6b960260278588d7ff02fe376e5aad39a9c7440b
SHA256:35da65fdbd3f9c1fe79cfc8399db975fd97660d8a219febfda9fd1a5fc058f10
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

batik-xml-1.10.jar

Description:

Batik XML utilities

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-xml\1.10\601a184d2e363e0900eeec3617e62a3162a6fe37\batik-xml-1.10.jar
MD5: fddb034ac7dd89b50bd88ea7762deb40
SHA1: 601a184d2e363e0900eeec3617e62a3162a6fe37
SHA256:aa3721b0ba2859283e1e68580a86f0978781728d2e8eb018a24765cf77646c11
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

batik-util-1.11.jar

Description:

Batik utility library

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-util\1.11\9748f51ccbf27e4d608eb8e3fe0599238d886ceb\batik-util-1.11.jar
MD5: 7c1fb31782e3fd64fe275db35d758afd
SHA1: 9748f51ccbf27e4d608eb8e3fe0599238d886ceb
SHA256:c80a1d72e6547208990dddaa6aa35accebd76a2b56cf1016e24a643761fd58bd
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

xml-apis-ext-1.3.04.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\xml-apis\xml-apis-ext\1.3.04\41a8b86b358e87f3f13cf46069721719105aff66\xml-apis-ext-1.3.04.jar
MD5: bcb07d3b8d2397db7a3013b6465d347b
SHA1: 41a8b86b358e87f3f13cf46069721719105aff66
SHA256:d0b4887dc34d57de49074a58affad439a013d0baffa1a8034f8ef2a5ea191646
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

nekohtml-1.9.22.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\net.sourceforge.nekohtml\nekohtml\1.9.22\4f54af68ecb345f2453fb6884672ad08414154e3\nekohtml-1.9.22.jar
MD5: a97dfe2d0ceb81ffbdd15436961b0f23
SHA1: 4f54af68ecb345f2453fb6884672ad08414154e3
SHA256:452978e8b6667c7b8357fd3f0a2f2f405e4560a7148143a69181735da5d19045
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

spring-jcl-5.1.9.RELEASE.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-jcl\5.1.9.RELEASE\7c372790c999777d20f364960cf557dd74f890cf\spring-jcl-5.1.9.RELEASE.jar
MD5: 8e0f77930c11ea66237ea479b08750d9
SHA1: 7c372790c999777d20f364960cf557dd74f890cf
SHA256:e6f5a8162bc57aec3d9260fec9efc019cee904de2b0c5a6abe02598a17d10456
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

axis-1.4.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.axis\axis\1.4\94a9ce681a42d0352b3ad22659f67835e560d107\axis-1.4.jar
MD5: 03dcfdd88502505cc5a805a128bfdd8d
SHA1: 94a9ce681a42d0352b3ad22659f67835e560d107
SHA256:05aebb421d0615875b4bf03497e041fe861bf0556c3045d8dda47e29241ffdd3
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2012-5784  

Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2014-3596  

The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field.  NOTE: this issue exists because of an incomplete fix for CVE-2012-5784. <a href="http://cwe.mitre.org/data/definitions/297.html" target="_blank">CWE-297: Improper Validation of Certificate with Host Mismatch</a>
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-8032  

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions:

CVE-2019-0227  

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.
CWE-918 Server-Side Request Forgery (SSRF)

CVSSv2:
  • Base Score: MEDIUM (5.4)
  • Vector: /AV:A/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

jdom-1.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\jdom\jdom\1.0\a2ac1cd690ab4c80defe7f9bce14d35934c35cec\jdom-1.0.jar
MD5: 0b8f97de82fc9529b1028a77125ce4f8
SHA1: a2ac1cd690ab4c80defe7f9bce14d35934c35cec
SHA256:3b23bc3979aec14a952a12aafc483010dc57579775f2ffcacef5256a90eeda02
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

opensaml-1.1b.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.opensaml\opensaml\1.1b\21ec22368b6baa211a29887e162aa4cf9a8f3c60\opensaml-1.1b.jar
MD5: b540669844849b8d8fad3336edf41dca
SHA1: 21ec22368b6baa211a29887e162aa4cf9a8f3c60
SHA256:64f4e13f1002d8ae449addebaed0e44ded0659d1ffef55e333f523db4a2ba97d
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2013-6440  

The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.
CWE-200 Information Exposure

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2014-3603 (OSSINDEX)  

The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
null

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.opensaml:opensaml:1.1b:*:*:*:*:*:*:*

CVE-2015-1796 (OSSINDEX)  

The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor.
null

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.opensaml:opensaml:1.1b:*:*:*:*:*:*:*

CVE-2017-16853  

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105.
CWE-347 Improper Verification of Cryptographic Signature

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

persistence-api-1.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.persistence\persistence-api\1.0\5725f57873e05e068803e2bf9d5a8ea3740ffec5\persistence-api-1.0.jar
MD5: aeb56ad8210370d0cd5c0e995eb0d16c
SHA1: 5725f57873e05e068803e2bf9d5a8ea3740ffec5
SHA256:893c691a04a8722c165e3d5dfc94dfd6c1b07b283ab54c6b0d23a3bd3e75a121
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

xmldsig-1.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.xml\xmldsig\1.0\9312ad67022b4dec8df8689d0b7dbac9cd612525\xmldsig-1.0.jar
MD5: 563644fef6e9f3c8c5d78b84b4a5b95a
SHA1: 9312ad67022b4dec8df8689d0b7dbac9cd612525
SHA256:823c0db0da137e32690b2af6ece137dc12a9b4582f66031d2af4743bb1ac6561
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

lucene-queries-8.2.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-queries\8.2.0\5da383678cb0a35a07ccb03487ba00cf184d1d71\lucene-queries-8.2.0.jar
MD5: e9fae556c8d24a4273d8600b851b33e7
SHA1: 5da383678cb0a35a07ccb03487ba00cf184d1d71
SHA256:daad88e1eef483b56462b5b7f9465b579e65a2f2934dc87ac2ce8168444338ea
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

lucene-sandbox-8.2.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-sandbox\8.2.0\f50931f1db40cdcc31e5044439d4e5522a23f6c1\lucene-sandbox-8.2.0.jar
MD5: 1de8e63c42e6db085d15d82ee5628921
SHA1: f50931f1db40cdcc31e5044439d4e5522a23f6c1
SHA256:d336ed3410067f03c97b1b0ce9a19c0b298f577a76b1807c07048dfc38a8a740
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

curvesapi-1.06.jar

Description:

Implementation of various mathematical curves that define themselves over a set of control points. The API is written in Java. The curves supported are: Bezier, B-Spline, Cardinal Spline, Catmull-Rom Spline, Lagrange, Natural Cubic Spline, and NURBS.

License:

BSD License: http://opensource.org/licenses/BSD-3-Clause
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.github.virtuald\curvesapi\1.06\159dd2e8956459a4eb0a9a6ecda9004d8d289708\curvesapi-1.06.jar
MD5: 049221bdb7f8d8a2065c02000e854ed4
SHA1: 159dd2e8956459a4eb0a9a6ecda9004d8d289708
SHA256:38bb45c99e6153260c19b97b99b6a7370a067de63344de6d1ea11922acaed86b
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

xmlbeans-3.1.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlbeans\xmlbeans\3.1.0\6dac1f897dfb3e3f17fc79b18a3353b2e51c464e\xmlbeans-3.1.0.jar
MD5: 408902d943e5bd51a4813dae131681a3
SHA1: 6dac1f897dfb3e3f17fc79b18a3353b2e51c464e
SHA256:a19ea1ec835a101165f7aa3c55427e81b5f2b187bfe7689a19277c51402620b0
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

lucene-analyzers-kuromoji-8.2.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-analyzers-kuromoji\8.2.0\169e079501f3e0b143c4ea3c953a3cc9aff8758a\lucene-analyzers-kuromoji-8.2.0.jar
MD5: 41a518b97d81d3b8d087585df9949492
SHA1: 169e079501f3e0b143c4ea3c953a3cc9aff8758a
SHA256:310ad87cf6aeaf0f7b8f19b60622810ba52bd66c938ff3e72624003849826062
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

lucene-analyzers-nori-8.2.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-analyzers-nori\8.2.0\4f0feca14e6ac73b708a9ccd437478260a46bead\lucene-analyzers-nori-8.2.0.jar
MD5: 1710c4ec83b1fb8892b0df28a1ded747
SHA1: 4f0feca14e6ac73b708a9ccd437478260a46bead
SHA256:291ccda40fd82bd58b02539e73e0987263289bcec3b90b1044b9b08ea7ea59f8
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

lucene-analyzers-phonetic-8.2.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-analyzers-phonetic\8.2.0\a87df79bb727bbe355dbcf367e4489fc1010343f\lucene-analyzers-phonetic-8.2.0.jar
MD5: 610a8786895750deb6d8fd8ec43b9a9f
SHA1: a87df79bb727bbe355dbcf367e4489fc1010343f
SHA256:93aff9b1fabbd26db45b7652fbe0e691894eeb76fb62b37d7dd4701443316633
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

lucene-backward-codecs-8.2.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-backward-codecs\8.2.0\91397b1e0dab4a66e9e58a82ab1690f0383aaced\lucene-backward-codecs-8.2.0.jar
MD5: f36f60f34efd433d20a8cb8fc59dd74e
SHA1: 91397b1e0dab4a66e9e58a82ab1690f0383aaced
SHA256:bb5ae36e417a3ae056796cf756379328aed100e27362914882e156ce54ae5e91
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

lucene-classification-8.2.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-classification\8.2.0\a7c89dff82a99276b538d508eefc8979952b86d0\lucene-classification-8.2.0.jar
MD5: bc32d4cfafb5f26601cceb08255e80d0
SHA1: a7c89dff82a99276b538d508eefc8979952b86d0
SHA256:1cff1905de0805132b52ad1154d2e10df9d1c93d6f15400ba18bffddabdf9793
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

lucene-codecs-8.2.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-codecs\8.2.0\18d43a35ee790e6b040b25b934084bd2a3995285\lucene-codecs-8.2.0.jar
MD5: 34c3b7bb3ecc964635a33bab0711cf6d
SHA1: 18d43a35ee790e6b040b25b934084bd2a3995285
SHA256:8d142344a6a9f81f4c1e125f1ce0e8cbc9d68252227c381e26e4cedbed52af6d
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

lucene-expressions-8.2.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-expressions\8.2.0\afec1e7228eca31b5f469bdcbbc84d04b0748eae\lucene-expressions-8.2.0.jar
MD5: 42a63955d56c6d0c817edd1948f5c853
SHA1: afec1e7228eca31b5f469bdcbbc84d04b0748eae
SHA256:c82123cf33a99e2acc04aa23ddcc0016614fa7e0f71a96e6a97859a413a67615
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

lucene-grouping-8.2.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-grouping\8.2.0\a457b6ae0b02a02c9fc7061a19289601554c320a\lucene-grouping-8.2.0.jar
MD5: 9b72aba5ef26fd98559ee26609f7717f
SHA1: a457b6ae0b02a02c9fc7061a19289601554c320a
SHA256:5dafd1262fc0dcb8cda8c8a46407484b0b4fea34f6f984696a0ff06fce55da31
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

lucene-highlighter-8.2.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-highlighter\8.2.0\21bdc9d7e134c9e8bb2bab7a5c32f5ff08b345ec\lucene-highlighter-8.2.0.jar
MD5: 3d63cf24fd790827fb48ce4d63424c0e
SHA1: 21bdc9d7e134c9e8bb2bab7a5c32f5ff08b345ec
SHA256:f9bb9e071d08d4cbc20f5336bbe5cacb61f7a40d2219c19a14f90889f97a45c2
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

lucene-join-8.2.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-join\8.2.0\6e1f359cb49868ec2482cb1af7f32b19ac70fcf3\lucene-join-8.2.0.jar
MD5: 0b89dbe4dc7cbf229fafefc110ced27f
SHA1: 6e1f359cb49868ec2482cb1af7f32b19ac70fcf3
SHA256:cdc2b68addf01d2f14cdb92f98e2da7de9c039691afe2af98882d839d816bb5f
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

lucene-memory-8.2.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-memory\8.2.0\719c1c86f525d58a717eb6338552cd3aaa19d56c\lucene-memory-8.2.0.jar
MD5: 31a9fa0896d85cff78d720e85670fbde
SHA1: 719c1c86f525d58a717eb6338552cd3aaa19d56c
SHA256:4ac9a6eb3b59729f7b2fcbb1a20f6608c19bbecdd878acd25e34cf71bdfe67e1
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

lucene-misc-8.2.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-misc\8.2.0\539c353c1861df0ace480978429f48a4bccd29c4\lucene-misc-8.2.0.jar
MD5: 00dee9131120017a7e029c23e3c36ba5
SHA1: 539c353c1861df0ace480978429f48a4bccd29c4
SHA256:352565292a218f6bcc32049b81f9a443450b69000bebd433389850a169e63c39
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

lucene-spatial-extras-8.2.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-spatial-extras\8.2.0\1335a4a876a82dbbb79df8172133df66de06689f\lucene-spatial-extras-8.2.0.jar
MD5: 8206a0dbf5a2a4e4563c541e792b1e83
SHA1: 1335a4a876a82dbbb79df8172133df66de06689f
SHA256:c69a192db03b7b13a6bedcc0c780d075e939927d05538f1cb5df003c68a77ad5
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

lucene-spatial3d-8.2.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-spatial3d\8.2.0\bc0ee3f2d70cf66dc79a781b9edd6311f1f6a49\lucene-spatial3d-8.2.0.jar
MD5: f9b79fcff72fd2469d5433d9d5a64dc8
SHA1: 0bc0ee3f2d70cf66dc79a781b9edd6311f1f6a49
SHA256:8e9ca67d1c7a37c7230fcac056cec3b1756cf0bfcc78d2fb355fede7c00ced74
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

lucene-suggest-8.2.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-suggest\8.2.0\334d627bda935dfb34e8e1c78d8f5a28b4be325a\lucene-suggest-8.2.0.jar
MD5: 59f74972eaefb00361396b69b5b5e278
SHA1: 334d627bda935dfb34e8e1c78d8f5a28b4be325a
SHA256:6912e6899df5cb4e095c3de8dc0d3df2e9ee319b6c9e4d72e861dee6b1819b71
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

solr-solrj-8.2.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.solr\solr-solrj\8.2.0\5c466f157adf03428765c6e15a3d85a08f540a05\solr-solrj-8.2.0.jar
MD5: 935576cc3f2f886f0c5ca64299be8f0e
SHA1: 5c466f157adf03428765c6e15a3d85a08f540a05
SHA256:84352656e0d04298c6286d166f2e65b6db7a3dcb5e70a997b5020261ebdd7fee
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

hppc-0.8.1.jar

Description:

High Performance Primitive Collections.
  Fundamental data structures (maps, sets, lists, stacks, queues) generated for
  combinations of object and primitive types to conserve JVM memory and speed
  up execution.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.carrotsearch\hppc\0.8.1\ffc7ba8f289428b9508ab484b8001dea944ae603\hppc-0.8.1.jar
MD5: 4b142532e325286944292cd65448afc3
SHA1: ffc7ba8f289428b9508ab484b8001dea944ae603
SHA256:f540703478636d88f699f4666242e6fc9175a996c08ddceaf02106517b970406
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jackson-dataformat-smile-2.9.8.jar

Description:

Support for reading and writing Smile ("binary JSON")
encoded data using Jackson abstractions (streaming API, data binding,
tree model)

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.fasterxml.jackson.dataformat\jackson-dataformat-smile\2.9.8\dbb47a052ac2b249ae004ce32e1e0c8bd8ee526c\jackson-dataformat-smile-2.9.8.jar
MD5: eec69f4c6a31ebcf0d9af7130f3044b1
SHA1: dbb47a052ac2b249ae004ce32e1e0c8bd8ee526c
SHA256:3b0c1aacf529bbee591f54029f2ad995e3c9fd7e7933a0d96ac8c288058bc566
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

caffeine-2.4.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.github.ben-manes.caffeine\caffeine\2.4.0\5aa8bbb851b1ad403cc140094ba4a25998369efe\caffeine-2.4.0.jar
MD5: 88d83922414143f7c3c1d12b83ca4d7b
SHA1: 5aa8bbb851b1ad403cc140094ba4a25998369efe
SHA256:a70d0ce267c92820aeb2790720643b3554e09ae7a95b5f5cc5e9c4800fcfab44
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

re2j-1.2.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.google.re2j\re2j\1.2\4361eed4abe6f84d982cbb26749825f285996dd2\re2j-1.2.jar
MD5: 1b861f3ffdae1d8698cd503b62145ddb
SHA1: 4361eed4abe6f84d982cbb26749825f285996dd2
SHA256:e9dc705fd4c570344b54a7146b2e3a819cdc271a29793f4acc1a93b56a388e59
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

json-path-2.4.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.jayway.jsonpath\json-path\2.4.0\765a4401ceb2dc8d40553c2075eb80a8fa35c2ae\json-path-2.4.0.jar
MD5: 29169b4b1115bc851e5734ef35ecd42a
SHA1: 765a4401ceb2dc8d40553c2075eb80a8fa35c2ae
SHA256:60441c74fb64e5a480070f86a604941927aaf684e2b513d780fb7a38fb4c5639
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

disruptor-3.4.2.jar

Description:

Disruptor - Concurrent Programming Framework

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.lmax\disruptor\3.4.2\e2543a63086b4189fbe418d05d56633bc1a815f7\disruptor-3.4.2.jar
MD5: 6895a3c4f54cf92eef6530e9e2cd3c46
SHA1: e2543a63086b4189fbe418d05d56633bc1a815f7
SHA256:f412ecbb235c2460b45e63584109723dea8d94b819c78c9bfc38f50cba8546c0
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

t-digest-3.1.jar

Description:

Data structure which allows accurate estimation of quantiles and related rank statistics

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.tdunning\t-digest\3.1\451ed219688aed5821a789428fd5e10426d11312\t-digest-3.1.jar
MD5: ba0c00142170b71bd3ae17d2d7e4e38b
SHA1: 451ed219688aed5821a789428fd5e10426d11312
SHA256:271f3a5a4bc79d7554c9e9e557669af83bcbda0db871e0b8c969d56e51c123a9
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

metrics-core-4.0.5.jar

Description:

        Metrics is a Java library which gives you unparalleled insight into what your code does in
        production. Metrics provides a powerful toolkit of ways to measure the behavior of critical
        components in your production environment.

License:

http://www.apache.org/licenses/LICENSE-2.0.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\io.dropwizard.metrics\metrics-core\4.0.5\b81ef162970cdb9f4512ee2da09715a856ff4c4c\metrics-core-4.0.5.jar
MD5: f5fb039e8ed41743d3b6590547d85894
SHA1: b81ef162970cdb9f4512ee2da09715a856ff4c4c
SHA256:e31f5bc2fc58dcacd0cf31f7eafa43d3b981873dac0d3f0ffebb145675f1c8a8
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

metrics-graphite-4.0.5.jar

Description:

        A reporter for Metrics which announces measurements to a Graphite server.

License:

http://www.apache.org/licenses/LICENSE-2.0.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\io.dropwizard.metrics\metrics-graphite\4.0.5\76e8758356373d5aed5abacbda429b38f6e8fa98\metrics-graphite-4.0.5.jar
MD5: 22f848bd3427fa8d5caa8717468097f5
SHA1: 76e8758356373d5aed5abacbda429b38f6e8fa98
SHA256:e7ece2bb30cf016a012286d7077fd1d9741c3e205ac7095fdc081e4c552436db
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

metrics-jetty9-4.0.5.jar

Description:

        A set of extensions for Jetty 9.3 and higher which provide instrumentation of thread pools, connector
        metrics, and application latency and utilization.

License:

http://www.apache.org/licenses/LICENSE-2.0.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\io.dropwizard.metrics\metrics-jetty9\4.0.5\87f3b49a7377e56f62046875d394ed0028b37690\metrics-jetty9-4.0.5.jar
MD5: 99b6f3ed9f4663ed9db4700e4bf388fa
SHA1: 87f3b49a7377e56f62046875d394ed0028b37690
SHA256:e2c769fc1c269e2200950b8d33800be4b0043302eaa189ba5cb7ce518c48b46a
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

metrics-jmx-4.0.5.jar

Description:

        A set of classes which allow you to report metrics via JMX.

License:

http://www.apache.org/licenses/LICENSE-2.0.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\io.dropwizard.metrics\metrics-jmx\4.0.5\d7be4ddd7ba674ee8be1d23d883fb3ca68ee1d54\metrics-jmx-4.0.5.jar
MD5: 863de91e135c8455d70fa3acf01cdf72
SHA1: d7be4ddd7ba674ee8be1d23d883fb3ca68ee1d54
SHA256:079133de87f7d3512200a8071bacfdbed46d6a73995578fc24bbf4c03df6d188
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

metrics-jvm-4.0.5.jar

Description:

        A set of classes which allow you to monitor critical aspects of your Java Virtual Machine
        using Metrics.

License:

http://www.apache.org/licenses/LICENSE-2.0.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\io.dropwizard.metrics\metrics-jvm\4.0.5\9f6f1e6c1db440d9ad4c3114f17be40f66bb399\metrics-jvm-4.0.5.jar
MD5: a19a85dc56ac7179bd974e4eb0c8b6e0
SHA1: 09f6f1e6c1db440d9ad4c3114f17be40f66bb399
SHA256:ba97466221c391bd7b7eb6d407f7fac83e5e6725d3a8691aa512e53ae075dfc3
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

opentracing-api-0.33.0.jar

Description:

OpenTracing Java API

File Path: Z:\Gradle\caches\modules-2\files-2.1\io.opentracing\opentracing-api\0.33.0\67336cfb9d93779c02e1fda4c87801d352720eda\opentracing-api-0.33.0.jar
MD5: bfec41592934f8a1f3e782ff2967c985
SHA1: 67336cfb9d93779c02e1fda4c87801d352720eda
SHA256:4534541b8e9f41a17bcdf1d09affe45b98c13574db6e529a93a58264b9472c7c
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

opentracing-noop-0.33.0.jar

Description:

OpenTracing NoOp

File Path: Z:\Gradle\caches\modules-2\files-2.1\io.opentracing\opentracing-noop\0.33.0\74b9950a587f53fbdb48c3f1f84f1ece8c10592\opentracing-noop-0.33.0.jar
MD5: a65509c4cc3907bc0691c5141d3f1d2e
SHA1: 074b9950a587f53fbdb48c3f1f84f1ece8c10592
SHA256:8529f91e10047b2b94cb21b50086a3d3913fa4da43594eddbd9ecf5917efe040
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

opentracing-util-0.33.0.jar

Description:

OpenTracing utilities

File Path: Z:\Gradle\caches\modules-2\files-2.1\io.opentracing\opentracing-util\0.33.0\132630f17e198a1748f23ce33597efdf4a807fb9\opentracing-util-0.33.0.jar
MD5: 4256987096519a45c4b781fca070a15c
SHA1: 132630f17e198a1748f23ce33597efdf4a807fb9
SHA256:22c5dfbb9b0e2f08f7371bf3d68372c7604c804d3129499b43f37a8877c4379e
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

s2-geometry-library-java-1.0.0.jar

Description:

A java library for Google s2

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\io.sgr\s2-geometry-library-java\1.0.0\f95b25589b40b5b0965deb592445073ff3efa299\s2-geometry-library-java-1.0.0.jar
MD5: 1a2947668483048b78f40582266bcc49
SHA1: f95b25589b40b5b0965deb592445073ff3efa299
SHA256:8e2c74fbe98adf02e93cc831c3a2d9fda9c4c8577eff7bec3ce9ce5863abbda7
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

eigenbase-properties-1.1.5.jar

Description:

Type-safe access to Java system properties

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\net.hydromatic\eigenbase-properties\1.1.5\a941956b3a4664d0cf728ece06ba25cc2110a3aa\eigenbase-properties-1.1.5.jar
MD5: 74250b1aa57ff13507bf28c09e5299eb
SHA1: a941956b3a4664d0cf728ece06ba25cc2110a3aa
SHA256:9394a752411d9729a083cf578ed9666ec9a7f59c18c9ca889127480a44c7285c
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

antlr4-runtime-4.5.1-1.jar

Description:

The ANTLR 4 Runtime

License:

http://www.antlr.org/license.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.antlr\antlr4-runtime\4.5.1-1\66144204f9d6d7d3f3f775622c2dd7e9bd511d97\antlr4-runtime-4.5.1-1.jar
MD5: c57e3c5fd251603e1d815ec1d6fde69b
SHA1: 66144204f9d6d7d3f3f775622c2dd7e9bd511d97
SHA256:ffca72bc2a25bb2b0c80a58cee60530a78be17da739bb6c91a8c2e3584ca099e
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

calcite-core-1.18.0.jar

Description:

Core Calcite APIs and engine.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.calcite\calcite-core\1.18.0\814f5395cb0af71d6d7eb304a94a2c5365e4929c\calcite-core-1.18.0.jar
MD5: 7556b67c3b873e6b6190af7382eabdba
SHA1: 814f5395cb0af71d6d7eb304a94a2c5365e4929c
SHA256:6429929601f2bcbff79edb465cb2b09495ddaf079f6e077f0b0a888c950c2ee2
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

calcite-linq4j-1.18.0.jar

Description:

Calcite APIs for LINQ (Language-Integrated Query) in Java

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.calcite\calcite-linq4j\1.18.0\bc7d7a74b2e5ead39ee3688f107bece3ad13eca6\calcite-linq4j-1.18.0.jar
MD5: b18d889b40a277f94b9f52c7b84b936f
SHA1: bc7d7a74b2e5ead39ee3688f107bece3ad13eca6
SHA256:58471aedc88574aa7f18baf05b1d6f280e74a9b48c93410d6d00c6c0ce2191e4
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

avatica-core-1.13.0.jar

Description:

JDBC driver framework.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.calcite.avatica\avatica-core\1.13.0\bae68362b6020d6da93ad9abfa6a44edffb2b952\avatica-core-1.13.0.jar
MD5: b54061c59349ad11ec60402ba935a77c
SHA1: bae68362b6020d6da93ad9abfa6a44edffb2b952
SHA256:b065e18b3c9fafa2b13113bc76a57aef412e1f8ee5caeec331e1f3e3656dda8c
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

commons-configuration2-2.1.1.jar

Description:

        Tools to assist in the reading of configuration/preferences files in
        various formats

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.commons\commons-configuration2\2.1.1\d97d5b3f8b58c52730d47e1a63c8d3258f41ca6c\commons-configuration2-2.1.1.jar
MD5: 6c070e57bcd44ed93994f5a33102c277
SHA1: d97d5b3f8b58c52730d47e1a63c8d3258f41ca6c
SHA256:6471f4c4fb666960eba889b768164670097022d3084018affea555e6bf8d3d79
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

curator-client-2.13.0.jar

Description:

Low-level API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.curator\curator-client\2.13.0\a1974d9b3251c055408059b2f408d19d7db07224\curator-client-2.13.0.jar
MD5: ca2c6ca2277e78d1f6b865ee82e10357
SHA1: a1974d9b3251c055408059b2f408d19d7db07224
SHA256:62ab2201b5b9af63b215a4e6829dbe7d553a0805cfb0b1a665f9b49da8270c51
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

curator-framework-2.13.0.jar

Description:

High-level API that greatly simplifies using ZooKeeper.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.curator\curator-framework\2.13.0\d45229aee7d3f1f628a34fcac9b66ed5ba52c31f\curator-framework-2.13.0.jar
MD5: 91e34b86afb44ef5c728f69ed9790f1d
SHA1: d45229aee7d3f1f628a34fcac9b66ed5ba52c31f
SHA256:db084e5e0fed0548a8128f12a3e7a15c875c9595e75316c9578d64e77375c4a9
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

curator-recipes-2.13.0.jar

Description:

All of the recipes listed on the ZooKeeper recipes doc (except two phase commit).

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.curator\curator-recipes\2.13.0\1e6d5cf7b18a402f5d52785877010711538d68a0\curator-recipes-2.13.0.jar
MD5: 02685a8f2e44faa1941e953ac426a8d7
SHA1: 1e6d5cf7b18a402f5d52785877010711538d68a0
SHA256:22be05c1a3e6c5ede22e77372b08dc631a3b93b64acb7f682537ea65a6ddba06
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

hadoop-annotations-3.2.0.jar

Description:

Apache Hadoop Annotations

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.hadoop\hadoop-annotations\3.2.0\275df2b5942c554ae3f3adf8483e81f5aec5ebc7\hadoop-annotations-3.2.0.jar
MD5: 53f34125785d58fcc1918b502cac3cf5
SHA1: 275df2b5942c554ae3f3adf8483e81f5aec5ebc7
SHA256:b7bea21ef5e070118a9b28e1dd16c6f5a335cf1e7ae276dced782b05a772be7c
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

hadoop-auth-3.2.0.jar

Description:

Apache Hadoop Auth - Java HTTP SPNEGO

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.hadoop\hadoop-auth\3.2.0\b1b95aed9aa956ffb7d21e30a0415ca14d91c4ad\hadoop-auth-3.2.0.jar
MD5: 1f513a4c0caab107b20409a89043f0ea
SHA1: b1b95aed9aa956ffb7d21e30a0415ca14d91c4ad
SHA256:db63b8d5d303908ea136a9f75b52a616ef01b6c5620b76d7c2669e8c583837d4
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

hadoop-common-3.2.0.jar

Description:

Apache Hadoop Common

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.hadoop\hadoop-common\3.2.0\e47a88c42c450e6e4b23bf951356c203cae2db24\hadoop-common-3.2.0.jar
MD5: 23c61d9d75661d0ad582ca3deff65f95
SHA1: e47a88c42c450e6e4b23bf951356c203cae2db24
SHA256:8eaad191f9266cf77c48e3ad0a2c527e692f48335eeb2988393d23a007ee10c1
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

hadoop-hdfs-client-3.2.0.jar

Description:

Apache Hadoop HDFS Client

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.hadoop\hadoop-hdfs-client\3.2.0\c56a99b3043755b5506cfd85f11d53bd61652f3d\hadoop-hdfs-client-3.2.0.jar
MD5: e2f4cd3c18c5bbb20c53ac53f4f48d26
SHA1: c56a99b3043755b5506cfd85f11d53bd61652f3d
SHA256:fda0350b36998d1c766d3d5a9a8e7daf08cf5a7170ad612a1e741ccccb27a48d
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

htrace-core4-4.1.0-incubating.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.htrace\htrace-core4\4.1.0-incubating\12b3e2adda95e8c41d9d45d33db075137871d2e2\htrace-core4-4.1.0-incubating.jar
MD5: 34f428e68910ea6555c79e733d433f1a
SHA1: 12b3e2adda95e8c41d9d45d33db075137871d2e2
SHA256:5d45b7904857c3e4ad36b3bcc57be2d2c5f308c69b5f6a58bd86aa7d48a25ef6
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

kerb-core-1.0.1.jar

Description:

Kerby-kerb core facilities

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.kerby\kerb-core\1.0.1\82357e97a5c1b505beb0f6c227d9f39b2d7fdde0\kerb-core-1.0.1.jar
MD5: 545c60f29fc4d57a1e50e3be72c88fe0
SHA1: 82357e97a5c1b505beb0f6c227d9f39b2d7fdde0
SHA256:4db26bc4a106603044d8883f7280abc803b055b36f5c510a3fffc41e5de4c651
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

kerb-util-1.0.1.jar

Description:

Kerby-kerb Utilities

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.kerby\kerb-util\1.0.1\93d37f677addd2450b199e8da8fcac243ceb8a88\kerb-util-1.0.1.jar
MD5: 424542890d4dc9f61b1754a12a1c7758
SHA1: 93d37f677addd2450b199e8da8fcac243ceb8a88
SHA256:9cb1a2715a35cbabc9e8f1be3287bb086100763847e2f17577b72a025f8adaab
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

kerby-asn1-1.0.1.jar

Description:

Kerby ASN1 Project

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.kerby\kerby-asn1\1.0.1\d54a9712c29c4e6d9d9ba483fad3d450be135fff\kerby-asn1-1.0.1.jar
MD5: 95c31186c0ec12b85bde99e286fe2f8c
SHA1: d54a9712c29c4e6d9d9ba483fad3d450be135fff
SHA256:010a3c33e5b652f11cb29a6e66826a24331e526cf58662dccb4d6695fc6ca59d
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

kerby-pkix-1.0.1.jar

Description:

Kerby PKIX Project

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.kerby\kerby-pkix\1.0.1\4c1fd1f78ba7c16cf6fcd663ddad7eed34b4d911\kerby-pkix-1.0.1.jar
MD5: 4f99a872b054dead71460c3ed3bca6ac
SHA1: 4c1fd1f78ba7c16cf6fcd663ddad7eed34b4d911
SHA256:0410bc1950b57f4792ea6b86df59a2ee87e4ad69b33a17ded438e6686894346a
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

zookeeper-3.5.5.jar

Description:

ZooKeeper server

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.zookeeper\zookeeper\3.5.5\dd9c924e9d4be7c79e46261691e96d030736a8ac\zookeeper-3.5.5.jar
MD5: 78107e524ca1b23ecc4bae19f112bda4
SHA1: dd9c924e9d4be7c79e46261691e96d030736a8ac
SHA256:49d9c075e86260de45e9cd5375b09172eeea31aefcbcd654c6534aba0705ebe7
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

zookeeper-jute-3.5.5.jar

Description:

ZooKeeper jute

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.zookeeper\zookeeper-jute\3.5.5\3785011a665bd5c7dedd025110543d967f17f8e3\zookeeper-jute-3.5.5.jar
MD5: f309c6bbc83d99300326b1c02f4d4ae2
SHA1: 3785011a665bd5c7dedd025110543d967f17f8e3
SHA256:2f1c0a0d59c99c73cd94231945b8b52556114e519ba297bd76101441203d3285
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jose4j-0.6.5.jar

Description:

     The jose.4.j library is a robust and easy to use open source implementation of JSON Web Token (JWT) and the JOSE specification suite (JWS, JWE, and JWK).
     It is written in Java and relies solely on the JCA APIs for cryptography.
     Please see https://bitbucket.org/b_c/jose4j/wiki/Home for more info, examples, etc..

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.bitbucket.b_c\jose4j\0.6.5\524470e6ad000e3938f4c0f5e08bd423e95bd43a\jose4j-0.6.5.jar
MD5: 38b06bd9c1f8a46f819ac254234ead02
SHA1: 524470e6ad000e3938f4c0f5e08bd423e95bd43a
SHA256:0c2d2616b42dba712ff7a05a95ed9d44cf9b71f5632eeca05dbcfce3ba3375b2
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

commons-compiler-3.0.9.jar

Description:

The "commons-compiler" API, including the "IExpressionEvaluator", "IScriptEvaluator", "IClassBodyEvaluator" and "ISimpleCompiler" interfaces.

License:

https://raw.githubusercontent.com/janino-compiler/janino/master/LICENSE
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codehaus.janino\commons-compiler\3.0.9\6aac3c03d02dcab0d59f77ff00b682f5320e54e9\commons-compiler-3.0.9.jar
MD5: 8db21cabe3f77efc36498e43501a4b9d
SHA1: 6aac3c03d02dcab0d59f77ff00b682f5320e54e9
SHA256:d924418b051748034bae80f563499d5c0533c30383525f22aebbeb1d297b9e6e
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

janino-3.0.9.jar

Description:

The "JANINO" implementation of the "commons-compiler" API: Super-small, super-fast, independent from the JDK's "tools.jar".

License:

https://raw.githubusercontent.com/janino-compiler/janino/master/LICENSE
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codehaus.janino\janino\3.0.9\ddfd261063f2e6300e4c884aeef5f145dd0b38d\janino-3.0.9.jar
MD5: 4ee85915848cbe3344b21712128cab4a
SHA1: 0ddfd261063f2e6300e4c884aeef5f145dd0b38d
SHA256:32f17d3be316aa398840fe891136f8a26c2f07c0c53fc2944268c4ba96e3b734
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

woodstox-core-5.0.3.jar

Description:

        Woodstox is a high-performance XML processor that
        implements Stax (JSR-173), SAX2 and Stax2 APIs

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.fasterxml.woodstox\woodstox-core\5.0.3\10aa199207fda142eff01cd61c69244877d71770\woodstox-core-5.0.3.jar
MD5: 8b151bd3d262d9c07e0384b7cc6c4cd9
SHA1: 10aa199207fda142eff01cd61c69244877d71770
SHA256:a1c04b64fbfe20ae9f2c60a3bf1633fed6688ae31935b6bd4a457a1bbb2e82d4
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

stax2-api-3.1.4.jar

Description:

tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API.

License:

The BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codehaus.woodstox\stax2-api\3.1.4\ac19014b1e6a7c08aad07fe114af792676b685b7\stax2-api-3.1.4.jar
MD5: c08e89de601b0a78f941b2c29db565c3
SHA1: ac19014b1e6a7c08aad07fe114af792676b685b7
SHA256:86d7c0b775a7c9b454cc6ba61d40a8eb3b99cc129f832eb9b977a3755b4b338e
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

woodstox-core-asl-4.4.1.jar

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codehaus.woodstox\woodstox-core-asl\4.4.1\84fee5eb1a4a1cefe65b6883c73b3fa83be3c1a1\woodstox-core-asl-4.4.1.jar
MD5: 1f53f91f117288fb2ef2e120f27e5498
SHA1: 84fee5eb1a4a1cefe65b6883c73b3fa83be3c1a1
SHA256:274fa403ed08c0d6f2f574dc1916adaaaec9a493e56d6442f8797ede620bca65
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jetty-alpn-client-9.4.19.v20190610.jar

Description:

Jetty module for Jetty :: ALPN :: Client

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-alpn-client\9.4.19.v20190610\8c9283b8a04056a0fced23fc474e62aa39764c6b\jetty-alpn-client-9.4.19.v20190610.jar
MD5: 698e11a203fe6ae54aa69ff56149f17f
SHA1: 8c9283b8a04056a0fced23fc474e62aa39764c6b
SHA256:d83f67f982745d8d3b5bb70d90855f16b0a3231be61ffce40fa6cd4dec83e5b7
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jetty-alpn-java-client-9.4.19.v20190610.jar

Description:

JDK9 Client ALPN

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-alpn-java-client\9.4.19.v20190610\37eff0bd068adca090e14a0fbd9de258a871f9d9\jetty-alpn-java-client-9.4.19.v20190610.jar
MD5: 2823af7e183c7837a93ffe4d00d1e397
SHA1: 37eff0bd068adca090e14a0fbd9de258a871f9d9
SHA256:977c5b38c757df5058fce943ef6050d3f247e8bc1e2d969099f9a984e15f003a
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jetty-alpn-java-server-9.4.19.v20190610.jar

Description:

JDK9 Server ALPN

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-alpn-java-server\9.4.19.v20190610\7e7f62c2c03b74e59211eeeba0ddc067ad422ff7\jetty-alpn-java-server-9.4.19.v20190610.jar
MD5: 38d554194154c02ca4ada01144e5c99f
SHA1: 7e7f62c2c03b74e59211eeeba0ddc067ad422ff7
SHA256:3965c15329624b4b761f1af10121b0c5f57da7bbefe4a722d8f956fa1736ce82
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jetty-alpn-server-9.4.19.v20190610.jar

Description:

Jetty module for Jetty :: ALPN :: Server

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-alpn-server\9.4.19.v20190610\5dd67dacaf1eed80ab95493da840dab35c22ce9c\jetty-alpn-server-9.4.19.v20190610.jar
MD5: de8dcf61f52342d0359cdcd40d10b4cd
SHA1: 5dd67dacaf1eed80ab95493da840dab35c22ce9c
SHA256:a60f7cfcdc365a2b6c2f01ccc8d3122f5ff6ee6fd3e8331979ac0da71d9204ab
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jetty-client-9.4.19.v20190610.jar

Description:

Jetty module for Jetty :: Asynchronous HTTP Client

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-client\9.4.19.v20190610\4386c1f243042e0f78f2e4c3c6cd239967410d6e\jetty-client-9.4.19.v20190610.jar
MD5: 041e00123f3f42d0371863a2fca3884c
SHA1: 4386c1f243042e0f78f2e4c3c6cd239967410d6e
SHA256:38aabe43c152dd9d5bbad3c2e468f4385e9055b31f78937e4014085cc0b1b734
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jetty-continuation-9.4.19.v20190610.jar

Description:

Asynchronous API

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-continuation\9.4.19.v20190610\4acddfa41f45790e43fe4be257c3c4bcf6b846ff\jetty-continuation-9.4.19.v20190610.jar
MD5: 2ed565d7ae6262acef3d805a92e6c6be
SHA1: 4acddfa41f45790e43fe4be257c3c4bcf6b846ff
SHA256:bb4c7674d04bdb5e811f794b32e5c432687600dd3e587fcd5220a8638e307c26
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jetty-deploy-9.4.19.v20190610.jar

Description:

Jetty deployers

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-deploy\9.4.19.v20190610\8b350466ff1fcb7030a7abc152eed458e086fac2\jetty-deploy-9.4.19.v20190610.jar
MD5: 7d71820ef66b358e09cc43dc1b39519d
SHA1: 8b350466ff1fcb7030a7abc152eed458e086fac2
SHA256:9ae7dede417e70c746613dc97f16c4a622a104c447c418a05e38f179ab15ee2a
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jetty-http-9.4.19.v20190610.jar

Description:

Jetty module for Jetty :: Http Utility

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-http\9.4.19.v20190610\b59ff8ecb0cf5d6234958f2404eabf0b72464e14\jetty-http-9.4.19.v20190610.jar
MD5: e73bab79f5df39bfd2bad16772c6971a
SHA1: b59ff8ecb0cf5d6234958f2404eabf0b72464e14
SHA256:54e4e6552d2ecf1fecb2b511c2a7f761f49c96c1980b103142baa33841abd398
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jetty-io-9.4.19.v20190610.jar

Description:

Jetty module for Jetty :: IO Utility

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-io\9.4.19.v20190610\7eb9a6be62d84e1691e5fdc99223e632485619a8\jetty-io-9.4.19.v20190610.jar
MD5: 0a72174f7f8d3c70fd9e64b238c4779a
SHA1: 7eb9a6be62d84e1691e5fdc99223e632485619a8
SHA256:9a8326d191b5627f7985333f65b29c3ce37e22abf4f8aa2c539b84b31d72a270
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jetty-jmx-9.4.19.v20190610.jar

Description:

JMX management artifact for jetty.

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-jmx\9.4.19.v20190610\8dc81acdc4d3085c0b5f3c80b9a78cc9cb48bc4e\jetty-jmx-9.4.19.v20190610.jar
MD5: 6194859adc45fd217235eb5d3f209cf8
SHA1: 8dc81acdc4d3085c0b5f3c80b9a78cc9cb48bc4e
SHA256:3392a9f28ba4931c76f1739f00216dea8d7dbdbfccb274259879a2975c44155c
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jetty-rewrite-9.4.19.v20190610.jar

Description:

Jetty Rewrite Handler

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-rewrite\9.4.19.v20190610\9b830886bd6098c613ed08d99574bbf300519506\jetty-rewrite-9.4.19.v20190610.jar
MD5: e17b2c0a6be108f8c916f0349931978b
SHA1: 9b830886bd6098c613ed08d99574bbf300519506
SHA256:31a61da23437f2b02e8f476302dc95c08f2bbd2590c85046cb901c8b709e4693
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jetty-security-9.4.19.v20190610.jar

Description:

Jetty security infrastructure

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-security\9.4.19.v20190610\bfe96e1e78719bdd446e063c3f45c132010237ce\jetty-security-9.4.19.v20190610.jar
MD5: a01245e200ad1b517ba7c02fee2de089
SHA1: bfe96e1e78719bdd446e063c3f45c132010237ce
SHA256:15a33448a7e0836d610cae9bce5db71d689538f8aafc197914d9c2b3b23ea400
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jetty-server-9.4.19.v20190610.jar

Description:

The core jetty server artifact.

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-server\9.4.19.v20190610\55786f6e6649bd49425a7da1ac72cd85b8dd4bef\jetty-server-9.4.19.v20190610.jar
MD5: fbed5cd853e5f0e062d3f6c2313cdfdf
SHA1: 55786f6e6649bd49425a7da1ac72cd85b8dd4bef
SHA256:573807f7a979a316cda23d684601b69c8304c24ffaf18001fdb3253e9bc8b866
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jetty-servlet-9.4.19.v20190610.jar

Description:

Jetty Servlet Container

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-servlet\9.4.19.v20190610\89e25610b3199fdf34a831c1b306f7e765928959\jetty-servlet-9.4.19.v20190610.jar
MD5: e71d8fe4440fb6a8f6a235470672aab0
SHA1: 89e25610b3199fdf34a831c1b306f7e765928959
SHA256:3077c9174db95fa1c0c3523782d8ee562d14c5bd6ec0bf98dc8b75a94aab3727
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jetty-servlets-9.4.19.v20190610.jar

Description:

Utility Servlets from Jetty

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-servlets\9.4.19.v20190610\b290c176abe2cd9274b9f794bf74497c4759359d\jetty-servlets-9.4.19.v20190610.jar
MD5: e05b7c96c001d3ee564fdd235ac96ceb
SHA1: b290c176abe2cd9274b9f794bf74497c4759359d
SHA256:4d236c03823f9224309990f5643f212e9be09daf8f916f4a8ec985f2820d222d
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jetty-util-9.4.19.v20190610.jar

Description:

Utility classes for Jetty

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-util\9.4.19.v20190610\2fd3cd40279280e8c56241f753d2c52d8d446d19\jetty-util-9.4.19.v20190610.jar
MD5: 0efeb18a2650ac862fc4989a0b3612db
SHA1: 2fd3cd40279280e8c56241f753d2c52d8d446d19
SHA256:f102a74fe268aea0c45ee76655fdc7707361192bfe78e030a761a33a1fbae373
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jetty-webapp-9.4.19.v20190610.jar

Description:

Jetty web application support

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-webapp\9.4.19.v20190610\945fc0c0fa69504c194e32c5330afa1df0be9574\jetty-webapp-9.4.19.v20190610.jar
MD5: 81d7d7b0e6166c29ef74888361f145a9
SHA1: 945fc0c0fa69504c194e32c5330afa1df0be9574
SHA256:24490a248a40b7d82ad68ebdfb74c435248093d138b99411078b59a691b68ae9
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jetty-xml-9.4.19.v20190610.jar

Description:

The jetty xml utilities.

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-xml\9.4.19.v20190610\d25e67fbe0809cae777065b75b10ecfb5c1bd749\jetty-xml-9.4.19.v20190610.jar
MD5: 48fd108dbe2ea0fed238e9754455982d
SHA1: d25e67fbe0809cae777065b75b10ecfb5c1bd749
SHA256:7c16c74774acefd6f054f9ef2f681ff191e702b49bcb26b529c4d0e1dae65b33
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

http2-client-9.4.19.v20190610.jar

Description:

Jetty module for Jetty :: HTTP2 :: Client

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty.http2\http2-client\9.4.19.v20190610\da335ee2e7d1439dcc7e11e89941edfad91e9e10\http2-client-9.4.19.v20190610.jar
MD5: 58feb93db4169bbe89c42859df32ac64
SHA1: da335ee2e7d1439dcc7e11e89941edfad91e9e10
SHA256:dbc4ad373f57e02ac14e4a16bfc28dd6ed87b9a69018f70dfccb7236916ee15a
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

http2-common-9.4.19.v20190610.jar

Description:

Jetty module for Jetty :: HTTP2 :: Common

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty.http2\http2-common\9.4.19.v20190610\3b8c59c68d52a3d0de0d53f5b3588be3a5c05fb8\http2-common-9.4.19.v20190610.jar
MD5: 76b6549ac8c07d54a1ef71868455f8c2
SHA1: 3b8c59c68d52a3d0de0d53f5b3588be3a5c05fb8
SHA256:4ca5d802401561f4dec6f2209e775af77e21a8cce281dc67f081df28ae782e29
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

http2-hpack-9.4.19.v20190610.jar

Description:

Http2 Hpack

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty.http2\http2-hpack\9.4.19.v20190610\3aaf2c8c9c781f10d4d9da6120c5195b2fcb2ad9\http2-hpack-9.4.19.v20190610.jar
MD5: adefdb4791c4adb89427b9caa99da850
SHA1: 3aaf2c8c9c781f10d4d9da6120c5195b2fcb2ad9
SHA256:dbbfd378aad57b130730b2fc5455836cf40bca6e44f0ee748d6cd294ebb8f53c
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

http2-http-client-transport-9.4.19.v20190610.jar

Description:

Jetty module for Jetty :: HTTP2 :: HTTP Client Transport

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty.http2\http2-http-client-transport\9.4.19.v20190610\95f58cd0cfa0c4553fc3901138cc6a03ece23b94\http2-http-client-transport-9.4.19.v20190610.jar
MD5: 5f94b8880f4d1ecc6d504e231113c50e
SHA1: 95f58cd0cfa0c4553fc3901138cc6a03ece23b94
SHA256:a244e301a6496a354e33819b7f19c3f91020f9505ebbae20bff580e2c8374393
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

http2-server-9.4.19.v20190610.jar

Description:

Jetty module for Jetty :: HTTP2 :: Server

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty.http2\http2-server\9.4.19.v20190610\672891a1abbeef85192d137192e347872a6fc9c3\http2-server-9.4.19.v20190610.jar
MD5: 28bcf98687daf08cbb6e405e8490ea25
SHA1: 672891a1abbeef85192d137192e347872a6fc9c3
SHA256:62c431c84ae4b966286e37b2caaef1876b82df5707e0173d9a8f4352ce1fe628
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

spatial4j-0.7.jar

Description:

    Spatial4j is a general purpose spatial / geospatial ASL licensed open-source Java library. It's
    core capabilities are 3-fold: to provide common geospatially-aware shapes, to provide distance
    calculations and other math, and to read shape formats like WKT and GeoJSON.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.locationtech.spatial4j\spatial4j\0.7\faa8ba85d503da4ab872d17ba8c00da0098ab2f2\spatial4j-0.7.jar
MD5: f6a94012c0a3c72395ca420a7708741e
SHA1: faa8ba85d503da4ab872d17ba8c00da0098ab2f2
SHA256:9adccb1d87f7e0be70567b952c65552607e2dcbde32a1579a8a639bdcfa1a3c8
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

asm-commons-5.1.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.ow2.asm\asm-commons\5.1\25d8a575034dd9cfcb375a39b5334f0ba9c8474e\asm-commons-5.1.jar
MD5: 38839fb32c40f7f70986e9c282de0018
SHA1: 25d8a575034dd9cfcb375a39b5334f0ba9c8474e
SHA256:97b3786e1f55e74bddf8ad102bf50e33bbcbc1f6b7fd7b36f0bbbb25cd4981be
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.restlet-2.3.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.restlet.jee\org.restlet\2.3.0\4c5d184e23fa729726668a90dc7338d80c4e7e6f\org.restlet-2.3.0.jar
MD5: 33a94f74de95421b4938dfecb0029ab1
SHA1: 4c5d184e23fa729726668a90dc7338d80c4e7e6f
SHA256:65bfb6d8a4de7f99655a907dd3e89b8868790a9a7874df88c06881e65d115de8
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2017-14868  

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2017-14949  

Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities (not parameter external entities) are properly considered. This is related to XmlRepresentation, DOMRepresentation, SaxRepresentation, and JacksonRepresentation.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

org.restlet.ext.servlet-2.3.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.restlet.jee\org.restlet.ext.servlet\2.3.0\9303e20d0397c0304342943560c3a1693fd7ce7d\org.restlet.ext.servlet-2.3.0.jar
MD5: e81ab1a31fdd07ac02c576086201b2da
SHA1: 9303e20d0397c0304342943560c3a1693fd7ce7d
SHA256:5caaf78595359c7db07cee292c474c3c45b5f2fd790b44fb88a1dd3c666d1e49
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2017-14868  

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2017-14949  

Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities (not parameter external entities) are properly considered. This is related to XmlRepresentation, DOMRepresentation, SaxRepresentation, and JacksonRepresentation.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

rrd4j-3.5.jar

Description:

A high performance data logging and graphing system for time series data.

License:

Apache License Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.rrd4j\rrd4j\3.5\540c946b471dc915b0beb7c07069e3946665ef5d\rrd4j-3.5.jar
MD5: ec2eee22cfab6555fb3e3caa563db70d
SHA1: 540c946b471dc915b0beb7c07069e3946665ef5d
SHA256:89305b495a7ee9e90fc61e183512cbcdd9d9211ed662c3ae1b8052c1ca689448
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jakarta.ws.rs-api-2.1.5.jar

Description:

Java API for RESTful Web Services

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\jakarta.ws.rs\jakarta.ws.rs-api\2.1.5\e45d7f94d7406489755d911e63c216b4a3210374\jakarta.ws.rs-api-2.1.5.jar
MD5: ec1a9f7735daf2dfe421b1ec9b20dd0b
SHA1: e45d7f94d7406489755d911e63c216b4a3210374
SHA256:3587738aaf6d5e4f1e3f01cc249cb061badf7490f7e647b2ae26d0a7efa6e173
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

c3p0-0.9.1.1.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\c3p0\c3p0\0.9.1.1\302704f30c6e7abb7a0457f7771739e03c973e80\c3p0-0.9.1.1.jar
MD5: 640c58226e7bb6beacc8ac3f6bb533d1
SHA1: 302704f30c6e7abb7a0457f7771739e03c973e80
SHA256:a3c772033d43c85f2635596e2421496d55840abbde64ad64b8d0298cacbba466
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2019-5427  

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
CWE-399 Resource Management Errors

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

batik-constants-1.11.jar

Description:

Batik constants library

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-constants\1.11\7c302c2db49975d4a5176bdde843038443f96c2d\batik-constants-1.11.jar
MD5: 5274249c8d1bdabb4ea738c07f790175
SHA1: 7c302c2db49975d4a5176bdde843038443f96c2d
SHA256:5ddc945e09408faa4f951c17124ad54046ee70432696057f316e46b34de33f65
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

batik-i18n-1.11.jar

Description:

Batik i18n library

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-i18n\1.11\65e3680b22aad1d80308837d9b56b0a9f4125642\batik-i18n-1.11.jar
MD5: 8dfd986f061955711efd0ac416c77e2c
SHA1: 65e3680b22aad1d80308837d9b56b0a9f4125642
SHA256:d9fa4d9fd64ad085cd146be9a2075d9ad516f2b2443cb7e6d28fe688d268eb39
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.core.expressions-3.4.500.v20130515-1343.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.core.expressions\3.4.500.v20130515-1343\97cc20cce87af191fc620562ab74b1cde95947fd\org.eclipse.core.expressions-3.4.500.v20130515-1343.jar
MD5: 20da519a750933fa70944f49f2cc8ffd
SHA1: 97cc20cce87af191fc620562ab74b1cde95947fd
SHA256:7c4a0b95d062020e4923154a2552f8927c13fd50da6aa746c720e1d0adff20c9
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.emf.ecore.xmi-2.10.1.v20140901-1043.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.emf.ecore.xmi\2.10.1.v20140901-1043\2a524cbae6c0ad0410c89270eb928ad90f75c95e\org.eclipse.emf.ecore.xmi-2.10.1.v20140901-1043.jar
MD5: 47a6f6ebfb8ae5ed9c82360f8d670683
SHA1: 2a524cbae6c0ad0410c89270eb928ad90f75c95e
SHA256:5be626988e11aeaacec845e560edbace5eace71c018dee2ec9d5f6572cdc1687
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.connectivity.oda.design-3.3.6.v201212070447.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.oda.design\3.3.6.v201212070447\bce1829458bb7c58200cb72c045d48e82702d0a8\org.eclipse.datatools.connectivity.oda.design-3.3.6.v201212070447.jar
MD5: adda38edf0bc609098de5f74d24de2e3
SHA1: bce1829458bb7c58200cb72c045d48e82702d0a8
SHA256:299148d5b92190905503dc084f107ba50b348c2b23721d00f2d107bcb09da248
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.enablement.oda.xml-1.2.5.v201305031101.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.oda.xml\1.2.5.v201305031101\b5be50518c251d4c022959aeb6f871d6fea33fcc\org.eclipse.datatools.enablement.oda.xml-1.2.5.v201305031101.jar
MD5: 58849f828c50fff8ef3e9be4ac636508
SHA1: b5be50518c251d4c022959aeb6f871d6fea33fcc
SHA256:23e36cb48339eaef1ff847bdf66620b4311df9f38cc2293ec241256b7c6bb421
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.enablement.oda.ws-1.2.6.v201403131825.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.oda.ws\1.2.6.v201403131825\cc7814580f2fb5890c54681fec0f98b3e1386b51\org.eclipse.datatools.enablement.oda.ws-1.2.6.v201403131825.jar
MD5: f38bc06778ddbd8297a522d6907f780b
SHA1: cc7814580f2fb5890c54681fec0f98b3e1386b51
SHA256:5b77fc660ae6c5506587882fd9072ecf7f5d2f061ca202ac0ba51060943c066c
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.core.runtime-3.9.0.v20130326-1255.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.core.runtime\3.9.0.v20130326-1255\47eedfa6e872020604db4b2e1949aa6ca273ac6a\org.eclipse.core.runtime-3.9.0.v20130326-1255.jar
MD5: 0dde7c81b2e6278cdd4a4b4821a54419
SHA1: 47eedfa6e872020604db4b2e1949aa6ca273ac6a
SHA256:1c80f541dbc46ab41c4c4971aa7dce944bcb48e55c73c792ef4f3959d03c5246
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.equinox.app-1.3.100.v20130327-1442.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.equinox.app\1.3.100.v20130327-1442\cfe0deab8c3c4f4caea3767bc8bbaa4789b8f782\org.eclipse.equinox.app-1.3.100.v20130327-1442.jar
MD5: 2f4d4cc26c71bd7383fd9b7762ed57ae
SHA1: cfe0deab8c3c4f4caea3767bc8bbaa4789b8f782
SHA256:44ba4803f17b95d3c0235700f17eea2b4636eb2aab514ac22c859d941f572fd6
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

com.ibm.icu-50.1.1.v201304230130.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\com.ibm.icu\50.1.1.v201304230130\ff82137ba65f8676355452edc0ca57975d1b69f4\com.ibm.icu-50.1.1.v201304230130.jar
MD5: cc9d48d40fd8c18a2c4603e8403d6df6
SHA1: ff82137ba65f8676355452edc0ca57975d1b69f4
SHA256:931f3b0ece76fb7f5d29f7aaf3d4547a4e11e879b08fe003974a0474649bacd1
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.equinox.registry-3.5.400.v20140428-1507.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.equinox.registry\3.5.400.v20140428-1507\897775850f15e1595464bbff11562583b8132499\org.eclipse.equinox.registry-3.5.400.v20140428-1507.jar
MD5: b31d9c600f764fdcafacdef1ba72cb91
SHA1: 897775850f15e1595464bbff11562583b8132499
SHA256:f652ccc87dac1cde1a6932ee9864e7dc2772e4cc304e6dc9155d15dfcaa7ff21
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.connectivity.dbdefinition.genericJDBC-1.0.1.v201107221459.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.dbdefinition.genericJDBC\1.0.1.v201107221459\1ee4dc13d331d13f2be2f1cb1b62b789c25db9cc\org.eclipse.datatools.connectivity.dbdefinition.genericJDBC-1.0.1.v201107221459.jar
MD5: 6fdf12a21f1fed08aa2588709699aba1
SHA1: 1ee4dc13d331d13f2be2f1cb1b62b789c25db9cc
SHA256:5caefda382f4903abc2676309be300a7f3d3c5cd7c75252e191b8a645e70ee06
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.osgi-3.10.1.v20140909-1633.jar

Description:

%systemBundle

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.osgi\3.10.1.v20140909-1633\e6a47e8e3edaf8b3cf74a1d5540a9c91369fb28a\org.eclipse.osgi-3.10.1.v20140909-1633.jar
MD5: 07e3c874013c7228107c5e0f61a942f5
SHA1: e6a47e8e3edaf8b3cf74a1d5540a9c91369fb28a
SHA256:ab98b8c904ef3aeb76a6c18bb349241014a1e19ad9d662efd9cc6c03ee13045d
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.emf.common-2.10.1.v20140901-1043.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.emf.common\2.10.1.v20140901-1043\4a9dbfa87401190c710c16dcbbc7a2ea7cc3ff70\org.eclipse.emf.common-2.10.1.v20140901-1043.jar
MD5: df980d426f472a019fe8c58f1f420a0b
SHA1: 4a9dbfa87401190c710c16dcbbc7a2ea7cc3ff70
SHA256:64bf43bc9e394989f58ecaf1615b5ba710642f571bee6daf35b9c5601378a024
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.connectivity.sqm.core-1.2.8.v201401230755.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.sqm.core\1.2.8.v201401230755\c0d3d79971a815a4db6c5b009ada4f0f1f44e043\org.eclipse.datatools.connectivity.sqm.core-1.2.8.v201401230755.jar
MD5: 95679c586bf2429199ee06a9ad56a618
SHA1: c0d3d79971a815a4db6c5b009ada4f0f1f44e043
SHA256:1ee42ee6d264ec076b1590911447cb43a705e60badb2323ab186f54c62dea4fe
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.connectivity.oda.consumer-3.2.6.v201305170644.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.oda.consumer\3.2.6.v201305170644\45205c69d334dec54f76f8e2a5cacab8accde588\org.eclipse.datatools.connectivity.oda.consumer-3.2.6.v201305170644.jar
MD5: 600a4ccb15bfeb916a514d507e3f6c5d
SHA1: 45205c69d334dec54f76f8e2a5cacab8accde588
SHA256:f336333573701cdb92d5d5751a384cb677380a14b2835b8d7a87cb23f18f0139
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.core.jobs-3.6.0.v20140424-0053.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.core.jobs\3.6.0.v20140424-0053\e013c919510607d9c8ac5585b66ff4ee5e364ec9\org.eclipse.core.jobs-3.6.0.v20140424-0053.jar
MD5: f9c929dce571e15fb713214d4f067470
SHA1: e013c919510607d9c8ac5585b66ff4ee5e364ec9
SHA256:4151a4d9ca4c797892292e688aef0da3649b985c40cc5742d938983f832945d0
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.enablement.ibm.db2.luw.dbdefinition-1.0.4.v201107221502.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.ibm.db2.luw.dbdefinition\1.0.4.v201107221502\7ba2ad3443244862426b20f2da73bb78c7223287\org.eclipse.datatools.enablement.ibm.db2.luw.dbdefinition-1.0.4.v201107221502.jar
MD5: a3575eef5353ab6e216804bb4b99d36e
SHA1: 7ba2ad3443244862426b20f2da73bb78c7223287
SHA256:e6a9e9020760fbe73ee58de23a500ae4599c55f43a2827af890cbd33a70d167f
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2007-2582  

Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a "MemTree overflow."
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CVSSv2:
  • Base Score: HIGH (10.0)
  • Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Vulnerable Software & Versions:

CVE-2007-3676  

IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698.
CWE-399 Resource Management Errors

CVSSv2:
  • Base Score: HIGH (10.0)
  • Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Vulnerable Software & Versions: (show all)

CVE-2007-5090  

Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2007-5652  

IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption.  NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CVSSv2:
  • Base Score: HIGH (7.8)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

Vulnerable Software & Versions: (show all)

CVE-2008-3958  

IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.  NOTE: this may overlap CVE-2008-3858.  NOTE: this issue exists because of an incomplete fix for CVE-2008-3959. http://secunia.com/advisories/31787

Some vulnerabilities have been reported in DB2, where some have an unknown impact and others can be exploited by malicious users to perform certain actions with escalated privileges, and by malicious people to cause a DoS or potentially compromise a vulnerable system.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2008-3959  

IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2008-4691  

Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2008-4692  

The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: HIGH (10.0)
  • Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Vulnerable Software & Versions: (show all)

CVE-2008-4693  

The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES."
CWE-200 Information Exposure

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2009-1239  

IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query.
CWE-200 Information Exposure

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2009-1905  

The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.
CWE-287 Improper Authentication

CVSSv2:
  • Base Score: LOW (2.6)
  • Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2009-2858  

Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure.
CWE-399 Resource Management Errors

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2009-2859  

IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (4.6)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2009-2860  

Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets."
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2010-1560  

Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462.
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2011-0731  

Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors.
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2011-0757  

IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2011-1373  

Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: LOW (1.5)
  • Vector: /AV:L/AC:M/Au:S/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2011-1846  

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757.  NOTE: some of these details are obtained from third party information.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2011-1847  

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement.  NOTE: some of these details are obtained from third party information.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (4.9)
  • Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2012-3324  

Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: HIGH (9.0)
  • Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C

References:

Vulnerable Software & Versions: (show all)

org.eclipse.osgi.services-3.3.100.v20130513-1956.jar

Description:

%osgiServicesDes

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.osgi.services\3.3.100.v20130513-1956\1d73531fac5372870373a06193985611b1239f0c\org.eclipse.osgi.services-3.3.100.v20130513-1956.jar
MD5: 7f7d4198812b01cb7c5a26399af7706f
SHA1: 1d73531fac5372870373a06193985611b1239f0c
SHA256:e90b7a843e9a4d6c33b5e3a76ff3482b8887298308da7e9008bc4c51cd0a8b83
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.core.contenttype-3.4.200.v20130326-1255.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.core.contenttype\3.4.200.v20130326-1255\9a032a98b4b139fa91522b10fdc61ffa9864414\org.eclipse.core.contenttype-3.4.200.v20130326-1255.jar
MD5: ae257d3da2fdc3bdd6391fdfcbe9f752
SHA1: 09a032a98b4b139fa91522b10fdc61ffa9864414
SHA256:1aad89a924fd62bb2c596f377d620e5915ebd350c140d60576cf386c3a8202ed
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.emf.ecore.change-2.10.0.v20140901-1043.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.emf.ecore.change\2.10.0.v20140901-1043\c42c134004940345d45bf8367dae63c871a2420f\org.eclipse.emf.ecore.change-2.10.0.v20140901-1043.jar
MD5: 374a1da708946f84e519eeed88f7062b
SHA1: c42c134004940345d45bf8367dae63c871a2420f
SHA256:ae2b276b74fb4b136453648f6995b69238b795860b6fd9f81a12329113ab002d
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.connectivity.oda.profile-3.2.9.v201403131814.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.oda.profile\3.2.9.v201403131814\2f795c899dac80982e95c9e2d5413ef88031cdab\org.eclipse.datatools.connectivity.oda.profile-3.2.9.v201403131814.jar
MD5: d6c9ad09ad88bc0daf6b3413d14d546b
SHA1: 2f795c899dac80982e95c9e2d5413ef88031cdab
SHA256:3ec98e1a1273efc25c90852f708023f392792d5d96c5995e6e1c71463e419f53
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.core.filesystem-1.4.0.v20130514-1240.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.core.filesystem\1.4.0.v20130514-1240\e26398a301d91db6516debe38664239481d4b309\org.eclipse.core.filesystem-1.4.0.v20130514-1240.jar
MD5: 7f664cc54d9bc005c089087c867e6899
SHA1: e26398a301d91db6516debe38664239481d4b309
SHA256:b4aaf74328592b6010a16a28c4846ad7933cd713679d47d884450ae0c7a28f07
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.connectivity-1.2.11.v201401230755.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity\1.2.11.v201401230755\2e2f258cf40953e97423343786eed44aaef5e207\org.eclipse.datatools.connectivity-1.2.11.v201401230755.jar
MD5: c8631d909028582b83a8df2e9691c6b9
SHA1: 2e2f258cf40953e97423343786eed44aaef5e207
SHA256:8730b74a30cd32b0b694f36328310123db1cef5202de6e29a28bb0964660c945
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.equinox.preferences-3.5.100.v20130422-1538.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.equinox.preferences\3.5.100.v20130422-1538\bc48b6b0c00898d5eb2cbd6024fc0235ae04f3d2\org.eclipse.equinox.preferences-3.5.100.v20130422-1538.jar
MD5: fc94bbfa2dcfe6b40cefce0f5a305f3a
SHA1: bc48b6b0c00898d5eb2cbd6024fc0235ae04f3d2
SHA256:511aaf347af80eed12c19abe0246f07ff56a13af34c96b2290eaf663ceb6ca26
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.emf.ecore-2.10.1.v20140901-1043.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.emf.ecore\2.10.1.v20140901-1043\2da5a93e1d6eb2b6f78f215accc3304209b26104\org.eclipse.emf.ecore-2.10.1.v20140901-1043.jar
MD5: 28268d1878d5c7fc0248e1d24ca372db
SHA1: 2da5a93e1d6eb2b6f78f215accc3304209b26104
SHA256:a2bb024d13066023fa3684a25a9ccacd0115e7766e540bc880d5683f2d98a4d8
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.core.resources-3.9.1.v20140825-1431.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.core.resources\3.9.1.v20140825-1431\24a0e4b809d9cb102e7bf8123a2844657b916090\org.eclipse.core.resources-3.9.1.v20140825-1431.jar
MD5: 948716ccf019137b26949aab7d2e72f0
SHA1: 24a0e4b809d9cb102e7bf8123a2844657b916090
SHA256:8bd071e1169e518765189c35dd38eaabc17aae65a3c4335ca49f218c2bd3c392
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.connectivity.oda.flatfile-3.1.8.v201403010906.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.oda.flatfile\3.1.8.v201403010906\3c62f783f8ac17aca5250f2a640dfd85c1df9178\org.eclipse.datatools.connectivity.oda.flatfile-3.1.8.v201403010906.jar
MD5: 3e014761ed380e969a586131b8138f5f
SHA1: 3c62f783f8ac17aca5250f2a640dfd85c1df9178
SHA256:44ef56256bafa2b38cc6ff4b6968849d3ee8f0b94ca454b7852fccf7eb21e015
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.enablement.ibm.db2.luw-1.0.2.v201107221502.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.ibm.db2.luw\1.0.2.v201107221502\3e9920ed389a8eba9ba8ce46d0c0e8ac6da5b41d\org.eclipse.datatools.enablement.ibm.db2.luw-1.0.2.v201107221502.jar
MD5: e38c42056dcd4e9928c7f477d936a919
SHA1: 3e9920ed389a8eba9ba8ce46d0c0e8ac6da5b41d
SHA256:b16d551b2ddd33481fda4f132b5f63235c4241ecd500b092a162b724e8b83201
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2007-2582  

Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a "MemTree overflow."
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CVSSv2:
  • Base Score: HIGH (10.0)
  • Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Vulnerable Software & Versions:

CVE-2007-3676  

IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698.
CWE-399 Resource Management Errors

CVSSv2:
  • Base Score: HIGH (10.0)
  • Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Vulnerable Software & Versions: (show all)

CVE-2007-5090  

Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2007-5652  

IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption.  NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CVSSv2:
  • Base Score: HIGH (7.8)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

Vulnerable Software & Versions: (show all)

CVE-2008-3958  

IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.  NOTE: this may overlap CVE-2008-3858.  NOTE: this issue exists because of an incomplete fix for CVE-2008-3959. http://secunia.com/advisories/31787

Some vulnerabilities have been reported in DB2, where some have an unknown impact and others can be exploited by malicious users to perform certain actions with escalated privileges, and by malicious people to cause a DoS or potentially compromise a vulnerable system.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2008-3959  

IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2008-4691  

Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2008-4692  

The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: HIGH (10.0)
  • Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Vulnerable Software & Versions: (show all)

CVE-2008-4693  

The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES."
CWE-200 Information Exposure

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2009-1239  

IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query.
CWE-200 Information Exposure

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2009-1905  

The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.
CWE-287 Improper Authentication

CVSSv2:
  • Base Score: LOW (2.6)
  • Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2009-2858  

Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure.
CWE-399 Resource Management Errors

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2009-2859  

IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (4.6)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2009-2860  

Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets."
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2010-1560  

Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462.
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2011-0731  

Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors.
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2011-0757  

IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2011-1373  

Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: LOW (1.5)
  • Vector: /AV:L/AC:M/Au:S/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2011-1846  

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757.  NOTE: some of these details are obtained from third party information.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2011-1847  

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement.  NOTE: some of these details are obtained from third party information.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (4.9)
  • Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2012-3324  

Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: HIGH (9.0)
  • Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C

References:

Vulnerable Software & Versions: (show all)

org.eclipse.update.configurator-3.3.200.v20130326-1319.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.update.configurator\3.3.200.v20130326-1319\4375455f2f0bd4f014e79758bbb3d4b7340e2943\org.eclipse.update.configurator-3.3.200.v20130326-1319.jar
MD5: 6af0b597ad8ab9b35422f6170e31b594
SHA1: 4375455f2f0bd4f014e79758bbb3d4b7340e2943
SHA256:1c421e3365293d3a0e86247274a9969d9aefb957b7ae2f51d14ab8673ef83ef4
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.connectivity.oda-3.4.3.v201405301249.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.oda\3.4.3.v201405301249\91fa06c7a97275ea799fec9d557fc60def2e443d\org.eclipse.datatools.connectivity.oda-3.4.3.v201405301249.jar
MD5: 27cd0708de3587669ce5757e86d90a42
SHA1: 91fa06c7a97275ea799fec9d557fc60def2e443d
SHA256:2cef862a717c29a277a6f6ec0b839fd510ec5c616a7489233833821c16f73b5c
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.emf-2.6.0.v20140901-1055.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.emf\2.6.0.v20140901-1055\11d8c54ef675a951256777a9f36ebf7e1646ffd6\org.eclipse.emf-2.6.0.v20140901-1055.jar
MD5: 9a377c1c93e9f69918196678d59a8ca8
SHA1: 11d8c54ef675a951256777a9f36ebf7e1646ffd6
SHA256:24be912ab462290feea1d958603a84c741a20ca8e29233625b2f9da5642c41bb
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.w3c.dom.smil-1.0.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.w3c.dom.smil\1.0.0\674bdda9162b48419741da833e445e190f33a58a\org.w3c.dom.smil-1.0.0.jar
MD5: c2494764f38da65d09ce0a0444d00dcd
SHA1: 674bdda9162b48419741da833e445e190f33a58a
SHA256:7e2d3ac4a793aadc06500acff3b1741b58688217e8b06ad61fde2b629ee5c994
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.enablement.hsqldb.dbdefinition-1.0.0.v201107221502.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.hsqldb.dbdefinition\1.0.0.v201107221502\aa3214296e97b4dfd14345acea23f2c92e992c36\org.eclipse.datatools.enablement.hsqldb.dbdefinition-1.0.0.v201107221502.jar
MD5: 05e41d890be61af0474adb514358d03c
SHA1: aa3214296e97b4dfd14345acea23f2c92e992c36
SHA256:992494a79cfbcf9d9e06ad68dd8612d629be5287670b630acf8e2556dc803d10
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.modelbase.derby-1.0.0.v201107221519.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.modelbase.derby\1.0.0.v201107221519\93018a0f0e585dd4ceb70e849570d6143034273a\org.eclipse.datatools.modelbase.derby-1.0.0.v201107221519.jar
MD5: 690932e0843d8a64619cc8a9b8e39408
SHA1: 93018a0f0e585dd4ceb70e849570d6143034273a
SHA256:ec2bcc102b82c07c2bafb927fd4d838eff8f192a135d9dcf938655744a94678a
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.apache.batik.parser-1.6.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.parser\1.6.0\5e6dd459704dd6bd168f1b030cb739872e994339\org.apache.batik.parser-1.6.0.jar
MD5: e9438886ce3c270c3ab3d8a3153607c6
SHA1: 5e6dd459704dd6bd168f1b030cb739872e994339
SHA256:01d2f2340b1090dabb1ec0cb845a17e056493129fd26a7cebab986f1e3a8a906
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2015-0250  

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2017-5662  

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: HIGH (7.9)
  • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.3)
  • Vector: /AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2018-8013  

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

org.eclipse.equinox.common-3.6.200.v20130402-1505.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.equinox.common\3.6.200.v20130402-1505\550778d95ea4d5f2fee765e85eb799cec21067e0\org.eclipse.equinox.common-3.6.200.v20130402-1505.jar
MD5: 551dd5efb955af78e2794fb67a30be0c
SHA1: 550778d95ea4d5f2fee765e85eb799cec21067e0
SHA256:2ecab0c1f30197fdbb34158fa98eaf86caf4d6b478bb62d02b61172626424671
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.apache.batik.util.gui-1.6.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.util.gui\1.6.0\6afa9107935bdeede0487c770bb0537b1a341c81\org.apache.batik.util.gui-1.6.0.jar
MD5: 37cc80a8417e17b2f43b85f871b67714
SHA1: 6afa9107935bdeede0487c770bb0537b1a341c81
SHA256:59e05961020cb2de4ea224d48bf6758e74e58af30a4c5c81d9b500f8f4ab6b30
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2015-0250  

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2017-5662  

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: HIGH (7.9)
  • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.3)
  • Vector: /AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2018-8013  

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

javax.xml.stream-1.0.1.v201004272200.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\javax.xml.stream\1.0.1.v201004272200\3a4f0067058e2aa9af1c6e463bc8a147a99681c0\javax.xml.stream-1.0.1.v201004272200.jar
MD5: dfb3dc47c90f4273c2036aab23ee4fe3
SHA1: 3a4f0067058e2aa9af1c6e463bc8a147a99681c0
SHA256:2219f4681abc0d35d0b3e94d09b60554db7e261be812abd27b077c1719edd8cd
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.enablement.ibm.informix-1.0.1.v201107221502.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.ibm.informix\1.0.1.v201107221502\8c1d7354580604905a00c7d9acce3fbc5696b537\org.eclipse.datatools.enablement.ibm.informix-1.0.1.v201107221502.jar
MD5: 9ffbdc7f0a83fbbb1d64cb3b9578e3fa
SHA1: 8c1d7354580604905a00c7d9acce3fbc5696b537
SHA256:203c8cf48528765abca90fc1a6a9fae5ebb46b4e449a31d6a6aef476a0953df0
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.apache.batik.svggen-1.6.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.svggen\1.6.0\5cb65af57bdfd093c47b3cf7bc8bb57e10f5451\org.apache.batik.svggen-1.6.0.jar
MD5: 2239ba844d960edd4874475630daf205
SHA1: 05cb65af57bdfd093c47b3cf7bc8bb57e10f5451
SHA256:d292338160b4e81b52afe890e0196ca0bae88f0ac82533f6782faf583ab1461d
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2015-0250  

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2017-5662  

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: HIGH (7.9)
  • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.3)
  • Vector: /AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2018-8013  

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

org.apache.batik.dom-1.6.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.dom\1.6.0\e9fe8d31ea04c6cd566e35f61524e561821bbe57\org.apache.batik.dom-1.6.0.jar
MD5: d894d215bb57972a2c912016a7c8af26
SHA1: e9fe8d31ea04c6cd566e35f61524e561821bbe57
SHA256:971040d8d9a1cd67f3eb172edce9850261dd6287174d5aa718e3db88d1bac4ae
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2015-0250  

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2017-5662  

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: HIGH (7.9)
  • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.3)
  • Vector: /AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2018-8013  

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

org.apache.batik.css-1.6.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.css\1.6.0\1e54558f0ad4b78f907f3461c14c7a7a91aecab2\org.apache.batik.css-1.6.0.jar
MD5: a6b1201c835cb3e98733bd3214cb460e
SHA1: 1e54558f0ad4b78f907f3461c14c7a7a91aecab2
SHA256:330230ef1445f554fef4420a3fa1209048a4896250bf82d36adfe0b6ed142d81
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2015-0250  

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2017-5662  

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: HIGH (7.9)
  • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.3)
  • Vector: /AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2018-8013  

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

org.eclipse.datatools.enablement.mysql-1.0.4.v201212120617.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.mysql\1.0.4.v201212120617\b8862d790cf4715ce8b1a5c54d9fa9ee2557154f\org.eclipse.datatools.enablement.mysql-1.0.4.v201212120617.jar
MD5: 44f378e79fa8e6401887f374b6a8ebad
SHA1: b8862d790cf4715ce8b1a5c54d9fa9ee2557154f
SHA256:417c87852dfbce79a0c4ed9a9e05c4690a60318e1d1169d109592ad9af5b5ea3
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.connectivity.db.generic-1.0.1.v201107221459.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.db.generic\1.0.1.v201107221459\4dd3c5554bea2302448e4201167e36e2bf11d383\org.eclipse.datatools.connectivity.db.generic-1.0.1.v201107221459.jar
MD5: 43b6a19ecae85c97702103d4e3aad0e2
SHA1: 4dd3c5554bea2302448e4201167e36e2bf11d383
SHA256:0df54bda2acabc573091b4b8467a73107a28fb20c7eb9c704731dea48bb0c4d6
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.enablement.hsqldb-1.0.0.v201107221502.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.hsqldb\1.0.0.v201107221502\5f987f4588c989290c038bd70460c36caa972c0b\org.eclipse.datatools.enablement.hsqldb-1.0.0.v201107221502.jar
MD5: 7acc8fad3f0bc091eaa32030fb8cdbf5
SHA1: 5f987f4588c989290c038bd70460c36caa972c0b
SHA256:19762c51cdb7633c41d96e7918a59f25182a394a0084efb878a6105ee96c74f9
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.enablement.msft.sqlserver.dbdefinition-1.0.1.v201201240505.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.msft.sqlserver.dbdefinition\1.0.1.v201201240505\d18a0cca80deb6331f1caffea5abc8fa34e2060e\org.eclipse.datatools.enablement.msft.sqlserver.dbdefinition-1.0.1.v201201240505.jar
MD5: 4b552c372d4c69ed407bdc1bf5abbc9a
SHA1: d18a0cca80deb6331f1caffea5abc8fa34e2060e
SHA256:e0ee2f2b61df9cd7b8bcfa98d0fcf319b6ef8b487957063af3f65ff21380c39d
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.apache.xml.resolver-1.2.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.xml.resolver\1.2.0\7c9c22053b04772e81dc62d665b202eeae82ae47\org.apache.xml.resolver-1.2.0.jar
MD5: f29e4c1d4936c28395beee34a755f3a6
SHA1: 7c9c22053b04772e81dc62d665b202eeae82ae47
SHA256:c4f583974b3fb788f5765450b4ec5dc18488bb0b05e4ee8bb760d0ddeaf2758a
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.enablement.ibm.informix.dbdefinition-1.0.4.v201107221502.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.ibm.informix.dbdefinition\1.0.4.v201107221502\1587982c1ed42ca42e1fe02f1a3baf1faa4bcbb2\org.eclipse.datatools.enablement.ibm.informix.dbdefinition-1.0.4.v201107221502.jar
MD5: bd94b57db3ac938c9a517371dd9e8923
SHA1: 1587982c1ed42ca42e1fe02f1a3baf1faa4bcbb2
SHA256:3c324cf8c76c9f22af2eb883360c61afd88139d5e12b928a724aee061be3b401
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.modelbase.sql-1.0.6.v201208230744.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.modelbase.sql\1.0.6.v201208230744\731de727a1154c562038b045fa247716f68e93fe\org.eclipse.datatools.modelbase.sql-1.0.6.v201208230744.jar
MD5: b73d784c71179bd2ab08499c373cd2c0
SHA1: 731de727a1154c562038b045fa247716f68e93fe
SHA256:e30af0c22c2ea7c903d710a804390a6a6228f927ef05ffcd81c4a9a1ff296b90
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.w3c.dom.svg-1.1.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.w3c.dom.svg\1.1.0\9c6413ed43b4e9ba56982a554e03bd012cc44ed9\org.w3c.dom.svg-1.1.0.jar
MD5: dcf64eb5f94cf993600f30aac878d329
SHA1: 9c6413ed43b4e9ba56982a554e03bd012cc44ed9
SHA256:0e23a9b5f8f92b8edff8a443fb27e79411f2474d8f352361a08a280de35dfdd2
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.apache.batik.dom.svg-1.6.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.dom.svg\1.6.0\ce507ddef394d6c6771bc8692c7db6afb1da4fa0\org.apache.batik.dom.svg-1.6.0.jar
MD5: e3093fc8645d18d9241c1db7b9064e32
SHA1: ce507ddef394d6c6771bc8692c7db6afb1da4fa0
SHA256:73ca792f3842f36843b714b9a2894997ef740a4946f138f60e820721b8d60506
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2015-0250  

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2017-5662  

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: HIGH (7.9)
  • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.3)
  • Vector: /AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2018-8013  

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

org.apache.batik.ext.awt-1.6.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.ext.awt\1.6.0\4df20bee143553a89b26bc06411eb4dcf44ec18e\org.apache.batik.ext.awt-1.6.0.jar
MD5: 66ec3f38f8f1ab368acd97dea9d554a5
SHA1: 4df20bee143553a89b26bc06411eb4dcf44ec18e
SHA256:55a62c3b7d8083c3a0b07caa4daeba851f1c531ee2ad792e5fc794774fab5e97
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2015-0250  

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2017-5662  

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: HIGH (7.9)
  • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.3)
  • Vector: /AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2018-8013  

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

org.mozilla.javascript-1.7.2.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.mozilla.javascript\1.7.2\b520e18bd357a47deb2e902ce49533564236219b\org.mozilla.javascript-1.7.2.jar
MD5: ec441f8787033e99da1eb599e021dc78
SHA1: b520e18bd357a47deb2e902ce49533564236219b
SHA256:ead29daa0ec823d30c55d4ffe8236287216c32b6ff4534b1e99dbe8bcb18ffbf
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.enablement.postgresql-1.1.1.v201205252207.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.postgresql\1.1.1.v201205252207\ddd733b059a41aa86aceed5344d1b4799802f5c0\org.eclipse.datatools.enablement.postgresql-1.1.1.v201205252207.jar
MD5: 0e1243739661726d3a98234922777ee9
SHA1: ddd733b059a41aa86aceed5344d1b4799802f5c0
SHA256:c8f86019064cdae280491e97602bbe482de81c93a9f4b4de7d6d99cd6feb3a60
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2007-2138  

Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (6.0)
  • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2010-0733  

Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations.
CWE-189 Numeric Errors

CVSSv2:
  • Base Score: LOW (3.5)
  • Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0060  

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0061  

The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0062  

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv2:
  • Base Score: MEDIUM (4.9)
  • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0063  

Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0064  

Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow.  NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector.
CWE-189 Numeric Errors

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0065  

Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063.
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0066  

The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0067  

The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (4.6)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2015-3165  

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence. <a href="http://cwe.mitre.org/data/definitions/415.html">CWE-415: Double Free</a>
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2015-5288  

The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.
CWE-200 Information Exposure

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2015-5289  

Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2016-0766  

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: HIGH (9.0)
  • Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2016-0768  

PostgreSQL PL/Java after 9.0 does not honor access controls on large objects.
CWE-284 Improper Access Control

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2016-0773  

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2016-5423  

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.
CWE-476 NULL Pointer Dereference

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.3)
  • Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2016-5424  

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.
CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv2:
  • Base Score: MEDIUM (4.6)
  • Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.1)
  • Vector: /AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2016-7048  

The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.
CWE-284 Improper Access Control

CVSSv2:
  • Base Score: HIGH (9.3)
  • Vector: /AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2017-14798  

A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv2:
  • Base Score: MEDIUM (6.9)
  • Vector: /AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.0)
  • Vector: /AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

CVE-2017-7484  

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.
CWE-200 Information Exposure

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1115  

postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: CRITICAL (9.1)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

org.apache.batik.transcoder-1.6.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.transcoder\1.6.0\fc5d9326a3195f15781d2fcea862ec1767e30ebf\org.apache.batik.transcoder-1.6.0.jar
MD5: 68731962320372175c3b07cc97ab155b
SHA1: fc5d9326a3195f15781d2fcea862ec1767e30ebf
SHA256:8a32c02690a1f455baaa1d0d9111f3b596eea63a8c0b0b07c78dff2d1302ce5c
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2015-0250  

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2017-5662  

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: HIGH (7.9)
  • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.3)
  • Vector: /AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2018-8013  

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

org.eclipse.datatools.connectivity.apache.derby.dbdefinition-1.0.2.v201107221459.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.apache.derby.dbdefinition\1.0.2.v201107221459\be66d744ac0e8f011055c37eb6c0b0b8de2d0978\org.eclipse.datatools.connectivity.apache.derby.dbdefinition-1.0.2.v201107221459.jar
MD5: 4d3e4a2cbaabc2bfa5aefb557d61ae37
SHA1: be66d744ac0e8f011055c37eb6c0b0b8de2d0978
SHA256:d231ef4aab61457d9ddc466a9abb7febdebff36116da9c8ccb8a8e8dffb98522
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2005-4849  

Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
CWE-200 Information Exposure

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions:

CVE-2009-4269  

The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution. Per https://issues.apache.org/jira/browse/DERBY-4483, the reported version affected is 10.5.3.0.  Unable to determine if affected versions exist between 10.5.3.0 and 10.6.1.0
CWE-310 Cryptographic Issues

CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions:

org.eclipse.datatools.enablement.oracle-1.0.0.v201107221506.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.oracle\1.0.0.v201107221506\5628f462cfa241fff7b11f1df4c21802f174dd08\org.eclipse.datatools.enablement.oracle-1.0.0.v201107221506.jar
MD5: 4be65c4c38bee9128501d3169da945b2
SHA1: 5628f462cfa241fff7b11f1df4c21802f174dd08
SHA256:ce20db4c5983ddd01823f40943ab19582407658eacc006e6a2cfcf550e9ab96c
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.apache.batik.util-1.6.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.util\1.6.0\74aafd6361820f7e67474e78b16fd4365d1a58a\org.apache.batik.util-1.6.0.jar
MD5: 3db4ec82c64ef8c985a818dc0fcde67e
SHA1: 074aafd6361820f7e67474e78b16fd4365d1a58a
SHA256:bfef3b67286b9f9213e9cb58cec25e5549e4e3db54332951466ae07931672a03
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2015-0250  

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2017-5662  

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: HIGH (7.9)
  • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.3)
  • Vector: /AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2018-8013  

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

org.eclipse.datatools.enablement.oracle.dbdefinition-1.0.103.v201206010214.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.oracle.dbdefinition\1.0.103.v201206010214\af90f9d09101fb165a260896477c01385b6c8fd1\org.eclipse.datatools.enablement.oracle.dbdefinition-1.0.103.v201206010214.jar
MD5: f7cd9df4d5a76c851f3097996214862b
SHA1: af90f9d09101fb165a260896477c01385b6c8fd1
SHA256:f3c660eddac572a4dde0da2b604191d1fcb51338b270f6e66fbcbf18bf9d8abd
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.apache.batik.xml-1.6.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.xml\1.6.0\8b3fbec88190a39eae4de5088a1199f23526258e\org.apache.batik.xml-1.6.0.jar
MD5: 4291f7898be4dcba99ba8dacfb8e9122
SHA1: 8b3fbec88190a39eae4de5088a1199f23526258e
SHA256:cb1534111a61351337954a883b71fd374757335ac0cc6479a7be043a216f61d3
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2015-0250  

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2017-5662  

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: HIGH (7.9)
  • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.3)
  • Vector: /AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2018-8013  

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

org.apache.xml.serializer-2.7.1.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.xml.serializer\2.7.1\a8508e22414c8e12cdfdc42b25a7c7efa4004556\org.apache.xml.serializer-2.7.1.jar
MD5: 6bfe11d68939f35a28c21d309835adc3
SHA1: a8508e22414c8e12cdfdc42b25a7c7efa4004556
SHA256:14865b554bec2e890ca803c8229ccee8bd4e92d999f71f7f11eb70264c9256f5
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.apache.xerces-2.9.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.xerces\2.9.0\615a1b724b88b81e8a040ec148fd25368f7b48e5\org.apache.xerces-2.9.0.jar
MD5: 99108dc0a0b108c5f3651f97bdc22084
SHA1: 615a1b724b88b81e8a040ec148fd25368f7b48e5
SHA256:6660dd2a1eb1abbc8d841b6e3d5805e6386ee3f555b8073c849c76b641280e28
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.modelbase.sql.query-1.1.4.v201212120619.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.modelbase.sql.query\1.1.4.v201212120619\663bfc41efd6030a37f7e6e7baf3b259606c1bcc\org.eclipse.datatools.modelbase.sql.query-1.1.4.v201212120619.jar
MD5: c5bdb5c33253c78e9cf3fceb476357f2
SHA1: 663bfc41efd6030a37f7e6e7baf3b259606c1bcc
SHA256:891ad6f0a60bd99e1d67f15316ea96ac268e3de6730e3c07aaaadf96f2041a41
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.modelbase.dbdefinition-1.0.2.v201107221519.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.modelbase.dbdefinition\1.0.2.v201107221519\725b5a9cbd280b8e6c9a6fd32cbe44bf1aae10a3\org.eclipse.datatools.modelbase.dbdefinition-1.0.2.v201107221519.jar
MD5: 8bf72752aec7975cbe3fc13a56137975
SHA1: 725b5a9cbd280b8e6c9a6fd32cbe44bf1aae10a3
SHA256:e0c0c3104f1f3249f23bdff035934641beeb4299dfc509f7c1d416cd14d4ef05
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.enablement.mysql.dbdefinition-1.0.4.v201109022331.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.mysql.dbdefinition\1.0.4.v201109022331\7b1abc387591d4a9427bb13344243a220a5d751b\org.eclipse.datatools.enablement.mysql.dbdefinition-1.0.4.v201109022331.jar
MD5: dfa223ea33f41fe22cf29c3e57248628
SHA1: 7b1abc387591d4a9427bb13344243a220a5d751b
SHA256:f07f63d2503f6c3fc8202d96d20153b932d6ca6e04a247d7d97524aa7b0f6bdb
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.orbit.mongodb-2.10.1.v20130422-1135.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.orbit.mongodb\2.10.1.v20130422-1135\98f0232dc80679a3f5c1effe15344dc7ceac98dc\org.eclipse.orbit.mongodb-2.10.1.v20130422-1135.jar
MD5: aeb824a874797d3ce55dec345ab6d44c
SHA1: 98f0232dc80679a3f5c1effe15344dc7ceac98dc
SHA256:0c6f13597556cd2e5bbf8b52c53c327664c5dea9bc1a061b0115f4744a49665e
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

javax.wsdl-1.5.1.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\javax.wsdl\1.5.1\29ec6b1964b05d6ff9728226d2a1e61fab3ac95c\javax.wsdl-1.5.1.jar
MD5: bf0c1e9a2431ee46940855f7c92628d8
SHA1: 29ec6b1964b05d6ff9728226d2a1e61fab3ac95c
SHA256:f175ab1184f620d48c32b7123ab6be86aa7f68e57eae7a22c9859cd51ffbbcc8
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

Tidy-1.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\Tidy\1\63b1e38f4ca630dbac3d2072cda2a9336914d10c\Tidy-1.jar
MD5: 00418be9ec69f7f9a2dda911a1e77eaf
SHA1: 63b1e38f4ca630dbac3d2072cda2a9336914d10c
SHA256:903b6a7c98f4b98e0e78216697b6c30bb2c1c93f23e279aec8f6b30694beef0a
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.enablement.postgresql.dbdefinition-1.0.2.v201110070445.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.postgresql.dbdefinition\1.0.2.v201110070445\8021bc614192f060a880cc407aba8adcfea6fb7f\org.eclipse.datatools.enablement.postgresql.dbdefinition-1.0.2.v201110070445.jar
MD5: 505940588e48631bd378b83030fa966e
SHA1: 8021bc614192f060a880cc407aba8adcfea6fb7f
SHA256:15adafda270ea539d946c78034a20c88ffee09e0cb097d4b7c428e59df701b74
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2007-2138  

Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (6.0)
  • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2010-0733  

Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations.
CWE-189 Numeric Errors

CVSSv2:
  • Base Score: LOW (3.5)
  • Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0060  

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0061  

The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0062  

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv2:
  • Base Score: MEDIUM (4.9)
  • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0063  

Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0064  

Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow.  NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector.
CWE-189 Numeric Errors

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0065  

Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063.
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0066  

The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2014-0067  

The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (4.6)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2015-3165  

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence. <a href="http://cwe.mitre.org/data/definitions/415.html">CWE-415: Double Free</a>
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2015-5288  

The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.
CWE-200 Information Exposure

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2015-5289  

Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2016-0766  

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: HIGH (9.0)
  • Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2016-0768  

PostgreSQL PL/Java after 9.0 does not honor access controls on large objects.
CWE-284 Improper Access Control

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2016-0773  

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2016-5423  

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.
CWE-476 NULL Pointer Dereference

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.3)
  • Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2016-5424  

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.
CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv2:
  • Base Score: MEDIUM (4.6)
  • Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.1)
  • Vector: /AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2016-7048  

The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.
CWE-284 Improper Access Control

CVSSv2:
  • Base Score: HIGH (9.3)
  • Vector: /AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2017-14798  

A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv2:
  • Base Score: MEDIUM (6.9)
  • Vector: /AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.0)
  • Vector: /AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

CVE-2017-7484  

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.
CWE-200 Information Exposure

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1115  

postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: CRITICAL (9.1)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

org.w3c.css.sac-1.3.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.w3c.css.sac\1.3.0\8dfb0e08c19f3b47290096d27ab71ed4f2a5000a\org.w3c.css.sac-1.3.0.jar
MD5: 5e7f05aba6c35250a6f0345a5f9c8ca0
SHA1: 8dfb0e08c19f3b47290096d27ab71ed4f2a5000a
SHA256:2acffb2dc60f1ab65fd9f1b7cc5324cc5108f00fd4e3080350d73f5dba71c09b
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.enablement.msft.sqlserver-1.0.2.v201212120617.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.msft.sqlserver\1.0.2.v201212120617\bff9658c0858cea81b373f1488274a1d9d200cc6\org.eclipse.datatools.enablement.msft.sqlserver-1.0.2.v201212120617.jar
MD5: 17b87437049e6d36e46af23c8e4faac8
SHA1: bff9658c0858cea81b373f1488274a1d9d200cc6
SHA256:daa6aca3bb34b44e98835c1397a0ab43be90d9828519d1559b0ada250b913a49
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

flute-1.3.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.milyn\flute\1.3\b7d59dc172005598b55699b1a75605b13c14f1fd\flute-1.3.jar
MD5: 2f2e13cd3523c545dd1c4617b373692c
SHA1: b7d59dc172005598b55699b1a75605b13c14f1fd
SHA256:36d1457d0b8fc2d5b602eadc20a1abec80e6a1c88d7c282b4d232d1ee60610c7
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.eclipse.datatools.connectivity.apache.derby-1.0.103.v201212070447.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.apache.derby\1.0.103.v201212070447\2257789d5761585d498d13bb2269c180c970f28d\org.eclipse.datatools.connectivity.apache.derby-1.0.103.v201212070447.jar
MD5: b9aeb8aeaa0809e9dc4a15388ec82d8f
SHA1: 2257789d5761585d498d13bb2269c180c970f28d
SHA256:2c3922c9c7a4c5127f422b0cc63bbb5832beac227266cb5798ef44b3aa610bca
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2005-4849  

Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
CWE-200 Information Exposure

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions:

CVE-2009-4269  

The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution. Per https://issues.apache.org/jira/browse/DERBY-4483, the reported version affected is 10.5.3.0.  Unable to determine if affected versions exist between 10.5.3.0 and 10.6.1.0
CWE-310 Cryptographic Issues

CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions:

org.eclipse.datatools.connectivity.console.profile-1.0.10.v201109250955.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.console.profile\1.0.10.v201109250955\2c338e35fc23603cea9ebaf5177a0c042f38eea1\org.eclipse.datatools.connectivity.console.profile-1.0.10.v201109250955.jar
MD5: 9b8e7f6c69a0bf165645503775af9154
SHA1: 2c338e35fc23603cea9ebaf5177a0c042f38eea1
SHA256:58b381c667266c82b6a8b20b21ef23ca8e7ca9613cb0025c87db292a887d92ff
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.apache.commons.codec-1.3.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.commons.codec\1.3.0\72c73f3729b4ca49dac8691fb5adb194e8595799\org.apache.commons.codec-1.3.0.jar
MD5: e411b9d204b1a91d62b830a86e1f44ff
SHA1: 72c73f3729b4ca49dac8691fb5adb194e8595799
SHA256:47dc744368dc7a4cde2be1e9d9e744ec014dca27ff7a23722da12db10e67419e
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

com.lowagie.text-2.1.7.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\com.lowagie.text\2.1.7\18d4c7c2014447eacfd00c65c717b3cfc422407b\com.lowagie.text-2.1.7.jar
MD5: af7c1521ab58701d3a0cadc29ef3d15a
SHA1: 18d4c7c2014447eacfd00c65c717b3cfc422407b
SHA256:46701d9aa111f855f742a1544930a7dcbb453d7e400c2509b89fa6fb6aaa6563
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

org.apache.batik.bridge-1.6.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.bridge\1.6.0\e2db6eb9029356884f123a60e9b72a51919e9a6f\org.apache.batik.bridge-1.6.0.jar
MD5: e0136e6d36f5140dfea96ff1f3fea441
SHA1: e2db6eb9029356884f123a60e9b72a51919e9a6f
SHA256:d185ce93c3db5d12be433d740b4157750d9319dd2154303bff2d2b05ae2aaa07
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2015-0250  

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2017-5662  

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: HIGH (7.9)
  • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.3)
  • Vector: /AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2018-8013  

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

aopalliance-1.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\aopalliance\aopalliance\1.0\235ba8b489512805ac13a8f9ea77a1ca5ebe3e8\aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
SHA256:0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

person-directory-api-1.5.0-RC5.jar

Description:

Provides a general interface for accessing attributes for a person.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jasig.service\person-directory-api\1.5.0-RC5\a2f4804d335d3cfe6a4bb3407dcf9fb88d396700\person-directory-api-1.5.0-RC5.jar
MD5: 342160c7a8e7d47a934fc442503f219b
SHA1: a2f4804d335d3cfe6a4bb3407dcf9fb88d396700
SHA256:60c893580cf801c6e5281d209ea53bfde23e1f3f036557610ecd16f2bc96ca70
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

ejb3-persistence-1.0.1.GA.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.hibernate\ejb3-persistence\1.0.1.GA\f502b2c96c95e087435c79d3d6c9aa85bb1154bc\ejb3-persistence-1.0.1.GA.jar
MD5: d46c8f0555d95027269259dd04f6b10c
SHA1: f502b2c96c95e087435c79d3d6c9aa85bb1154bc
SHA256:ebbc32c12fd77af31e1617d68ea7c25500a4f2f6b043b7d56b714af09f25450d
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

aspectjrt-1.5.3.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\aspectj\aspectjrt\1.5.3\80e9fde0223721baefb5df5f251888cc2456ed6\aspectjrt-1.5.3.jar
MD5: 6b097361bf7d1643bba896eb6b9ff156
SHA1: 080e9fde0223721baefb5df5f251888cc2456ed6
SHA256:6d0c5989e80a7554dc339798c45a9534db2720f3a02f5191005a6367b5c262e5
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

ognl-2.6.9.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\ognl\ognl\2.6.9\fad9692184899994e977b647998f9fa4a9cfec35\ognl-2.6.9.jar
MD5: fb4d30eab3ed221ada77479685d608c2
SHA1: fad9692184899994e977b647998f9fa4a9cfec35
SHA256:4d80ca195e46590604a969314edd317b67f65f1dc87518de54326fc341823b76
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2016-3093  

Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

Vulnerable Software & Versions: (show all)

jakarta.activation-api-1.2.1.jar

Description:

JavaBeans Activation Framework API jar

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\jakarta.activation\jakarta.activation-api\1.2.1\562a587face36ec7eff2db7f2fc95425c6602bc1\jakarta.activation-api-1.2.1.jar
MD5: 9b647398add993324d3d9e5effa6005a
SHA1: 562a587face36ec7eff2db7f2fc95425c6602bc1
SHA256:8b0a0f52fa8b05c5431921a063ed866efaa41dadf2e3a7ee3e1961f2b0d9645b
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

xsom-2.3.2.jar

Description:

XML Schema Object Model (XSOM) is a Java library that allows applications to easily parse XML Schema
        documents and inspect information in them. It is expected to be useful for applications that need to take XML
        Schema as an input.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.glassfish.jaxb\xsom\2.3.2\157dc2bf479c524d63a214e8fe9888f45a667db\xsom-2.3.2.jar
MD5: 69490072151ce34b84c8d0990a931c6d
SHA1: 0157dc2bf479c524d63a214e8fe9888f45a667db
SHA256:598196320e56138f78895c9bbc3055983d25b76814f072dfcb836f8cc4437c73
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

codemodel-2.3.2.jar

Description:

The core functionality of the CodeModel java source code generation library

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.glassfish.jaxb\codemodel\2.3.2\143b70e564189b3f71a2e7f02d6bb8c6b16b5632\codemodel-2.3.2.jar
MD5: 8651b4954656d27a3408ffc38f041060
SHA1: 143b70e564189b3f71a2e7f02d6bb8c6b16b5632
SHA256:8a89a76dffb491a3b2bcfcb6e8d9fb2e30ec0c36629a033f90c93182799af773
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

rngom-2.3.2.jar

Description:

        RNGOM is a RelaxNG Object model library (XSOM for RelaxNG).

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.sun.xml.bind.external\rngom\2.3.2\6b8c5d0984c31a01d98290cee4ab9bde13536431\rngom-2.3.2.jar
MD5: 16cae2e80f24e2cf10ad6b5d95114ae0
SHA1: 6b8c5d0984c31a01d98290cee4ab9bde13536431
SHA256:02165b9f0020160873f13e29e243b02e5c578792f9d1f2367fbadfcf8374fc78
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

dtd-parser-1.4.1.jar

Description:

SAX-like API for parsing XML DTDs.

License:

Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.sun.xml.dtd-parser\dtd-parser\1.4.1\c5957db3100f10d1604141ae1545e59e774da2e6\dtd-parser-1.4.1.jar
MD5: 888996ba7078ccac5d93b19b28605ca7
SHA1: c5957db3100f10d1604141ae1545e59e774da2e6
SHA256:7d02cf299162ed207df82a02079d1d9ac4569d34146b4c3ddc7f1de8f9711d46
Referenced In Projects/Scopes:
  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

relaxng-datatype-2.3.2.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.sun.xml.bind.external\relaxng-datatype\2.3.2\d202e2c8bdd0a5286490260e311f0df1955f4dbf\relaxng-datatype-2.3.2.jar
MD5: 0ebc89465bebcaedb3d97ed959b45fa8
SHA1: d202e2c8bdd0a5286490260e311f0df1955f4dbf
SHA256:6a746e2e38eb08b755e1a6b1badc3ab99c1fce81159c1687974da868714a82f5
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jta-1.0.1B.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.transaction\jta\1.0.1B\3dd157a4f4fe115ac5d165d6c21463d0ce9e3c7b\jta-1.0.1B.jar
MD5: c6e3e528816227b97f6b21f709641f8f
SHA1: 3dd157a4f4fe115ac5d165d6c21463d0ce9e3c7b
SHA256:5bc89d0a1caecd25e9323144624fd26df4326c84da8658f08f5cc588ee25cca9
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

asm-attrs-1.5.3.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\asm\asm-attrs\1.5.3\911ca40cdb527969ee47dc6f782425d94a36b510\asm-attrs-1.5.3.jar
MD5: 2f222ca7499ed5bc49fe25a1182c59f7
SHA1: 911ca40cdb527969ee47dc6f782425d94a36b510
SHA256:d505db8910020875a67f6c04b5cf41a2109717d339012a0550e33069aed10a0a
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

dom4j-1.6.1.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\dom4j\dom4j\1.6.1\5d3ccc056b6f056dbf0dddfdf43894b9065a8f94\dom4j-1.6.1.jar
MD5: 4d8f51d3fe3900efc6e395be48030d6d
SHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94
SHA256:593552ffea3c5823c6602478b5002a7c525fd904a3c44f1abe4065c22edfac73
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2018-1000632  

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

antlr-2.7.6.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\antlr\antlr\2.7.6\cf4f67dae5df4f9932ae7810f4548ef3e14dd35e\antlr-2.7.6.jar
MD5: 97c6bb68108a3d68094eab0f67157962
SHA1: cf4f67dae5df4f9932ae7810f4548ef3e14dd35e
SHA256:df74f330d36526ff9e717731fd855152fcff51618f0b5785d0049022f89d568b
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

cglib-2.1_3.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\cglib\cglib\2.1_3\d3851e366b9fe8b7d8215de0f9eb980b359d8de0\cglib-2.1_3.jar
MD5: ce1dce4a5f6865fb88d4c7c2728b78ed
SHA1: d3851e366b9fe8b7d8215de0f9eb980b359d8de0
SHA256:125c9c791d00618a0025a8132c4ba2da05fbcbe14d6c85aecf2a4039c096ac13
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

asm-1.5.3.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\asm\asm\1.5.3\63a2715c39c9e97f88fe371d4441a1b3493d74f9\asm-1.5.3.jar
MD5: ea4119d1471fc3c1af6b216815bd666c
SHA1: 63a2715c39c9e97f88fe371d4441a1b3493d74f9
SHA256:c9c59bc40d0f3947c79dcd8d04a61d363f9764ce8208fdd1e3d88d38f7849582
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

stax-api-1.0-2.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.xml.stream\stax-api\1.0-2\d6337b0de8b25e53e81b922352fbea9f9f57ba0b\stax-api-1.0-2.jar
MD5: 7d18b63063580284c3f5734081fdc99f
SHA1: d6337b0de8b25e53e81b922352fbea9f9f57ba0b
SHA256:e8c70ebd76f982c9582a82ef82cf6ce14a7d58a4a4dca5cb7b7fc988c80089b7
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

barcode4j-fop-ext-2.1.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\net.sf.barcode4j\barcode4j-fop-ext\2.1\38749ed6e6412628c45d5ba344a0ab796e6807f9\barcode4j-fop-ext-2.1.jar
MD5: c78625e84ca0fd2853cf327505d99396
SHA1: 38749ed6e6412628c45d5ba344a0ab796e6807f9
SHA256:b2b219886d8f99ee2f11adbf908711c8de17479621d85b55cbf453248975c726
Referenced In Projects/Scopes:

  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

barcode4j-2.1.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\net.sf.barcode4j\barcode4j\2.1\4b38b2219c0d522fcea8238493f2ea3e238ef529\barcode4j-2.1.jar
MD5: 4fc30cdb7b1abaf1ce08f26b0666e351
SHA1: 4b38b2219c0d522fcea8238493f2ea3e238ef529
SHA256:eb7252cc41a1539bcd018348e9f60e0942872bdaa49c58051e656a6be94969fb
Referenced In Projects/Scopes:

  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

axis2-transport-http-1.7.9.jar

Description:

This inclues all the available transports in Axis2

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.axis2\axis2-transport-http\1.7.9\55057a4120e941a5fd315f051e5455b60f993bcd\axis2-transport-http-1.7.9.jar
MD5: 3a097451ae01f6c5cea9984370a9bd7b
SHA1: 55057a4120e941a5fd315f051e5455b60f993bcd
SHA256:d6973c707a817ed78a292dacf75846e72542338994d7f5160d7648f94015a1fd
Referenced In Projects/Scopes:

  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

axis2-transport-local-1.7.9.jar

Description:

This inclues all the available transports in Axis2

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.axis2\axis2-transport-local\1.7.9\6d55cee0f49ce05eea8597b9762ba7ada85ab67f\axis2-transport-local-1.7.9.jar
MD5: b615a4466a58aca3eeec985ae86b8ee3
SHA1: 6d55cee0f49ce05eea8597b9762ba7ada85ab67f
SHA256:d339a4c8c008134b824ffc2a2ccb2b84c599e6cccf144d3151744565fbfaacff
Referenced In Projects/Scopes:
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

log4j-1.2-api-2.12.1.jar

Description:

The Apache Log4j 1.x Compatibility API

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.logging.log4j\log4j-1.2-api\2.12.1\ee0862319f2822b96ec9fb452c121b76100f1b51\log4j-1.2-api-2.12.1.jar
MD5: 199cbb4af0e377e99c0bd2532779af0a
SHA1: ee0862319f2822b96ec9fb452c121b76100f1b51
SHA256:fcabb16eefa98c4979be307f769a2aaf40ca68ffdaae9a5f36e52df063caf7c0
Referenced In Projects/Scopes:
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

log4j-slf4j-impl-2.12.1.jar

Description:

The Apache Log4j SLF4J API binding to Log4j 2 Core

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.logging.log4j\log4j-slf4j-impl\2.12.1\14973e22497adaf0196d481fb99c5dc2a0b58d41\log4j-slf4j-impl-2.12.1.jar
MD5: fda2a7e20c14eb8020c965509b8d9443
SHA1: 14973e22497adaf0196d481fb99c5dc2a0b58d41
SHA256:3d9620afc3cd58527a182b70e7c111b7289046989c0d04a50e46b0ec31dc138a
Referenced In Projects/Scopes:
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

log4j-core-2.12.1.jar

Description:

The Apache Log4j Implementation

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.logging.log4j\log4j-core\2.12.1\4382e93136c06bfb34ddfa0bb8a9fb4ea2f3df59\log4j-core-2.12.1.jar
MD5: 0138ba1c191d5c754fd0e3c3a61c0307
SHA1: 4382e93136c06bfb34ddfa0bb8a9fb4ea2f3df59
SHA256:885e31a14fc71cb4849e93564d26a221c685a789379ef63cb2d082cedf3c2235
Referenced In Projects/Scopes:
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

log4j-jul-2.12.1.jar

Description:

The Apache Log4j implementation of java.util.logging

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.logging.log4j\log4j-jul\2.12.1\53e1e17d922749d2e1e172cdbd954732ac49d8b0\log4j-jul-2.12.1.jar
MD5: 52b6e2325c4f4a63cd9003d80a2bf6fc
SHA1: 53e1e17d922749d2e1e172cdbd954732ac49d8b0
SHA256:28e533725bd406f127511b7a55fdd4f5da75b48609655c23f6a28f8d2a0f032e
Referenced In Projects/Scopes:
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

javax.xml.soap-api-1.4.0.jar

Description:

SAAJ API

License:

CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.xml.soap/blob/master/LICENSE
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.xml.soap\javax.xml.soap-api\1.4.0\667ef2eee594ca7e05a1cbe0b37a428f7b57778f\javax.xml.soap-api-1.4.0.jar
MD5: fb8bbe2cdda8ff7bd945fcb9f0f6b61c
SHA1: 667ef2eee594ca7e05a1cbe0b37a428f7b57778f
SHA256:141374e33be99768611a2d42b9d33571a0c5b9763beca9c2dc90900d8cc8f767
Referenced In Projects/Scopes:
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

juel-spi-2.2.7.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\de.odysseus.juel\juel-spi\2.2.7\ca146332a93720784f24a5a24bb71c6d545133bd\juel-spi-2.2.7.jar
MD5: a4df3c8482a97ae937081b7d0ab407bb
SHA1: ca146332a93720784f24a5a24bb71c6d545133bd
SHA256:f0cc5802b0dd365aa7dae785359f18928a2eb46c178665bb000dffc6d5d9842b
Referenced In Projects/Scopes:

  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

derby-10.14.2.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.derby\derby\10.14.2.0\7efad40ef52fbb1f08142f07a83b42d29e47d8ce\derby-10.14.2.0.jar
MD5: 3ddcc1d435344d39d0122dbc2f39a746
SHA1: 7efad40ef52fbb1f08142f07a83b42d29e47d8ce
SHA256:2c40eb581e5221ab33c7c796979b49ce404e7e393357c58f7bcdb30a09efca72
Referenced In Projects/Scopes:

  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

geronimo-jaxrpc_1.1_spec-1.1.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.geronimo.specs\geronimo-jaxrpc_1.1_spec\1.1\b0b1d499b5c7f53ed65fa1aadd6cfaf743480e1b\geronimo-jaxrpc_1.1_spec-1.1.jar
MD5: ee8d28584b602a03da5f9b4c068b2d53
SHA1: b0b1d499b5c7f53ed65fa1aadd6cfaf743480e1b
SHA256:5a92b4fcf9f6b76172c5aabd1178cdb312d773454ae9e853b1bc0ca11ba70064
Referenced In Projects/Scopes:

  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

batik-all-1.8pre-r1084380.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codeartisans.thirdparties.swing\batik-all\1.8pre-r1084380\2898c85b844ad4db731d8dbd7bac395bece5bead\batik-all-1.8pre-r1084380.jar
MD5: 6b971c2c943d0d398744774c3df092bc
SHA1: 2898c85b844ad4db731d8dbd7bac395bece5bead
SHA256:089598db76376f1c74249c458fdc4973200d41d9aee51f14741ff335cbedcef3
Referenced In Projects/Scopes:

  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jackson-databind-2.9.9.3.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.fasterxml.jackson.core\jackson-databind\2.9.9.3\68ddd453458765757fd3ffca9437f9a42d91003e\jackson-databind-2.9.9.3.jar
MD5: 4b960b1790dd5292d5eb605e482aa4a7
SHA1: 68ddd453458765757fd3ffca9437f9a42d91003e
SHA256:5e5b577397531280728ea32a7fdcbefa8187eb84ec0d3d3cae35a0d6350792ba
Referenced In Projects/Scopes:
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2019-14540  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions:

CVE-2019-16335  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions:

CVE-2019-16942  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions:

CVE-2019-16943  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions:

axiom-impl-1.2.21.jar

Description:

The default implementation of the Axiom API.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ws.commons.axiom\axiom-impl\1.2.21\9e2abe02efc778ec49ed11880498752a6b306ff1\axiom-impl-1.2.21.jar
MD5: 615542293741bc88e3980f9edd2c9452
SHA1: 9e2abe02efc778ec49ed11880498752a6b306ff1
SHA256:66fca0f9631c5f6bc07e2a9d30464ef9537a5a08daec8fb09b5d4ca312639e05
Referenced In Projects/Scopes:
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

commons-httpclient-3.1.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-httpclient\commons-httpclient\3.1\964cd74171f427720480efdec40a7c7f6e58426a\commons-httpclient-3.1.jar
MD5: 8ad8c9229ef2d59ab9f59f7050e846a5
SHA1: 964cd74171f427720480efdec40a7c7f6e58426a
SHA256:dbd4953d013e10e7c1cc3701a3e6ccd8c950c892f08d804fabfac21705930443
Referenced In Projects/Scopes:

  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

xmlsec-1.4.3.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.santuario\xmlsec\1.4.3\22629b7c6b25352c25be97d0839460fef58ec533\xmlsec-1.4.3.jar
MD5: 16a2d033196888c83e06ac9dda7f88de
SHA1: 22629b7c6b25352c25be97d0839460fef58ec533
SHA256:85453868ec046394e08bac9d492f1e997022b034cb29cbb5e35d5c0b87baf27d
Referenced In Projects/Scopes:

  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2013-4517 (OSSINDEX)  

Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.
null

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.apache.santuario:xmlsec:1.4.3:*:*:*:*:*:*:*

avalon-framework-impl-4.2.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\avalon-framework\avalon-framework-impl\4.2.0\4da1db18947eb6950abb7ad79253011b9aec0e48\avalon-framework-impl-4.2.0.jar
MD5: 5c1f8f5c8c6c043538fc4ea038c2aaf6
SHA1: 4da1db18947eb6950abb7ad79253011b9aec0e48
SHA256:ed42c573cab460ca634b5c64a3b40ed1d67d6ee47fe25f87947370bede6af814
Referenced In Projects/Scopes:

  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

aspectjweaver-1.5.3.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\aspectj\aspectjweaver\1.5.3\4040e72d0dda6e9a03d879835cd3f70f19284c34\aspectjweaver-1.5.3.jar
MD5: 06464d01316d851e8dac161847e98f4c
SHA1: 4040e72d0dda6e9a03d879835cd3f70f19284c34
SHA256:8e2cdc2938d6254ac17d6b5ebf9f7625e8d3e76fcbb95eb34d7e0c34eb1ab26f
Referenced In Projects/Scopes:

  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

asciidoctorj-pdf-1.5.0-alpha.16.jar: jruby_cache_backend.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.asciidoctor\asciidoctorj-pdf\1.5.0-alpha.16\63c4f64106a00e316f0e9e54182a1c8581eff4b\asciidoctorj-pdf-1.5.0-alpha.16.jar\gems\thread_safe-0.3.6-java\lib\thread_safe\jruby_cache_backend.jar
MD5: 7f40e133c093c0e7baddce14ea90114b
SHA1: 993f3706b397773d989d6a02fa4e91a9ea8b0a24
SHA256:fd26af853ae547cdc0ff51d5875fe8cadc61edd23dc207651012217c4ff4257a
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

  • None

org.eclipse.birt.runtime-4.4.1.jar: SVGActionMenu.js

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.birt.runtime\4.4.1\d7f5495359184868842e469c1929109a0f69d87a\org.eclipse.birt.runtime-4.4.1.jar\org\eclipse\birt\chart\device\svg\SVGActionMenu.js
MD5: e3e8695348fe59953adfa242196b6f0d
SHA1: a6dce6eb64873e1dcc5456a080a93ca8133a5633
SHA256:1c30a959e8a3938ff5a92fe95b03ad6275160079b76a6e0667148302ee503476
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

  • None

org.eclipse.birt.runtime-4.4.1.jar: ImageActionMenu.js

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.birt.runtime\4.4.1\d7f5495359184868842e469c1929109a0f69d87a\org.eclipse.birt.runtime-4.4.1.jar\org\eclipse\birt\chart\device\util\ImageActionMenu.js
MD5: dd220f5bf2e81ec12c1e2767d9a05d38
SHA1: 8bb4021ed8eaf7fcc9dce09570513f4056142504
SHA256:64e4dfec7d80cd533063cf2e94949874bec866d7b9bafb1a30d7898b14872fa5
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

  • None

ehcache-core-2.6.2.jar: sizeof-agent.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\net.sf.ehcache\ehcache-core\2.6.2\3baecd92015a9f8fe4cf51c8b5d3a5bddcdd3e86\ehcache-core-2.6.2.jar\net\sf\ehcache\pool\sizeof\sizeof-agent.jar
MD5: 5ad919b3ac0516897bdca079c9a222a8
SHA1: e86399a80ae6a6c7a563717eaa0ce9ba4708571c
SHA256:3bcd560ca5f05248db9b689244b043e9c7549e3791281631a64e5dfff15870d2
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

jna-5.3.1.jar: jnidispatch.dll

File Path: Z:\Gradle\caches\modules-2\files-2.1\net.java.dev.jna\jna\5.3.1\6eb9d07456c56b9c2560722e90382252f0f98405\jna-5.3.1.jar\com\sun\jna\win32-x86\jnidispatch.dll
MD5: 391d7cbfc2c03d0be890541004e6a0ac
SHA1: 1a48c577532b6dbec44b5401fa8268a86daa35b0
SHA256:2d0342e81527fc07255f6585e7de2e89dcd33b2ccf3e770eb83889353265cec3
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

  • None

jna-5.3.1.jar: jnidispatch.dll

File Path: Z:\Gradle\caches\modules-2\files-2.1\net.java.dev.jna\jna\5.3.1\6eb9d07456c56b9c2560722e90382252f0f98405\jna-5.3.1.jar\com\sun\jna\win32-x86-64\jnidispatch.dll
MD5: 3c016613eb59259f94e2add2b8d926c0
SHA1: e26183f9919ed1daf5c1856c16f8a074bd9ef6dc
SHA256:df09119557efe5a5fc2237996b09c3da34fb60eb3ff0c6a5b2a35ec4212e0119
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

  • None

asciidoctorj-1.6.2.jar: concurrent_ruby_ext.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.asciidoctor\asciidoctorj\1.6.2\899c972f69febedc39dca5108d83b9294ceeeff8\asciidoctorj-1.6.2.jar\gems\concurrent-ruby-1.0.5-java\lib\concurrent_ruby_ext.jar
MD5: e8391bc0b95602fa4dc0b1b053f4226a
SHA1: d40c156eff597cdadf2deec2075a6524646628ed
SHA256:66df7b93ca43f93142761923072e14b25889713e6694bdf36608d0211cef5b8b
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

  • None

org.eclipse.core.resources-3.9.1.v20140825-1431.jar: resources-ant.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.core.resources\3.9.1.v20140825-1431\24a0e4b809d9cb102e7bf8123a2844657b916090\org.eclipse.core.resources-3.9.1.v20140825-1431.jar\ant_tasks\resources-ant.jar
MD5: 2e3d89f3c01f0deec05a4d04db4b67bd
SHA1: ac97fcd1a043208b58e6ec13c2708e5cbfdf9a55
SHA256:0de8aa06e7ec6ac731ecdca4e390b8db4285846e07ce195f942a1b0ae5a2963d
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

  • None

jruby-complete-9.2.7.0.jar: jffi-1.2.dll

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\jni\i386-Windows\jffi-1.2.dll
MD5: 841e60814ed6b2971a47b267aef1c58a
SHA1: 07d30c6407fefad8df4b6afc4d85f83e547975ca
SHA256:d63b0ec9a7cc75c26fa951928bf550c0e9a5e6c195a3de94a9c24995206bbfd2
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

  • None

jruby-complete-9.2.7.0.jar: jffi-1.2.dll

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\jni\x86_64-Windows\jffi-1.2.dll
MD5: 5d80b61c1f9e31860c17b3a410948e7e
SHA1: 5ca292116336ee4ceed00d10e756afea580e62cf
SHA256:58398ba5cda1b7cb89ad4e03dd4a658006956f81acfef4efb4e7dd934e2733ef
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

  • None

jruby-complete-9.2.7.0.jar: jruby.dll

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF\jruby.home\bin\jruby.dll
MD5: 92ea01d27afe7f69a17e32bba8ed27cf
SHA1: 53e94465693dd9984f84bcb7d0e58c450d76d12e
SHA256:1ff883b2e2c4cf05b2613e2b2bc9cca1594fb4a77e3eb1487bd90e76e535d431
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

  • None

jruby-complete-9.2.7.0.jar: jruby.exe

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF\jruby.home\bin\jruby.exe
MD5: cbc0c0d001761853cd4a609f3ad2c49c
SHA1: 2ef43c2c58d0e34681edff2f6aa3761638cbde1c
SHA256:7f88e44beda6fbbf3f3d8dcebba0f3f0c5cc4c154f631c8003133bb994743c32
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

  • None

jruby-complete-9.2.7.0.jar: jrubyw.exe

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF\jruby.home\bin\jrubyw.exe
MD5: ec57f911978d52538a2fbd1570d1401b
SHA1: 2fa44467856f9e6daaab94de212b90ae2eba821d
SHA256:c18b6ac704962a999694d9c1924bf0e0e922ec45098904210869cc2e0c8c3e68
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

  • None

jruby-complete-9.2.7.0.jar: jline-2.14.6.jar

License:

The BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF\jruby.home\lib\ruby\stdlib\jline\jline\2.14.6\jline-2.14.6.jar
MD5: 480423551649bc6980b43f09e4717272
SHA1: c3aeac59c022bdc497c8c48ed86fa50450e4896a
SHA256:97d1acaac82409be42e622d7a54d3ae9d08517e8aefdea3d2ba9791150c2f02d
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

jruby-complete-9.2.7.0.jar: jopenssl.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF\jruby.home\lib\ruby\stdlib\jopenssl.jar
MD5: fd021c75ba66fd3405ce2d6048376464
SHA1: 2c0223fd1ec085eaf5e0e41a0d92ed456ac03e3e
SHA256:d320dba8efcca3a8d6c04e2f055092ec0108c9ec0859633d72cbd91e34abd601
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

  • None

jruby-complete-9.2.7.0.jar: generator.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF\jruby.home\lib\ruby\stdlib\json\ext\generator.jar
MD5: 98b585d488e4b079b39624ce04da9893
SHA1: 16e53e1996a14c583a37aec04c1c1c67918091b2
SHA256:8e821952a433b778c7a8199a10a6bf704a1b04ce1302cb74bcfdc514401abf27
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

  • None

jruby-complete-9.2.7.0.jar: parser.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF\jruby.home\lib\ruby\stdlib\json\ext\parser.jar
MD5: f67aff6c1909fb9c997c38dee4d3af8f
SHA1: 2c237e2fe8c6e6b9153485f6467ed9dd0711e53d
SHA256:693fa906d78a85f0a24d424ccc5d7461032e61b17b90929a5f0f6663eaa36609
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

  • None

jruby-complete-9.2.7.0.jar: bcpkix-jdk15on-1.61.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF\jruby.home\lib\ruby\stdlib\org\bouncycastle\bcpkix-jdk15on\1.61\bcpkix-jdk15on-1.61.jar
MD5: 0ee0052e010ef9de6242e57899db88ef
SHA1: 89bb3aa5b98b48e584eee2a7401b7682a46779b4
SHA256:326eb81c2a0cb0d665733a9cc7c03988081101ad17d1453b334368453658591f
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

  • None

jruby-complete-9.2.7.0.jar: bcprov-jdk15on-1.61.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF\jruby.home\lib\ruby\stdlib\org\bouncycastle\bcprov-jdk15on\1.61\bcprov-jdk15on-1.61.jar
MD5: 5aeb35a904766692ad96ee6590c86e65
SHA1: 00df4b474e71be02c1349c3292d98886f888d1f7
SHA256:dba6e408f205215ad1a89b70b37353d3cdae4ec61037e1feee885704e2413458
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

jruby-complete-9.2.7.0.jar: bctls-jdk15on-1.61.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF\jruby.home\lib\ruby\stdlib\org\bouncycastle\bctls-jdk15on\1.61\bctls-jdk15on-1.61.jar
MD5: a78fb36fad05b8dae75563de51d1b0e1
SHA1: a8ccdf03d2addc3dad09d8749d8345438c66f6d5
SHA256:606acb2ee81176c52f2a79e7ec63e854ec5e9ab9f9a9edd1fec7d3db926dde2c
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

  • None

jruby-complete-9.2.7.0.jar: snakeyaml-1.23.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF\jruby.home\lib\ruby\stdlib\org\yaml\snakeyaml\1.23\snakeyaml-1.23.jar
MD5: 64ec8bd26b6d5034a87ecb1c8ce0efdc
SHA1: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68
SHA256:13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

jruby-complete-9.2.7.0.jar: psych.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF\jruby.home\lib\ruby\stdlib\psych.jar
MD5: 770880c7b0c659acae26a0d5e4f4c89c
SHA1: ff464c9c6632fbb13f92df04c711c5cdc3efc045
SHA256:efdc644fec5081d0cb1c19192ce47c9582a37df6ebf54354b3a49bafd5aa6e41
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

  • None

jruby-complete-9.2.7.0.jar: cparse-jruby.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF\jruby.home\lib\ruby\stdlib\racc\cparse-jruby.jar
MD5: ea7a765ea611d271d21465f9c2a68b79
SHA1: 37572f403a1bd512e76e40e4dc4d6f36528fd2bf
SHA256:ca24a45726fcf245987d033ed7135bb04ded9b3b27dd0d83c24f4206cad11890
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

  • None

jruby-complete-9.2.7.0.jar: darkfish.js

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF\jruby.home\lib\ruby\stdlib\rdoc\generator\template\darkfish\js\darkfish.js
MD5: d3c0bc87772d8a9cbd7a4d13f1f7438f
SHA1: a3ac4e6b5d971608b6cbef575a5a03c06303330b
SHA256:0e987b99f9b3c802aa5240710fe73c47c8241d8a00f07cc9562750232099294c
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

  • None

jruby-complete-9.2.7.0.jar: jquery.js

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF\jruby.home\lib\ruby\stdlib\rdoc\generator\template\darkfish\js\jquery.js
MD5: 9118381924c51c89d9414a311ec9c97f
SHA1: 71cce71820cc47b3bd1098618d248325fcf24ddb
SHA256:951d6bae39eb172f57a88bd686f7a921cf060fd21f59648f0d20b6a8f98fc5a5
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

CVE-2012-6708  

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 1.9.0

CVE-2015-9251  

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1
  • cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12
  • cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
  • cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*

CVE-2019-11358  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15

jruby-complete-9.2.7.0.jar: search.js

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF\jruby.home\lib\ruby\stdlib\rdoc\generator\template\darkfish\js\search.js
MD5: 0e2481c5045219eb047f520284cd2941
SHA1: c7d60508126b35bd21d63223606e88b75dbe9d3e
SHA256:9f4f1589d34837b58aa9d7478edb26204814f63cd1d8ecad231f80a1c686facf
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

  • None

jruby-complete-9.2.7.0.jar: navigation.js

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF\jruby.home\lib\ruby\stdlib\rdoc\generator\template\json_index\js\navigation.js
MD5: 81bafbd1d63f81e305c7b1cc762bda77
SHA1: 35a922d6c89d0b5c8cbb3f528914d960c357a061
SHA256:b928caf69cb062b33c1982f5aee4e03869fd0b98635c53c02e7880cd591f263f
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

  • None

jruby-complete-9.2.7.0.jar: searcher.js

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF\jruby.home\lib\ruby\stdlib\rdoc\generator\template\json_index\js\searcher.js
MD5: aabe435a5b5d32c477a7cf4a8e132ab8
SHA1: 79da9708788dd7696845f203aef12e6ecae18f13
SHA256:be64ef5b4d6322812b8d481c13f17ebca6aac4a6d3e9ca400e4cc7a3ff435931
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

  • None

jruby-complete-9.2.7.0.jar: readline.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF\jruby.home\lib\ruby\stdlib\readline.jar
MD5: ee095d6e2062601784e821c0761b7a8d
SHA1: f94495275a3d40af13986495b60d7a2029d8eba5
SHA256:25f6e191a7cddf15c926d9c5fb598237517b201d041f35f5cd01ae446b17d9d4
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

  • None

jruby-complete-9.2.7.0.jar: jline-2.14.6.jar: jansi.dll

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF\jruby.home\lib\ruby\stdlib\jline\jline\2.14.6\jline-2.14.6.jar\META-INF\native\windows32\jansi.dll
MD5: 83fdcbb296f9732176748e443c7637a5
SHA1: f91fda2c7f9f485db21a50c05ff3a65c1fa20090
SHA256:7db0fdba01b93f8d45c8fa9ba949f424efb0361d6f8af5561d769378d8b3a1ac
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

  • None

jruby-complete-9.2.7.0.jar: jline-2.14.6.jar: jansi.dll

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF\jruby.home\lib\ruby\stdlib\jline\jline\2.14.6\jline-2.14.6.jar\META-INF\native\windows64\jansi.dll
MD5: b009262ec2c7e84839af9729b752f14e
SHA1: 8d96f40da8970ddd48af4517512a0fdd077c33da
SHA256:daed7ea5b66bce3821742564af812b6f4e25939b3d273ed5a156ba7c92c452dc
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

  • None

jruby-complete-9.2.7.0.jar (shaded: com.github.jnr:jffi:1.2.18)

Description:

Java Foreign Function Interface

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF/maven/com.github.jnr/jffi/pom.xml
MD5: 8f7f903f659a9f0d06decd22e20d0be9
SHA1: 2b5072ff3f379a5da78af5d31086f55f9572a0d1
SHA256:e9127a7a45196444b46ca64304a139b7da148739ff0cbcd0f60292163563a354
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

jruby-complete-9.2.7.0.jar (shaded: com.github.jnr:jnr-constants:0.9.12)

Description:

A set of platform constants (e.g. errno values)

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF/maven/com.github.jnr/jnr-constants/pom.xml
MD5: c5fa9075f2d9069503fe533bf7269347
SHA1: dfb1b71d18b137d95ee2bcb3bbfe0bb0b720b4c1
SHA256:4c390808024e92b769115d75fb424af96d2fd1404b359580f9a3b985cc0e0d93
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

jruby-complete-9.2.7.0.jar (shaded: com.github.jnr:jnr-enxio:0.19)

Description:

Native I/O access for java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF/maven/com.github.jnr/jnr-enxio/pom.xml
MD5: 0cf0e0d386acc7f833c9200acfe734c7
SHA1: 034b44e637cc34a3b47ef6d718148b598a3eb3fe
SHA256:1cb7867e2bb790a6e62de24fe0dc5c4a68f8904092743a8a32ecb4796397453a
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

jruby-complete-9.2.7.0.jar (shaded: com.github.jnr:jnr-ffi:2.1.9)

Description:

A library for invoking native functions from java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF/maven/com.github.jnr/jnr-ffi/pom.xml
MD5: cb493756935e3b13cfc2ec30137b7df0
SHA1: 786db5464edfce10f4b17f0ebec09282915116c7
SHA256:6d10081f730242fb36a0a61d9b6dec015e56c866cf90e5c33e655743539e16a5
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

jruby-complete-9.2.7.0.jar (shaded: com.github.jnr:jnr-netdb:1.1.6)

Description:

Lookup TCP and UDP services from java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF/maven/com.github.jnr/jnr-netdb/pom.xml
MD5: 97b63f6ae3cf52e1a951bf30caf65566
SHA1: 7fe2442e26538f534e429de408ac88d3077da7fd
SHA256:8e7a582ee6ae28e1bf20a9ebd65bf1031d64a2fe8e45a10dc334adbcad3a281b
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

jruby-complete-9.2.7.0.jar (shaded: com.github.jnr:jnr-posix:3.0.49)

Description:

    Common cross-project/cross-platform POSIX APIs

License:

Eclipse Public License - v 2.0: https://www.eclipse.org/legal/epl-2.0/
GNU General Public License Version 2: http://www.gnu.org/copyleft/gpl.html
GNU Lesser General Public License Version 2.1: http://www.gnu.org/licenses/lgpl.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF/maven/com.github.jnr/jnr-posix/pom.xml
MD5: 88dd39e5c7991855a5f1f53c1b3fac83
SHA1: f4aa81a847ef3cb433c0c55d01c5dc0f101aab13
SHA256:09da885accc67629d80a05ec106bd12a1180a770724b01ef8da810c817d66ccb
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

jruby-complete-9.2.7.0.jar (shaded: com.github.jnr:jnr-unixsocket:0.20)

Description:

Native I/O access for java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF/maven/com.github.jnr/jnr-unixsocket/pom.xml
MD5: 0cf92880b05eb7695aa3fbfc62dbe85c
SHA1: 623b60ea7201143887f8068ce76e72a42afa2837
SHA256:54a5efd983fbde3051df1c99e19ff24c81808f7d70968d3ed31995f0bfb726b8
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

jruby-complete-9.2.7.0.jar (shaded: com.headius:backport9:1.2)

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF/maven/com.headius/backport9/pom.xml
MD5: cb348fc8f6302d9a7872c5b3dc9052c6
SHA1: 62abae56b80b6d2024e34afff9c2fb86d8a1977d
SHA256:b4622e32febe5703a055792c076b47e239062b85111737c8840a9e4a40ae992f
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

jruby-complete-9.2.7.0.jar (shaded: com.headius:invokebinder:1.11)

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF/maven/com.headius/invokebinder/pom.xml
MD5: 337e96c4ce329636688e976f24ce5218
SHA1: 76f7da575b64e531d45cf36a3b48bb990df015f5
SHA256:f383be8b504eb2b4d4d76a961eb39900b46e11732e422464b354569c640e128f
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

jruby-complete-9.2.7.0.jar (shaded: com.headius:options:1.4)

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF/maven/com.headius/options/pom.xml
MD5: 71910d212b33ca5f3f5a8a2aff7c8785
SHA1: 51766d35193ffa3f9c131d574cf2570447607b95
SHA256:4286dda1f35013b2566c649e4b1a326fe5032f2f9f719bf36e2ba0ce63246a2c
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

jruby-complete-9.2.7.0.jar (shaded: com.jcraft:jzlib:1.1.3)

Description:

JZlib is a re-implementation of zlib in pure Java

License:

BSD: http://www.jcraft.com/jzlib/LICENSE.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF/maven/com.jcraft/jzlib/pom.xml
MD5: 856f139610c4e36c1b0bdb5ad007c2a5
SHA1: 6e6789004c70477a6e2ea92c066b757534e63a10
SHA256:edb67251608556ad9584d00e46b5ef38ecf1246d571c0f80f24f50b285a9f682
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

jruby-complete-9.2.7.0.jar (shaded: com.martiansoftware:nailgun-server:0.9.1)

Description:

        Nailgun is a client, protocol, and server for running Java programs from
        the command line without incurring the JVM startup overhead. Programs run
        in the server (which is implemented in Java), and are triggered by the
        client (written in C), which handles all I/O.

        This project contains the SERVER ONLY.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF/maven/com.martiansoftware/nailgun-server/pom.xml
MD5: 365276754761735cc069e439a401fa8d
SHA1: 55ac54d56cbaa9468e964f4dc20b201cde1c611f
SHA256:e1e164a7e12f35d2d940cd4a52ab0cba37da07179eb3dfa70b8989dbeb305d5d
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

jruby-complete-9.2.7.0.jar (shaded: joda-time:joda-time:2.9.9)

Description:

Date and time library to replace JDK date handling

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF/maven/joda-time/joda-time/pom.xml
MD5: b0251e9d2324103acef74f95b6b8fb7d
SHA1: d03e4fefb36959941b3e7cf6e157bbb0624f8554
SHA256:fc3db49d13f6061edb15774ad5a2a7b279ea51aa90097087988b05a806decfff
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

jruby-complete-9.2.7.0.jar (shaded: me.qmx.jitescript:jitescript:0.4.1)

Description:

Java API for Bytecode

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF/maven/me.qmx.jitescript/jitescript/pom.xml
MD5: a8244f2c8843244d8934742315b47154
SHA1: 63a1b1c6c7ac7c29e8d7a065a9c2649058455749
SHA256:4001176ebaedccf43616c92dad87d0d305b54000cfae4e999675e8acb35735f6
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

jruby-complete-9.2.7.0.jar (shaded: org.jruby.jcodings:jcodings:1.0.43)

Description:

Byte based encoding support library for java

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF/maven/org.jruby.jcodings/jcodings/pom.xml
MD5: 3dc24bbc119cd43daf3ff306ac7e32a7
SHA1: 1f955832d96398486db23cddc309ab06df7e9075
SHA256:ff028075fbf4ba6c5777dc2fb609b2b55530834b0e4fc60c71209455c0466d39
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

jruby-complete-9.2.7.0.jar (shaded: org.jruby.joni:joni:2.1.26)

Description:

    Java port of Oniguruma: http://www.geocities.jp/kosako3/oniguruma
    that uses byte arrays directly instead of java Strings and chars

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF/maven/org.jruby.joni/joni/pom.xml
MD5: 3a15e2448c2a06f601472c57c08b8c78
SHA1: 8bd84b5bf472e89d0fdf4da22347a080a60f0da9
SHA256:e9b7fc21af20a9a1b106119dd2d9b275dc1f5cc8bd0b0a5c7715bb16b01349da
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

jruby-complete-9.2.7.0.jar (shaded: org.jruby:jruby-core:9.2.7.0)

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF/maven/org.jruby/jruby-core/pom.xml
MD5: 257a9088de3b402e967566e41aa08754
SHA1: 2115b630474a99582cbb60f9b20ae0a88985bfb0
SHA256:fc40c32b2449f4247232ff56e6a1ba3eb2b21289848e1dc7738ec2b6ad2369dd
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

jruby-complete-9.2.7.0.jar (shaded: org.jruby:jruby-stdlib:9.2.7.0)

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jruby\jruby-complete\9.2.7.0\308120bca38f617e7b275af8ce0cbd9f0be66218\jruby-complete-9.2.7.0.jar\META-INF/maven/org.jruby/jruby-stdlib/pom.xml
MD5: 7cf670ac15cfd6768d525fdcdd945519
SHA1: ab834ae5ce7ab9cd1efcd74e7210199593d5549b
SHA256:93f5913920fec555096735d24a622bf0ff06f821708a6ee741b37c4bdd19bfca
Referenced In Project/Scope:ofbiz:asciidoctor

Identifiers

htrace-core4-4.1.0-incubating.jar (shaded: com.fasterxml.jackson.core:jackson-core:2.4.0)

Description:

Core Jackson abstractions, basic JSON streaming API implementation

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.htrace\htrace-core4\4.1.0-incubating\12b3e2adda95e8c41d9d45d33db075137871d2e2\htrace-core4-4.1.0-incubating.jar\META-INF/maven/com.fasterxml.jackson.core/jackson-core/pom.xml
MD5: b5ed6cb7f987a4da86141638b1538d81
SHA1: ed8235ea6d84480833675e709b415bde24ce25f7
SHA256:8310978da8c7013ecaaba13c9b41b75ab3a09797ae4b946ae5e1614088f995d7
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

htrace-core4-4.1.0-incubating.jar (shaded: com.fasterxml.jackson.core:jackson-databind:2.4.0)

Description:

General data-binding functionality for Jackson: works on core streaming API

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.htrace\htrace-core4\4.1.0-incubating\12b3e2adda95e8c41d9d45d33db075137871d2e2\htrace-core4-4.1.0-incubating.jar\META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
MD5: d3f7afe903419aa0c03f9cf8682e1a69
SHA1: 3c0d06b6c0a9f4135fcf5c5557c751c0cd066c0c
SHA256:083be927bdddaf1e992d0e9f0fff509b60f35deea307216d8ba773f065a6f30c
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

CVE-2017-15095  

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously. \
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2017-17485 (OSSINDEX)  

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.
null

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.4.0:*:*:*:*:*:*:*

CVE-2017-7525 (OSSINDEX)  

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
null

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.4.0:*:*:*:*:*:*:*

CVE-2018-1000873  

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2018-11307  

An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2018-14718  

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2018-14719 (OSSINDEX)  

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
null

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.4.0:*:*:*:*:*:*:*

CVE-2018-14720 (OSSINDEX)  

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
null

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.4.0:*:*:*:*:*:*:*

CVE-2018-14721 (OSSINDEX)  

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
null

CVSSv3:
  • Base Score: CRITICAL (10.0)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.4.0:*:*:*:*:*:*:*

CVE-2018-19360 (OSSINDEX)  

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
null

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.4.0:*:*:*:*:*:*:*

CVE-2018-19361 (OSSINDEX)  

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
null

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.4.0:*:*:*:*:*:*:*

CVE-2018-19362 (OSSINDEX)  

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
null

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.4.0:*:*:*:*:*:*:*

CVE-2018-5968  

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.
CWE-502 Deserialization of Untrusted Data, CWE-184 Incomplete Blacklist

CVSSv2:
  • Base Score: MEDIUM (5.1)
  • Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2018-7489  

FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.
CWE-502 Deserialization of Untrusted Data, CWE-184 Incomplete Blacklist

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14540  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions:

CVE-2019-16335  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions:

CVE-2019-16942  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions:

CVE-2019-16943  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions:

CWE-611: Improper Restriction of XML External Entity Reference ('XXE') (OSSINDEX)  

The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv3:
  • Base Score: MEDIUM (5.4)
  • Vector: /AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.4.0:*:*:*:*:*:*:*

htrace-core4-4.1.0-incubating.jar (shaded: com.fasterxml.jackson.core:jackson-annotations:2.4.0)

Description:

Core annotations used for value types, used by Jackson data binding package.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.htrace\htrace-core4\4.1.0-incubating\12b3e2adda95e8c41d9d45d33db075137871d2e2\htrace-core4-4.1.0-incubating.jar\META-INF/maven/com.fasterxml.jackson.core/jackson-annotations/pom.xml
MD5: 556310b593b9688b85686409e0bd5377
SHA1: 2b75fa41636e5d02edc961ee9c68e6f041dc85a9
SHA256:63e2e01157c8964913ef8bb0e69cec0d363d31129089206f7fb07ee5438359c0
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

htrace-core4-4.1.0-incubating.jar (shaded: commons-logging:commons-logging:1.1.1)

Description:

Commons Logging is a thin adapter allowing configurable bridging to other,
    well known logging systems.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.htrace\htrace-core4\4.1.0-incubating\12b3e2adda95e8c41d9d45d33db075137871d2e2\htrace-core4-4.1.0-incubating.jar\META-INF/maven/commons-logging/commons-logging/pom.xml
MD5: 976d812430b8246deeaf2ea54610f263
SHA1: 76672afb562b9e903674ad3a544cdf2092f1faa3
SHA256:d0f2e16d054e8bb97add9ca26525eb2346f692809fcd2a28787da8ceb3c35ee8
Referenced In Projects/Scopes:

  • ofbiz:compileClasspath
  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

axiom-impl-1.2.21.jar (shaded: org.apache.ws.commons.axiom:om-aspects:1.2.21)

Description:

Contains aspects and implementation classes shared by LLOM and DOOM.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ws.commons.axiom\axiom-impl\1.2.21\9e2abe02efc778ec49ed11880498752a6b306ff1\axiom-impl-1.2.21.jar\META-INF/maven/org.apache.ws.commons.axiom/om-aspects/pom.xml
MD5: 03752c4315deee3885f1c99275fa6a69
SHA1: 03598c8fdae1ad8f360d5b666d04735b72ddfa4f
SHA256:4a88dcaa4ed38e102ca968b96af88703c25f78d1530ebfa699e238e51deb406d
Referenced In Projects/Scopes:

  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

axiom-impl-1.2.21.jar (shaded: org.apache.ws.commons.axiom:core-aspects:1.2.21)

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ws.commons.axiom\axiom-impl\1.2.21\9e2abe02efc778ec49ed11880498752a6b306ff1\axiom-impl-1.2.21.jar\META-INF/maven/org.apache.ws.commons.axiom/core-aspects/pom.xml
MD5: f29b36ab207c7d98cde9d06c40de4a2e
SHA1: 01131da42a770995784c030ed0848cf4408a99d9
SHA256:815d6c527244ecc04d4eb0d77e44e7a0fabb25905a8a372b22a86a274aa278b1
Referenced In Projects/Scopes:

  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

axiom-impl-1.2.21.jar (shaded: org.apache.ws.commons.axiom:shared-aspects:1.2.21)

Description:

        Contains mixins for methods that are shared between DOM and Axiom.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ws.commons.axiom\axiom-impl\1.2.21\9e2abe02efc778ec49ed11880498752a6b306ff1\axiom-impl-1.2.21.jar\META-INF/maven/org.apache.ws.commons.axiom/shared-aspects/pom.xml
MD5: f03b40ba6718996cb9b21fbff8f6c597
SHA1: 1d772eb5aa9297d222f874416914c36abbc0ccbd
SHA256:53b958e9144c5dc1501342074ee70f367616d78ec72a117e28949a846ddd533b
Referenced In Projects/Scopes:

  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers

axiom-impl-1.2.21.jar (shaded: org.apache.ws.commons.axiom:xml-utils:1.2.21)

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ws.commons.axiom\axiom-impl\1.2.21\9e2abe02efc778ec49ed11880498752a6b306ff1\axiom-impl-1.2.21.jar\META-INF/maven/org.apache.ws.commons.axiom/xml-utils/pom.xml
MD5: 1427855508e32d8596ab1ffeda5da518
SHA1: d6bd3f3c16872cd2b48b148f1d03aab363beb67c
SHA256:d46470207c364c831e84f11a42e1fd3e571f0dad1649c6830b6006526d1e25f6
Referenced In Projects/Scopes:

  • ofbiz:default
  • ofbiz:runtimeClasspath

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the NPM Public Advisories.
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.