Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 5.3.2Report Generated On : Mon, 20 Apr 2020 20:09:57 +0200Dependencies Scanned : 168 (106 unique)Vulnerable Dependencies : 8 Vulnerabilities Found : 20Vulnerabilities Suppressed : 10... NVD CVE Checked : 2020-04-20T20:09:46NVD CVE Modified : 2020-04-20T18:03:43VersionCheckOn : 2020-04-19T10:27:56Summary Display:
Showing Vulnerable Dependencies (click to show all) Dependencies animal-sniffer-annotations-1.9.jarFile Path: /Users/lukaszlenart/.m2/repository/org/codehaus/mojo/animal-sniffer-annotations/1.9/animal-sniffer-annotations-1.9.jarMD5: 41f47a4c81b5a9f76bc7f12af69e4fbeSHA1: c29299253a087898aaff7f4eac57effa46b1910aSHA256: cd96feeb47f34b2559704715db7b179a03a3721f9dc4092c345c718e29b42de4Referenced In Projects/Scopes:
Struts 2 OSGi Demo Bundle:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Assembly:compile Struts 2 OSGi Plugin:compile Evidence Type Source Name Value Confidence Vendor jar package name mojo Highest Vendor pom groupid org.codehaus.mojo Highest Vendor jar package name codehaus Low Vendor pom parent-artifactid animal-sniffer-parent Low Vendor pom parent-groupid org.codehaus.mojo Medium Vendor jar package name animal_sniffer Low Vendor pom name Animal Sniffer Annotations High Vendor file name animal-sniffer-annotations High Vendor jar package name codehaus Highest Vendor pom groupid codehaus.mojo Highest Vendor pom artifactid animal-sniffer-annotations Low Vendor jar package name mojo Low Product jar package name codehaus Highest Product jar package name mojo Highest Product pom parent-groupid org.codehaus.mojo Medium Product pom groupid codehaus.mojo Highest Product pom parent-artifactid animal-sniffer-parent Medium Product jar package name animal_sniffer Low Product pom artifactid animal-sniffer-annotations Highest Product pom name Animal Sniffer Annotations High Product file name animal-sniffer-annotations High Product jar package name mojo Low Product jar package name ignorejrerequirement Low Version pom version 1.9 Highest Version file version 1.9 High
aopalliance-1.0.jarDescription:
AOP Alliance License:
Public Domain File Path: /Users/lukaszlenart/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
SHA256: 0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08
Referenced In Projects/Scopes: Struts 2 Assembly:compile Struts 2 Core:compile Evidence Type Source Name Value Confidence Vendor file name aopalliance High Vendor jar package name aopalliance Highest Vendor pom name AOP alliance High Vendor pom url http://aopalliance.sourceforge.net Highest Vendor jar package name aopalliance Low Vendor pom groupid aopalliance Highest Vendor jar package name aop Highest Vendor jar package name intercept Low Vendor pom artifactid aopalliance Low Product file name aopalliance High Product jar package name aopalliance Highest Product pom artifactid aopalliance Highest Product pom name AOP alliance High Product pom groupid aopalliance Highest Product jar package name aop Highest Product pom url http://aopalliance.sourceforge.net Medium Product jar package name intercept Low Version file version 1.0 High Version pom version 1.0 Highest
asm-3.3.1.jarFile Path: /Users/lukaszlenart/.m2/repository/asm/asm/3.3.1/asm-3.3.1.jarMD5: 1ad1e8959324b0f680b8e62406955642SHA1: 1d5f20b4ea675e6fab6ab79f1cd60ec268ddc015SHA256: c2b39275f8e951bc74750080a1266cdabc39399bc5e13d642bf2d346449df7f3Referenced In Projects/Scopes:
Struts 2 JUnit Plugin:compile Struts 2 Rest Showcase Webapp:compile Struts 2 OSGi Demo Bundle:compile Struts 2 Velocity Plugin:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Configuration Browser Plugin:compile DEPRECATED: Struts 2 Embedded JSP Plugin:compile Struts 2 Sitemesh Plugin:compile Struts 2 Portlet Plugin:compile Struts 2 Showcase Webapp:compile Struts 2 Assembly:compile Struts 2 Portlet Tiles Plugin:compile Struts 2 OSGi Plugin:compile Evidence Type Source Name Value Confidence Vendor pom name ASM Core High Vendor pom groupid asm Highest Vendor pom artifactid asm Low Vendor Manifest Implementation-Vendor France Telecom R&D High Vendor jar package name asm Highest Vendor file name asm High Vendor pom parent-artifactid asm-parent Low Product pom name ASM Core High Product pom groupid asm Highest Product jar package name asm Highest Product file name asm High Product pom artifactid asm Highest Product Manifest Implementation-Title ASM High Product pom parent-artifactid asm-parent Medium Version file version 3.3.1 High Version pom version 3.3.1 Highest Version Manifest Implementation-Version 3.3.1 High
asm-7.3.1.jarDescription:
ASM, a very small and fast Java bytecode manipulation framework License:
BSD-3-Clause: https://asm.ow2.io/license.html File Path: /Users/lukaszlenart/.m2/repository/org/ow2/asm/asm/7.3.1/asm-7.3.1.jar
MD5: 542c066ed00a4fa9857e9343e2c595b9
SHA1: 7ec32f922315924e82bf58b36ee1b673b2a9b820
SHA256: 2f67e11ceec819ebd88ddee5300aba699b1cbab2e20c22e97cf027d3be93959b
Referenced In Projects/Scopes: Struts 2 Convention Plugin:compile Struts 2 Rest Showcase Webapp:compile Struts 2 OSGi Demo Bundle:compile Struts 2 Showcase Webapp:compile Struts 2 Assembly:compile Evidence Type Source Name Value Confidence Vendor pom groupid org.ow2.asm Highest Vendor jar package name asm Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor pom organization name OW2 High Vendor pom url http://asm.ow2.io/ Highest Vendor jar package name objectweb Highest Vendor pom organization url http://www.ow2.org/ Medium Vendor Manifest bundle-symbolicname org.objectweb.asm Medium Vendor pom artifactid asm Low Vendor pom parent-artifactid ow2 Low Vendor pom name asm High Vendor file name asm High Vendor pom parent-groupid org.ow2 Medium Vendor Manifest bundle-docurl http://asm.ow2.org Low Vendor pom groupid ow2.asm Highest Product Manifest Bundle-Name org.objectweb.asm Medium Product jar package name asm Highest Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product pom organization url http://www.ow2.org/ Low Product jar package name objectweb Highest Product pom artifactid asm Highest Product Manifest bundle-symbolicname org.objectweb.asm Medium Product Manifest Implementation-Title ASM, a very small and fast Java bytecode manipulation framework High Product pom organization name OW2 Low Product pom url http://asm.ow2.io/ Medium Product pom name asm High Product file name asm High Product pom parent-artifactid ow2 Medium Product pom parent-groupid org.ow2 Medium Product Manifest bundle-docurl http://asm.ow2.org Low Product pom groupid ow2.asm Highest Version pom version 7.3.1 Highest Version file version 7.3.1 High Version Manifest Implementation-Version 7.3.1 High Version Manifest Bundle-Version 7.3.1 High Version pom parent-version 7.3.1 Low
asm-analysis-7.3.1.jarDescription:
Static code analysis API of ASM, a very small and fast Java bytecode manipulation framework License:
BSD-3-Clause: https://asm.ow2.io/license.html File Path: /Users/lukaszlenart/.m2/repository/org/ow2/asm/asm-analysis/7.3.1/asm-analysis-7.3.1.jar
MD5: b5b082ef17f6d6bb3d8ed9c129161bdb
SHA1: 045dfd299ea0c17d534499c4f06417ceccfa2d02
SHA256: 46b8a8efd4b94facb5ab4b35afe30ee0546ae7a43d2c64e6def56c2f168fefa5
Referenced In Projects/Scopes: Struts 2 Convention Plugin:compile Struts 2 Rest Showcase Webapp:compile Struts 2 OSGi Demo Bundle:compile Struts 2 Showcase Webapp:compile Struts 2 Assembly:compile Evidence Type Source Name Value Confidence Vendor pom groupid org.ow2.asm Highest Vendor pom artifactid asm-analysis Low Vendor jar package name asm Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor pom organization name OW2 High Vendor pom url http://asm.ow2.io/ Highest Vendor jar package name objectweb Highest Vendor jar package name tree Highest Vendor file name asm-analysis High Vendor pom organization url http://www.ow2.org/ Medium Vendor Manifest bundle-symbolicname org.objectweb.asm.tree.analysis Medium Vendor Manifest module-requires org.objectweb.asm.tree;transitive=true Low Vendor jar package name analysis Highest Vendor pom parent-artifactid ow2 Low Vendor pom parent-groupid org.ow2 Medium Vendor Manifest bundle-docurl http://asm.ow2.org Low Vendor pom groupid ow2.asm Highest Vendor pom name asm-analysis High Product jar package name asm Highest Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product pom organization url http://www.ow2.org/ Low Product jar package name objectweb Highest Product jar package name tree Highest Product file name asm-analysis High Product Manifest Implementation-Title Static code analysis API of ASM, a very small and fast Java bytecode manipulation framework High Product Manifest bundle-symbolicname org.objectweb.asm.tree.analysis Medium Product Manifest module-requires org.objectweb.asm.tree;transitive=true Low Product jar package name analysis Highest Product pom organization name OW2 Low Product pom url http://asm.ow2.io/ Medium Product pom artifactid asm-analysis Highest Product pom parent-artifactid ow2 Medium Product pom parent-groupid org.ow2 Medium Product Manifest bundle-docurl http://asm.ow2.org Low Product pom groupid ow2.asm Highest Product pom name asm-analysis High Product Manifest Bundle-Name org.objectweb.asm.tree.analysis Medium Version pom version 7.3.1 Highest Version file version 7.3.1 High Version Manifest Implementation-Version 7.3.1 High Version Manifest Bundle-Version 7.3.1 High Version pom parent-version 7.3.1 Low
asm-commons-7.3.1.jarDescription:
Usefull class adapters based on ASM, a very small and fast Java bytecode manipulation framework License:
BSD-3-Clause: https://asm.ow2.io/license.html File Path: /Users/lukaszlenart/.m2/repository/org/ow2/asm/asm-commons/7.3.1/asm-commons-7.3.1.jar
MD5: be985ed0af52424f8f5d27ec71c249ab
SHA1: daaa79ef260eb67404b9a52bc319a024c7f49cfe
SHA256: 87cd8bb3c6bf6bcbb33fca48060c5065f66ebf6a3d7de9bf18bff51bcf156ebc
Referenced In Projects/Scopes: Struts 2 Convention Plugin:compile Struts 2 Rest Showcase Webapp:compile Struts 2 OSGi Demo Bundle:compile Struts 2 Showcase Webapp:compile Struts 2 Assembly:compile Evidence Type Source Name Value Confidence Vendor pom groupid org.ow2.asm Highest Vendor file name asm-commons High Vendor jar package name asm Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor pom organization name OW2 High Vendor pom url http://asm.ow2.io/ Highest Vendor jar package name objectweb Highest Vendor pom organization url http://www.ow2.org/ Medium Vendor pom artifactid asm-commons Low Vendor Manifest bundle-symbolicname org.objectweb.asm.commons Medium Vendor jar package name commons Highest Vendor pom parent-artifactid ow2 Low Vendor pom name asm-commons High Vendor pom parent-groupid org.ow2 Medium Vendor Manifest bundle-docurl http://asm.ow2.org Low Vendor Manifest module-requires org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true,org.objectweb.asm.tree.analysis;transitive=true Low Vendor pom groupid ow2.asm Highest Product file name asm-commons High Product jar package name asm Highest Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product pom organization url http://www.ow2.org/ Low Product jar package name objectweb Highest Product pom artifactid asm-commons Highest Product Manifest bundle-symbolicname org.objectweb.asm.commons Medium Product jar package name commons Highest Product pom organization name OW2 Low Product pom url http://asm.ow2.io/ Medium Product Manifest Implementation-Title Usefull class adapters based on ASM, a very small and fast Java bytecode manipulation framework High Product pom name asm-commons High Product Manifest Bundle-Name org.objectweb.asm.commons Medium Product pom parent-artifactid ow2 Medium Product pom parent-groupid org.ow2 Medium Product Manifest bundle-docurl http://asm.ow2.org Low Product Manifest module-requires org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true,org.objectweb.asm.tree.analysis;transitive=true Low Product pom groupid ow2.asm Highest Version pom version 7.3.1 Highest Version file version 7.3.1 High Version Manifest Implementation-Version 7.3.1 High Version Manifest Bundle-Version 7.3.1 High Version pom parent-version 7.3.1 Low
asm-tree-7.3.1.jarDescription:
Tree API of ASM, a very small and fast Java bytecode manipulation framework License:
BSD-3-Clause: https://asm.ow2.io/license.html File Path: /Users/lukaszlenart/.m2/repository/org/ow2/asm/asm-tree/7.3.1/asm-tree-7.3.1.jar
MD5: 3ef0bd9837a905e0b2d443de9199a409
SHA1: 587ce54d243145b2e89598bfcea7823ded73be5d
SHA256: f91a4a8aa868c5c4665bb4fd134019a91f9f8b9216527fba295e3c8b5422b78b
Referenced In Projects/Scopes: Struts 2 Convention Plugin:compile Struts 2 Rest Showcase Webapp:compile Struts 2 OSGi Demo Bundle:compile Struts 2 Showcase Webapp:compile Struts 2 Assembly:compile Evidence Type Source Name Value Confidence Vendor pom groupid org.ow2.asm Highest Vendor pom name asm-tree High Vendor Manifest bundle-symbolicname org.objectweb.asm.tree Medium Vendor jar package name asm Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor pom organization name OW2 High Vendor pom url http://asm.ow2.io/ Highest Vendor jar package name objectweb Highest Vendor jar package name tree Highest Vendor pom organization url http://www.ow2.org/ Medium Vendor Manifest module-requires org.objectweb.asm;transitive=true Low Vendor pom artifactid asm-tree Low Vendor file name asm-tree High Vendor pom parent-artifactid ow2 Low Vendor pom parent-groupid org.ow2 Medium Vendor Manifest bundle-docurl http://asm.ow2.org Low Vendor pom groupid ow2.asm Highest Product pom name asm-tree High Product Manifest bundle-symbolicname org.objectweb.asm.tree Medium Product jar package name asm Highest Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product pom organization url http://www.ow2.org/ Low Product Manifest Implementation-Title Tree API of ASM, a very small and fast Java bytecode manipulation framework High Product jar package name objectweb Highest Product jar package name tree Highest Product Manifest module-requires org.objectweb.asm;transitive=true Low Product Manifest Bundle-Name org.objectweb.asm.tree Medium Product file name asm-tree High Product pom organization name OW2 Low Product pom url http://asm.ow2.io/ Medium Product pom artifactid asm-tree Highest Product pom parent-artifactid ow2 Medium Product pom parent-groupid org.ow2 Medium Product Manifest bundle-docurl http://asm.ow2.org Low Product pom groupid ow2.asm Highest Version pom version 7.3.1 Highest Version file version 7.3.1 High Version Manifest Implementation-Version 7.3.1 High Version Manifest Bundle-Version 7.3.1 High Version pom parent-version 7.3.1 Low
aspectjweaver-1.8.9.jarDescription:
The AspectJ weaver introduces advices to java classes License:
Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html File Path: /Users/lukaszlenart/.m2/repository/org/aspectj/aspectjweaver/1.8.9/aspectjweaver-1.8.9.jar
MD5: 304a51bce49f52a26bb79f3fd0b58325
SHA1: db28774f477f07220eac18d5ec9c4e01f48589d7
SHA256: 5e41d39eca300e2d8e6067f5660d70dcc66ec2da9cbd46a3d5985e609d1e6ecf
Referenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor pom name AspectJ weaver High Vendor Manifest Implementation-Vendor aspectj.org High Vendor pom artifactid aspectjweaver Low Vendor jar package name weaver Highest Vendor Manifest specification-vendor aspectj.org Low Vendor pom groupid org.aspectj Highest Vendor Manifest name org/aspectj/weaver/ Medium Vendor jar package name aspectj Highest Vendor Manifest can-redefine-classes true Low Vendor jar package name org Highest Vendor pom url http://www.aspectj.org Highest Vendor file name aspectjweaver High Vendor pom groupid aspectj Highest Product pom name AspectJ weaver High Product jar package name weaver Highest Product pom url http://www.aspectj.org Medium Product Manifest Implementation-Title org.aspectj.weaver High Product Manifest specification-title AspectJ Weaver Classes Medium Product pom artifactid aspectjweaver Highest Product jar package name aspectj Highest Product Manifest name org/aspectj/weaver/ Medium Product Manifest can-redefine-classes true Low Product jar package name org Highest Product file name aspectjweaver High Product pom groupid aspectj Highest Version pom version 1.8.9 Highest Version Manifest Implementation-Version 1.8.9 High Version file version 1.8.9 High
bootstrap.min.jsFile Path: /Users/lukaszlenart/Projects/Apache/struts/apps/showcase/src/main/webapp/js/bootstrap.min.jsMD5: 8c237312864d2e4c4f03544cd4f9b195SHA1: 253711c6d825de55a8360552573be950da180614SHA256: d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8Referenced In Project/Scope: Struts 2 Showcase Webapp
Evidence Type Source Name Value Confidence Vendor file name bootstrap High Product file name bootstrap High Version file version 3.3.4 High
Published Vulnerabilities CVE-2018-14040 suppress
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2 cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:* CVE-2018-14041 suppress
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2 cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:* CVE-2018-14042 suppress
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2 cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:* CVE-2019-8331 suppress
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4 cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0 cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4 cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1 cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1 cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4 cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4 cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4 cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4 cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1 cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1 cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1 cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4 cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4 cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1 cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1 cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1 cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1 cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0 cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4 cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0 cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0 cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1 cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0 cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0 cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4 cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0 cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0 cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1 cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4 cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1 cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1 cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0 cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4 cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0 cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0 cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0 cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0 cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.1 cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4 cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.3.0; versions up to (excluding) 4.3.1 bsh-2.0b4.jarDescription:
BeanShell File Path: /Users/lukaszlenart/.m2/repository/org/beanshell/bsh/2.0b4/bsh-2.0b4.jarMD5: a1c60aa83c9c9a6cb2391c1c1b85eb00SHA1: a05f0a0feefa8d8467ac80e16e7de071489f0d9cSHA256: 91395c07885839a8c6986d5b7c577cd9bacf01bf129c89141f35e8ea858427b6Referenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor http://www.beanshell.org/ Low Vendor Manifest Implementation-Vendor Pat Niemeyer (pat@pat.net) High Vendor file name bsh High Vendor pom groupid beanshell Highest Vendor pom parent-groupid org.beanshell Medium Vendor pom parent-artifactid beanshell Low Vendor pom name BeanShell High Vendor pom artifactid bsh Low Vendor hint analyzer vendor beanshell_project Highest Vendor pom groupid org.beanshell Highest Vendor jar package name org Highest Vendor jar package name bsh Highest Product pom name BeanShell High Product Manifest specification-title BeanShell Medium Product jar package name org Highest Product pom parent-artifactid beanshell Medium Product file name bsh High Product pom artifactid bsh Highest Product pom groupid beanshell Highest Product hint analyzer product beanshell Highest Product jar package name bsh Highest Product pom parent-groupid org.beanshell Medium Version pom version 2.0b4 Highest
cglib-2.2.2.jarDescription:
Code generation library License:
ASF 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/cglib/cglib/2.2.2/cglib-2.2.2.jar
MD5: b3f681be48fce094cf01a045f5bdca6f
SHA1: a47a971686474124562bdd4a7ccbd8ac8c3e8b11
SHA256: a93e4485d274277177480c4afe6ddd8355cda1cacfe356c134e25d65193935fd
Referenced In Projects/Scopes: Struts 2 JUnit Plugin:compile Struts 2 Rest Showcase Webapp:compile Struts 2 OSGi Demo Bundle:compile Struts 2 Velocity Plugin:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Configuration Browser Plugin:compile DEPRECATED: Struts 2 Embedded JSP Plugin:compile Struts 2 Sitemesh Plugin:compile Struts 2 Portlet Plugin:compile Struts 2 Showcase Webapp:compile Struts 2 Assembly:compile Struts 2 Portlet Tiles Plugin:compile Struts 2 OSGi Plugin:compile Evidence Type Source Name Value Confidence Vendor jar package name cglib Highest Vendor file name cglib High Vendor pom name Code Generation Library High Vendor jar package name sf Low Vendor pom url http://cglib.sourceforge.net/ Highest Vendor pom artifactid cglib Low Vendor jar package name cglib Low Vendor jar package name net Low Vendor pom groupid cglib Highest Product jar package name cglib Highest Product pom artifactid cglib Highest Product file name cglib High Product pom name Code Generation Library High Product jar package name sf Low Product jar package name cglib Low Product pom groupid cglib Highest Product pom url http://cglib.sourceforge.net/ Medium Version file version 2.2.2 High Version pom version 2.2.2 Highest
classmate-1.3.4.jarDescription:
Library for introspecting types with full generic information
including resolving of field and method types.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/com/fasterxml/classmate/1.3.4/classmate-1.3.4.jar
MD5: 1e2e0fcc510753882683417e01895242
SHA1: 03d5f48f10bbe4eb7bd862f10c0583be2e0053c6
SHA256: c2bfcc21467351d0f9a1558822b72dbac2b21f6b9f700a44fc6b345491ef3c88
Referenced In Project/Scope: Struts 2 Showcase Webapp:compile
Evidence Type Source Name Value Confidence Vendor pom name ClassMate High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom parent-artifactid oss-parent Low Vendor pom organization name fasterxml.com High Vendor Manifest specification-vendor fasterxml.com Low Vendor pom artifactid classmate Low Vendor pom groupid com.fasterxml Highest Vendor jar package name types Highest Vendor Manifest bundle-docurl http://github.com/FasterXML/java-classmate Low Vendor Manifest automatic-module-name com.fasterxml.classmate Medium Vendor Manifest implementation-build-date 2017-09-09 21:47:22+0000 Low Vendor pom parent-groupid com.fasterxml Medium Vendor jar package name classmate Highest Vendor jar package name fasterxml Highest Vendor file name classmate High Vendor Manifest Implementation-Vendor fasterxml.com High Vendor pom organization url http://fasterxml.com Medium Vendor Manifest bundle-symbolicname com.fasterxml.classmate Medium Vendor Manifest Implementation-Vendor-Id com.fasterxml Medium Vendor pom groupid fasterxml Highest Vendor pom url http://github.com/FasterXML/java-classmate Highest Product pom name ClassMate High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest Bundle-Name ClassMate Medium Product Manifest specification-title ClassMate Medium Product jar package name types Highest Product pom artifactid classmate Highest Product pom parent-artifactid oss-parent Medium Product pom organization url http://fasterxml.com Low Product Manifest bundle-docurl http://github.com/FasterXML/java-classmate Low Product Manifest automatic-module-name com.fasterxml.classmate Medium Product pom organization name fasterxml.com Low Product Manifest implementation-build-date 2017-09-09 21:47:22+0000 Low Product pom parent-groupid com.fasterxml Medium Product pom url http://github.com/FasterXML/java-classmate Medium Product jar package name filter Highest Product jar package name classmate Highest Product Manifest Implementation-Title ClassMate High Product jar package name fasterxml Highest Product file name classmate High Product Manifest bundle-symbolicname com.fasterxml.classmate Medium Product pom groupid fasterxml Highest Version file version 1.3.4 High Version Manifest Bundle-Version 1.3.4 High Version Manifest Implementation-Version 1.3.4 High Version pom version 1.3.4 Highest Version pom parent-version 1.3.4 Low
classworlds-1.1.jarFile Path: /Users/lukaszlenart/.m2/repository/classworlds/classworlds/1.1/classworlds-1.1.jarMD5: c20629baa65f1f2948b37aa393b0310bSHA1: 60c708f55deeb7c5dfce8a7886ef09cbc1388ecaSHA256: 4e3e0ad158ec60917e0de544c550f31cd65d5a97c3af1c1968bf427e4a9df2e4Referenced In Projects/Scopes:
Struts 2 Plexus Plugin:compile Struts 2 Assembly:compile Evidence Type Source Name Value Confidence Vendor pom name classworlds High Vendor pom url http://classworlds.codehaus.org/ Highest Vendor pom groupid classworlds Highest Vendor Manifest Implementation-Vendor The Codehaus High Vendor pom organization url http://codehaus.org/ Medium Vendor file name classworlds High Vendor jar package name codehaus Highest Vendor Manifest extension-name classworlds Medium Vendor Manifest specification-vendor The Codehaus Low Vendor pom organization name The Codehaus High Vendor pom artifactid classworlds Low Vendor jar package name classworlds Highest Product pom name classworlds High Product pom groupid classworlds Highest Product pom url http://classworlds.codehaus.org/ Medium Product file name classworlds High Product jar package name codehaus Highest Product Manifest extension-name classworlds Medium Product pom artifactid classworlds Highest Product pom organization url http://codehaus.org/ Low Product jar package name classworlds Highest Product Manifest specification-title classworlds: Java(tm) ClassLoader Management F... Medium Product pom organization name The Codehaus Low Product Manifest Implementation-Title org.codehaus.classworlds High Version file version 1.1 High Version Manifest Implementation-Version 1.1 High Version pom version 1.1 Highest
commons-beanutils-1.9.4.jarDescription:
Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/commons-beanutils/commons-beanutils/1.9.4/commons-beanutils-1.9.4.jar
MD5: 07dc532ee316fe1f2f0323e9bd2f8df4
SHA1: d52b9abcd97f38c81342bb7e7ae1eee9b73cba51
SHA256: 7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a
Referenced In Projects/Scopes: Struts 2 JUnit Plugin:compile Struts 2 Rest Showcase Webapp:compile Struts 2 OSGi Demo Bundle:compile Struts 2 REST Plugin:compile Struts 2 Velocity Plugin:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Configuration Browser Plugin:compile DEPRECATED: Struts 2 Embedded JSP Plugin:compile Struts 2 Bean Validation Plugin:compile Struts 2 Sitemesh Plugin:compile Struts 2 Portlet Plugin:compile Struts 2 Showcase Webapp:compile Struts 2 Tiles Plugin:compile Struts 2 Assembly:compile Struts 2 Portlet Tiles Plugin:compile Struts 2 OSGi Plugin:compile Evidence Type Source Name Value Confidence Vendor pom url https://commons.apache.org/proper/commons-beanutils/ Highest Vendor Manifest bundle-symbolicname org.apache.commons.commons-beanutils Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom groupid commons-beanutils Highest Vendor jar package name apache Highest Vendor Manifest implementation-build UNKNOWN_BRANCH@r??????; 2019-07-28 22:14:44+0000 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-beanutils/ Low Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name commons Highest Vendor file name commons-beanutils High Vendor Manifest implementation-url https://commons.apache.org/proper/commons-beanutils/ Low Vendor pom artifactid commons-beanutils Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom name Apache Commons BeanUtils High Vendor jar package name beanutils Highest Vendor pom parent-artifactid commons-parent Low Product Manifest Bundle-Name Apache Commons BeanUtils Medium Product Manifest bundle-symbolicname org.apache.commons.commons-beanutils Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product jar package name apache Highest Product pom groupid commons-beanutils Highest Product Manifest implementation-build UNKNOWN_BRANCH@r??????; 2019-07-28 22:14:44+0000 Low Product Manifest Implementation-Title Apache Commons BeanUtils High Product Manifest specification-title Apache Commons BeanUtils Medium Product Manifest bundle-docurl https://commons.apache.org/proper/commons-beanutils/ Low Product pom parent-groupid org.apache.commons Medium Product pom parent-artifactid commons-parent Medium Product jar package name commons Highest Product file name commons-beanutils High Product Manifest implementation-url https://commons.apache.org/proper/commons-beanutils/ Low Product pom artifactid commons-beanutils Highest Product pom url https://commons.apache.org/proper/commons-beanutils/ Medium Product pom name Apache Commons BeanUtils High Product jar package name beanutils Highest Version Manifest Implementation-Version 1.9.4 High Version pom parent-version 1.9.4 Low Version Manifest Bundle-Version 1.9.4 High Version file version 1.9.4 High Version pom version 1.9.4 Highest
commons-collections-3.2.2.jarDescription:
Types that extend and augment the Java Collections Framework. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256: eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Referenced In Projects/Scopes: Struts 2 JUnit Plugin:compile Struts 2 Rest Showcase Webapp:compile Struts 2 OSGi Demo Bundle:compile Struts 2 REST Plugin:compile Struts 2 Velocity Plugin:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Configuration Browser Plugin:compile DEPRECATED: Struts 2 Embedded JSP Plugin:compile Struts 2 Bean Validation Plugin:compile Struts 2 Sitemesh Plugin:compile Struts 2 Portlet Plugin:compile Struts 2 Showcase Webapp:compile Struts 2 Tiles Plugin:compile Struts 2 Assembly:compile Struts 2 Portlet Tiles Plugin:compile Struts 2 OSGi Plugin:compile Evidence Type Source Name Value Confidence Vendor file name commons-collections High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor Manifest bundle-docurl http://commons.apache.org/collections/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid commons-collections Highest Vendor jar package name collections Highest Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name commons Highest Vendor Manifest implementation-build tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100 Low Vendor Manifest implementation-url http://commons.apache.org/collections/ Low Vendor Manifest bundle-symbolicname org.apache.commons.collections Medium Vendor pom artifactid commons-collections Low Vendor pom url http://commons.apache.org/collections/ Highest Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom name Apache Commons Collections High Vendor pom parent-artifactid commons-parent Low Product file name commons-collections High Product Manifest Bundle-Name Apache Commons Collections Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))" Low Product pom url http://commons.apache.org/collections/ Medium Product pom artifactid commons-collections Highest Product jar package name apache Highest Product Manifest bundle-docurl http://commons.apache.org/collections/ Low Product Manifest specification-title Apache Commons Collections Medium Product pom groupid commons-collections Highest Product jar package name collections Highest Product pom parent-groupid org.apache.commons Medium Product pom parent-artifactid commons-parent Medium Product jar package name commons Highest Product Manifest implementation-build tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100 Low Product Manifest implementation-url http://commons.apache.org/collections/ Low Product Manifest bundle-symbolicname org.apache.commons.collections Medium Product Manifest Implementation-Title Apache Commons Collections High Product pom name Apache Commons Collections High Version Manifest Bundle-Version 3.2.2 High Version file version 3.2.2 High Version Manifest Implementation-Version 3.2.2 High Version pom version 3.2.2 Highest Version pom parent-version 3.2.2 Low
commons-digester-2.1.jarDescription:
The Digester package lets you configure an XML to Java object mapping module
which triggers certain actions called rules whenever a particular
pattern of nested XML elements is recognized.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/commons-digester/commons-digester/2.1/commons-digester-2.1.jar
MD5: 528445033f22da28f5047b6abcd1c7c9
SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0
SHA256: e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d
Referenced In Projects/Scopes: Struts 2 OSGi Demo Bundle:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Showcase Webapp:compile Struts 2 Tiles Plugin:compile Struts 2 Assembly:compile Struts 2 Portlet Tiles Plugin:compile Struts 2 OSGi Plugin:compile Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor jar package name rules Highest Vendor Manifest bundle-symbolicname org.apache.commons.digester Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor file name commons-digester High Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name commons Highest Vendor pom groupid commons-digester Highest Vendor Manifest bundle-docurl http://commons.apache.org/digester/ Low Vendor pom artifactid commons-digester Low Vendor jar package name digester Highest Vendor pom url http://commons.apache.org/digester/ Highest Vendor pom name Commons Digester High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-artifactid commons-parent Low Product Manifest specification-title Commons Digester Medium Product pom artifactid commons-digester Highest Product Manifest Bundle-Name Commons Digester Medium Product Manifest Implementation-Title Commons Digester High Product jar package name apache Highest Product jar package name rules Highest Product Manifest bundle-symbolicname org.apache.commons.digester Medium Product file name commons-digester High Product pom parent-groupid org.apache.commons Medium Product pom parent-artifactid commons-parent Medium Product jar package name commons Highest Product pom url http://commons.apache.org/digester/ Medium Product Manifest bundle-docurl http://commons.apache.org/digester/ Low Product pom groupid commons-digester Highest Product jar package name digester Highest Product pom name Commons Digester High Version Manifest Bundle-Version 2.1 High Version Manifest Implementation-Version 2.1 High Version pom parent-version 2.1 Low Version pom version 2.1 Highest Version file version 2.1 High
commons-digester3-3.2.jarDescription:
The Apache Commons Digester package lets you configure an XML to Java
object mapping module which triggers certain actions called rules whenever
a particular pattern of nested XML elements is recognized.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/commons/commons-digester3/3.2/commons-digester3-3.2.jar
MD5: 41d2c62c7aedafa7a3627794abc83f71
SHA1: c3f68c5ff25ec5204470fd8fdf4cb8feff5e8a79
SHA256: 1c150e3d2df4b4237b47e28fea2079fb0da324578d5cca6a5fed2e37a62082ec
Referenced In Projects/Scopes: Struts 2 JUnit Plugin:compile Struts 2 Rest Showcase Webapp:compile Struts 2 OSGi Demo Bundle:compile Struts 2 Velocity Plugin:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Configuration Browser Plugin:compile DEPRECATED: Struts 2 Embedded JSP Plugin:compile Struts 2 Sitemesh Plugin:compile Struts 2 Portlet Plugin:compile Struts 2 Showcase Webapp:compile Struts 2 Assembly:compile Struts 2 Portlet Tiles Plugin:compile Struts 2 OSGi Plugin:compile Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor file name commons-digester3 High Vendor jar package name apache Highest Vendor jar package name rules Highest Vendor jar package name digester3 Highest Vendor Manifest bundle-symbolicname org.apache.commons.digester Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name commons Highest Vendor Manifest bundle-docurl http://commons.apache.org/digester/ Low Vendor pom groupid apache.commons Highest Vendor pom name Apache Commons Digester High Vendor pom groupid org.apache.commons Highest Vendor Manifest implementation-build tags/DIGESTER3_3_2_RC2@r1212807; 2011-12-10 15:57:06+0100 Low Vendor jar package name digester Highest Vendor pom url http://commons.apache.org/digester/ Highest Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom artifactid commons-digester3 Low Vendor pom parent-artifactid commons-parent Low Product Manifest Implementation-Title Apache Commons Digester High Product Manifest specification-title Apache Commons Digester Medium Product file name commons-digester3 High Product jar package name apache Highest Product jar package name rules Highest Product Manifest Bundle-Name Apache Commons Digester Medium Product jar package name digester3 Highest Product Manifest bundle-symbolicname org.apache.commons.digester Medium Product pom parent-groupid org.apache.commons Medium Product pom parent-artifactid commons-parent Medium Product jar package name commons Highest Product pom url http://commons.apache.org/digester/ Medium Product Manifest bundle-docurl http://commons.apache.org/digester/ Low Product pom groupid apache.commons Highest Product pom name Apache Commons Digester High Product Manifest implementation-build tags/DIGESTER3_3_2_RC2@r1212807; 2011-12-10 15:57:06+0100 Low Product jar package name digester Highest Product pom artifactid commons-digester3 Highest Version pom version 3.2 Highest Version file version 3.2 High Version pom parent-version 3.2 Low Version Manifest Implementation-Version 3.2 High
commons-fileupload-1.4.jarDescription:
The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/commons-fileupload/commons-fileupload/1.4/commons-fileupload-1.4.jar
MD5: 0c3b924dcaaa90c3fb93fe04ae96a35e
SHA1: f95188e3d372e20e7328706c37ef366e5d7859b0
SHA256: a4ec02336f49253ea50405698b79232b8c5cbf02cb60df3a674d77a749a1def7
Referenced In Projects/Scopes: Struts 2 Pell Multipart Plugin:compile Struts 2 Rest Showcase Webapp:compile Struts 2 Webapps:compile Struts 2 Plexus Plugin:compile Struts 2 JSON Plugin:compile DEPRECATED: Struts 2 Embedded JSP Plugin:compile Struts 2 Bean Validation Plugin:compile Struts 2 Java Templates Plugin:compile Struts 2 Async Plugin:compile Struts 2 Convention Plugin:compile Struts 2 CDI Plugin:compile Struts 2 Plugins:compile Struts 2 Showcase Webapp:compile Struts 2 Tiles Plugin:compile Struts 2 Spring Plugin:compile Struts 2 Assembly:compile Struts 2 OSGi Plugin:compile Struts 2 GXP Plugin:compile Struts 2 OVal Plugin:compile Struts 2 JUnit Plugin:compile Struts 2 OSGi Bundles:compile Struts 2 OSGi Demo Bundle:compile Struts 2 REST Plugin:compile Struts 2 Velocity Plugin:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Portlet Mocks Plugin:compile Struts 2 Configuration Browser Plugin:compile Struts 2 Jasper Reports Plugin:compile Struts 2 Sitemesh Plugin:compile Struts 2 DWR Plugin:compile Struts 2 TestNG Plugin:compile Struts 2 JFreeChart Plugin:compile Struts 2 Core:compile Struts 2 Portlet Tiles Plugin:compile Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-fileupload/ Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor jar package name fileupload Highest Vendor pom url http://commons.apache.org/proper/commons-fileupload/ Highest Vendor pom groupid commons-fileupload Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom artifactid commons-fileupload Low Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name commons Highest Vendor Manifest implementation-url http://commons.apache.org/proper/commons-fileupload/ Low Vendor Manifest implementation-build UNKNOWN@r047f31576411beee69cf75584ae76531cc9ac753; 2018-12-24 07:06:18+0000 Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom name Apache Commons FileUpload High Vendor file name commons-fileupload High Vendor Manifest bundle-symbolicname org.apache.commons.commons-fileupload Medium Vendor pom parent-artifactid commons-parent Low Product Manifest specification-title Apache Commons FileUpload Medium Product Manifest bundle-docurl http://commons.apache.org/proper/commons-fileupload/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product jar package name apache Highest Product jar package name fileupload Highest Product Manifest Implementation-Title Apache Commons FileUpload High Product Manifest Bundle-Name Apache Commons FileUpload Medium Product pom groupid commons-fileupload Highest Product pom parent-groupid org.apache.commons Medium Product pom parent-artifactid commons-parent Medium Product jar package name commons Highest Product pom url http://commons.apache.org/proper/commons-fileupload/ Medium Product Manifest implementation-url http://commons.apache.org/proper/commons-fileupload/ Low Product pom artifactid commons-fileupload Highest Product Manifest implementation-build UNKNOWN@r047f31576411beee69cf75584ae76531cc9ac753; 2018-12-24 07:06:18+0000 Low Product pom name Apache Commons FileUpload High Product file name commons-fileupload High Product Manifest bundle-symbolicname org.apache.commons.commons-fileupload Medium Version pom parent-version 1.4 Low Version pom version 1.4 Highest Version file version 1.4 High Version Manifest Implementation-Version 1.4 High
commons-io-2.6.jarDescription:
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar
MD5: 467c2a1f64319c99b5faf03fc78572af
SHA1: 815893df5f31da2ece4040fe0a12fd44b577afaf
SHA256: f877d304660ac2a142f3865badfc971dec7ed73c747c7f8d5d2f5139ca736513
Referenced In Projects/Scopes: Struts 2 Pell Multipart Plugin:compile Struts 2 Rest Showcase Webapp:compile Struts 2 Webapps:compile Struts 2 Plexus Plugin:compile Struts 2 JSON Plugin:compile DEPRECATED: Struts 2 Embedded JSP Plugin:compile Struts 2 Bean Validation Plugin:compile Struts 2 Java Templates Plugin:compile Struts 2 Async Plugin:compile Struts 2 Convention Plugin:compile Struts 2 CDI Plugin:compile Struts 2 Portlet Plugin:compile Struts 2 Plugins:compile Struts 2 Showcase Webapp:compile Struts 2 Tiles Plugin:compile Struts 2 Spring Plugin:compile Struts 2 Assembly:compile Struts 2 OSGi Plugin:compile Struts 2 GXP Plugin:compile Struts 2 OVal Plugin:compile Struts 2 JUnit Plugin:compile Struts 2 OSGi Bundles:compile Struts 2 OSGi Demo Bundle:compile Struts 2 REST Plugin:compile Struts 2 Velocity Plugin:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Portlet Mocks Plugin:compile Struts 2 Configuration Browser Plugin:compile Struts 2 Jasper Reports Plugin:compile Struts 2 Sitemesh Plugin:compile Struts 2 DWR Plugin:compile Struts 2 TestNG Plugin:compile Struts 2 JFreeChart Plugin:compile Struts 2 Core:compile Struts 2 Portlet Tiles Plugin:compile Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname org.apache.commons.io Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-io/ Low Vendor pom groupid commons-io Highest Vendor jar package name apache Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom url http://commons.apache.org/proper/commons-io/ Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest implementation-url http://commons.apache.org/proper/commons-io/ Low Vendor file name commons-io High Vendor jar package name io Highest Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name commons Highest Vendor pom name Apache Commons IO High Vendor Manifest automatic-module-name org.apache.commons.io Medium Vendor pom artifactid commons-io Low Vendor Manifest Implementation-Vendor-Id commons-io Medium Vendor pom parent-artifactid commons-parent Low Product Manifest Implementation-Title Apache Commons IO High Product Manifest bundle-symbolicname org.apache.commons.io Medium Product Manifest bundle-docurl http://commons.apache.org/proper/commons-io/ Low Product jar package name apache Highest Product Manifest specification-title Apache Commons IO Medium Product pom groupid commons-io Highest Product pom url http://commons.apache.org/proper/commons-io/ Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest implementation-url http://commons.apache.org/proper/commons-io/ Low Product file name commons-io High Product jar package name io Highest Product pom parent-groupid org.apache.commons Medium Product pom parent-artifactid commons-parent Medium Product jar package name commons Highest Product pom name Apache Commons IO High Product pom artifactid commons-io Highest Product Manifest Bundle-Name Apache Commons IO Medium Product Manifest automatic-module-name org.apache.commons.io Medium Version pom version 2.6 Highest Version Manifest Implementation-Version 2.6 High Version pom parent-version 2.6 Low Version file version 2.6 High
commons-jci-fam-1.1.jarDescription:
Commons JCI FileAlterationMonitor (FAM) to monitor local filesystems and get notified about changes.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/commons/commons-jci-fam/1.1/commons-jci-fam-1.1.jar
MD5: 97f78ec23facfb57a63b8355fd90054f
SHA1: 32ae39163b0d71ad2487f71acf107a7ac2c67e5c
SHA256: b16da511a42f7454c0d28ecb5464c1a84bc7a41339112220c601f4db4cfcc85b
Referenced In Project/Scope: Struts 2 Spring Plugin:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-jci/commons-jci-fam Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor pom parent-artifactid commons-jci Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name commons Highest Vendor pom artifactid commons-jci-fam Low Vendor pom groupid apache.commons Highest Vendor Manifest implementation-build trunk@r1530563; 2013-10-09 16:22:35+0200 Low Vendor Manifest bundle-symbolicname org.apache.commons.jci-fam Medium Vendor pom groupid org.apache.commons Highest Vendor jar package name jci Highest Vendor file name commons-jci-fam High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom name Apache Commons JCI FileAlterationMonitor High Product Manifest bundle-docurl http://commons.apache.org/proper/commons-jci/commons-jci-fam Low Product Manifest specification-title Apache Commons JCI FileAlterationMonitor Medium Product jar package name apache Highest Product pom parent-artifactid commons-jci Medium Product Manifest Implementation-Title Apache Commons JCI FileAlterationMonitor High Product pom parent-groupid org.apache.commons Medium Product jar package name commons Highest Product pom groupid apache.commons Highest Product Manifest implementation-build trunk@r1530563; 2013-10-09 16:22:35+0200 Low Product Manifest bundle-symbolicname org.apache.commons.jci-fam Medium Product jar package name jci Highest Product pom artifactid commons-jci-fam Highest Product file name commons-jci-fam High Product pom name Apache Commons JCI FileAlterationMonitor High Product Manifest Bundle-Name Apache Commons JCI FileAlterationMonitor Medium Version file version 1.1 High Version Manifest Implementation-Version 1.1 High Version pom version 1.1 Highest
commons-lang3-3.10.jarDescription:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/commons/commons-lang3/3.10/commons-lang3-3.10.jar
MD5: 238dcae7363dd86b2e515a2a29e8b4d9
SHA1: e155460aaf5b464062a09c3923f089ce99128a17
SHA256: 28968ae55fff465494083aeba856f8824c34902329882bf61e77246a91e25aa9
Referenced In Projects/Scopes: Struts 2 Pell Multipart Plugin:compile Struts 2 Rest Showcase Webapp:compile Struts 2 Webapps:compile Struts 2 Plexus Plugin:compile Struts 2 JSON Plugin:compile DEPRECATED: Struts 2 Embedded JSP Plugin:compile Struts 2 Bean Validation Plugin:compile Struts 2 Java Templates Plugin:compile Struts 2 Async Plugin:compile Struts 2 Convention Plugin:compile Struts 2 CDI Plugin:compile Struts 2 Portlet Plugin:compile Struts 2 Plugins:compile Struts 2 Showcase Webapp:compile Struts 2 Tiles Plugin:compile Struts 2 Spring Plugin:compile Struts 2 Assembly:compile Struts 2 OSGi Plugin:compile Struts 2 GXP Plugin:compile Struts 2 OVal Plugin:compile Struts 2 JUnit Plugin:compile Struts 2 OSGi Bundles:compile Struts 2 OSGi Demo Bundle:compile Struts 2 REST Plugin:compile Struts 2 Velocity Plugin:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Portlet Mocks Plugin:compile Struts 2 Configuration Browser Plugin:compile Struts 2 Jasper Reports Plugin:compile Struts 2 Sitemesh Plugin:compile Struts 2 DWR Plugin:compile Struts 2 TestNG Plugin:compile Struts 2 JFreeChart Plugin:compile Struts 2 Core:compile Struts 2 Portlet Tiles Plugin:compile Evidence Type Source Name Value Confidence Vendor Manifest automatic-module-name org.apache.commons.lang3 Medium Vendor pom name Apache Commons Lang High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor pom artifactid commons-lang3 Low Vendor file name commons-lang3 High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom url https://commons.apache.org/proper/commons-lang/ Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor jar package name lang3 Highest Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name commons Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-lang/ Low Vendor pom groupid apache.commons Highest Vendor pom groupid org.apache.commons Highest Vendor Manifest bundle-symbolicname org.apache.commons.lang3 Medium Vendor pom parent-artifactid commons-parent Low Product Manifest automatic-module-name org.apache.commons.lang3 Medium Product pom name Apache Commons Lang High Product jar package name apache Highest Product Manifest specification-title Apache Commons Lang Medium Product file name commons-lang3 High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product jar package name lang3 Highest Product pom artifactid commons-lang3 Highest Product pom parent-groupid org.apache.commons Medium Product pom parent-artifactid commons-parent Medium Product jar package name commons Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Apache Commons Lang High Product Manifest bundle-docurl https://commons.apache.org/proper/commons-lang/ Low Product pom groupid apache.commons Highest Product Manifest bundle-symbolicname org.apache.commons.lang3 Medium Product Manifest Bundle-Name Apache Commons Lang Medium Product pom url https://commons.apache.org/proper/commons-lang/ Medium Version file version 3.10 High Version pom version 3.10 Highest Version Manifest Implementation-Version 3.10 High Version pom parent-version 3.10 Low
commons-logging-1.2.jarDescription:
Apache Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256: daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Projects/Scopes: Struts 2 JUnit Plugin:compile Struts 2 Rest Showcase Webapp:compile Struts 2 OSGi Demo Bundle:compile Struts 2 REST Plugin:compile Struts 2 Velocity Plugin:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Portlet Mocks Plugin:compile Struts 2 Configuration Browser Plugin:compile DEPRECATED: Struts 2 Embedded JSP Plugin:compile Struts 2 Bean Validation Plugin:compile Struts 2 Sitemesh Plugin:compile Struts 2 Portlet Plugin:compile Struts 2 TestNG Plugin:compile Struts 2 Showcase Webapp:compile Struts 2 Spring Plugin:compile Struts 2 Assembly:compile Struts 2 Core:compile Struts 2 Portlet Tiles Plugin:compile Struts 2 OSGi Plugin:compile Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name commons Highest Vendor jar package name logging Highest Vendor pom groupid commons-logging Highest Vendor Manifest bundle-symbolicname org.apache.commons.logging Medium Vendor pom artifactid commons-logging Low Vendor Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Vendor file name commons-logging High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-artifactid commons-parent Low Vendor pom name Apache Commons Logging High Vendor pom url http://commons.apache.org/proper/commons-logging/ Highest Product Manifest Implementation-Title Apache Commons Logging High Product pom url http://commons.apache.org/proper/commons-logging/ Medium Product jar package name apache Highest Product pom artifactid commons-logging Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Product pom parent-groupid org.apache.commons Medium Product pom parent-artifactid commons-parent Medium Product jar package name commons Highest Product jar package name logging Highest Product Manifest specification-title Apache Commons Logging Medium Product pom groupid commons-logging Highest Product Manifest bundle-symbolicname org.apache.commons.logging Medium Product Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Product Manifest Bundle-Name Apache Commons Logging Medium Product file name commons-logging High Product pom name Apache Commons Logging High Version pom parent-version 1.2 Low Version pom version 1.2 Highest Version Manifest Implementation-Version 1.2 High Version file version 1.2 High
commons-text-1.8.jarDescription:
Apache Commons Text is a library focused on algorithms working on strings. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/commons/commons-text/1.8/commons-text-1.8.jar
MD5: f2243d67b348e7175f55902cdb7e54af
SHA1: 879a6bde4c0537a25504c72ec7a94ba4099f469c
SHA256: 6fe7ad4ad5349d6b77e7a0e1c9f6037108a1ee48c42e7e6eb4b18f56d324f7b2
Referenced In Projects/Scopes: Struts 2 Pell Multipart Plugin:compile Struts 2 Rest Showcase Webapp:compile Struts 2 Webapps:compile Struts 2 Plexus Plugin:compile Struts 2 JSON Plugin:compile DEPRECATED: Struts 2 Embedded JSP Plugin:compile Struts 2 Bean Validation Plugin:compile Struts 2 Java Templates Plugin:compile Struts 2 Async Plugin:compile Struts 2 Convention Plugin:compile Struts 2 CDI Plugin:compile Struts 2 Portlet Plugin:compile Struts 2 Plugins:compile Struts 2 Showcase Webapp:compile Struts 2 Tiles Plugin:compile Struts 2 Spring Plugin:compile Struts 2 Assembly:compile Struts 2 OSGi Plugin:compile Struts 2 GXP Plugin:compile Struts 2 OVal Plugin:compile Struts 2 JUnit Plugin:compile Struts 2 OSGi Bundles:compile Struts 2 OSGi Demo Bundle:compile Struts 2 REST Plugin:compile Struts 2 Velocity Plugin:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Portlet Mocks Plugin:compile Struts 2 Configuration Browser Plugin:compile Struts 2 Jasper Reports Plugin:compile Struts 2 Sitemesh Plugin:compile Struts 2 DWR Plugin:compile Struts 2 TestNG Plugin:compile Struts 2 JFreeChart Plugin:compile Struts 2 Core:compile Struts 2 Portlet Tiles Plugin:compile Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor pom url https://commons.apache.org/proper/commons-text Highest Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-text Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor jar package name text Highest Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name commons Highest Vendor pom groupid apache.commons Highest Vendor pom groupid org.apache.commons Highest Vendor file name commons-text High Vendor Manifest implementation-url https://commons.apache.org/proper/commons-text Low Vendor pom artifactid commons-text Low Vendor Manifest automatic-module-name org.apache.commons.text Medium Vendor pom name Apache Commons Text High Vendor Manifest bundle-symbolicname org.apache.commons.commons-text Medium Vendor Manifest Implementation-Vendor-Id org.apache.commons Medium Vendor pom parent-artifactid commons-parent Low Product Manifest Bundle-Name Apache Commons Text Medium Product jar package name apache Highest Product Manifest bundle-docurl https://commons.apache.org/proper/commons-text Low Product Manifest Implementation-Title Apache Commons Text High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Apache Commons Text Medium Product jar package name text Highest Product pom parent-groupid org.apache.commons Medium Product pom parent-artifactid commons-parent Medium Product jar package name commons Highest Product pom groupid apache.commons Highest Product file name commons-text High Product Manifest implementation-url https://commons.apache.org/proper/commons-text Low Product pom artifactid commons-text Highest Product Manifest automatic-module-name org.apache.commons.text Medium Product pom name Apache Commons Text High Product pom url https://commons.apache.org/proper/commons-text Medium Product Manifest bundle-symbolicname org.apache.commons.commons-text Medium Version pom parent-version 1.8 Low Version Manifest Implementation-Version 1.8 High Version file version 1.8 High Version pom version 1.8 Highest
domTT.jsFile Path: /Users/lukaszlenart/Projects/Apache/struts/core/src/main/resources/org/apache/struts2/static/domTT.jsMD5: 44ed51154c7fa928005f39bbbed7d01aSHA1: 5584aa1028220f041ff7d89c48e9e8ffeaa05256SHA256: 60c72fad5a9688fc6a143176d84814b9ea2c4c9c882b4799921b950c415b961eReferenced In Project/Scope: Struts 2 Core
Evidence Type Source Name Value Confidence
Related Dependencies struts2-core-2.6-SNAPSHOT.jar: domTT.jsFile Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar/org/apache/struts2/static/domTT.js MD5: 44ed51154c7fa928005f39bbbed7d01a SHA1: 5584aa1028220f041ff7d89c48e9e8ffeaa05256 SHA256: 60c72fad5a9688fc6a143176d84814b9ea2c4c9c882b4799921b950c415b961e dwr-3.0.2-RELEASE.jarDescription:
DWR is easy Ajax for Java. It makes it simple to call Java code directly from Javascript.
It gets rid of almost all the boiler plate code between the web browser and your Java code.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/directwebremoting/dwr/3.0.2-RELEASE/dwr-3.0.2-RELEASE.jar
MD5: 1979e53a374c6c69ba3d85e63a528eed
SHA1: 3b3fd5901f4304021074e6c12f3bebf870524ca8
SHA256: 6d1604d83ae1be09bc88e812d17211eede300d819d4863ece42aa3fc933aa704
Referenced In Projects/Scopes: Struts 2 DWR Plugin:compile Struts 2 Showcase Webapp:compile Struts 2 Assembly:compile Evidence Type Source Name Value Confidence Vendor pom groupid directwebremoting Highest Vendor pom name Direct Web Remoting High Vendor pom groupid org.directwebremoting Highest Vendor pom url http://directwebremoting.org/dwr/index.html Highest Vendor jar package name directwebremoting Low Vendor jar package name browser Highest Vendor jar package name dwr Highest Vendor jar package name call Highest Vendor pom artifactid dwr Low Vendor file name dwr High Vendor jar package name directwebremoting Highest Product pom groupid directwebremoting Highest Product pom name Direct Web Remoting High Product pom artifactid dwr Highest Product jar package name browser Highest Product pom url http://directwebremoting.org/dwr/index.html Medium Product jar package name dwr Highest Product jar package name call Highest Product file name dwr High Product jar package name directwebremoting Highest Version pom version 3.0.2-RELEASE Highest
dwr-3.0.2-RELEASE.jar: DWRActionUtil.jsFile Path: /Users/lukaszlenart/.m2/repository/org/directwebremoting/dwr/3.0.2-RELEASE/dwr-3.0.2-RELEASE.jar/org/directwebremoting/webwork/DWRActionUtil.jsMD5: aa24bc4053d338ca92b23d76161b9088SHA1: 1a376c4c0d20b1ecbdbeaeba716ca8c08abe74b6SHA256: d0515b81fa1aca04e1a76ac9fc02c7a67d8e92a49a99f86118097e633355036cReferenced In Projects/Scopes:
Struts 2 DWR Plugin:compile Struts 2 Showcase Webapp:compile Struts 2 Assembly:compile Evidence Type Source Name Value Confidence
dwr-3.0.2-RELEASE.jar: dwr-bayeux.jsFile Path: /Users/lukaszlenart/.m2/repository/org/directwebremoting/dwr/3.0.2-RELEASE/dwr-3.0.2-RELEASE.jar/org/directwebremoting/dwr-bayeux.jsMD5: 1d0218f8604405115d37b955561240aaSHA1: eaabe3b2ef0a2cd47e845bbf416c2297da9f40c1SHA256: 4b39b2111b5f8c2c16f7b3b6438f22d42f88c7b643d4a106d7b06d1424121edcReferenced In Projects/Scopes:
Struts 2 DWR Plugin:compile Struts 2 Showcase Webapp:compile Struts 2 Assembly:compile Evidence Type Source Name Value Confidence
dwr-3.0.2-RELEASE.jar: engine.jsFile Path: /Users/lukaszlenart/.m2/repository/org/directwebremoting/dwr/3.0.2-RELEASE/dwr-3.0.2-RELEASE.jar/org/directwebremoting/engine.jsMD5: 880f6c8c33b796d048d932fa7b4f9e94SHA1: 244eb828dcf0d621deb664b7f90963bc82a4fcfbSHA256: 9f71097605e6cae7b47a784c4c33e7c6b179e077cc1d450f09ac3082c186f27fReferenced In Projects/Scopes:
Struts 2 DWR Plugin:compile Struts 2 Showcase Webapp:compile Struts 2 Assembly:compile Evidence Type Source Name Value Confidence
dwr-3.0.2-RELEASE.jar: util.jsFile Path: /Users/lukaszlenart/.m2/repository/org/directwebremoting/dwr/3.0.2-RELEASE/dwr-3.0.2-RELEASE.jar/org/directwebremoting/ui/servlet/util.jsMD5: 2ed867dc9aafda518ac0302e88c33ab9SHA1: 1c5a03a0b276cf94dc8dfd2ed884a2bdbe963abdSHA256: e4888d93d1712843369add2382ef4aee36bff6e34edf0bf1609e64ddfc51dacbReferenced In Projects/Scopes:
Struts 2 DWR Plugin:compile Struts 2 Showcase Webapp:compile Struts 2 Assembly:compile Evidence Type Source Name Value Confidence
freemarker-2.3.30.jarDescription:
FreeMarker is a "template engine"; a generic tool to generate text output based on templates.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/freemarker/freemarker/2.3.30/freemarker-2.3.30.jar
MD5: e702848d716f17cd39fabfe2415e104e
SHA1: 86d70d335c7821178f62b554aa3a4bc538a94f1a
SHA256: 6586433d90957c0b05a32bce07c71e8cebcea6afbea2e043bfe0c576c4d94338
Referenced In Projects/Scopes: Struts 2 Pell Multipart Plugin:compile Struts 2 Rest Showcase Webapp:compile Struts 2 Webapps:compile Struts 2 Plexus Plugin:compile Struts 2 JSON Plugin:compile DEPRECATED: Struts 2 Embedded JSP Plugin:compile Struts 2 Bean Validation Plugin:compile Struts 2 Java Templates Plugin:compile Struts 2 Async Plugin:compile Struts 2 Convention Plugin:compile Struts 2 CDI Plugin:compile Struts 2 Portlet Plugin:compile Struts 2 Plugins:compile Struts 2 Showcase Webapp:compile Struts 2 Tiles Plugin:compile Struts 2 Spring Plugin:compile Struts 2 Assembly:compile Struts 2 OSGi Plugin:compile Struts 2 GXP Plugin:compile Struts 2 OVal Plugin:compile Struts 2 JUnit Plugin:compile Struts 2 OSGi Bundles:compile Struts 2 OSGi Demo Bundle:compile Struts 2 REST Plugin:compile Struts 2 Velocity Plugin:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Portlet Mocks Plugin:compile Struts 2 Configuration Browser Plugin:compile Struts 2 Jasper Reports Plugin:compile Struts 2 Sitemesh Plugin:compile Struts 2 DWR Plugin:compile Struts 2 TestNG Plugin:compile Struts 2 JFreeChart Plugin:compile Struts 2 Core:compile Struts 2 Portlet Tiles Plugin:compile Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor freemarker.org High Vendor jar package name template Highest Vendor pom groupid org.freemarker Highest Vendor pom url https://freemarker.apache.org/ Highest Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8, JavaSE-1.7, JavaSE-1.6, J2SE-1.5 Low Vendor pom name Apache FreeMarker High Vendor pom groupid freemarker Highest Vendor jar package name freemarker Highest Vendor pom parent-groupid org.apache Medium Vendor Manifest extension-name FreeMarker Medium Vendor pom parent-artifactid apache Low Vendor Manifest dstamp 20200216 Low Vendor pom artifactid freemarker Low Vendor Manifest today February 16 2020 Low Vendor pom organization name Apache Software Foundation High Vendor pom organization url http://apache.org Medium Vendor Manifest tstamp 1915 Low Vendor file name freemarker High Vendor Manifest bundle-symbolicname org.freemarker.freemarker Medium Vendor Manifest specification-vendor freemarker.org Low Product jar package name template Highest Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8, JavaSE-1.7, JavaSE-1.6, J2SE-1.5 Low Product pom name Apache FreeMarker High Product pom groupid freemarker Highest Product pom artifactid freemarker Highest Product jar package name freemarker Highest Product Manifest Bundle-Name org.freemarker.freemarker Medium Product pom parent-groupid org.apache Medium Product pom url https://freemarker.apache.org/ Medium Product Manifest extension-name FreeMarker Medium Product pom organization url http://apache.org Low Product Manifest dstamp 20200216 Low Product pom organization name Apache Software Foundation Low Product Manifest today February 16 2020 Low Product Manifest specification-title FreeMarker Medium Product Manifest tstamp 1915 Low Product file name freemarker High Product Manifest bundle-symbolicname org.freemarker.freemarker Medium Product Manifest Implementation-Title FreeMarker High Product pom parent-artifactid apache Medium Version Manifest Implementation-Version 2.3.30 High Version pom version 2.3.30 Highest Version file version 2.3.30 High Version pom parent-version 2.3.30 Low
google-collections-1.0.jarDescription:
Google Collections Library is a suite of new collections and collection-related goodness for Java 5.0 License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/com/google/collections/google-collections/1.0/google-collections-1.0.jar
MD5: 7c882c8d734e50112000e4a88e06c535
SHA1: 9ffe71ac6dcab6bc03ea13f5c2e7b2804e69b357
SHA256: 81b8d638af0083c4b877099d56aa0fee714485cd2ace1b6a09cab867cadb375d
Referenced In Projects/Scopes: Struts 2 Assembly:compile Struts 2 GXP Plugin:compile Evidence Type Source Name Value Confidence Vendor pom name Google Collections Library High Vendor pom parent-artifactid google Low Vendor pom parent-groupid com.google Medium Vendor pom artifactid google-collections Low Vendor pom organization url http://www.google.com Medium Vendor pom groupid google.collections Highest Vendor jar package name google Low Vendor jar package name common Low Vendor pom url http://code.google.com/p/google-collections/ Highest Vendor pom groupid com.google.collections Highest Vendor jar package name google Highest Vendor jar package name collect Low Vendor file name google-collections High Vendor pom organization name Google High Product pom name Google Collections Library High Product pom organization name Google Low Product pom parent-groupid com.google Medium Product pom url http://code.google.com/p/google-collections/ Medium Product pom groupid google.collections Highest Product jar package name common Low Product pom parent-artifactid google Medium Product pom artifactid google-collections Highest Product jar package name google Highest Product jar package name collect Low Product file name google-collections High Product pom organization url http://www.google.com Low Version file version 1.0 High Version pom version 1.0 Highest Version pom parent-version 1.0 Low
google-gxp-0.2.4-beta.jarDescription:
Google XML Pages (GXP) is a templating system used to generate XML/SGML markup (most often HTML). File Path: /Users/lukaszlenart/.m2/repository/com/google/gxp/google-gxp/0.2.4-beta/google-gxp-0.2.4-beta.jarMD5: 9ccdb925731dab69eec49b1881a0794aSHA1: b80c7c780973ffd5eac63de301eb6a05035aeb46SHA256: ba6be4e0203e8e303569f1dfaf4624b90f7cecbe44c1bb391cc94f3365b4ec33Referenced In Projects/Scopes:
Struts 2 Assembly:compile Struts 2 GXP Plugin:compile Evidence Type Source Name Value Confidence Vendor pom groupid google.gxp Highest Vendor pom groupid com.google.gxp Highest Vendor pom parent-artifactid google Low Vendor jar package name gxp Highest Vendor pom parent-groupid com.google Medium Vendor pom artifactid google-gxp Low Vendor jar package name xml Highest Vendor jar package name html Highest Vendor pom url http://code.google.com/p/gxp/ Highest Vendor jar package name google Low Vendor jar package name com Highest Vendor jar package name gxp Low Vendor jar package name google Highest Vendor pom name Google XML Pages (GXP) High Vendor file name google-gxp High Product pom groupid google.gxp Highest Product pom artifactid google-gxp Highest Product pom url http://code.google.com/p/gxp/ Medium Product jar package name gxp Highest Product pom parent-groupid com.google Medium Product jar package name xml Highest Product jar package name html Highest Product jar package name com Highest Product jar package name gxp Low Product pom parent-artifactid google Medium Product jar package name google Highest Product pom name Google XML Pages (GXP) High Product file name google-gxp High Version pom version 0.2.4-beta Highest Version pom parent-version 0.2.4-beta Low
guava-19.0.jarDescription:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/com/google/guava/guava/19.0/guava-19.0.jar
MD5: 43bfc49bdc7324f6daaa60c1ee9f3972
SHA1: 6ce200f6b23222af3d8abb6b6459e6c44f4bb0e9
SHA256: 58d4cc2e05ebb012bbac568b032f75623be1cb6fb096f3c60c72a86f7f057de4
Referenced In Projects/Scopes: Struts 2 Assembly:compile Struts 2 Core:compile Evidence Type Source Name Value Confidence Vendor pom artifactid guava Low Vendor Manifest bundle-docurl https://guava-libraries.googlecode.com/ Low Vendor pom parent-artifactid guava-parent Low Vendor Manifest bundle-symbolicname com.google.guava Medium Vendor pom parent-groupid com.google.guava Medium Vendor pom name Guava: Google Core Libraries for Java High Vendor file name guava High Vendor jar package name google Highest Vendor pom groupid com.google.guava Highest Vendor pom groupid google.guava Highest Product pom parent-artifactid guava-parent Medium Product Manifest Bundle-Name Guava: Google Core Libraries for Java Medium Product pom artifactid guava Highest Product Manifest bundle-docurl https://guava-libraries.googlecode.com/ Low Product Manifest bundle-symbolicname com.google.guava Medium Product pom parent-groupid com.google.guava Medium Product pom name Guava: Google Core Libraries for Java High Product file name guava High Product jar package name google Highest Product pom groupid google.guava Highest Version file version 19.0 High Version pom version 19.0 Highest
Published Vulnerabilities CVE-2018-10237 suppress
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
guice-4.1.0-no_aop.jarDescription:
Guice is a lightweight dependency injection framework for Java 6 and above License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/com/google/inject/guice/4.1.0/guice-4.1.0-no_aop.jar
MD5: 8cf17838fd9407bc2c8c39ddf027008f
SHA1: faf9ee8ac09eafd1128091426dd367a8c0085d55
SHA256: 9264c6931c431e928dc64adc842584d5f57d17b2f3aff29221f2b3fdea673dad
Referenced In Projects/Scopes: Struts 2 Assembly:compile Struts 2 Core:compile Evidence Type Source Name Value Confidence Vendor jar package name internal Low Vendor Manifest bundle-docurl https://github.com/google/guice Low Vendor Manifest eclipse-extensibleapi true Low Vendor Manifest bundle-copyright Copyright (C) 2006 Google Inc. Low Vendor file name guice High Vendor jar package name inject Highest Vendor Manifest bundle-symbolicname com.google.inject Medium Vendor pom groupid com.google.inject Highest Vendor jar package name inject Low Vendor jar package name google Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor jar package name google Highest Product jar package name internal Low Product Manifest bundle-docurl https://github.com/google/guice Low Product Manifest eclipse-extensibleapi true Low Product Manifest bundle-copyright Copyright (C) 2006 Google Inc. Low Product file name guice High Product jar package name guice Highest Product jar package name inject Highest Product Manifest bundle-symbolicname com.google.inject Medium Product jar package name inject Low Product jar package name dependency Highest Product pom artifactid guice Highest Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product jar package name google Highest Product Manifest Bundle-Name guice (no_aop) Medium Version file version 4.1.0 High Version pom version 4.1.0 Highest
hamcrest-core-1.3.jarDescription:
This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.
File Path: /Users/lukaszlenart/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jarMD5: 6393363b47ddcbba82321110c3e07519SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0SHA256: 66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9Referenced In Projects/Scopes:
Struts 2 JUnit Plugin:compile Struts 2 OSGi Bundles:compile Struts 2 Portlet Plugin:compile Struts 2 OSGi Demo Bundle:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Assembly:compile Struts 2 Core:compile Evidence Type Source Name Value Confidence Vendor jar package name hamcrest Highest Vendor pom groupid org.hamcrest Highest Vendor pom parent-groupid org.hamcrest Medium Vendor Manifest Implementation-Vendor hamcrest.org High Vendor pom parent-artifactid hamcrest-parent Low Vendor Manifest built-date 2012-07-09 19:49:34 Low Vendor pom groupid hamcrest Highest Vendor file name hamcrest-core High Vendor jar package name matcher Highest Vendor pom name Hamcrest Core High Vendor pom artifactid hamcrest-core Low Vendor jar package name core Highest Product Manifest Implementation-Title hamcrest-core High Product Manifest built-date 2012-07-09 19:49:34 Low Product pom groupid hamcrest Highest Product pom parent-artifactid hamcrest-parent Medium Product pom artifactid hamcrest-core Highest Product jar package name hamcrest Highest Product file name hamcrest-core High Product pom parent-groupid org.hamcrest Medium Product jar package name matcher Highest Product pom name Hamcrest Core High Product jar package name core Highest Version pom version 1.3 Highest Version Manifest Implementation-Version 1.3 High Version file version 1.3 High
hibernate-validator-6.1.2.Final.jarDescription:
Hibernate's Jakarta Bean Validation reference implementation. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/hibernate/validator/hibernate-validator/6.1.2.Final/hibernate-validator-6.1.2.Final.jar
MD5: a9ae13cc5273d0149573f9879d9555a4
SHA1: 7710ee9f1aa2210d401947d1298c8bdcbeff2f1e
SHA256: bafec3d83fa838d2b54fc0c9e54818218320175e6a3b48b0bf5169c4634ad222
Referenced In Project/Scope: Struts 2 Showcase Webapp:compile
Evidence Type Source Name Value Confidence Vendor pom groupid hibernate.validator Highest Vendor pom name Hibernate Validator Engine High Vendor file name hibernate-validator High Vendor jar package name validator Highest Vendor pom artifactid hibernate-validator Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor jar package name hibernate Highest Vendor Manifest Implementation-Vendor-Id org.hibernate.validator Medium Vendor hint analyzer vendor redhat Highest Vendor Manifest bundle-symbolicname org.hibernate.validator Medium Vendor pom parent-groupid org.hibernate.validator Medium Vendor pom groupid org.hibernate.validator Highest Vendor Manifest automatic-module-name org.hibernate.validator Medium Vendor pom parent-artifactid hibernate-validator-parent Low Vendor Manifest Implementation-Vendor org.hibernate.validator High Vendor jar package name engine Highest Vendor Manifest implementation-url http://hibernate.org/validator/ Low Product pom groupid hibernate.validator Highest Product pom name Hibernate Validator Engine High Product file name hibernate-validator High Product pom artifactid hibernate-validator Highest Product jar package name validator Highest Product Manifest Bundle-Name Hibernate Validator Engine Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product jar package name hibernate Highest Product Manifest bundle-symbolicname org.hibernate.validator Medium Product pom parent-groupid org.hibernate.validator Medium Product Manifest specification-title Jakarta Bean Validation Medium Product pom parent-artifactid hibernate-validator-parent Medium Product Manifest automatic-module-name org.hibernate.validator Medium Product Manifest Implementation-Title hibernate-validator High Product jar package name engine Highest Product Manifest implementation-url http://hibernate.org/validator/ Low Version Manifest Implementation-Version 6.1.2.Final High Version Manifest Bundle-Version 6.1.2.Final High Version pom version 6.1.2.Final Highest
inputtransferselect.jsFile Path: /Users/lukaszlenart/Projects/Apache/struts/core/src/main/resources/org/apache/struts2/static/inputtransferselect.jsMD5: 2955e039eab5ef8216705c05d239f378SHA1: 94316238b9eb45a97e2547fa66881cca27a5b6eeSHA256: e5ef24f60cfb27a88880ee89ba6eb4664bbebe0c32d3dc1ce385cbe6d8b01194Referenced In Project/Scope: Struts 2 Core
Evidence Type Source Name Value Confidence
Related Dependencies struts2-core-2.6-SNAPSHOT.jar: inputtransferselect.jsFile Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar/org/apache/struts2/static/inputtransferselect.js MD5: 2955e039eab5ef8216705c05d239f378 SHA1: 94316238b9eb45a97e2547fa66881cca27a5b6ee SHA256: e5ef24f60cfb27a88880ee89ba6eb4664bbebe0c32d3dc1ce385cbe6d8b01194 jackson-core-2.10.3.jarDescription:
Core Jackson processing abstractions (aka Streaming API), implementation for JSON License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.10.3/jackson-core-2.10.3.jar
MD5: 8f84e33a1c06b8fd16b4166b9fc8331b
SHA1: f7ee7b55c7d292ac72fbaa7648c089f069c938d2
SHA256: fb185f7e6ecba1e2b4803788d278faa023312ca6d3109b2fa146d9e0435a9494
Referenced In Projects/Scopes: Struts 2 Rest Showcase Webapp:compile Struts 2 REST Plugin:compile Struts 2 Assembly:compile Evidence Type Source Name Value Confidence Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest implementation-build-date 2020-03-03 03:11:48+0000 Low Vendor pom artifactid jackson-core Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Vendor pom name Jackson-core High Vendor pom groupid fasterxml.jackson.core Highest Vendor jar package name json Highest Vendor pom parent-artifactid jackson-base Low Vendor pom url FasterXML/jackson-core Highest Vendor Manifest specification-vendor FasterXML Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom groupid com.fasterxml.jackson.core Highest Vendor jar package name fasterxml Highest Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor file name jackson-core High Vendor jar package name base Highest Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Vendor jar package name jackson Highest Vendor Manifest Implementation-Vendor FasterXML High Vendor jar package name core Highest Product pom parent-artifactid jackson-base Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest implementation-build-date 2020-03-03 03:11:48+0000 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Product pom name Jackson-core High Product jar package name version Highest Product jar package name json Highest Product pom groupid fasterxml.jackson.core Highest Product pom parent-groupid com.fasterxml.jackson Medium Product Manifest specification-title Jackson-core Medium Product jar package name filter Highest Product jar package name fasterxml Highest Product Manifest Implementation-Title Jackson-core High Product Manifest Bundle-Name Jackson-core Medium Product file name jackson-core High Product pom url FasterXML/jackson-core High Product jar package name base Highest Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Product jar package name jackson Highest Product pom artifactid jackson-core Highest Product jar package name core Highest Version pom version 2.10.3 Highest Version file version 2.10.3 High Version Manifest Bundle-Version 2.10.3 High Version Manifest Implementation-Version 2.10.3 High
Related Dependencies jackson-module-jaxb-annotations-2.10.3.jarFile Path: /Users/lukaszlenart/.m2/repository/com/fasterxml/jackson/module/jackson-module-jaxb-annotations/2.10.3/jackson-module-jaxb-annotations-2.10.3.jar MD5: 3587745da045c2a3e8f83dfd403717e9 SHA1: bd367b54bd7f8997a2d81c21791bf69c6ba65af0 SHA256: 8099caad4ae189525ef94d337d72d3e888abefabbbacbc9f3d2f096d534f2fb5 pkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.10.3 jackson-annotations-2.10.3.jarFile Path: /Users/lukaszlenart/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.10.3/jackson-annotations-2.10.3.jar MD5: 20368d1f52e031381a510cd1ce6ea2b7 SHA1: 0f63b3b1da563767d04d2e4d3fc1ae0cdeffebe7 SHA256: 49dfdc4cfa46d165ecfed630ba164b6641d59d5fe1aa698a19c13f966d3f13cf pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.10.3 jackson-databind-2.10.3.jarDescription:
General data-binding functionality for Jackson: works on core streaming API License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar
MD5: f96c78787ea2830e8dfd3a5a66c4f664
SHA1: aae92628b5447fa25af79871ca98668da6edd439
SHA256: 50eec40443f387be50a409186165298aaadbb6c4d4826d319720e245714600d2
Referenced In Projects/Scopes: Struts 2 Rest Showcase Webapp:compile Struts 2 REST Plugin:compile Struts 2 Assembly:compile Evidence Type Source Name Value Confidence Vendor Manifest implementation-build-date 2020-03-03 03:15:23+0000 Low Vendor jar package name databind Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom groupid fasterxml.jackson.core Highest Vendor pom name jackson-databind High Vendor pom parent-artifactid jackson-base Low Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low Vendor Manifest specification-vendor FasterXML Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom artifactid jackson-databind Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor jar package name fasterxml Highest Vendor file name jackson-databind High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Vendor jar package name jackson Highest Vendor pom url http://github.com/FasterXML/jackson Highest Vendor Manifest Implementation-Vendor FasterXML High Product pom parent-artifactid jackson-base Medium Product Manifest specification-title jackson-databind Medium Product Manifest implementation-build-date 2020-03-03 03:15:23+0000 Low Product jar package name databind Highest Product Manifest Bundle-Name jackson-databind Medium Product Manifest Implementation-Title jackson-databind High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom groupid fasterxml.jackson.core Highest Product pom name jackson-databind High Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low Product pom parent-groupid com.fasterxml.jackson Medium Product pom url http://github.com/FasterXML/jackson Medium Product jar package name fasterxml Highest Product file name jackson-databind High Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Product jar package name jackson Highest Product pom artifactid jackson-databind Highest Version pom version 2.10.3 Highest Version file version 2.10.3 High Version Manifest Bundle-Version 2.10.3 High Version Manifest Implementation-Version 2.10.3 High
Related Dependencies jackson-dataformat-xml-2.10.3.jarFile Path: /Users/lukaszlenart/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-xml/2.10.3/jackson-dataformat-xml-2.10.3.jar MD5: 151281ff95b09106b0de386854024fa0 SHA1: b14aea1d89219bebcdc2d259bcafcb42e12d59aa SHA256: fa6fdd1d1457134b462910f6f3a4037fd5ba6ea1363ad28b78089c98bb8e4229 pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml@2.10.3 jakarta.activation-api-1.2.1.jarDescription:
JavaBeans Activation Framework API jar License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /Users/lukaszlenart/.m2/repository/jakarta/activation/jakarta.activation-api/1.2.1/jakarta.activation-api-1.2.1.jar
MD5: 9b647398add993324d3d9e5effa6005a
SHA1: 562a587face36ec7eff2db7f2fc95425c6602bc1
SHA256: 8b0a0f52fa8b05c5431921a063ed866efaa41dadf2e3a7ee3e1961f2b0d9645b
Referenced In Projects/Scopes: Struts 2 Rest Showcase Webapp:compile Struts 2 REST Plugin:compile Evidence Type Source Name Value Confidence Vendor jar package name activation Highest Vendor file name jakarta.activation-api High Vendor pom groupid jakarta.activation Highest Vendor Manifest specification-vendor Eclipse Foundation Low Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest extension-name jakarta.activation Medium Vendor pom name JavaBeans Activation Framework API jar High Vendor Manifest bundle-symbolicname jakarta.activation-api Medium Vendor Manifest automatic-module-name jakarta.activation Medium Vendor pom artifactid jakarta.activation-api Low Vendor pom parent-groupid com.sun.activation Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor pom parent-artifactid all Low Product jar package name activation Highest Product file name jakarta.activation-api High Product pom groupid jakarta.activation Highest Product Manifest Implementation-Title jakarta.activation.jakarta.activation-api High Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name JavaBeans Activation Framework API jar Medium Product Manifest extension-name jakarta.activation Medium Product pom name JavaBeans Activation Framework API jar High Product Manifest bundle-symbolicname jakarta.activation-api Medium Product Manifest automatic-module-name jakarta.activation Medium Product pom parent-groupid com.sun.activation Medium Product pom parent-artifactid all Medium Product Manifest specification-title jakarta.activation.jakarta.activation-api Medium Product pom artifactid jakarta.activation-api Highest Version Manifest Implementation-Version 1.2.1 High Version pom version 1.2.1 Highest Version Manifest Bundle-Version 1.2.1 High Version file version 1.2.1 High
jakarta.validation-api-2.0.2.jarDescription:
Jakarta Bean Validation API
License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/jakarta/validation/jakarta.validation-api/2.0.2/jakarta.validation-api-2.0.2.jar
MD5: 77501d529c1928c9bac2500cc9f93fb0
SHA1: 5eacc6522521f7eacb081f95cee1e231648461e7
SHA256: b42d42428f3d922c892a909fa043287d577c0c5b165ad9b7d568cebf87fc9ea4
Referenced In Project/Scope: Struts 2 Showcase Webapp:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url https://beanvalidation.org Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest automatic-module-name java.validation Medium Vendor pom groupid jakarta.validation Highest Vendor pom artifactid jakarta.validation-api Low Vendor jar package name validation Highest Vendor file name jakarta.validation-api High Vendor Manifest bundle-symbolicname jakarta.validation.jakarta.validation-api Medium Vendor pom parent-artifactid project Low Vendor pom name Jakarta Bean Validation API High Product pom parent-groupid org.eclipse.ee4j Medium Product pom parent-artifactid project Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest automatic-module-name java.validation Medium Product pom groupid jakarta.validation Highest Product pom url https://beanvalidation.org Medium Product jar package name validation Highest Product file name jakarta.validation-api High Product Manifest bundle-symbolicname jakarta.validation.jakarta.validation-api Medium Product Manifest Bundle-Name Jakarta Bean Validation API Medium Product pom artifactid jakarta.validation-api Highest Product pom name Jakarta Bean Validation API High Version file version 2.0.2 High Version pom version 2.0.2 Highest Version pom parent-version 2.0.2 Low Version Manifest Bundle-Version 2.0.2 High
jakarta.xml.bind-api-2.3.2.jarDescription:
JAXB (JSR 222) API License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /Users/lukaszlenart/.m2/repository/jakarta/xml/bind/jakarta.xml.bind-api/2.3.2/jakarta.xml.bind-api-2.3.2.jar
MD5: dabb40ba58199304c640b7bd8bb2fbac
SHA1: 8d49996a4338670764d7ca4b85a1c4ccf7fe665d
SHA256: 69156304079bdeed9fc0ae3b39389f19b3cc4ba4443bc80508995394ead742ea
Referenced In Projects/Scopes: Struts 2 Rest Showcase Webapp:compile Struts 2 REST Plugin:compile Evidence Type Source Name Value Confidence Vendor file name jakarta.xml.bind-api High Vendor pom parent-artifactid jakarta.xml.bind-api-parent Low Vendor jar package name xml Highest Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest extension-name jakarta.xml.bind Medium Vendor Manifest implementation-build-id UNKNOWN-18b5002, 2018-12-27T15:29:49+0000 Low Vendor Manifest multi-release true Low Vendor Manifest bundle-symbolicname jakarta.xml.bind-api Medium Vendor jar package name bind Highest Vendor pom artifactid jakarta.xml.bind-api Low Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom groupid jakarta.xml.bind Highest Product pom artifactid jakarta.xml.bind-api Highest Product file name jakarta.xml.bind-api High Product jar package name jaxb Highest Product pom parent-artifactid jakarta.xml.bind-api-parent Medium Product Manifest Bundle-Name jakarta.xml.bind-api Medium Product jar package name xml Highest Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest extension-name jakarta.xml.bind Medium Product Manifest implementation-build-id UNKNOWN-18b5002, 2018-12-27T15:29:49+0000 Low Product Manifest multi-release true Low Product Manifest bundle-symbolicname jakarta.xml.bind-api Medium Product jar package name bind Highest Product pom groupid jakarta.xml.bind Highest Version Manifest Bundle-Version 2.3.2 High Version Manifest Implementation-Version 2.3.2 High Version file version 2.3.2 High Version pom version 2.3.2 Highest
javassist-3.24.1-GA.jarDescription:
Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
simple. It is a class library for editing bytecodes in Java.
License:
MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/ File Path: /Users/lukaszlenart/.m2/repository/org/javassist/javassist/3.24.1-GA/javassist-3.24.1-GA.jar
MD5: 527cebd64b0f941d5058bae3d1726d06
SHA1: 921b466d6a14a8edbe25923c973fd767fc71c045
SHA256: 5d57ea5b0ec8cb46143dfe521f888b208028be126f274cc4f852e641755f1553
Referenced In Projects/Scopes: Struts 2 Pell Multipart Plugin:compile Struts 2 Rest Showcase Webapp:compile Struts 2 Webapps:compile Struts 2 Plexus Plugin:compile Struts 2 JSON Plugin:compile DEPRECATED: Struts 2 Embedded JSP Plugin:compile Struts 2 Bean Validation Plugin:compile Struts 2 Java Templates Plugin:compile Struts 2 Async Plugin:compile Struts 2 Convention Plugin:compile Struts 2 CDI Plugin:compile Struts 2 Portlet Plugin:compile Struts 2 Plugins:compile Struts 2 Showcase Webapp:compile Struts 2 Tiles Plugin:compile Struts 2 Spring Plugin:compile Struts 2 Assembly:compile Struts 2 OSGi Plugin:compile Struts 2 GXP Plugin:compile Struts 2 OVal Plugin:compile Struts 2 JUnit Plugin:compile Struts 2 OSGi Bundles:compile Struts 2 OSGi Demo Bundle:compile Struts 2 REST Plugin:compile Struts 2 Velocity Plugin:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Portlet Mocks Plugin:compile Struts 2 Configuration Browser Plugin:compile Struts 2 Jasper Reports Plugin:compile Struts 2 Sitemesh Plugin:compile Struts 2 DWR Plugin:compile Struts 2 TestNG Plugin:compile Struts 2 JFreeChart Plugin:compile Struts 2 Core:compile Struts 2 Portlet Tiles Plugin:compile Evidence Type Source Name Value Confidence Vendor file name javassist High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor jar package name javassist Highest Vendor pom organization name Shigeru Chiba, www.javassist.org High Vendor pom artifactid javassist Low Vendor pom name Javassist High Vendor pom groupid org.javassist Highest Vendor pom url http://www.javassist.org/ Highest Vendor jar package name bytecode Highest Vendor Manifest specification-vendor Shigeru Chiba, www.javassist.org Low Vendor pom groupid javassist Highest Vendor Manifest bundle-symbolicname javassist Medium Product file name javassist High Product pom artifactid javassist Highest Product pom organization name Shigeru Chiba, www.javassist.org Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product jar package name javassist Highest Product Manifest Bundle-Name Javassist Medium Product pom name Javassist High Product pom url http://www.javassist.org/ Medium Product Manifest specification-title Javassist Medium Product jar package name bytecode Highest Product pom groupid javassist Highest Product Manifest bundle-symbolicname javassist Medium Version Manifest specification-version 3.24.1-GA High Version pom version 3.24.1-GA Highest
javax.el-3.0.1-b11.jarDescription:
Expression Language 3.0 API and Implementation License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /Users/lukaszlenart/.m2/repository/org/glassfish/javax.el/3.0.1-b11/javax.el-3.0.1-b11.jar
MD5: e854ef1c5ef4cd1c11a8b230040372f2
SHA1: cca8438407af01056d83830ba7392efc18544347
SHA256: 2e95f03b75d2bb9fccf58dc1d28dd3b11d384fdc75a4654f64a2e27492acc2bc
Referenced In Project/Scope: Struts 2 Tiles Plugin:compile
Evidence Type Source Name Value Confidence Vendor pom name Expression Language 3.0 High Vendor jar package name javax Highest Vendor pom artifactid javax.el Low Vendor jar package name sun Highest Vendor Manifest Implementation-Vendor Oracle Corporation High Vendor pom parent-groupid net.java Medium Vendor jar package name expression Highest Vendor pom groupid org.glassfish Highest Vendor file name javax.el High Vendor pom parent-artifactid jvnet-parent Low Vendor jar (hint) package name oracle Highest Vendor pom organization name GlassFish Community High Vendor Manifest extension-name javax.el Medium Vendor Manifest bundle-symbolicname com.sun.el.javax.el Medium Vendor Manifest bundle-docurl http://glassfish.org Low Vendor pom groupid glassfish Highest Vendor pom organization url http://glassfish.org Medium Vendor jar package name el Highest Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom url http://uel.java.net Highest Product pom name Expression Language 3.0 High Product jar package name javax Highest Product pom parent-artifactid jvnet-parent Medium Product Manifest Bundle-Name Expression Language 3.0 Medium Product pom url http://uel.java.net Medium Product jar package name sun Highest Product pom parent-groupid net.java Medium Product pom organization name GlassFish Community Low Product jar package name expression Highest Product file name javax.el High Product pom organization url http://glassfish.org Low Product pom artifactid javax.el Highest Product Manifest extension-name javax.el Medium Product Manifest bundle-symbolicname com.sun.el.javax.el Medium Product Manifest bundle-docurl http://glassfish.org Low Product pom groupid glassfish Highest Product jar package name el Highest Version pom parent-version 3.0.1-b11 Low Version pom version 3.0.1-b11 Highest Version Manifest Implementation-Version 3.0.1-b11 High
javax.inject-1.jarDescription:
The javax.inject API License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
SHA256: 91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff
Referenced In Projects/Scopes: Struts 2 Assembly:compile Struts 2 Core:compile Evidence Type Source Name Value Confidence Vendor pom url http://code.google.com/p/atinject/ Highest Vendor jar package name javax Highest Vendor jar package name inject Highest Vendor pom name javax.inject High Vendor jar package name javax Low Vendor pom artifactid javax.inject Low Vendor pom groupid javax.inject Highest Vendor file name javax.inject-1 High Vendor jar package name inject Low Product pom artifactid javax.inject Highest Product jar package name javax Highest Product jar package name inject Highest Product pom name javax.inject High Product pom url http://code.google.com/p/atinject/ Medium Product file name javax.inject-1 High Product pom groupid javax.inject Highest Product jar package name inject Low Version pom version 1 Highest Version file version 1 Medium
jboss-logging-3.3.2.Final.jarDescription:
The JBoss Logging Framework License:
Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/jboss/logging/jboss-logging/3.3.2.Final/jboss-logging-3.3.2.Final.jar
MD5: c397132f958d7e8ac0d566b6723ca7ca
SHA1: 3789d00e859632e6c6206adc0c71625559e6e3b0
SHA256: cb914bfe888da7d9162e965ac8b0d6f28f2f32eca944a00fbbf6dd3cf1aacc13
Referenced In Project/Scope: Struts 2 Showcase Webapp:compile
Evidence Type Source Name Value Confidence Vendor Manifest build-timestamp Wed, 14 Feb 2018 13:23:27 -0800 Low Vendor pom name JBoss Logging 3 High Vendor pom groupid org.jboss.logging Highest Vendor Manifest os-arch amd64 Low Vendor Manifest java-vendor Sun Microsystems Inc. Medium Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor pom groupid jboss.logging Highest Vendor Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium Vendor pom parent-groupid org.jboss Medium Vendor jar package name logging Highest Vendor hint analyzer vendor redhat Highest Vendor jar package name jboss Highest Vendor file name jboss-logging High Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest implementation-url http://www.jboss.org Low Vendor Manifest automatic-module-name org.jboss.logging Medium Vendor pom parent-artifactid jboss-parent Low Vendor pom url http://www.jboss.org Highest Vendor Manifest os-name Linux Medium Vendor Manifest Implementation-Vendor-Id org.jboss.logging Medium Vendor pom artifactid jboss-logging Low Product pom url http://www.jboss.org Medium Product Manifest build-timestamp Wed, 14 Feb 2018 13:23:27 -0800 Low Product pom name JBoss Logging 3 High Product Manifest os-arch amd64 Low Product Manifest specification-title JBoss Logging 3 Medium Product pom parent-artifactid jboss-parent Medium Product Manifest bundle-docurl http://www.jboss.org Low Product Manifest Implementation-Title JBoss Logging 3 High Product pom groupid jboss.logging Highest Product Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium Product pom parent-groupid org.jboss Medium Product jar package name logging Highest Product jar package name jboss Highest Product pom artifactid jboss-logging Highest Product file name jboss-logging High Product Manifest implementation-url http://www.jboss.org Low Product Manifest automatic-module-name org.jboss.logging Medium Product Manifest os-name Linux Medium Product Manifest Bundle-Name JBoss Logging 3 Medium Version Manifest Implementation-Version 3.3.2.Final High Version pom parent-version 3.3.2.Final Low Version pom version 3.3.2.Final Highest Version Manifest Bundle-Version 3.3.2.Final High
jcl-over-slf4j-1.7.6.jarDescription:
JCL 1.1.1 implemented over SLF4J File Path: /Users/lukaszlenart/.m2/repository/org/slf4j/jcl-over-slf4j/1.7.6/jcl-over-slf4j-1.7.6.jarMD5: 0cebfe147c0ff0b38930db24e576bdd4SHA1: ab1648fe1dd6f1e5c2ec6d12f394672bb8c1036aSHA256: d52f5e9a861f4e124ec43d711b566b4c2afe6e0709b490497fb9ca33e1ca0ba5Referenced In Projects/Scopes:
Struts 2 Showcase Webapp:compile Struts 2 Tiles Plugin:compile Struts 2 Assembly:compile Struts 2 Portlet Tiles Plugin:compile Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname jcl.over.slf4j Medium Vendor pom artifactid jcl-over-slf4j Low Vendor file name jcl-over-slf4j High Vendor pom parent-artifactid slf4j-parent Low Vendor pom name JCL 1.1.1 implemented over SLF4J High Vendor pom url http://www.slf4j.org Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Vendor pom parent-groupid org.slf4j Medium Vendor pom groupid org.slf4j Highest Vendor pom groupid slf4j Highest Product Manifest Bundle-Name jcl-over-slf4j Medium Product pom url http://www.slf4j.org Medium Product Manifest bundle-symbolicname jcl.over.slf4j Medium Product file name jcl-over-slf4j High Product pom name JCL 1.1.1 implemented over SLF4J High Product Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Product Manifest Implementation-Title jcl-over-slf4j High Product pom parent-groupid org.slf4j Medium Product pom artifactid jcl-over-slf4j Highest Product pom parent-artifactid slf4j-parent Medium Product pom groupid slf4j Highest Version pom version 1.7.6 Highest Version Manifest Implementation-Version 1.7.6 High Version Manifest Bundle-Version 1.7.6 High Version file version 1.7.6 High
jcommander-1.48.jarDescription:
A Java framework to parse command line options with annotations. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/com/beust/jcommander/1.48/jcommander-1.48.jar
MD5: 7a84fb4b01f46c904bd549e67e6c48a1
SHA1: bfcb96281ea3b59d626704f74bc6d625ff51cbce
SHA256: a7313fcfde070930e40ec79edf3c5948cf34e4f0d25cb3a09f9963d8bdd84113
Referenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence Vendor file name jcommander High Vendor pom groupid beust Highest Vendor pom name JCommander High Vendor Manifest bundle-symbolicname com.beust.jcommander Medium Vendor jar package name beust Highest Vendor jar package name jcommander Highest Vendor pom artifactid jcommander Low Vendor pom url http://beust.com/jcommander Highest Vendor pom groupid com.beust Highest Product file name jcommander High Product pom groupid beust Highest Product pom name JCommander High Product Manifest bundle-symbolicname com.beust.jcommander Medium Product jar package name beust Highest Product Manifest Bundle-Name JCommander Medium Product jar package name jcommander Highest Product pom artifactid jcommander Highest Product pom url http://beust.com/jcommander Medium Version pom version 1.48 Highest Version file version 1.48 High
jcommander-1.72.jarDescription:
Command line parsing License:
Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /Users/lukaszlenart/.m2/repository/com/beust/jcommander/1.72/jcommander-1.72.jar
MD5: 9fde6bc0ba1032eceb7267fd1ad1657b
SHA1: 6375e521c1e11d6563d4f25a07ce124ccf8cd171
SHA256: e0de160b129b2414087e01fe845609cd55caec6820cfd4d0c90fabcc7bdb8c1e
Referenced In Projects/Scopes: Struts 2 Assembly:compile Struts 2 Core:compile Evidence Type Source Name Value Confidence Vendor file name jcommander High Vendor pom groupid beust Highest Vendor pom name jcommander High Vendor jar package name beust Highest Vendor jar package name jcommander Highest Vendor Manifest bundle-symbolicname jcommander Medium Vendor pom artifactid jcommander Low Vendor pom url http://jcommander.org Highest Vendor pom groupid com.beust Highest Vendor Manifest build-date 2017-05-15 Low Product file name jcommander High Product pom groupid beust Highest Product pom name jcommander High Product jar package name beust Highest Product pom url http://jcommander.org Medium Product jar package name jcommander Highest Product Manifest bundle-symbolicname jcommander Medium Product Manifest Bundle-Name com.beust.jcommander Medium Product pom artifactid jcommander Highest Product Manifest build-date 2017-05-15 Low Version Manifest Bundle-Version 1.72 High Version file version 1.72 High Version pom version 1.72 Highest
jquery-1.3.2.min.jsFile Path: /Users/lukaszlenart/Projects/Apache/struts/bundles/admin/src/main/resources/static/js/jquery-1.3.2.min.jsMD5: bb381e2d19d8eace86b34d20759491a5SHA1: 3dc9f7c2642efff4482e68c9d9df874bf98f5bcbSHA256: c8370a2d050359e9d505acc411e6f457a49b21360a21e6cbc9229bad3a767899Referenced In Project/Scope: Struts 2 OSGi Admin Bundle
Evidence Type Source Name Value Confidence Vendor file name jquery High Product file name jquery High Version file version 1.3.2.min High
Related Dependencies struts2-osgi-admin-bundle-2.6-SNAPSHOT.jar: jquery-1.3.2.min.jsFile Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-osgi-admin-bundle/2.6-SNAPSHOT/struts2-osgi-admin-bundle-2.6-SNAPSHOT.jar/static/js/jquery-1.3.2.min.js MD5: bb381e2d19d8eace86b34d20759491a5 SHA1: 3dc9f7c2642efff4482e68c9d9df874bf98f5bcb SHA256: c8370a2d050359e9d505acc411e6f457a49b21360a21e6cbc9229bad3a767899 Published Vulnerabilities CVE-2011-4969 suppress
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:1.6:*:*:*:*:*:*:* cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (including) 1.6.2 cpe:2.3:a:jquery:jquery:1.6.1:*:*:*:*:*:*:* CVE-2012-6708 suppress
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 1.9.0 CVE-2019-11358 suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66 cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6 cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS (RETIREJS) suppress
Regex in its jQuery.htmlPrefilter sometimes may introduce XSS Unscored:
References:
jquery-2.1.4.min.jsFile Path: /Users/lukaszlenart/Projects/Apache/struts/apps/showcase/src/main/webapp/js/jquery-2.1.4.min.jsMD5: f9c7afd05729f10f55b689f36bb20172SHA1: 43dc554608df885a59ddeece1598c6ace434d747SHA256: f16ab224bb962910558715c82f58c10c3ed20f153ddfaa199029f141b5b0255cReferenced In Project/Scope: Struts 2 Showcase Webapp
Evidence Type Source Name Value Confidence Vendor file name jquery High Product file name jquery High Version file version 2.1.4.min High
Published Vulnerabilities CVE-2015-9251 suppress
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6 cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4 cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7 cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:* cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0 cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7 cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12 cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2 cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1 cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0 cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5 cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:* CVE-2019-11358 suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66 cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6 cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS (RETIREJS) suppress
Regex in its jQuery.htmlPrefilter sometimes may introduce XSS Unscored:
References:
jquery-ui-1.7.1.custom.min.jsFile Path: /Users/lukaszlenart/Projects/Apache/struts/bundles/admin/src/main/resources/static/js/jquery-ui-1.7.1.custom.min.jsMD5: 5da7deb0932b5b5fe9c36e1bebcc6300SHA1: 787cc9fd60ba3088b95f15e75d8803e490753db9SHA256: 2aa861bed5e622947c75e1736023f60a6072ac46e3cda1715335100e92ea79b0Referenced In Project/Scope: Struts 2 OSGi Admin Bundle
Evidence Type Source Name Value Confidence
Related Dependencies struts2-osgi-admin-bundle-2.6-SNAPSHOT.jar: jquery-ui-1.7.1.custom.min.jsFile Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-osgi-admin-bundle/2.6-SNAPSHOT/struts2-osgi-admin-bundle-2.6-SNAPSHOT.jar/static/js/jquery-ui-1.7.1.custom.min.js MD5: 5da7deb0932b5b5fe9c36e1bebcc6300 SHA1: 787cc9fd60ba3088b95f15e75d8803e490753db9 SHA256: 2aa861bed5e622947c75e1736023f60a6072ac46e3cda1715335100e92ea79b0 jshint.conf.jsFile Path: /Users/lukaszlenart/Projects/Apache/struts/core/src/main/resources/jshint.conf.jsMD5: 7b7c2d7894e972b45298ea8d533008d7SHA1: 5a88e8d212d51cdc3ac0305978dfc483ce25fa25SHA256: 15942ecb04925afc65666d3d8f758ed0e65f90f7b5faec2b7381e29e397200c6Referenced In Project/Scope: Struts 2 Core
Evidence Type Source Name Value Confidence
Related Dependencies struts2-core-2.6-SNAPSHOT.jar: jshint.conf.jsFile Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar/jshint.conf.js MD5: 7b7c2d7894e972b45298ea8d533008d7 SHA1: 5a88e8d212d51cdc3ac0305978dfc483ce25fa25 SHA256: 15942ecb04925afc65666d3d8f758ed0e65f90f7b5faec2b7381e29e397200c6 json-simple-3.0.2.jarDescription:
Java 7+ toolkit to quickly develop RFC 4627 JSON compatible applications. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/com/github/cliftonlabs/json-simple/3.0.2/json-simple-3.0.2.jar
MD5: 148c0d1bdc1bcb24394627d6930ee9ad
SHA1: 2337afdb06134a12fc0239299c3ceb2e9c209516
SHA256: fda65a9ad0e1ac0c88987106e89aa4d8b2a2495e7e042371efa83813f65b7295
Referenced In Projects/Scopes: Struts 2 JUnit Plugin:compile Struts 2 Rest Showcase Webapp:compile Struts 2 OSGi Demo Bundle:compile Struts 2 Velocity Plugin:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Configuration Browser Plugin:compile DEPRECATED: Struts 2 Embedded JSP Plugin:compile Struts 2 Sitemesh Plugin:compile Struts 2 Portlet Plugin:compile Struts 2 Showcase Webapp:compile Struts 2 Assembly:compile Struts 2 Portlet Tiles Plugin:compile Struts 2 OSGi Plugin:compile Evidence Type Source Name Value Confidence Vendor pom name JSON.simple High Vendor file name json-simple High Vendor Manifest Implementation-Vendor-Id com.github.cliftonlabs Medium Vendor pom groupid github.cliftonlabs Highest Vendor jar package name github Highest Vendor jar package name cliftonlabs Highest Vendor pom artifactid json-simple Low Vendor pom url https://cliftonlabs.github.io/json-simple/ Highest Vendor pom groupid com.github.cliftonlabs Highest Vendor Manifest implementation-url https://cliftonlabs.github.io/json-simple/ Low Product pom name JSON.simple High Product file name json-simple High Product pom artifactid json-simple Highest Product pom groupid github.cliftonlabs Highest Product jar package name github Highest Product Manifest specification-title JSON.simple Medium Product jar package name cliftonlabs Highest Product pom url https://cliftonlabs.github.io/json-simple/ Medium Product Manifest Implementation-Title JSON.simple High Product Manifest implementation-url https://cliftonlabs.github.io/json-simple/ Low Version Manifest Implementation-Version 3.0.2 High Version file version 3.0.2 High Version pom version 3.0.2 Highest
juneau-marshall-8.1.3.jarDescription:
Apache Juneau Marshall API License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/juneau/juneau-marshall/8.1.3/juneau-marshall-8.1.3.jar
MD5: ea60a00e21ed59dd8ad7b2b9b919c8a8
SHA1: f1e06cee7b3da2ba627166690765b0d6e6a3c104
SHA256: d0c5dbf783581a767e857341daff6928d5a76a1627b7980a8b34622ee522995d
Referenced In Project/Scope: Struts 2 REST Plugin:compile
Evidence Type Source Name Value Confidence Vendor jar package name juneau Highest Vendor pom artifactid juneau-marshall Low Vendor jar package name apache Highest Vendor pom parent-artifactid juneau-core Low Vendor Manifest automatic-module-name org.apache.juneau.marshall Medium Vendor pom name juneau/core/marshall High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom parent-groupid org.apache.juneau Medium Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.juneau.marshall Medium Vendor jar package name marshall Highest Vendor pom groupid apache.juneau Highest Vendor pom groupid org.apache.juneau Highest Vendor file name juneau-marshall High Product jar package name juneau Highest Product jar package name apache Highest Product Manifest automatic-module-name org.apache.juneau.marshall Medium Product pom name juneau/core/marshall High Product jar package name version Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest Bundle-Name juneau/core/marshall Medium Product pom parent-groupid org.apache.juneau Medium Product Manifest bundle-docurl https://www.apache.org/ Low Product pom parent-artifactid juneau-core Medium Product pom artifactid juneau-marshall Highest Product Manifest bundle-symbolicname org.apache.juneau.marshall Medium Product jar package name marshall Highest Product pom groupid apache.juneau Highest Product file name juneau-marshall High Version Manifest Bundle-Version 8.1.3 High Version file version 8.1.3 High Version pom version 8.1.3 Highest
junit-4.13.jarDescription:
JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck. License:
Eclipse Public License 1.0: http://www.eclipse.org/legal/epl-v10.html File Path: /Users/lukaszlenart/.m2/repository/junit/junit/4.13/junit-4.13.jar
MD5: 5da6445d7b80aba2623e73d4561dcfde
SHA1: e49ccba652b735c93bd6e6f59760d8254cf597dd
SHA256: 4b8532f63bdc0e0661507f947eb324a954d1dbac631ad19c8aa9a00feed1d863
Referenced In Projects/Scopes: Struts 2 JUnit Plugin:compile Struts 2 OSGi Bundles:compile Struts 2 Portlet Plugin:compile Struts 2 OSGi Demo Bundle:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Assembly:compile Struts 2 Core:compile Evidence Type Source Name Value Confidence Vendor pom organization name JUnit High Vendor pom groupid junit Highest Vendor pom organization url http://www.junit.org Medium Vendor pom artifactid junit Low Vendor Manifest implementation-url http://junit.org Low Vendor file name junit High Vendor jar package name junit Highest Vendor pom url http://junit.org Highest Vendor Manifest Implementation-Vendor JUnit High Vendor Manifest Implementation-Vendor-Id junit Medium Vendor jar package name framework Highest Vendor Manifest automatic-module-name junit Medium Vendor pom name JUnit High Product pom groupid junit Highest Product Manifest implementation-url http://junit.org Low Product file name junit High Product pom organization url http://www.junit.org Low Product pom artifactid junit Highest Product Manifest Implementation-Title JUnit High Product jar package name junit Highest Product pom organization name JUnit Low Product pom url http://junit.org Medium Product jar package name framework Highest Product Manifest automatic-module-name junit Medium Product pom name JUnit High Version pom version 4.13 Highest Version file version 4.13 High Version Manifest Implementation-Version 4.13 High
log4j-core-2.13.1.jarDescription:
The Apache Log4j Implementation License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/logging/log4j/log4j-core/2.13.1/log4j-core-2.13.1.jar
MD5: d365e48221414f93feef093a1bf607ef
SHA1: 533f6ae0bb0ce091493f2eeab0c1df4327e46ef1
SHA256: 88ebd503b35a0debe18c2707db9de33a8c6d96491270b7f02dd086b8072426b2
Referenced In Projects/Scopes: Struts 2 Rest Showcase Webapp:compile Struts 2 Showcase Webapp:compile Evidence Type Source Name Value Confidence Vendor pom artifactid log4j-core Low Vendor Manifest Implementation-Vendor-Id org.apache.logging.log4j Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-core/ Low Vendor jar package name apache Highest Vendor pom name Apache Log4j Core High Vendor Manifest bundle-symbolicname org.apache.logging.log4j.core Medium Vendor pom groupid apache.logging.log4j Highest Vendor Manifest log4jreleasekey B3D8E1BA Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom parent-groupid org.apache.logging.log4j Medium Vendor Manifest automatic-module-name org.apache.logging.log4j.core Medium Vendor Manifest log4jreleasemanager Ralph Goers Low Vendor pom groupid org.apache.logging.log4j Highest Vendor jar package name logging Highest Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor pom parent-artifactid log4j Low Vendor Manifest multi-release true Low Vendor file name log4j-core High Vendor jar package name org Highest Vendor jar package name log4j Highest Vendor jar package name core Highest Product Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-core/ Low Product jar package name apache Highest Product pom name Apache Log4j Core High Product Manifest bundle-symbolicname org.apache.logging.log4j.core Medium Product pom groupid apache.logging.log4j Highest Product Manifest log4jreleasekey B3D8E1BA Low Product Manifest specification-title Apache Log4j Core Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom parent-groupid org.apache.logging.log4j Medium Product Manifest automatic-module-name org.apache.logging.log4j.core Medium Product Manifest log4jreleasemanager Ralph Goers Low Product pom artifactid log4j-core Highest Product Manifest Implementation-Title Apache Log4j Core High Product jar package name logging Highest Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest multi-release true Low Product file name log4j-core High Product jar package name org Highest Product pom parent-artifactid log4j Medium Product Manifest Bundle-Name Apache Log4j Core Medium Product jar package name log4j Highest Product jar package name core Highest Version file version 2.13.1 High Version pom version 2.13.1 Highest Version Manifest Implementation-Version 2.13.1 High Version Manifest Bundle-Version 2.13.1 High Version Manifest log4jreleaseversion 2.13.1 Medium
Related Dependencies log4j-jcl-2.13.1.jarFile Path: /Users/lukaszlenart/.m2/repository/org/apache/logging/log4j/log4j-jcl/2.13.1/log4j-jcl-2.13.1.jar MD5: 22085750f61f18e2409904daa50d8629 SHA1: dbdf02be1b24433fb4b7daf9c9f2370b39175808 SHA256: 8d35e0a5c152966ff042ccd2fd66496c1ec7563a01bc529edf98cc9d63af5212 pkg:maven/org.apache.logging.log4j/log4j-jcl@2.13.1 log4j-api-2.13.1.jarFile Path: /Users/lukaszlenart/.m2/repository/org/apache/logging/log4j/log4j-api/2.13.1/log4j-api-2.13.1.jar MD5: 65795ba3dfef693a82bdfb369d030439 SHA1: cc670f92dc77bbf4540904c3fa211b997cba00d8 SHA256: 307fffc2623d010e3fe67d9f6b101c14bae33ec310e5f56960d491885fd59630 pkg:maven/org.apache.logging.log4j/log4j-api@2.13.1 ognl-3.2.14.jarDescription:
OGNL - Object Graph Navigation Library License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/ognl/ognl/3.2.14/ognl-3.2.14.jar
MD5: 0baa4d72fcb508e100c821518e5cdf19
SHA1: 18178dd7cfcb8b81c262c072b60a5bf701073917
SHA256: 02da5bd743cbaab1ebb61a17844b122f52cc69d10b23a8e3356f55c1e6988e71
Referenced In Projects/Scopes: Struts 2 Pell Multipart Plugin:compile Struts 2 Rest Showcase Webapp:compile Struts 2 Webapps:compile Struts 2 Plexus Plugin:compile Struts 2 JSON Plugin:compile DEPRECATED: Struts 2 Embedded JSP Plugin:compile Struts 2 Bean Validation Plugin:compile Struts 2 Java Templates Plugin:compile Struts 2 Async Plugin:compile Struts 2 Convention Plugin:compile Struts 2 CDI Plugin:compile Struts 2 Portlet Plugin:compile Struts 2 Plugins:compile Struts 2 Showcase Webapp:compile Struts 2 Tiles Plugin:compile Struts 2 Spring Plugin:compile Struts 2 Assembly:compile Struts 2 OSGi Plugin:compile Struts 2 GXP Plugin:compile Struts 2 OVal Plugin:compile Struts 2 JUnit Plugin:compile Struts 2 OSGi Bundles:compile Struts 2 OSGi Demo Bundle:compile Struts 2 REST Plugin:compile Struts 2 Velocity Plugin:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Portlet Mocks Plugin:compile Struts 2 Configuration Browser Plugin:compile Struts 2 Jasper Reports Plugin:compile Struts 2 Sitemesh Plugin:compile Struts 2 DWR Plugin:compile Struts 2 TestNG Plugin:compile Struts 2 JFreeChart Plugin:compile Struts 2 Core:compile Struts 2 Portlet Tiles Plugin:compile Evidence Type Source Name Value Confidence Vendor pom artifactid ognl Low Vendor pom organization url http://www.opensymphony.com Medium Vendor pom name OGNL - Object Graph Navigation Library High Vendor pom organization name OpenSymphony High Vendor pom groupid ognl Highest Vendor file name ognl High Vendor Manifest automatic-module-name ognl Medium Vendor pom url jkuhnert/ognl/ Highest Vendor jar package name ognl Highest Product pom url jkuhnert/ognl/ High Product pom name OGNL - Object Graph Navigation Library High Product pom artifactid ognl Highest Product pom groupid ognl Highest Product file name ognl High Product Manifest automatic-module-name ognl Medium Product jar package name ognl Highest Product pom organization name OpenSymphony Low Product pom organization url http://www.opensymphony.com Low Version file version 3.2.14 High Version pom version 3.2.14 Highest
optiontransferselect.jsFile Path: /Users/lukaszlenart/Projects/Apache/struts/core/src/main/resources/org/apache/struts2/static/optiontransferselect.jsMD5: f4194635b442cd6a9354132eb1f5c544SHA1: 51fd3c3d66bed260a48bcc1bc9f56c799acab501SHA256: 2028278976d9adfaa90186556cca99bbd476df3818155161d877272b738cc762Referenced In Project/Scope: Struts 2 Core
Evidence Type Source Name Value Confidence
Related Dependencies struts2-core-2.6-SNAPSHOT.jar: optiontransferselect.jsFile Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar/org/apache/struts2/static/optiontransferselect.js MD5: f4194635b442cd6a9354132eb1f5c544 SHA1: 51fd3c3d66bed260a48bcc1bc9f56c799acab501 SHA256: 2028278976d9adfaa90186556cca99bbd476df3818155161d877272b738cc762 org.apache.felix.framework-6.0.3.jarDescription:
OSGi R7 framework implementation. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/felix/org.apache.felix.framework/6.0.3/org.apache.felix.framework-6.0.3.jar
MD5: e6fc3ecee260635dd538dca901a9d59c
SHA1: 18d02dd467607cb61a8cf77c1847a733a417da76
SHA256: 817563ea7baae979e288f76c9d0531d90fd0f6ad287578d80adba81fd71469ac
Referenced In Projects/Scopes: Struts 2 OSGi Demo Bundle:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Assembly:compile Struts 2 OSGi Plugin:compile Evidence Type Source Name Value Confidence Vendor Manifest provide-capability osgi.service;objectClass:List="org.osgi.service.packageadmin.PackageAdmin",osgi.service;objectClass:List="org.osgi.service.startlevel.StartLevel" Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom parent-artifactid felix-parent Low Vendor jar package name apache Highest Vendor jar package name felix Highest Vendor file name org.apache.felix.framework High Vendor pom name Apache Felix Framework High Vendor pom groupid apache.felix Highest Vendor Manifest bundle-symbolicname org.apache.felix.framework Medium Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor pom parent-groupid org.apache.felix Medium Vendor pom artifactid apache.felix.framework Low Vendor pom groupid org.apache.felix Highest Vendor jar package name framework Highest Product Manifest provide-capability osgi.service;objectClass:List="org.osgi.service.packageadmin.PackageAdmin",osgi.service;objectClass:List="org.osgi.service.startlevel.StartLevel" Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom artifactid org.apache.felix.framework Highest Product jar package name apache Highest Product pom parent-artifactid felix-parent Medium Product jar package name felix Highest Product file name org.apache.felix.framework High Product jar package name version Highest Product pom name Apache Felix Framework High Product jar package name osgi Highest Product pom groupid apache.felix Highest Product Manifest bundle-symbolicname org.apache.felix.framework Medium Product pom artifactid apache.felix.framework Highest Product jar package name filter Highest Product jar package name startlevel Highest Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest Bundle-Name Apache Felix Framework Medium Product jar package name service Highest Product pom parent-groupid org.apache.felix Medium Product jar package name packageadmin Highest Product jar package name framework Highest Version Manifest Bundle-Version 6.0.3 High Version pom parent-version 6.0.3 Low Version pom version 6.0.3 Highest Version file version 6.0.3 High
org.apache.felix.main-6.0.3.jarDescription:
OSGi R6 framework. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/felix/org.apache.felix.main/6.0.3/org.apache.felix.main-6.0.3.jar
MD5: 913efb471f201c4692c469ef13a2fe3b
SHA1: 9a6cbba44a72bb04411edf8b154c862e27209e8a
SHA256: 9bfa481d52b1d7724bcdebfd8cca7b17d75b35ebc04aa44b705bf47fbd322f3f
Referenced In Projects/Scopes: Struts 2 OSGi Demo Bundle:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Assembly:compile Struts 2 OSGi Plugin:compile Evidence Type Source Name Value Confidence Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom parent-artifactid felix-parent Low Vendor jar package name apache Highest Vendor pom artifactid apache.felix.main Low Vendor Manifest bundle-symbolicname org.apache.felix.main Medium Vendor jar package name felix Highest Vendor file name org.apache.felix.main High Vendor pom groupid apache.felix Highest Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor pom name Apache Felix Main High Vendor jar package name main Highest Vendor pom parent-groupid org.apache.felix Medium Vendor pom groupid org.apache.felix Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product jar package name apache Highest Product Manifest bundle-symbolicname org.apache.felix.main Medium Product pom parent-artifactid felix-parent Medium Product jar package name felix Highest Product Manifest Bundle-Name Apache Felix Medium Product pom artifactid org.apache.felix.main Highest Product jar package name version Highest Product file name org.apache.felix.main High Product jar package name osgi Highest Product pom groupid apache.felix Highest Product jar package name filter Highest Product Manifest bundle-docurl https://www.apache.org/ Low Product pom name Apache Felix Main High Product pom artifactid apache.felix.main Highest Product jar package name main Highest Product pom parent-groupid org.apache.felix Medium Product jar package name framework Highest Version Manifest Bundle-Version 6.0.3 High Version pom parent-version 6.0.3 Low Version pom version 6.0.3 Highest Version file version 6.0.3 High
org.apache.felix.shell-1.4.3.jarDescription:
A simple OSGi command shell service. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/felix/org.apache.felix.shell/1.4.3/org.apache.felix.shell-1.4.3.jar
MD5: 96087ecf21dd1e9824193439fbe57dff
SHA1: 649b5b55c6c5388654eee75706f1258e1e307ddb
SHA256: c53e2f82de7c427b63dbbf911b8b890386f4ab1238d6cfe8945b10f01dd8aa04
Referenced In Projects/Scopes: Struts 2 OSGi Demo Bundle:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Assembly:compile Struts 2 OSGi Plugin:compile Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname org.apache.felix.shell Medium Vendor jar package name command Highest Vendor pom name Apache Felix Shell Service High Vendor pom parent-artifactid felix-parent Low Vendor jar package name apache Highest Vendor jar package name felix Highest Vendor pom artifactid apache.felix.shell Low Vendor jar package name osgi Highest Vendor pom groupid apache.felix Highest Vendor file name org.apache.felix.shell High Vendor pom parent-groupid org.apache.felix Medium Vendor jar package name service Highest Vendor jar package name shell Highest Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor pom groupid org.apache.felix Highest Product jar package name command Highest Product Manifest bundle-symbolicname org.apache.felix.shell Medium Product pom name Apache Felix Shell Service High Product jar package name apache Highest Product pom parent-artifactid felix-parent Medium Product jar package name felix Highest Product pom artifactid apache.felix.shell Highest Product jar package name osgi Highest Product pom groupid apache.felix Highest Product Manifest Bundle-Name Apache Felix Shell Service Medium Product file name org.apache.felix.shell High Product jar package name service Highest Product pom parent-groupid org.apache.felix Medium Product jar package name shell Highest Product pom artifactid org.apache.felix.shell Highest Product Manifest bundle-docurl http://www.apache.org/ Low Version pom parent-version 1.4.3 Low Version Manifest Bundle-Version 1.4.3 High Version pom version 1.4.3 Highest Version file version 1.4.3 High
org.apache.felix.shell.tui-1.4.1.jarDescription:
A simple textual user interface for Felix' shell service. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/felix/org.apache.felix.shell.tui/1.4.1/org.apache.felix.shell.tui-1.4.1.jar
MD5: bf656be67e35a832a4d07cf88bfeef6b
SHA1: 7184b6c9089ffcfb0da269a2cd50ce386f5dc335
SHA256: 87c42aea8a6b6e2fd7ece9eaea855f83c51eba76f6636a9602ca94b20045c69a
Referenced In Projects/Scopes: Struts 2 OSGi Demo Bundle:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Assembly:compile Struts 2 OSGi Plugin:compile Evidence Type Source Name Value Confidence Vendor pom parent-artifactid felix-parent Low Vendor jar package name apache Highest Vendor jar package name felix Highest Vendor file name org.apache.felix.shell.tui High Vendor Manifest bundle-docurl http://felix.apache.org/site/apache-felix-shell-tui.html Low Vendor pom groupid apache.felix Highest Vendor Manifest bundle-symbolicname org.apache.felix.shell.tui Medium Vendor pom name Apache Felix Shell TUI High Vendor jar package name tui Highest Vendor pom parent-groupid org.apache.felix Medium Vendor pom artifactid apache.felix.shell.tui Low Vendor jar package name shell Highest Vendor pom groupid org.apache.felix Highest Product jar package name apache Highest Product pom parent-artifactid felix-parent Medium Product jar package name felix Highest Product file name org.apache.felix.shell.tui High Product Manifest bundle-docurl http://felix.apache.org/site/apache-felix-shell-tui.html Low Product pom groupid apache.felix Highest Product pom artifactid apache.felix.shell.tui Highest Product Manifest bundle-symbolicname org.apache.felix.shell.tui Medium Product pom name Apache Felix Shell TUI High Product jar package name tui Highest Product pom parent-groupid org.apache.felix Medium Product Manifest Bundle-Name Apache Felix Shell TUI Medium Product pom artifactid org.apache.felix.shell.tui Highest Product jar package name shell Highest Version pom parent-version 1.4.1 Low Version file version 1.4.1 High Version pom version 1.4.1 Highest Version Manifest Bundle-Version 1.4.1 High
org.osgi.compendium-4.0.0.jarFile Path: /Users/lukaszlenart/.m2/repository/org/osgi/org.osgi.compendium/4.0.0/org.osgi.compendium-4.0.0.jarMD5: c8d708edb0a365a4a0ff63b9fcf74e38SHA1: 70d04381dfa21ddb4f1fd82e1f62623632890b48SHA256: ba23461e878cff259ef958f0b739e4f423fe1566ab1c02c21927991ecf95ad72Referenced In Projects/Scopes:
Struts 2 OSGi Demo Bundle:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Assembly:compile Struts 2 OSGi Plugin:compile Evidence Type Source Name Value Confidence Vendor pom groupid osgi Highest Vendor jar package name osgi Low Vendor pom artifactid osgi.compendium Low Vendor pom groupid org.osgi Highest Vendor file name org.osgi.compendium High Vendor jar package name osgi Highest Vendor jar package name service Low Product pom groupid osgi Highest Product pom artifactid osgi.compendium Highest Product pom artifactid org.osgi.compendium Highest Product file name org.osgi.compendium High Product jar package name osgi Highest Product jar package name service Low Version pom version 4.0.0 Highest Version file version 4.0.0 High
org.osgi.core-4.3.1.jarDescription:
OSGi Service Platform Release 4 Version 4.3, Core Interfaces
and Classes for use in compiling bundles.
License:
Apache License, Version 2.0
:
http://opensource.org/licenses/apache2.0.php
File Path: /Users/lukaszlenart/.m2/repository/org/osgi/org.osgi.core/4.3.1/org.osgi.core-4.3.1.jar
MD5: 8053bbc1b55d51f5abae005625209d08
SHA1: 5458ffe2ba049e76c29f2df2dc3ffccddf8b839e
SHA256: 10dad99322b2081015749e2d21538a4a9bc4cb3699d3b7b41ce452a544b09abe
Referenced In Projects/Scopes: Struts 2 OSGi Demo Bundle:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Assembly:compile Struts 2 OSGi Plugin:compile Evidence Type Source Name Value Confidence Vendor Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2012). All Rights Reserved. Low Vendor pom organization url
http://www.osgi.org
Medium Vendor pom groupid org.osgi Highest Vendor pom organization name
OSGi Alliance
High Vendor jar package name version Highest Vendor pom groupid
org.osgi
Highest Vendor jar package name osgi Highest Vendor pom artifactid
org.osgi.core
Low Vendor pom name
osgi.core
High Vendor jar package name service Highest Vendor Manifest bundle-symbolicname osgi.core Medium Vendor file name org.osgi.core High Vendor pom url
http://www.osgi.org
Highest Product Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2012). All Rights Reserved. Low Product pom url
http://www.osgi.org
Medium Product pom artifactid org.osgi.core Highest Product jar package name version Highest Product Manifest Bundle-Name osgi.core Medium Product pom groupid
org.osgi
Highest Product jar package name osgi Highest Product pom artifactid
org.osgi.core
Highest Product pom name
osgi.core
High Product pom organization url
http://www.osgi.org
Low Product pom organization name
OSGi Alliance
Low Product jar package name service Highest Product Manifest bundle-symbolicname osgi.core Medium Product file name org.osgi.core High Version pom version
4.3.1
Highest
oval-1.90.jarDescription:
OVal is a pragmatic and extensible validation framework for any kind of Java objects (not only JavaBeans).
Constraints can be declared with annotations (@NotNull, @MaxLength), POJOs or XML.
Custom constraints can be expressed as custom Java classes or by using scripting languages such as JavaScript, Groovy, BeanShell, OGNL or MVEL.
Besides field/property validation OVal implements Programming by Contract features by utilizing AspectJ based aspects. This for example allows runtime validation of method arguments. License:
Eclipse Public License 1.0: http://www.spdx.org/licenses/EPL-1.0 File Path: /Users/lukaszlenart/.m2/repository/net/sf/oval/oval/1.90/oval-1.90.jar
MD5: 356793921c338506b56bda9a113d2f4e
SHA1: 1827d5ad7c049ba0618c8c8f36ecced1db3e75b0
SHA256: b61418a77abb2c16dc2d7fc8146e50164a79415b22dc7e54553bd5376418b198
Referenced In Projects/Scopes: Struts 2 Assembly:compile Struts 2 OVal Plugin:compile Evidence Type Source Name Value Confidence Vendor Manifest specification-url http://oval.sf.net Low Vendor Manifest Implementation-Vendor High Vendor Manifest bundle-symbolicname net.sf.oval;singleton:=true Medium Vendor pom name OVal High Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest Implementation-Vendor-Id net.sf.oval Medium Vendor pom url http://oval.sf.net Highest Vendor Manifest specification-vendor Low Vendor jar package name constraints Highest Vendor pom artifactid oval Low Vendor jar package name oval Highest Vendor Manifest implementation-url http://oval.sf.net Low Vendor jar package name sf Highest Vendor jar package name validation Highest Vendor jar package name net Highest Vendor pom groupid net.sf.oval Highest Vendor Manifest eclipse-lazystart true Low Vendor Manifest require-bundle org.aspectj.runtime;bundle-version="1.6.0";resolution:=optional,org.apache.commons.logging;resolution:=optional,org.apache.commons.jexl;resolution:=optional,org.apache.log4j;resolution:=optional,org.codehaus.groovy;resolution:=optional,org.thoughtworks.paranamer;resolution:=optional,org.thoughtworks.xstream;resolution:=optional,org.mvel;resolution:=optional,org.mozilla.javascript;resolution:=optional,org.jruby;resolution:=optional,org.springframework.bundle.spring;resolution:=optional Low Vendor file name oval High Vendor Manifest eclipse-buddypolicy registered Low Product Manifest specification-url http://oval.sf.net Low Product Manifest bundle-symbolicname net.sf.oval;singleton:=true Medium Product pom name OVal High Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest Bundle-Name OVal - the Object Validation Framework for Java 5 or later Medium Product jar package name constraints Highest Product jar package name logging Highest Product jar package name oval Highest Product Manifest implementation-url http://oval.sf.net Low Product jar package name sf Highest Product Manifest specification-title OVal Medium Product jar package name validation Highest Product jar package name net Highest Product pom artifactid oval Highest Product Manifest eclipse-lazystart true Low Product pom groupid net.sf.oval Highest Product pom url http://oval.sf.net Medium Product Manifest require-bundle org.aspectj.runtime;bundle-version="1.6.0";resolution:=optional,org.apache.commons.logging;resolution:=optional,org.apache.commons.jexl;resolution:=optional,org.apache.log4j;resolution:=optional,org.codehaus.groovy;resolution:=optional,org.thoughtworks.paranamer;resolution:=optional,org.thoughtworks.xstream;resolution:=optional,org.mvel;resolution:=optional,org.mozilla.javascript;resolution:=optional,org.jruby;resolution:=optional,org.springframework.bundle.spring;resolution:=optional Low Product file name oval High Product Manifest eclipse-buddypolicy registered Low Product Manifest Implementation-Title OVal High Version file version 1.90 High Version Manifest Bundle-Version 1.90 High Version Manifest Implementation-Version 1.90 High Version pom version 1.90 Highest
pkg:maven/net.sf.oval/oval@1.90 (Confidence :High)cpe:2.3:a:apache:groovy:1.90:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:apache:log4j:1.90:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:jruby:jruby:1.90:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:xstream_project:xstream:1.90:*:*:*:*:*:*:* (Confidence :Low) suppress Published Vulnerabilities CVE-2016-6497 suppress
main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods. CWE-254 7PK - Security Features
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions:
CVE-2016-6814 suppress
When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
plexus-container-default-1.0-alpha-10.jarFile Path: /Users/lukaszlenart/.m2/repository/org/codehaus/plexus/plexus-container-default/1.0-alpha-10/plexus-container-default-1.0-alpha-10.jarMD5: 110aaa0c629787cb95e1137bd7ad4b93SHA1: 575e5663d175c8f112f654bc2f2a3db4077c74e0SHA256: 25b0e6c0c5b2b2b5be3d3d228020abd4fb5b438ddbf11c352674ba9637d576adReferenced In Projects/Scopes:
Struts 2 Plexus Plugin:compile Struts 2 Assembly:compile Evidence Type Source Name Value Confidence Vendor file name plexus-container-default High Vendor jar package name component Low Vendor jar package name codehaus Low Vendor jar package name container Highest Vendor pom artifactid plexus-container-default Low Vendor jar package name codehaus Highest Vendor jar package name plexus Highest Vendor pom groupid org.codehaus.plexus Highest Vendor pom parent-groupid org.codehaus.plexus Medium Vendor pom name Default Plexus Container High Vendor pom groupid codehaus.plexus Highest Vendor pom parent-artifactid plexus-containers Low Vendor jar package name plexus Low Product jar package name codehaus Highest Product jar package name plexus Highest Product pom parent-artifactid plexus-containers Medium Product file name plexus-container-default High Product pom parent-groupid org.codehaus.plexus Medium Product pom name Default Plexus Container High Product jar package name component Low Product pom groupid codehaus.plexus Highest Product jar package name container Highest Product pom artifactid plexus-container-default Highest Product jar package name plexus Low Version pom parent-version 1.0-alpha-10 Low Version pom version 1.0-alpha-10 Highest
plexus-utils-1.2.jarFile Path: /Users/lukaszlenart/.m2/repository/org/codehaus/plexus/plexus-utils/1.2/plexus-utils-1.2.jarMD5: 4e05dbd6dbfdf2e976921e80079f9d38SHA1: 9756b92f7f380e4372d1e34f7d194bc0a5767849SHA256: 990608ac834a8762e9272c65404aeeee68325199b7eb10f63b22a06535fcb90cReferenced In Projects/Scopes:
Struts 2 Plexus Plugin:compile Struts 2 Assembly:compile Evidence Type Source Name Value Confidence Vendor pom artifactid plexus-utils Low Vendor Manifest specification-vendor Codehaus Low Vendor pom name Plexus Common Utilities High Vendor jar package name plexus Highest Vendor jar package name codehaus Highest Vendor pom parent-artifactid plexus Low Vendor pom groupid org.codehaus.plexus Highest Vendor Manifest extension-name plexus-utils Medium Vendor pom parent-groupid org.codehaus.plexus Medium Vendor file name plexus-utils High Vendor Manifest Implementation-Vendor Codehaus High Vendor pom groupid codehaus.plexus Highest Product jar package name plexus Highest Product jar package name codehaus Highest Product pom artifactid plexus-utils Highest Product Manifest Implementation-Title plexus-utils High Product Manifest extension-name plexus-utils Medium Product pom parent-groupid org.codehaus.plexus Medium Product file name plexus-utils High Product pom parent-artifactid plexus Medium Product pom groupid codehaus.plexus Highest Product pom name Plexus Common Utilities High Version pom parent-version 1.2 Low Version pom version 1.2 Highest Version Manifest Implementation-Version 1.2 High Version file version 1.2 High
portlet-api-2.0.jarDescription:
The Java Portlet API version 2.0 developed by the Java Community Process JSR-286 Expert Group. File Path: /Users/lukaszlenart/.m2/repository/javax/portlet/portlet-api/2.0/portlet-api-2.0.jarMD5: 0ec08593cda1df33985391919996c740SHA1: 1cd72f2a37fcf8ab9893a9468d7ba71c85fe2653SHA256: c990cb5ece82f97e18847ab07fa1569d1dd5f80f166f27c979a075c60bb361d0Referenced In Project/Scope: Struts 2 JUnit Plugin:compile
Evidence Type Source Name Value Confidence Vendor file name portlet-api High Vendor pom groupid javax.portlet Highest Vendor jar package name javax Highest Vendor pom name Java Portlet Specification V2.0 High Vendor Manifest bundle-docurl http://www.jcp.org/en/jsr/detail?id=286 Low Vendor pom artifactid portlet-api Low Vendor Manifest bundle-symbolicname javax.portlet Medium Vendor pom url http://www.jcp.org/en/jsr/detail?id=286 Highest Vendor jar package name portlet Highest Product file name portlet-api High Product pom artifactid portlet-api Highest Product pom url http://www.jcp.org/en/jsr/detail?id=286 Medium Product pom groupid javax.portlet Highest Product jar package name javax Highest Product pom name Java Portlet Specification V2.0 High Product Manifest Bundle-Name JSR 286 Medium Product Manifest bundle-docurl http://www.jcp.org/en/jsr/detail?id=286 Low Product Manifest bundle-symbolicname javax.portlet Medium Product jar package name portlet Highest Version file version 2.0 High Version pom version 2.0 Highest
prettify.jsFile Path: /Users/lukaszlenart/Projects/Apache/struts/apps/showcase/src/main/webapp/js/prettify.jsMD5: 709bfcc456c694bfe8ee86d184a1c360SHA1: a4e5934397f97f79b8066984475c90af8a970a36SHA256: e2e576e3bc607cd179ff511947010f645d3441a35313aec0dbd06c4437f83b77Referenced In Project/Scope: Struts 2 Showcase Webapp
Evidence Type Source Name Value Confidence
shell.jsFile Path: /Users/lukaszlenart/Projects/Apache/struts/bundles/admin/src/main/resources/static/js/shell.jsMD5: ebed3f28e18db2fa1e37a1762758e020SHA1: 23878d8bd360f9e2cda65720df197367b8a43b6dSHA256: 3c0007fc1d5003847131e9c18f976a79da5e01d7cda43839403d7dda067d500aReferenced In Project/Scope: Struts 2 OSGi Admin Bundle
Evidence Type Source Name Value Confidence
Related Dependencies struts2-osgi-admin-bundle-2.6-SNAPSHOT.jar: shell.jsFile Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-osgi-admin-bundle/2.6-SNAPSHOT/struts2-osgi-admin-bundle-2.6-SNAPSHOT.jar/static/js/shell.js MD5: ebed3f28e18db2fa1e37a1762758e020 SHA1: 23878d8bd360f9e2cda65720df197367b8a43b6d SHA256: 3c0007fc1d5003847131e9c18f976a79da5e01d7cda43839403d7dda067d500a sitemesh-2.4.2.jarDescription:
SiteMesh is a web-page layout and decoration framework and web- application integration framework to aid in creating large sites consisting of many pages for which a consistent look/feel, navigation and layout scheme is required. License:
The Apache Software License, Version 1.1: http://www.opensymphony.com/sitemesh/license.action File Path: /Users/lukaszlenart/.m2/repository/opensymphony/sitemesh/2.4.2/sitemesh-2.4.2.jar
MD5: b9cd6bb5c6e34555ae430d9c2f2441ba
SHA1: 4cb3b08c96553b0f4595a80917838ca302f67f3f
SHA256: 0d7933ae628a7198f8bb267e27f348f8cbe7c74083c25172dffaa0245b2bf056
Referenced In Projects/Scopes: Struts 2 Showcase Webapp:compile Struts 2 Assembly:compile Struts 2 Sitemesh Plugin:compile Evidence Type Source Name Value Confidence Vendor file name sitemesh High Vendor jar package name sitemesh Highest Vendor pom artifactid sitemesh Low Vendor jar package name module Low Vendor pom organization url http://www.opensymphony.com Medium Vendor jar package name opensymphony Low Vendor pom groupid opensymphony Highest Vendor pom name Sitemesh High Vendor jar package name page Highest Vendor pom organization name Opensymphony High Vendor jar package name opensymphony Highest Vendor jar package name sitemesh Low Vendor pom url http://www.opensymphony.com/sitemesh Highest Product pom url http://www.opensymphony.com/sitemesh Medium Product file name sitemesh High Product jar package name sitemesh Highest Product pom artifactid sitemesh Highest Product pom organization url http://www.opensymphony.com Low Product jar package name module Low Product pom groupid opensymphony Highest Product pom name Sitemesh High Product jar package name page Highest Product jar package name opensymphony Highest Product pom organization name Opensymphony Low Product jar package name sitemesh Low Version pom version 2.4.2 Highest Version file version 2.4.2 High
slf4j-api-1.7.30.jarDescription:
The slf4j API File Path: /Users/lukaszlenart/.m2/repository/org/slf4j/slf4j-api/1.7.30/slf4j-api-1.7.30.jarMD5: f8be00da99bc4ab64c79ab1e2be7cb7cSHA1: b5a4b6d16ab13e34a88fae84c35cd5d68cac922cSHA256: cdba07964d1bb40a0761485c6b1e8c2f8fd9eb1d19c53928ac0d7f9510105c57Referenced In Projects/Scopes:
Struts 2 JUnit Plugin:compile Struts 2 Rest Showcase Webapp:compile Struts 2 OSGi Demo Bundle:compile Struts 2 Velocity Plugin:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Configuration Browser Plugin:compile DEPRECATED: Struts 2 Embedded JSP Plugin:compile Struts 2 Sitemesh Plugin:compile Struts 2 Portlet Plugin:compile Struts 2 Showcase Webapp:compile Struts 2 Tiles Plugin:compile Struts 2 Assembly:compile Struts 2 Core:compile Struts 2 Portlet Tiles Plugin:compile Struts 2 OSGi Plugin:compile Evidence Type Source Name Value Confidence Vendor Manifest automatic-module-name org.slf4j Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor pom parent-artifactid slf4j-parent Low Vendor pom name SLF4J API Module High Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor pom artifactid slf4j-api Low Vendor pom url http://www.slf4j.org Highest Vendor jar package name slf4j Highest Vendor file name slf4j-api High Vendor pom parent-groupid org.slf4j Medium Vendor pom groupid org.slf4j Highest Vendor pom groupid slf4j Highest Product pom url http://www.slf4j.org Medium Product Manifest automatic-module-name org.slf4j Medium Product Manifest Implementation-Title slf4j-api High Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest Bundle-Name slf4j-api Medium Product pom name SLF4J API Module High Product pom parent-artifactid slf4j-parent Medium Product Manifest bundle-symbolicname slf4j.api Medium Product jar package name slf4j Highest Product file name slf4j-api High Product pom parent-groupid org.slf4j Medium Product pom artifactid slf4j-api Highest Product pom groupid slf4j Highest Version pom version 1.7.30 Highest Version Manifest Implementation-Version 1.7.30 High Version Manifest Bundle-Version 1.7.30 High Version file version 1.7.30 High
slf4j-simple-1.7.30.jarDescription:
SLF4J Simple binding File Path: /Users/lukaszlenart/.m2/repository/org/slf4j/slf4j-simple/1.7.30/slf4j-simple-1.7.30.jarMD5: 6577a4799237b81bc9bdc153d6347c30SHA1: e606eac955f55ecf1d8edcccba04eb8ac98088ddSHA256: 8b9279cbff6b9f88594efae3cf02039b6995030eec023ed43928748c41670feeReferenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor pom parent-artifactid slf4j-parent Low Vendor pom artifactid slf4j-simple Low Vendor Manifest automatic-module-name org.slf4j.simple Medium Vendor Manifest bundle-symbolicname slf4j.simple Medium Vendor pom url http://www.slf4j.org Highest Vendor jar package name slf4j Highest Vendor pom parent-groupid org.slf4j Medium Vendor pom groupid org.slf4j Highest Vendor file name slf4j-simple High Vendor pom name SLF4J Simple Binding High Vendor pom groupid slf4j Highest Product pom url http://www.slf4j.org Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product pom artifactid slf4j-simple Highest Product pom parent-artifactid slf4j-parent Medium Product Manifest Bundle-Name slf4j-simple Medium Product Manifest automatic-module-name org.slf4j.simple Medium Product Manifest bundle-symbolicname slf4j.simple Medium Product jar package name slf4j Highest Product pom parent-groupid org.slf4j Medium Product file name slf4j-simple High Product Manifest Implementation-Title slf4j-simple High Product pom name SLF4J Simple Binding High Product pom groupid slf4j Highest Version pom version 1.7.30 Highest Version Manifest Implementation-Version 1.7.30 High Version Manifest Bundle-Version 1.7.30 High Version file version 1.7.30 High
snakeyaml-1.21.jarDescription:
YAML 1.1 parser and emitter for Java License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/yaml/snakeyaml/1.21/snakeyaml-1.21.jar
MD5: b16142890b39db3ff828085f56845b51
SHA1: 18775fdda48574784f40b47bf478ab0593f92e4d
SHA256: e43cb0683f70804b833dfaa5ac032ff14ba0c758d4a1e9eaeb6640515df83faf
Referenced In Projects/Scopes: Struts 2 Assembly:compile Struts 2 Core:compile Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname org.yaml.snakeyaml Medium Vendor pom url http://www.snakeyaml.org Highest Vendor pom name SnakeYAML High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom artifactid snakeyaml Low Vendor pom groupid yaml Highest Vendor jar package name parser Highest Vendor jar package name emitter Highest Vendor file name snakeyaml High Vendor jar package name snakeyaml Highest Vendor jar package name yaml Highest Vendor pom groupid org.yaml Highest Product Manifest bundle-symbolicname org.yaml.snakeyaml Medium Product pom name SnakeYAML High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom groupid yaml Highest Product jar package name parser Highest Product pom artifactid snakeyaml Highest Product jar package name emitter Highest Product file name snakeyaml High Product jar package name snakeyaml Highest Product pom url http://www.snakeyaml.org Medium Product jar package name yaml Highest Product Manifest Bundle-Name SnakeYAML Medium Version pom version 1.21 Highest Version file version 1.21 High
spring-core-4.3.26.RELEASE.jarDescription:
Spring Core License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /Users/lukaszlenart/.m2/repository/org/springframework/spring-core/4.3.26.RELEASE/spring-core-4.3.26.RELEASE.jar
MD5: ec39a4f76633c98bc4819e397355b8aa
SHA1: a8b090664504b833e2d5d1e6863138cee1239681
SHA256: 70ae68ce99fdb11afaaac6487b39b59b7a8db6ecd5f8a2c01181b7b9c3b15a1d
Referenced In Projects/Scopes: Struts 2 JUnit Plugin:compile Struts 2 Portlet Plugin:compile Struts 2 TestNG Plugin:compile Struts 2 REST Plugin:compile Struts 2 Portlet Mocks Plugin:compile Struts 2 Showcase Webapp:compile Struts 2 Spring Plugin:compile Struts 2 Assembly:compile Struts 2 Core:compile Evidence Type Source Name Value Confidence Vendor pom groupid springframework Highest Vendor pom artifactid spring-core Low Vendor pom groupid org.springframework Highest Vendor pom organization name Spring IO High Vendor file name spring-core High Vendor pom organization url https://projects.spring.io/spring-framework Medium Vendor hint analyzer vendor vmware Highest Vendor jar package name io Highest Vendor hint analyzer vendor pivotal software Highest Vendor jar package name springframework Highest Vendor pom url spring-projects/spring-framework Highest Vendor pom name Spring Core High Vendor hint analyzer vendor SpringSource Highest Vendor jar package name core Highest Product pom groupid springframework Highest Product hint analyzer product springsource_spring_framework Highest Product file name spring-core High Product pom artifactid spring-core Highest Product jar package name io Highest Product pom organization name Spring IO Low Product Manifest Implementation-Title spring-core High Product jar package name springframework Highest Product pom organization url https://projects.spring.io/spring-framework Low Product pom url spring-projects/spring-framework High Product pom name Spring Core High Product jar package name core Highest Version pom version 4.3.26.RELEASE Highest Version Manifest Implementation-Version 4.3.26.RELEASE High
Related Dependencies spring-beans-4.3.26.RELEASE.jarFile Path: /Users/lukaszlenart/.m2/repository/org/springframework/spring-beans/4.3.26.RELEASE/spring-beans-4.3.26.RELEASE.jar MD5: 1510412e1af00c1beabe47f87e6c1777 SHA1: 536bb74d60a86882c58bd6f63a82e5760261c37f SHA256: fd7d135ee5dfa3d72ba4f195ba42127b84968c3bc12fb1a2496512778f5b3c77 pkg:maven/org.springframework/spring-beans@4.3.26.RELEASE spring-expression-4.3.26.RELEASE.jarFile Path: /Users/lukaszlenart/.m2/repository/org/springframework/spring-expression/4.3.26.RELEASE/spring-expression-4.3.26.RELEASE.jar MD5: 17f4d8bb75f966e57df82bd27396fc4a SHA1: 52e4f81cff6b604db4a0a664c452a9e222841f87 SHA256: 9d64c105349a571dc3c42057ba0bebc6da4fa1d58dce2faf8260aab7ed90a83e pkg:maven/org.springframework/spring-expression@4.3.26.RELEASE spring-webmvc-4.3.26.RELEASE.jarFile Path: /Users/lukaszlenart/.m2/repository/org/springframework/spring-webmvc/4.3.26.RELEASE/spring-webmvc-4.3.26.RELEASE.jar MD5: 7e848aaf6dbd4a3a34c553dedef732cf SHA1: 1a5e9c57e9ebf4de5948899e48f7e83adfe343a5 SHA256: d9d956555fa01b3969d0ca60b730c25f9162aa950995d76a1f8407adc6caf75c pkg:maven/org.springframework/spring-webmvc@4.3.26.RELEASE spring-web-4.3.26.RELEASE.jarFile Path: /Users/lukaszlenart/.m2/repository/org/springframework/spring-web/4.3.26.RELEASE/spring-web-4.3.26.RELEASE.jar MD5: 9d556ced11008277e89bf1a8c4ac8686 SHA1: 9c17e176b359da9e8b3eb69b97c0607aafe85543 SHA256: 8e37c8c6063c6436a582e344904cc5302d7b5459ea6c050afb04de88ca2039e3 pkg:maven/org.springframework/spring-web@4.3.26.RELEASE spring-context-4.3.26.RELEASE.jarFile Path: /Users/lukaszlenart/.m2/repository/org/springframework/spring-context/4.3.26.RELEASE/spring-context-4.3.26.RELEASE.jar MD5: 008d9631dcd62027c49715aea5de2476 SHA1: 7c91199fb7086d02febf7f6ec19c41644e4ca29a SHA256: d371617271d3567bad8ce52722ace120579698664be7f0809b14f1927398ebdc pkg:maven/org.springframework/spring-context@4.3.26.RELEASE spring-test-4.3.26.RELEASE.jarFile Path: /Users/lukaszlenart/.m2/repository/org/springframework/spring-test/4.3.26.RELEASE/spring-test-4.3.26.RELEASE.jar MD5: 2bd1645c9b39b85bf74174a6c95e24c5 SHA1: 60921b6c34f3bf7ccd7845708adee8c30998d226 SHA256: a9fb06a6c06d3742ade19cae7ae56946c7555311ee6ccd5fd0f578865cd4d319 pkg:maven/org.springframework/spring-test@4.3.26.RELEASE spring-aspects-4.3.26.RELEASE.jarFile Path: /Users/lukaszlenart/.m2/repository/org/springframework/spring-aspects/4.3.26.RELEASE/spring-aspects-4.3.26.RELEASE.jar MD5: e2ae7614d84f301ce49e50a66c319167 SHA1: 71835425a87eacdd4f9b6c5afdd07013721fb385 SHA256: 713d3b7d098d9d257e4dc3722eb85c7154d4b49b7fafd97e1124b0688674069d pkg:maven/org.springframework/spring-aspects@4.3.26.RELEASE spring-aop-4.3.26.RELEASE.jarFile Path: /Users/lukaszlenart/.m2/repository/org/springframework/spring-aop/4.3.26.RELEASE/spring-aop-4.3.26.RELEASE.jar MD5: a1f6737fa66b99284c5fb16b96696014 SHA1: 098f5eb6a6b3a2c2e6ee9eacd016a953c54fd3a3 SHA256: bd12ca116d9094efbd98ae1539b18014c7e48cf3ca2efc2022295ac1aeb5c15b pkg:maven/org.springframework/spring-aop@4.3.26.RELEASE spring-context-support-4.3.26.RELEASE.jarFile Path: /Users/lukaszlenart/.m2/repository/org/springframework/spring-context-support/4.3.26.RELEASE/spring-context-support-4.3.26.RELEASE.jar MD5: c6d18673bcb0f2f5eefa8410565269b0 SHA1: a730ce14c0c5fe6921f3783aa14613a9d4ebc2fc SHA256: f402af7dc51cac89a48f5ace9d7c34316292e28117c913671caa2d2beb781518 pkg:maven/org.springframework/spring-context-support@4.3.26.RELEASE spring-webmvc-portlet-4.3.26.RELEASE.jarFile Path: /Users/lukaszlenart/.m2/repository/org/springframework/spring-webmvc-portlet/4.3.26.RELEASE/spring-webmvc-portlet-4.3.26.RELEASE.jar MD5: 718259d1b46ec0b03a349dad7d734440 SHA1: 4d1f862ed717b88a2a582ac13de0312c3b314fc8 SHA256: 282a7cd7685e3bb7b477835cdd41cc01bf472009e27c7a892acc4ed70a1a182b pkg:maven/org.springframework/spring-webmvc-portlet@4.3.26.RELEASE stax2-api-4.2.jarDescription:
tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API.
License:
The BSD License: http://www.opensource.org/licenses/bsd-license.php File Path: /Users/lukaszlenart/.m2/repository/org/codehaus/woodstox/stax2-api/4.2/stax2-api-4.2.jar
MD5: 5d22fe6dbb276d1fd6dab40c386a4f0a
SHA1: 13c2b30926bca0429c704c4b4ca0b5d0432b69cd
SHA256: badf6081a0bb526fd2c01951dfefad91b6846b6dd0eb0048587e30d1dd334e68
Referenced In Projects/Scopes: Struts 2 Rest Showcase Webapp:compile Struts 2 REST Plugin:compile Evidence Type Source Name Value Confidence Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest implementation-build-date 2019-03-13 04:03:16+0000 Low Vendor pom parent-artifactid oss-parent Low Vendor pom groupid codehaus.woodstox Highest Vendor pom organization name fasterxml.com High Vendor Manifest specification-vendor fasterxml.com Low Vendor pom groupid org.codehaus.woodstox Highest Vendor jar package name stax2 Highest Vendor jar package name typed Highest Vendor Manifest Implementation-Vendor-Id org.codehaus.woodstox Medium Vendor Manifest bundle-docurl http://github.com/FasterXML/stax2-api Low Vendor pom parent-groupid com.fasterxml Medium Vendor pom artifactid stax2-api Low Vendor jar package name codehaus Highest Vendor pom name Stax2 API High Vendor Manifest automatic-module-name org.codehaus.stax2 Medium Vendor jar package name validation Highest Vendor Manifest Implementation-Vendor fasterxml.com High Vendor pom organization url http://fasterxml.com Medium Vendor file name stax2-api High Vendor pom url http://github.com/FasterXML/stax2-api Highest Vendor Manifest bundle-symbolicname stax2-api Medium Product Manifest Implementation-Title Stax2 API High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest implementation-build-date 2019-03-13 04:03:16+0000 Low Product pom groupid codehaus.woodstox Highest Product pom artifactid stax2-api Highest Product jar package name stax2 Highest Product jar package name typed Highest Product pom url http://github.com/FasterXML/stax2-api Medium Product jar package name osgi Highest Product pom parent-artifactid oss-parent Medium Product pom organization url http://fasterxml.com Low Product pom organization name fasterxml.com Low Product Manifest specification-title Stax2 API Medium Product Manifest bundle-docurl http://github.com/FasterXML/stax2-api Low Product pom parent-groupid com.fasterxml Medium Product jar package name codehaus Highest Product pom name Stax2 API High Product Manifest automatic-module-name org.codehaus.stax2 Medium Product jar package name validation Highest Product Manifest Bundle-Name Stax2 API Medium Product file name stax2-api High Product Manifest bundle-symbolicname stax2-api Medium Version pom parent-version 4.2 Low Version file version 4.2 High Version Manifest Implementation-Version 4.2 High Version pom version 4.2 Highest
struts-annotations-1.0.7.jarDescription:
struts-annotations adds annotations processor support for struts based annotated projects,
such as TLD and documentation generation from annotated component classes as used in struts2
File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts-annotations/1.0.7/struts-annotations-1.0.7.jarMD5: cde5d067c06bf2cd8fe0742d8c4d461eSHA1: 3fe2a1266e5224b66ade1cc57b92b178023a4ae9SHA256: f7dc6b8f8536bcf29bc1cbd58099c560f2313450340d2505686be214c5931cddReferenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor file name struts-annotations High Vendor pom groupid apache.struts Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor pom parent-artifactid struts-master Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom artifactid struts-annotations Low Vendor jar package name annotations Highest Vendor pom url http://struts.apache.org Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor jar package name struts Highest Vendor pom name Struts Annotations High Vendor pom groupid org.apache.struts Highest Vendor pom parent-groupid org.apache.struts Medium Product file name struts-annotations High Product pom groupid apache.struts Highest Product pom artifactid struts-annotations Highest Product jar package name apache Highest Product jar package name annotations Highest Product Manifest build-jdk-spec 1.8 Low Product jar package name struts Highest Product pom name Struts Annotations High Product Manifest specification-title Struts Annotations Medium Product pom url http://struts.apache.org Medium Product pom parent-groupid org.apache.struts Medium Product pom parent-artifactid struts-master Medium Product Manifest Implementation-Title Struts Annotations High Version file version 1.0.7 High Version Manifest Implementation-Version 1.0.7 High Version pom version 1.0.7 Highest Version pom parent-version 1.0.7 Low
struts2-core-2.6-SNAPSHOT.jarDescription:
Apache Struts 2 License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar
MD5: bdabb37e4b04f29f4ca390fa2aefce44
SHA1: 64a03701b6797529aaa7cb200f803b7b26c6bb3f
SHA256: e2932ae7ddfa0747221ea42a6d12263237248e3ab9c2ed12b162c13a06147183
Referenced In Projects/Scopes: Struts 2 Pell Multipart Plugin:compile Struts 2 Rest Showcase Webapp:compile Struts 2 Webapps:compile Struts 2 Plexus Plugin:compile Struts 2 JSON Plugin:compile DEPRECATED: Struts 2 Embedded JSP Plugin:compile Struts 2 Bean Validation Plugin:compile Struts 2 Java Templates Plugin:compile Struts 2 Async Plugin:compile Struts 2 Convention Plugin:compile Struts 2 CDI Plugin:compile Struts 2 Portlet Plugin:compile Struts 2 Plugins:compile Struts 2 Showcase Webapp:compile Struts 2 Tiles Plugin:compile Struts 2 Spring Plugin:compile Struts 2 Assembly:compile Struts 2 OSGi Plugin:compile Struts 2 GXP Plugin:compile Struts 2 OVal Plugin:compile Struts 2 JUnit Plugin:compile Struts 2 OSGi Bundles:compile Struts 2 OSGi Demo Bundle:compile Struts 2 REST Plugin:compile Struts 2 Velocity Plugin:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Portlet Mocks Plugin:compile Struts 2 Configuration Browser Plugin:compile Struts 2 Jasper Reports Plugin:compile Struts 2 Sitemesh Plugin:compile Struts 2 DWR Plugin:compile Struts 2 TestNG Plugin:compile Struts 2 JFreeChart Plugin:compile Struts 2 Portlet Tiles Plugin:compile Evidence Type Source Name Value Confidence Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor jar package name struts2 Highest Vendor Manifest implementation-url http://struts.apache.org/struts2-core/ Low Vendor pom groupid apache.struts Highest Vendor Manifest bundle-docurl http://www.apache.org Low Vendor jar package name apache Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid struts2-core Low Vendor Manifest Implementation-Vendor-Id org.apache.struts Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom name Struts 2 Core High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom parent-artifactid struts2-parent Low Vendor file name struts2-core High Vendor pom groupid org.apache.struts Highest Vendor Manifest bundle-symbolicname org.apache.struts.2-core Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor pom parent-groupid org.apache.struts Medium Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product jar package name struts2 Highest Product Manifest implementation-url http://struts.apache.org/struts2-core/ Low Product pom groupid apache.struts Highest Product pom parent-artifactid struts2-parent Medium Product Manifest bundle-docurl http://www.apache.org Low Product jar package name apache Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid struts2-core Highest Product Manifest build-jdk-spec 1.8 Low Product pom name Struts 2 Core High Product jar package name filter Highest Product Manifest Bundle-Name Struts 2 Core Medium Product file name struts2-core High Product Manifest bundle-symbolicname org.apache.struts.2-core Medium Product pom parent-groupid org.apache.struts Medium Product Manifest Implementation-Title Struts 2 Core High Product Manifest specification-title Struts 2 Core Medium Version Manifest Implementation-Version 2.6-SNAPSHOT High Version pom version 2.6-SNAPSHOT Highest
Related Dependencies struts2-portlet-plugin-2.6-SNAPSHOT.jar struts2-bean-validation-plugin-2.6-SNAPSHOT.jar struts2-sitemesh-plugin-2.6-SNAPSHOT.jar struts2-plexus-plugin-2.6-SNAPSHOT.jar struts2-embeddedjsp-plugin-2.6-SNAPSHOT.jar struts2-cdi-plugin-2.6-SNAPSHOT.jar struts2-convention-plugin-2.6-SNAPSHOT.jar struts2-javatemplates-plugin-2.6-SNAPSHOT.jar struts2-jasperreports-plugin-2.6-SNAPSHOT.jar struts2-osgi-demo-bundle-2.6-SNAPSHOT.jar struts2-dwr-plugin-2.6-SNAPSHOT.jar struts2-junit-plugin-2.6-SNAPSHOT.jar struts2-rest-plugin-2.6-SNAPSHOT.jar struts2-jfreechart-plugin-2.6-SNAPSHOT.jar struts2-portlet-mocks-plugin-2.6-SNAPSHOT.jar struts2-gxp-plugin-2.6-SNAPSHOT.jar struts2-osgi-admin-bundle-2.6-SNAPSHOT.jar struts2-config-browser-plugin-2.6-SNAPSHOT.jar struts2-testng-plugin-2.6-SNAPSHOT.jar struts2-async-plugin-2.6-SNAPSHOT.jar struts2-osgi-plugin-2.6-SNAPSHOT.jar struts2-velocity-plugin-2.6-SNAPSHOT.jar struts2-oval-plugin-2.6-SNAPSHOT.jar struts2-pell-multipart-plugin-2.6-SNAPSHOT.jar struts2-spring-plugin-2.6-SNAPSHOT.jar struts2-json-plugin-2.6-SNAPSHOT.jar struts2-tiles-plugin-2.6-SNAPSHOT.jarDescription:
Apache Struts 2 License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-tiles-plugin/2.6-SNAPSHOT/struts2-tiles-plugin-2.6-SNAPSHOT.jar
MD5: 0c238a18bdab872c5a7e411ed171d5e0
SHA1: d5c25e6adc63008d8c1e5c16031dcc18f66309bb
SHA256: 3f0e78f14e25fbc7eef2ac66d70219b6b6bedd45feb36768a82ae1a33d05be6e
Referenced In Projects/Scopes: Struts 2 Showcase Webapp:compile Struts 2 Assembly:compile Struts 2 Portlet Tiles Plugin:compile Evidence Type Source Name Value Confidence Vendor jar package name tiles Highest Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor jar package name struts2 Highest Vendor pom groupid apache.struts Highest Vendor Manifest bundle-docurl http://www.apache.org Low Vendor jar package name apache Highest Vendor file name struts2-tiles-plugin High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest Implementation-Vendor-Id org.apache.struts Medium Vendor Manifest implementation-url http://struts.apache.org/struts2-plugins/struts2-tiles-plugin/ Low Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest specification-vendor Apache Software Foundation Low Vendor Manifest bundle-symbolicname org.apache.struts.2-tiles-plugin Medium Vendor pom artifactid struts2-tiles-plugin Low Vendor pom groupid org.apache.struts Highest Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor pom parent-groupid org.apache.struts Medium Vendor pom name Struts 2 Tiles Plugin High Vendor pom parent-artifactid struts2-plugins Low Product jar package name tiles Highest Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product jar package name struts2 Highest Product pom groupid apache.struts Highest Product Manifest bundle-docurl http://www.apache.org Low Product jar package name apache Highest Product Manifest Bundle-Name Struts 2 Tiles Plugin Medium Product file name struts2-tiles-plugin High Product Manifest Implementation-Title Struts 2 Tiles Plugin High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Struts 2 Tiles Plugin Medium Product pom artifactid struts2-tiles-plugin Highest Product Manifest implementation-url http://struts.apache.org/struts2-plugins/struts2-tiles-plugin/ Low Product pom parent-artifactid struts2-plugins Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-symbolicname org.apache.struts.2-tiles-plugin Medium Product pom parent-groupid org.apache.struts Medium Product pom name Struts 2 Tiles Plugin High Version Manifest Implementation-Version 2.6-SNAPSHOT High Version pom version 2.6-SNAPSHOT Highest
testng-6.9.10.jarDescription:
Testing framework for Java License:
Apache Version 2.0, January 2004 File Path: /Users/lukaszlenart/.m2/repository/org/testng/testng/6.9.10/testng-6.9.10.jar
MD5: 83e26cb672a81f5bbda139436ef4d8d0
SHA1: 6feb3e964aeb7097aff30c372aac3ec0f8d87ede
SHA256: 240ae7bbcf066aadff967b42a27a697693bf5a4e6a5ff4bf339b6bfe371288e4
Referenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence Vendor Manifest build-date 2015-12-16 Low Vendor pom artifactid testng Low Vendor file name testng High Vendor jar package name testng Highest Vendor pom url http://github.com/cbeust/testng Highest Vendor Manifest bundle-symbolicname org.testng Medium Vendor pom name testng High Vendor Manifest build-time 01:14:26.500+0400 Low Vendor pom groupid testng Highest Vendor pom groupid org.testng Highest Product Manifest build-date 2015-12-16 Low Product Manifest Bundle-Name testng Medium Product Manifest specification-title testng Medium Product file name testng High Product jar package name testng Highest Product pom artifactid testng Highest Product Manifest bundle-symbolicname org.testng Medium Product pom name testng High Product Manifest build-time 01:14:26.500+0400 Low Product pom groupid testng Highest Product pom url http://github.com/cbeust/testng Medium Version file version 6.9.10 High Version Manifest Bundle-Version 6.9.10 High Version Manifest specification-version 6.9.10 High Version pom version 6.9.10 Highest
testng-6.9.10.jar: jquery-1.7.1.min.jsFile Path: /Users/lukaszlenart/.m2/repository/org/testng/testng/6.9.10/testng-6.9.10.jar/jquery-1.7.1.min.jsMD5: ddb84c1587287b2df08966081ef063bfSHA1: 9eb9ac595e9b5544e2dc79fff7cd2d0b4b5ef71fSHA256: 88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bdReferenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence Vendor file name jquery High Product file name jquery High Version file version 1.7.1.min High
Published Vulnerabilities CVE-2012-6708 suppress
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 1.9.0 CVE-2015-9251 suppress
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6 cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4 cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7 cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:* cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0 cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7 cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12 cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2 cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1 cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0 cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5 cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:* CVE-2019-11358 suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66 cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6 cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS (RETIREJS) suppress
Regex in its jQuery.htmlPrefilter sometimes may introduce XSS Unscored:
References:
testng-6.9.10.jar: testng-reports.jsFile Path: /Users/lukaszlenart/.m2/repository/org/testng/testng/6.9.10/testng-6.9.10.jar/testng-reports.jsMD5: 4311beca6e78e253ebd35f4f8c46166dSHA1: f40c090d15e2e6eb179b4eb3919c365afe882adeSHA256: 45616558165413f0bc3f315e6bd52f7f4238d384169b3355e2e0465a611642cbReferenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence
testng-7.1.0.jarDescription:
Testing framework for Java License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/testng/testng/7.1.0/testng-7.1.0.jar
MD5: 582b5096723374df7bb515d7906a0bb8
SHA1: b0bcea778fb2899aeb4014c558babea8833d180a
SHA256: e968e6cc3e925fe09b7b841d379e230dd9c56d6850ce18cf9a8e78ac0ce8e1b7
Referenced In Projects/Scopes: Struts 2 Assembly:compile Struts 2 Core:compile Evidence Type Source Name Value Confidence Vendor Manifest automatic-module-name org.testng Medium Vendor pom artifactid testng Low Vendor pom url https://testng.org Highest Vendor file name testng High Vendor jar package name testng Highest Vendor pom name testng High Vendor pom groupid testng Highest Vendor pom groupid org.testng Highest Product Manifest automatic-module-name org.testng Medium Product pom url https://testng.org Medium Product file name testng High Product jar package name testng Highest Product pom artifactid testng Highest Product pom name testng High Product pom groupid testng Highest Version file version 7.1.0 High Version pom version 7.1.0 Highest
testng-7.1.0.jar: jquery-3.4.1.min.jsFile Path: /Users/lukaszlenart/.m2/repository/org/testng/testng/7.1.0/testng-7.1.0.jar/org/testng/jquery-3.4.1.min.jsMD5: a6b6350ee94a3ea74595c065cbf58af0SHA1: b15f7cfa79519756dff1ad22553fd0ed09024343SHA256: 412b8ff9c5ab32b9019fcd84bcd4a54c0e265a14528474f4ee45b27a20abeaebReferenced In Projects/Scopes:
Struts 2 Assembly:compile Struts 2 Core:compile Evidence Type Source Name Value Confidence Vendor file name jquery High Product file name jquery High Version file version 3.4.1.min High
Published Vulnerabilities Regex in its jQuery.htmlPrefilter sometimes may introduce XSS (RETIREJS) suppress
Regex in its jQuery.htmlPrefilter sometimes may introduce XSS Unscored:
References:
testng-7.1.0.jar: testng-reports.jsFile Path: /Users/lukaszlenart/.m2/repository/org/testng/testng/7.1.0/testng-7.1.0.jar/org/testng/testng-reports.jsMD5: b92856a353b408d97321a1dd850347c2SHA1: bf41ae73b80f698412d8aea58d3007ba9d8f589fSHA256: e572aeb5fb24f8e1a5e1e2f65f1ae9d251bf17d7cca9dc311e8422451d96be96Referenced In Projects/Scopes:
Struts 2 Assembly:compile Struts 2 Core:compile Evidence Type Source Name Value Confidence
tiles-autotag-core-runtime-1.2.jarDescription:
Autotag: runtime core classes. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/tiles/tiles-autotag-core-runtime/1.2/tiles-autotag-core-runtime-1.2.jar
MD5: 425009289d5df24ff34eb0bab20a1c36
SHA1: 0100bd3cae1a5debf9afb4ef5c8b36c508d06326
SHA256: 640f4b48de6f76b3518c3ee6a27c2ce3fc118aa285629cadba64ed7f3ef918e9
Referenced In Projects/Scopes: Struts 2 Showcase Webapp:compile Struts 2 Tiles Plugin:compile Struts 2 Assembly:compile Struts 2 Portlet Tiles Plugin:compile Evidence Type Source Name Value Confidence Vendor jar package name tiles Highest Vendor pom artifactid tiles-autotag-core-runtime Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor Manifest bundle-symbolicname org.apache.tiles-autotag-core-runtime Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.tiles Medium Vendor Manifest bundle-docurl http://tiles.apache.org/tiles-autotag/tiles-autotag-core-runtime/ Low Vendor pom parent-artifactid tiles-autotag Low Vendor pom parent-groupid org.apache.tiles Medium Vendor pom groupid org.apache.tiles Highest Vendor pom name Autotag - Core runtime High Vendor pom groupid apache.tiles Highest Vendor file name tiles-autotag-core-runtime High Vendor jar package name autotag Highest Vendor jar package name core Highest Product jar package name tiles Highest Product jar package name apache Highest Product Manifest bundle-symbolicname org.apache.tiles-autotag-core-runtime Medium Product pom artifactid tiles-autotag-core-runtime Highest Product Manifest Implementation-Title Autotag - Core runtime High Product Manifest specification-title Autotag - Core runtime Medium Product Manifest bundle-docurl http://tiles.apache.org/tiles-autotag/tiles-autotag-core-runtime/ Low Product pom parent-groupid org.apache.tiles Medium Product Manifest Bundle-Name Autotag - Core runtime Medium Product pom name Autotag - Core runtime High Product pom groupid apache.tiles Highest Product file name tiles-autotag-core-runtime High Product jar package name autotag Highest Product pom parent-artifactid tiles-autotag Medium Product jar package name core Highest Version pom version 1.2 Highest Version Manifest Implementation-Version 1.2 High Version file version 1.2 High
tiles-core-3.0.8.jarDescription:
Tiles Core Library, including basic implementation of the APIs.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/tiles/tiles-core/3.0.8/tiles-core-3.0.8.jar
MD5: f7de662825d6a98371d5fb14a49b569d
SHA1: 01f71d0545540ad4bd7b4d883b2ff763cffde237
SHA256: 0d52520b84fc08511fd8dec23f9492ff1ccf2622509b2ee806122822d7c046e3
Referenced In Projects/Scopes: Struts 2 Showcase Webapp:compile Struts 2 Tiles Plugin:compile Struts 2 Assembly:compile Struts 2 Portlet Tiles Plugin:compile Evidence Type Source Name Value Confidence Vendor jar package name tiles Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor file name tiles-core High Vendor Manifest bundle-symbolicname org.apache.tiles.core Medium Vendor pom name Tiles - Core Library High Vendor jar package name apache Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.tiles Medium Vendor pom parent-artifactid tiles-parent Low Vendor pom parent-groupid org.apache.tiles Medium Vendor pom groupid org.apache.tiles Highest Vendor pom artifactid tiles-core Low Vendor pom groupid apache.tiles Highest Vendor Manifest bundle-docurl http://tiles.apache.org/framework/tiles-core/ Low Product jar package name tiles Highest Product file name tiles-core High Product Manifest bundle-symbolicname org.apache.tiles.core Medium Product pom name Tiles - Core Library High Product jar package name apache Highest Product pom artifactid tiles-core Highest Product pom parent-groupid org.apache.tiles Medium Product Manifest Implementation-Title Tiles - Core Library High Product Manifest specification-title Tiles - Core Library Medium Product Manifest Bundle-Name Tiles - Core Library Medium Product pom groupid apache.tiles Highest Product Manifest bundle-docurl http://tiles.apache.org/framework/tiles-core/ Low Product pom parent-artifactid tiles-parent Medium Version pom version 3.0.8 Highest Version file version 3.0.8 High Version Manifest Bundle-Version 3.0.8 High Version Manifest Implementation-Version 3.0.8 High
Related Dependencies tiles-template-3.0.8.jarFile Path: /Users/lukaszlenart/.m2/repository/org/apache/tiles/tiles-template/3.0.8/tiles-template-3.0.8.jar MD5: c2ed334b8c8172b5c95d78d6b4d6dace SHA1: 70b396cce5516f7069d15398f07bb32c9020a5df SHA256: 69a184c1ccde88993c32066818c254e6a82f5ff0962a5c2c1fa77132f375c5e3 pkg:maven/org.apache.tiles/tiles-template@3.0.8 tiles-freemarker-3.0.8.jarFile Path: /Users/lukaszlenart/.m2/repository/org/apache/tiles/tiles-freemarker/3.0.8/tiles-freemarker-3.0.8.jar MD5: 9cee307668afa5acca2eca35794ff92a SHA1: 2d00cb648984176c3072ac3b41369b02e5a50897 SHA256: cb1ef4304cb50166ff1263af58c846fa45cec7d7cba9b5d3a27cc97148371e10 pkg:maven/org.apache.tiles/tiles-freemarker@3.0.8 tiles-servlet-3.0.8.jarFile Path: /Users/lukaszlenart/.m2/repository/org/apache/tiles/tiles-servlet/3.0.8/tiles-servlet-3.0.8.jar MD5: f737205cbc88d85b138d82e38ef36df2 SHA1: 56c7ed54e70912ef6628dca464a54a5ecac587b3 SHA256: ded5e5aa38a7f720f8bb980d08dda823a2cdc4d46831a4fc0e9abb781588273e pkg:maven/org.apache.tiles/tiles-servlet@3.0.8 tiles-jsp-3.0.8.jarFile Path: /Users/lukaszlenart/.m2/repository/org/apache/tiles/tiles-jsp/3.0.8/tiles-jsp-3.0.8.jar MD5: c6c3944b16b38eff41755e9efd563877 SHA1: 7465a65e4b3821a9785995bcb5ce2f74098ab023 SHA256: a68e209f2812210547d8c6574cc8581798ac5b71a862349b3ee89e8ff4390872 pkg:maven/org.apache.tiles/tiles-jsp@3.0.8 tiles-el-3.0.8.jarFile Path: /Users/lukaszlenart/.m2/repository/org/apache/tiles/tiles-el/3.0.8/tiles-el-3.0.8.jar MD5: 38da9dbcc5f52c711bd2b9163eb9b496 SHA1: d006d8201c7d9cee6c679ef0b0911ce35ced9187 SHA256: 7c1f9b09f513e62237453c2ca864ac0f71fe1cc2e7715f76d52c44aac2664c24 pkg:maven/org.apache.tiles/tiles-el@3.0.8 tiles-api-3.0.8.jarFile Path: /Users/lukaszlenart/.m2/repository/org/apache/tiles/tiles-api/3.0.8/tiles-api-3.0.8.jar MD5: 580cdc781fb0f8c59db042b70ecd4610 SHA1: a3c4f741b1cf5ce578b85155cf640a932f617167 SHA256: ab35e7f012b211711981c730dca11a1481e3a95e1e7f8b144bd376b9e4147130 pkg:maven/org.apache.tiles/tiles-api@3.0.8 tiles-ognl-3.0.8.jarDescription:
Tiles OGNL support: Classes and tag libraries to use OGNL as an expression language in attribute expressions. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/tiles/tiles-ognl/3.0.8/tiles-ognl-3.0.8.jar
MD5: c8a5d9619f2c1f30fd48c081ed505209
SHA1: 138753498a27322b35eedfa808428fb24a97c2c2
SHA256: 0de367bdfd097a21ffc2ae5d3293ee3461b9ec9d6547ce1335a98216178f1530
Referenced In Projects/Scopes: Struts 2 Showcase Webapp:compile Struts 2 Tiles Plugin:compile Struts 2 Assembly:compile Struts 2 Portlet Tiles Plugin:compile Evidence Type Source Name Value Confidence Vendor jar package name tiles Highest Vendor pom name Tiles - OGNL support High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor Manifest bundle-docurl http://tiles.apache.org/framework/tiles-ognl/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom artifactid tiles-ognl Low Vendor Manifest Implementation-Vendor-Id org.apache.tiles Medium Vendor pom parent-artifactid tiles-parent Low Vendor pom parent-groupid org.apache.tiles Medium Vendor pom groupid org.apache.tiles Highest Vendor Manifest bundle-symbolicname org.apache.tiles.ognl Medium Vendor file name tiles-ognl High Vendor pom groupid apache.tiles Highest Vendor jar package name ognl Highest Product jar package name tiles Highest Product pom name Tiles - OGNL support High Product jar package name apache Highest Product Manifest bundle-docurl http://tiles.apache.org/framework/tiles-ognl/ Low Product Manifest Bundle-Name Tiles - OGNL support Medium Product pom artifactid tiles-ognl Highest Product pom parent-groupid org.apache.tiles Medium Product Manifest Implementation-Title Tiles - OGNL support High Product Manifest bundle-symbolicname org.apache.tiles.ognl Medium Product file name tiles-ognl High Product pom groupid apache.tiles Highest Product jar package name ognl Highest Product Manifest specification-title Tiles - OGNL support Medium Product pom parent-artifactid tiles-parent Medium Version pom version 3.0.8 Highest Version file version 3.0.8 High Version Manifest Bundle-Version 3.0.8 High Version Manifest Implementation-Version 3.0.8 High
Published Vulnerabilities CVE-2016-3093 suppress
Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.3) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L References:
Vulnerable Software & Versions: (show all )
tiles-request-api-1.0.7.jarDescription:
API for the Tiles Request framework. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/tiles/tiles-request-api/1.0.7/tiles-request-api-1.0.7.jar
MD5: 87f3c5e8b68b23b7544c0b9c996973c0
SHA1: c649a9be6df263c888a2195447cd602d530cc233
SHA256: b8745a4ff960bcca4ef16b0167b058604d4a394b69d7f685ed49d76670e0f6c8
Referenced In Projects/Scopes: Struts 2 Showcase Webapp:compile Struts 2 Tiles Plugin:compile Struts 2 Assembly:compile Struts 2 Portlet Tiles Plugin:compile Evidence Type Source Name Value Confidence Vendor jar package name tiles Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor Manifest bundle-symbolicname org.apache.tiles-request-api Medium Vendor pom name Tiles request - API High Vendor file name tiles-request-api High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest bundle-docurl http://tiles.apache.org/tiles-request/tiles-request-api/ Low Vendor Manifest Implementation-Vendor-Id org.apache.tiles Medium Vendor jar package name request Highest Vendor pom parent-groupid org.apache.tiles Medium Vendor pom groupid org.apache.tiles Highest Vendor pom groupid apache.tiles Highest Vendor pom parent-artifactid tiles-request Low Vendor pom artifactid tiles-request-api Low Product jar package name tiles Highest Product pom artifactid tiles-request-api Highest Product jar package name apache Highest Product Manifest bundle-symbolicname org.apache.tiles-request-api Medium Product pom name Tiles request - API High Product file name tiles-request-api High Product Manifest Implementation-Title Tiles request - API High Product Manifest bundle-docurl http://tiles.apache.org/tiles-request/tiles-request-api/ Low Product jar package name request Highest Product pom parent-artifactid tiles-request Medium Product pom parent-groupid org.apache.tiles Medium Product Manifest specification-title Tiles request - API Medium Product pom groupid apache.tiles Highest Product Manifest Bundle-Name Tiles request - API Medium Version file version 1.0.7 High Version Manifest Bundle-Version 1.0.7 High Version Manifest Implementation-Version 1.0.7 High Version pom version 1.0.7 Highest
Related Dependencies tiles-request-portlet-1.0.7.jarFile Path: /Users/lukaszlenart/.m2/repository/org/apache/tiles/tiles-request-portlet/1.0.7/tiles-request-portlet-1.0.7.jar MD5: 0d652db5e0e2f2a69695febfc0bfbdd7 SHA1: 3a7ee73d9276206f9fc1ed9fe582a54b53f91147 SHA256: 02815506eb52d5404dadbeeb0206a6eaee9f222d65d8c636b622cdd2c15cc4b9 pkg:maven/org.apache.tiles/tiles-request-portlet@1.0.7 tiles-request-freemarker-1.0.7.jarFile Path: /Users/lukaszlenart/.m2/repository/org/apache/tiles/tiles-request-freemarker/1.0.7/tiles-request-freemarker-1.0.7.jar MD5: 7bd8bfa9c367e828d4709aec473d3478 SHA1: cf75182100f643bf32e063c83dc1d8e0bfc258b7 SHA256: c1ccbd7f072d43badfab0c84de9e8a8f69487cf88ac86efa1b0fec73eb0db3a5 pkg:maven/org.apache.tiles/tiles-request-freemarker@1.0.7 tiles-request-servlet-1.0.7.jarFile Path: /Users/lukaszlenart/.m2/repository/org/apache/tiles/tiles-request-servlet/1.0.7/tiles-request-servlet-1.0.7.jar MD5: c1702cb80a9af915dd632e7aae34adcb SHA1: e9b9e3cda2a489b3292ed3a15a558b2b57ad0940 SHA256: 8d9990b0ba0c4d667150d46dffeff7376bedbcb3c5bce5dbb16971d407fb278a pkg:maven/org.apache.tiles/tiles-request-servlet@1.0.7 tiles-request-jsp-1.0.7.jarFile Path: /Users/lukaszlenart/.m2/repository/org/apache/tiles/tiles-request-jsp/1.0.7/tiles-request-jsp-1.0.7.jar MD5: 7c46914799a5ca5876512c86829c7689 SHA1: 06a9bde44749334e9ef85d0bdf854ff20641c113 SHA256: 73de5bb95f20e51f3ad365cd1c13a78d5c3ecee1ebda74f24fc1872c72749043 pkg:maven/org.apache.tiles/tiles-request-jsp@1.0.7 tomcat-juli-8.5.53.jarDescription:
Tomcat Core Logging Package License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/tomcat/tomcat-juli/8.5.53/tomcat-juli-8.5.53.jar
MD5: d8c9c3c93d8af3f95d71050151991077
SHA1: 057d37b5d7ed1270910ae59575b7c724bdf2d9f1
SHA256: 7ffb67ed82900d591d9a476e761c2d6048325d7b03c626e2b8846ab714442740
Referenced In Projects/Scopes: DEPRECATED: Struts 2 Embedded JSP Plugin:compile Struts 2 Assembly:compile Evidence Type Source Name Value Confidence Vendor jar package name juli Highest Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid tomcat-juli Low Vendor pom groupid apache.tomcat Highest Vendor jar package name apache Highest Vendor file name tomcat-juli High Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Vendor jar package name logging Highest Product Manifest Implementation-Title Apache Tomcat High Product jar package name juli Highest Product pom groupid apache.tomcat Highest Product jar package name apache Highest Product file name tomcat-juli High Product pom url https://tomcat.apache.org/ Medium Product Manifest specification-title Apache Tomcat Medium Product pom artifactid tomcat-juli Highest Product jar package name logging Highest Version pom version 8.5.53 Highest Version file version 8.5.53 High Version Manifest Implementation-Version 8.5.53 High
utils.jsFile Path: /Users/lukaszlenart/Projects/Apache/struts/core/src/main/resources/org/apache/struts2/static/utils.jsMD5: a1287feb0882f494dc6ebfbdcb2c8d6aSHA1: 61201962d41fec8139c940c5a1468796d49a6139SHA256: 309abee1bddd03fe16c196e2cc00b58318ff707764824d9b71a38f667736720dReferenced In Project/Scope: Struts 2 Core
Evidence Type Source Name Value Confidence
Related Dependencies struts2-core-2.6-SNAPSHOT.jar: utils.jsFile Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar/org/apache/struts2/static/utils.js MD5: a1287feb0882f494dc6ebfbdcb2c8d6a SHA1: 61201962d41fec8139c940c5a1468796d49a6139 SHA256: 309abee1bddd03fe16c196e2cc00b58318ff707764824d9b71a38f667736720d validation-api-2.0.1.Final.jarDescription:
Bean Validation API
License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/javax/validation/validation-api/2.0.1.Final/validation-api-2.0.1.Final.jar
MD5: 5d02c034034a7a16725ceff787e191d6
SHA1: cb855558e6271b1b32e716d24cb85c7f583ce09e
SHA256: 9873b46df1833c9ee8f5bc1ff6853375115dadd8897bcb5a0dffb5848835ee6c
Referenced In Projects/Scopes: Struts 2 Bean Validation Plugin:compile Struts 2 Showcase Webapp:compile Struts 2 Assembly:compile Evidence Type Source Name Value Confidence Vendor pom artifactid validation-api Low Vendor Manifest bundle-symbolicname javax.validation.api Medium Vendor jar package name validation Highest Vendor pom name Bean Validation API High Vendor jar package name javax Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom url http://beanvalidation.org Highest Vendor Manifest automatic-module-name java.validation Medium Vendor pom groupid javax.validation Highest Vendor file name validation-api High Product Manifest bundle-symbolicname javax.validation.api Medium Product jar package name validation Highest Product pom name Bean Validation API High Product jar package name javax Highest Product pom artifactid validation-api Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest automatic-module-name java.validation Medium Product pom url http://beanvalidation.org Medium Product Manifest Bundle-Name Bean Validation API Medium Product file name validation-api High Product pom groupid javax.validation Highest Version Manifest Bundle-Version 2.0.1.Final High Version pom version 2.0.1.Final Highest
validation.jsFile Path: /Users/lukaszlenart/Projects/Apache/struts/core/src/main/resources/template/xhtml/validation.jsMD5: dea68bdb50b41aee5fc61170e3faf14eSHA1: affda7d0fecb0d16b9ebfc119833ec50ee920b4bSHA256: fdbcbc87e6495252ff1d697712e1604733d1cf6299b2f7075fdc27c2fa23687eReferenced In Project/Scope: Struts 2 Core
Evidence Type Source Name Value Confidence
Related Dependencies struts2-core-2.6-SNAPSHOT.jar: validation.jsFile Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar/template/xhtml/validation.js MD5: dea68bdb50b41aee5fc61170e3faf14e SHA1: affda7d0fecb0d16b9ebfc119833ec50ee920b4b SHA256: fdbcbc87e6495252ff1d697712e1604733d1cf6299b2f7075fdc27c2fa23687e validation.jsFile Path: /Users/lukaszlenart/Projects/Apache/struts/core/src/main/resources/template/css_xhtml/validation.jsMD5: c66d23a2391879f74077a1af7888ede7SHA1: c4c980b34207fbca373f2032c770371606220da2SHA256: ec4dc0658f00c3a64e9a890565a3dfb71678babb484d2960c22f123c10f2c03cReferenced In Project/Scope: Struts 2 Core
Evidence Type Source Name Value Confidence
Related Dependencies struts2-core-2.6-SNAPSHOT.jar: validation.jsFile Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar/template/css_xhtml/validation.js MD5: c66d23a2391879f74077a1af7888ede7 SHA1: c4c980b34207fbca373f2032c770371606220da2 SHA256: ec4dc0658f00c3a64e9a890565a3dfb71678babb484d2960c22f123c10f2c03c velocity-engine-core-2.2.jarDescription:
Apache Velocity is a general purpose template engine. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/velocity/velocity-engine-core/2.2/velocity-engine-core-2.2.jar
MD5: 64b4a875e0d57e57fbcae109cec75ebc
SHA1: 68d899cb70cd27d495562fa808feb2da4926d38f
SHA256: 5167f8cf2dbc003b632a49b672161d8d96c8c6f03056d29bfd540a8a789d715e
Referenced In Projects/Scopes: Struts 2 JUnit Plugin:compile Struts 2 Rest Showcase Webapp:compile Struts 2 OSGi Demo Bundle:compile Struts 2 Velocity Plugin:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Configuration Browser Plugin:compile DEPRECATED: Struts 2 Embedded JSP Plugin:compile Struts 2 Sitemesh Plugin:compile Struts 2 Portlet Plugin:compile Struts 2 Showcase Webapp:compile Struts 2 Assembly:compile Struts 2 Portlet Tiles Plugin:compile Struts 2 OSGi Plugin:compile Evidence Type Source Name Value Confidence Vendor pom groupid apache.velocity Highest Vendor Manifest implementation-url http://velocity.apache.org/engine/devel/velocity-engine-core/ Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.velocity Medium Vendor pom name Apache Velocity - Engine High Vendor jar package name apache Highest Vendor jar package name velocity Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor file name velocity-engine-core High Vendor pom parent-artifactid velocity-engine-parent Low Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname org.apache.velocity.engine-core Medium Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest Implementation-Vendor-Id org.apache.velocity Medium Vendor pom groupid org.apache.velocity Highest Vendor pom artifactid velocity-engine-core Low Product jar package name template Highest Product Manifest Bundle-Name Apache Velocity - Engine Medium Product pom groupid apache.velocity Highest Product Manifest implementation-url http://velocity.apache.org/engine/devel/velocity-engine-core/ Low Product pom parent-groupid org.apache.velocity Medium Product pom name Apache Velocity - Engine High Product jar package name apache Highest Product Manifest specification-title Apache Velocity - Engine Medium Product jar package name velocity Highest Product Manifest Implementation-Title Apache Velocity - Engine High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product file name velocity-engine-core High Product Manifest build-jdk-spec 1.8 Low Product pom artifactid velocity-engine-core Highest Product Manifest bundle-symbolicname org.apache.velocity.engine-core Medium Product pom parent-artifactid velocity-engine-parent Medium Product jar package name filter Highest Product Manifest bundle-docurl https://www.apache.org/ Low Version Manifest Implementation-Version 2.2 High Version pom version 2.2 Highest Version file version 2.2 High
velocity-tools-generic-3.0.jarDescription:
Generic tools that can be used in any context. File Path: /Users/lukaszlenart/.m2/repository/org/apache/velocity/tools/velocity-tools-generic/3.0/velocity-tools-generic-3.0.jarMD5: a8586c8959eccfa3714e198eb21678d3SHA1: e789f6ec06f9a69ccb8956f407fb685b2938e74bSHA256: 42cb45fe33aead38218845cb350125c7dc9804c74a19cc388123276da0c07e5dReferenced In Projects/Scopes:
Struts 2 JUnit Plugin:compile Struts 2 Rest Showcase Webapp:compile Struts 2 OSGi Demo Bundle:compile Struts 2 Velocity Plugin:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Configuration Browser Plugin:compile DEPRECATED: Struts 2 Embedded JSP Plugin:compile Struts 2 Sitemesh Plugin:compile Struts 2 Portlet Plugin:compile Struts 2 Showcase Webapp:compile Struts 2 Assembly:compile Struts 2 Portlet Tiles Plugin:compile Struts 2 OSGi Plugin:compile Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-artifactid velocity-tools-parent Low Vendor jar package name apache Highest Vendor pom artifactid velocity-tools-generic Low Vendor Manifest implementation-url https://velocity.apache.org/tools/devel/velocity-tools-generic/ Low Vendor pom parent-groupid org.apache.velocity.tools Medium Vendor jar package name velocity Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid org.apache.velocity.tools Highest Vendor jar package name tools Highest Vendor file name velocity-tools-generic High Vendor pom groupid apache.velocity.tools Highest Vendor pom name Apache Velocity Tools - Generic tools High Vendor Manifest Implementation-Vendor-Id org.apache.velocity.tools Medium Vendor jar package name generic Highest Product Manifest specification-title Apache Velocity Tools - Generic tools Medium Product Manifest Implementation-Title Apache Velocity Tools - Generic tools High Product jar package name apache Highest Product Manifest implementation-url https://velocity.apache.org/tools/devel/velocity-tools-generic/ Low Product pom parent-groupid org.apache.velocity.tools Medium Product jar package name velocity Highest Product pom artifactid velocity-tools-generic Highest Product jar package name tools Highest Product file name velocity-tools-generic High Product pom parent-artifactid velocity-tools-parent Medium Product pom groupid apache.velocity.tools Highest Product pom name Apache Velocity Tools - Generic tools High Product jar package name generic Highest Version pom version 3.0 Highest Version file version 3.0 High Version Manifest Implementation-Version 3.0 High
velocity-tools-view-3.0.jarDescription:
Tools to be used in a servlet context. File Path: /Users/lukaszlenart/.m2/repository/org/apache/velocity/tools/velocity-tools-view/3.0/velocity-tools-view-3.0.jarMD5: 997d1732d30fc50fc8879653d36a6e99SHA1: 2f72ca8eb2bcb8af2c5fab826d64add20ab70a2eSHA256: cc6e5effedb95345b842b16aa7eb6c2da8fa1b29d8df8dae17f56f143515fd07Referenced In Projects/Scopes:
Struts 2 JUnit Plugin:compile Struts 2 Rest Showcase Webapp:compile Struts 2 OSGi Demo Bundle:compile Struts 2 Velocity Plugin:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Configuration Browser Plugin:compile DEPRECATED: Struts 2 Embedded JSP Plugin:compile Struts 2 Sitemesh Plugin:compile Struts 2 Portlet Plugin:compile Struts 2 Showcase Webapp:compile Struts 2 Assembly:compile Struts 2 Portlet Tiles Plugin:compile Struts 2 OSGi Plugin:compile Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-artifactid velocity-tools-parent Low Vendor jar package name view Highest Vendor jar package name apache Highest Vendor pom artifactid velocity-tools-view Low Vendor pom parent-groupid org.apache.velocity.tools Medium Vendor jar package name velocity Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid org.apache.velocity.tools Highest Vendor pom name Apache Velocity Tools - View tools High Vendor jar package name tools Highest Vendor pom groupid apache.velocity.tools Highest Vendor file name velocity-tools-view High Vendor Manifest implementation-url https://velocity.apache.org/tools/devel/velocity-tools-view/ Low Vendor Manifest Implementation-Vendor-Id org.apache.velocity.tools Medium Product jar package name view Highest Product jar package name apache Highest Product pom parent-groupid org.apache.velocity.tools Medium Product jar package name velocity Highest Product pom name Apache Velocity Tools - View tools High Product jar package name tools Highest Product pom parent-artifactid velocity-tools-parent Medium Product pom groupid apache.velocity.tools Highest Product file name velocity-tools-view High Product Manifest Implementation-Title Apache Velocity Tools - View tools High Product Manifest implementation-url https://velocity.apache.org/tools/devel/velocity-tools-view/ Low Product pom artifactid velocity-tools-view Highest Product Manifest specification-title Apache Velocity Tools - View tools Medium Version pom version 3.0 Highest Version file version 3.0 High Version Manifest Implementation-Version 3.0 High
velocity-tools-view-jsp-3.0.jarDescription:
Enables the use of Velocity under a JSP environment. File Path: /Users/lukaszlenart/.m2/repository/org/apache/velocity/tools/velocity-tools-view-jsp/3.0/velocity-tools-view-jsp-3.0.jarMD5: 87e4c90f6060422f92929fcf2aff8072SHA1: 27f6a21c7973ffb75001b3e9ac4731facf5757b4SHA256: fa4168347c48e3c47b6924c1a8eaaf1661fd3d49fc68d39978fa0fa0f739f43dReferenced In Projects/Scopes:
Struts 2 JUnit Plugin:compile Struts 2 Rest Showcase Webapp:compile Struts 2 OSGi Demo Bundle:compile Struts 2 Velocity Plugin:compile Struts 2 OSGi Admin Bundle:compile Struts 2 Configuration Browser Plugin:compile DEPRECATED: Struts 2 Embedded JSP Plugin:compile Struts 2 Sitemesh Plugin:compile Struts 2 Portlet Plugin:compile Struts 2 Showcase Webapp:compile Struts 2 Assembly:compile Struts 2 Portlet Tiles Plugin:compile Struts 2 OSGi Plugin:compile Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-artifactid velocity-tools-parent Low Vendor file name velocity-tools-view-jsp High Vendor jar package name view Highest Vendor jar package name apache Highest Vendor pom parent-groupid org.apache.velocity.tools Medium Vendor jar package name velocity Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom name Apache Velocity Tools - JSP support High Vendor pom groupid org.apache.velocity.tools Highest Vendor jar package name tools Highest Vendor Manifest implementation-url https://velocity.apache.org/tools/devel/velocity-tools-view-jsp/ Low Vendor pom groupid apache.velocity.tools Highest Vendor Manifest Implementation-Vendor-Id org.apache.velocity.tools Medium Vendor pom artifactid velocity-tools-view-jsp Low Product pom artifactid velocity-tools-view-jsp Highest Product Manifest specification-title Apache Velocity Tools - JSP support Medium Product file name velocity-tools-view-jsp High Product jar package name view Highest Product jar package name apache Highest Product pom parent-groupid org.apache.velocity.tools Medium Product jar package name velocity Highest Product pom name Apache Velocity Tools - JSP support High Product jar package name tools Highest Product pom parent-artifactid velocity-tools-parent Medium Product Manifest implementation-url https://velocity.apache.org/tools/devel/velocity-tools-view-jsp/ Low Product pom groupid apache.velocity.tools Highest Product Manifest Implementation-Title Apache Velocity Tools - JSP support High Version pom version 3.0 Highest Version file version 3.0 High Version Manifest Implementation-Version 3.0 High
webconsole.jsFile Path: /Users/lukaszlenart/Projects/Apache/struts/core/src/main/resources/org/apache/struts2/interceptor/debugging/webconsole.jsMD5: a7202aefd2637c63ee607db0a608c6deSHA1: 5618fb1f032d4972287158e5754570992448695dSHA256: 9ab03200e9abb3ddb95ee83321b518d660ba0734683c3a6844c633a5c5dbabfdReferenced In Project/Scope: Struts 2 Core
Evidence Type Source Name Value Confidence
Related Dependencies struts2-core-2.6-SNAPSHOT.jar: webconsole.jsFile Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar/org/apache/struts2/interceptor/debugging/webconsole.js MD5: a7202aefd2637c63ee607db0a608c6de SHA1: 5618fb1f032d4972287158e5754570992448695d SHA256: 9ab03200e9abb3ddb95ee83321b518d660ba0734683c3a6844c633a5c5dbabfd woodstox-core-6.1.1.jarDescription:
Woodstox is a high-performance XML processor that
implements Stax (JSR-173), SAX2 and Stax2 APIs
License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.1.1/woodstox-core-6.1.1.jar
MD5: 992e39013de489a1373f14b7e153f9da
SHA1: 989bb31963ed1758b95c7c4381a91592a9a8df61
SHA256: f250662a245570fdd49c6916c1c3cd3d6511a8e5cd0d7460e989844b1d66ed67
Referenced In Projects/Scopes: Struts 2 Rest Showcase Webapp:compile Struts 2 REST Plugin:compile Evidence Type Source Name Value Confidence Vendor pom url FasterXML/woodstox Highest Vendor Manifest Implementation-Vendor-Id com.fasterxml.woodstox Medium Vendor Manifest bundle-docurl https://github.com/FasterXML/woodstox Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom parent-artifactid oss-parent Low Vendor file name woodstox-core High Vendor Manifest specification-vendor FasterXML Low Vendor pom groupid com.fasterxml.woodstox Highest Vendor pom parent-groupid com.fasterxml Medium Vendor pom name Woodstox High Vendor pom groupid fasterxml.woodstox Highest Vendor Manifest implementation-build-date 2020-02-28 02:50:45+0000 Low Vendor pom organization url http://fasterxml.com Medium Vendor jar package name stax Highest Vendor pom organization name FasterXML High Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest bundle-symbolicname com.fasterxml.woodstox.woodstox-core Medium Vendor pom artifactid woodstox-core Low Product Manifest bundle-docurl https://github.com/FasterXML/woodstox Low Product Manifest Implementation-Title Woodstox High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title Woodstox Medium Product pom artifactid woodstox-core Highest Product pom url FasterXML/woodstox High Product file name woodstox-core High Product Manifest Bundle-Name Woodstox Medium Product jar package name osgi Highest Product pom parent-artifactid oss-parent Medium Product pom organization url http://fasterxml.com Low Product pom parent-groupid com.fasterxml Medium Product pom name Woodstox High Product pom groupid fasterxml.woodstox Highest Product pom organization name FasterXML Low Product Manifest implementation-build-date 2020-02-28 02:50:45+0000 Low Product jar package name stax Highest Product Manifest bundle-symbolicname com.fasterxml.woodstox.woodstox-core Medium Version pom version 6.1.1 Highest Version pom parent-version 6.1.1 Low Version file version 6.1.1 High Version Manifest Bundle-Version 6.1.1 High Version Manifest Implementation-Version 6.1.1 High
woodstox-core-6.1.1.jar (shaded: com.sun.xml.bind.jaxb:isorelax:20090621)Description:
Unknown version of isorelax library used in JAXB project File Path: /Users/lukaszlenart/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.1.1/woodstox-core-6.1.1.jar/META-INF/maven/com.sun.xml.bind.jaxb/isorelax/pom.xmlMD5: 6fbb4bc95fbf2072bc6e3b790553fe81SHA1: 314ec72948d5c1fc71d553cbbd7a130caa6f9f13SHA256: cda6451d0231a973352b592ff950e39224ba6ba1a2f35eeab66511b5c225dff1Referenced In Projects/Scopes:
Struts 2 Rest Showcase Webapp:compile Struts 2 REST Plugin:compile Evidence Type Source Name Value Confidence Vendor pom parent-artifactid jvnet-parent Low Vendor pom name JAXB isorelax library High Vendor pom parent-groupid net.java Medium Vendor pom artifactid isorelax Low Vendor pom groupid sun.xml.bind.jaxb Highest Product pom name JAXB isorelax library High Product pom artifactid isorelax Highest Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Product pom groupid sun.xml.bind.jaxb Highest Version pom version 20090621 Highest Version pom parent-version 20090621 Low
woodstox-core-6.1.1.jar (shaded: net.java.dev.msv:xsdlib:2013.6.1)Description:
XML Schema datatypes library File Path: /Users/lukaszlenart/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.1.1/woodstox-core-6.1.1.jar/META-INF/maven/net.java.dev.msv/xsdlib/pom.xmlMD5: aaf872ed9d1aabee25e03c2a132ffd8eSHA1: 47f218a999411ed028f089d59ebef8f14e0fe914SHA256: d6e83c124436049d83238fc532a26c5d8ccd7e4ab10eba6d96043c850ac82f3cReferenced In Projects/Scopes:
Struts 2 Rest Showcase Webapp:compile Struts 2 REST Plugin:compile Evidence Type Source Name Value Confidence Vendor pom groupid net.java.dev.msv Highest Vendor pom parent-artifactid msv Low Vendor pom artifactid xsdlib Low Vendor pom name MSV XML Schema Library High Product pom artifactid xsdlib Highest Product pom parent-artifactid msv Medium Product pom groupid net.java.dev.msv Highest Product pom name MSV XML Schema Library High Version pom version 2013.6.1 Highest
xmlpull-1.1.3.1.jarLicense:
Public Domain: http://www.xmlpull.org/v1/download/unpacked/LICENSE.txt File Path: /Users/lukaszlenart/.m2/repository/xmlpull/xmlpull/1.1.3.1/xmlpull-1.1.3.1.jar
MD5: cc57dacc720eca721a50e78934b822d2
SHA1: 2b8e230d2ab644e4ecaa94db7cdedbc40c805dfa
SHA256: 34e08ee62116071cbb69c0ed70d15a7a5b208d62798c59f2120bb8929324cb63
Referenced In Projects/Scopes: Struts 2 Rest Showcase Webapp:compile Struts 2 REST Plugin:compile Struts 2 Assembly:compile Struts 2 OVal Plugin:compile Evidence Type Source Name Value Confidence Vendor pom groupid xmlpull Highest Vendor pom name XML Pull Parsing API High Vendor pom url http://www.xmlpull.org Highest Vendor jar package name xmlpull Low Vendor jar package name v1 Low Vendor file name xmlpull High Vendor jar package name xmlpull Highest Vendor pom artifactid xmlpull Low Product pom groupid xmlpull Highest Product pom name XML Pull Parsing API High Product pom artifactid xmlpull Highest Product pom url http://www.xmlpull.org Medium Product jar package name v1 Low Product file name xmlpull High Product jar package name xmlpull Highest Version file version 1.1.3.1 High Version pom version 1.1.3.1 Highest
xpp3_min-1.1.4c.jarDescription:
MXP1 is a stable XmlPull parsing engine that is based on ideas from XPP and in particular XPP2 but completely revised and rewritten to take the best advantage of latest JIT JVMs such as Hotspot in JDK 1.4+. License:
Indiana University Extreme! Lab Software License, vesion 1.1.1: http://www.extreme.indiana.edu/viewcvs/~checkout~/XPP3/java/LICENSE.txt
Public Domain: http://creativecommons.org/licenses/publicdomain File Path: /Users/lukaszlenart/.m2/repository/xpp3/xpp3_min/1.1.4c/xpp3_min-1.1.4c.jar
MD5: dcd95bcb84b09897b2b66d4684c040da
SHA1: 19d4e90b43059058f6e056f794f0ea4030d60b86
SHA256: bfc90e9e32d0eab1f397fb974b5f150a815188382ac41f372a7149d5bc178008
Referenced In Projects/Scopes: Struts 2 Rest Showcase Webapp:compile Struts 2 REST Plugin:compile Struts 2 Assembly:compile Struts 2 OVal Plugin:compile Evidence Type Source Name Value Confidence Vendor pom organization url http://www.extreme.indiana.edu/ Medium Vendor pom url http://www.extreme.indiana.edu/xgws/xsoap/xpp/mxp1/ Highest Vendor pom artifactid xpp3_min Low Vendor jar package name xmlpull Low Vendor jar package name mxp1 Highest Vendor pom name MXP1: Xml Pull Parser 3rd Edition (XPP3) High Vendor file name xpp3_min High Vendor pom organization name Extreme! Lab, Indiana University High Vendor pom groupid xpp3 Highest Vendor jar package name v1 Low Vendor jar package name xmlpull Highest Product pom artifactid xpp3_min Highest Product pom organization name Extreme! Lab, Indiana University Low Product jar package name mxp1 Highest Product pom organization url http://www.extreme.indiana.edu/ Low Product pom url http://www.extreme.indiana.edu/xgws/xsoap/xpp/mxp1/ Medium Product pom name MXP1: Xml Pull Parser 3rd Edition (XPP3) High Product file name xpp3_min High Product pom groupid xpp3 Highest Product jar package name v1 Low Product jar package name xmlpull Highest Version pom version 1.1.4c Highest Version file version 1.1.4c High
xstream-1.4.11.1.jarDescription:
XStream is a serialization library from Java objects to XML and back. License:
http://x-stream.github.io/license.html File Path: /Users/lukaszlenart/.m2/repository/com/thoughtworks/xstream/xstream/1.4.11.1/xstream-1.4.11.1.jar
MD5: 0eb564c0c83b6d4fea7ff1a9cc5bc6bc
SHA1: 6c120c45a8c480bb2fea5b56502e3993ddd74fd2
SHA256: 5e59757590948b5a08ec946f6eb69fb25927c465125370b1a7861261dafc6b36
Referenced In Projects/Scopes: Struts 2 Rest Showcase Webapp:compile Struts 2 REST Plugin:compile Struts 2 Assembly:compile Struts 2 OVal Plugin:compile Evidence Type Source Name Value Confidence Vendor Manifest java_1_6_home /opt/sun-jdk-1.6.0.45 Low Vendor Manifest x-compile-source 1.4 Low Vendor Manifest x-compile-target 1.4 Low Vendor Manifest Implementation-Vendor-Id com.thoughtworks.xstream Medium Vendor jar package name xstream Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom groupid thoughtworks.xstream Highest Vendor pom name XStream Core High Vendor pom groupid com.thoughtworks.xstream Highest Vendor Manifest java_1_5_home /opt/sun-jdk-1.5.0.22 Low Vendor Manifest x-build-time 2018-10-26T19:06:47Z Low Vendor Manifest bundle-symbolicname xstream Medium Vendor Manifest java_1_8_home /opt/oracle-jdk-bin-1.8.0.192 Low Vendor pom artifactid xstream Low Vendor Manifest x-build-os Linux Low Vendor jar package name core Highest Vendor Manifest java_1_4_home /opt/blackdown-jdk-1.4.2.03 Low Vendor Manifest java_1_7_home /opt/oracle-jdk-bin-1.7.0.80 Low Vendor Manifest x-builder Maven 3.5.4 Low Vendor file name xstream High Vendor jar package name thoughtworks Highest Vendor pom parent-artifactid xstream-parent Low Vendor Manifest specification-vendor XStream Low Vendor Manifest java_9_home /opt/oracle-jdk-bin-9.0.4 Low Vendor pom parent-groupid com.thoughtworks.xstream Medium Vendor Manifest bundle-docurl http://x-stream.github.io Low Vendor Manifest Implementation-Vendor XStream High Product pom artifactid xstream Highest Product Manifest java_1_6_home /opt/sun-jdk-1.6.0.45 Low Product Manifest x-compile-source 1.4 Low Product Manifest x-compile-target 1.4 Low Product jar package name xstream Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom groupid thoughtworks.xstream Highest Product pom name XStream Core High Product Manifest Bundle-Name XStream Core Medium Product Manifest java_1_5_home /opt/sun-jdk-1.5.0.22 Low Product Manifest x-build-time 2018-10-26T19:06:47Z Low Product Manifest bundle-symbolicname xstream Medium Product Manifest java_1_8_home /opt/oracle-jdk-bin-1.8.0.192 Low Product Manifest specification-title XStream Core Medium Product Manifest x-build-os Linux Low Product jar package name core Highest Product Manifest java_1_4_home /opt/blackdown-jdk-1.4.2.03 Low Product Manifest java_1_7_home /opt/oracle-jdk-bin-1.7.0.80 Low Product Manifest x-builder Maven 3.5.4 Low Product file name xstream High Product jar package name thoughtworks Highest Product jar package name xml Highest Product jar package name io Highest Product Manifest java_9_home /opt/oracle-jdk-bin-9.0.4 Low Product pom parent-artifactid xstream-parent Medium Product pom parent-groupid com.thoughtworks.xstream Medium Product Manifest bundle-docurl http://x-stream.github.io Low Product Manifest Implementation-Title XStream Core High Version file version 1.4.11.1 High Version pom version 1.4.11.1 Highest Version Manifest Implementation-Version 1.4.11.1 High Version Manifest Bundle-Version 1.4.11.1 High
Suppressed Vulnerabilities bsh-2.0b4.jar Description:
BeanShell File Path: /Users/lukaszlenart/.m2/repository/org/beanshell/bsh/2.0b4/bsh-2.0b4.jarMD5: a1c60aa83c9c9a6cb2391c1c1b85eb00SHA1: a05f0a0feefa8d8467ac80e16e7de071489f0d9cSHA256: 91395c07885839a8c6986d5b7c577cd9bacf01bf129c89141f35e8ea858427b6
Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor http://www.beanshell.org/ Low Vendor Manifest Implementation-Vendor Pat Niemeyer (pat@pat.net) High Vendor file name bsh High Vendor pom groupid beanshell Highest Vendor pom parent-groupid org.beanshell Medium Vendor pom parent-artifactid beanshell Low Vendor pom name BeanShell High Vendor pom artifactid bsh Low Vendor hint analyzer vendor beanshell_project Highest Vendor pom groupid org.beanshell Highest Vendor jar package name org Highest Vendor jar package name bsh Highest Product pom name BeanShell High Product Manifest specification-title BeanShell Medium Product jar package name org Highest Product pom parent-artifactid beanshell Medium Product file name bsh High Product pom artifactid bsh Highest Product pom groupid beanshell Highest Product hint analyzer product beanshell Highest Product jar package name bsh Highest Product pom parent-groupid org.beanshell Medium Version pom version 2.0b4 Highest
Suppressed Vulnerabilities CVE-2016-2510 (OSSINDEX) suppressed
BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler. Notes: file name: bsh-2.0b4.jar
CVSSv3:
HIGH (8.1) /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.beanshell:bsh:2.0b4:*:*:*:*:*:*:* plexus-utils-1.2.jar File Path: /Users/lukaszlenart/.m2/repository/org/codehaus/plexus/plexus-utils/1.2/plexus-utils-1.2.jarMD5: 4e05dbd6dbfdf2e976921e80079f9d38SHA1: 9756b92f7f380e4372d1e34f7d194bc0a5767849SHA256: 990608ac834a8762e9272c65404aeeee68325199b7eb10f63b22a06535fcb90c
Evidence Type Source Name Value Confidence Vendor pom artifactid plexus-utils Low Vendor Manifest specification-vendor Codehaus Low Vendor pom name Plexus Common Utilities High Vendor jar package name plexus Highest Vendor jar package name codehaus Highest Vendor pom parent-artifactid plexus Low Vendor pom groupid org.codehaus.plexus Highest Vendor Manifest extension-name plexus-utils Medium Vendor pom parent-groupid org.codehaus.plexus Medium Vendor file name plexus-utils High Vendor Manifest Implementation-Vendor Codehaus High Vendor pom groupid codehaus.plexus Highest Product jar package name plexus Highest Product jar package name codehaus Highest Product pom artifactid plexus-utils Highest Product Manifest Implementation-Title plexus-utils High Product Manifest extension-name plexus-utils Medium Product pom parent-groupid org.codehaus.plexus Medium Product file name plexus-utils High Product pom parent-artifactid plexus Medium Product pom groupid codehaus.plexus Highest Product pom name Plexus Common Utilities High Version pom parent-version 1.2 Low Version pom version 1.2 Highest Version Manifest Implementation-Version 1.2 High Version file version 1.2 High
Suppressed Vulnerabilities CVE-2017-1000487 suppressed
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings. CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
CRITICAL (9.8) /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions:
Directory traversal in org.codehaus.plexus.util.Expand (OSSINDEX) suppressed
> org.codehaus.plexus.util.Expand does not guard against directory traversal, but such protection is generally expected from unarchiving tools.
>
> -- [github.com](https://github.com/codehaus-plexus/plexus-utils/issues/4) Notes: file name: plexus-utils-1.2.jar
Unscored:
References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.codehaus.plexus:plexus-utils:1.2:*:*:*:*:*:*:* Possible XML Injection (OSSINDEX) suppressed
> `org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment(XMLWriter, String, int, int, int)` does not check if the comment includes a `"-->"` sequence. This means that text contained in the command string could be interpreted as XML, possibly leading to XML injection issues, depending on how this method is being called.
>
> -- [github.com](https://github.com/codehaus-plexus/plexus-utils/issues/3) Notes: file name: plexus-utils-1.2.jar
Unscored:
References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.codehaus.plexus:plexus-utils:1.2:*:*:*:*:*:*:* struts-annotations-1.0.7.jar Description:
struts-annotations adds annotations processor support for struts based annotated projects,
such as TLD and documentation generation from annotated component classes as used in struts2
File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts-annotations/1.0.7/struts-annotations-1.0.7.jarMD5: cde5d067c06bf2cd8fe0742d8c4d461eSHA1: 3fe2a1266e5224b66ade1cc57b92b178023a4ae9SHA256: f7dc6b8f8536bcf29bc1cbd58099c560f2313450340d2505686be214c5931cdd
Evidence Type Source Name Value Confidence Vendor file name struts-annotations High Vendor pom groupid apache.struts Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor pom parent-artifactid struts-master Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom artifactid struts-annotations Low Vendor jar package name annotations Highest Vendor pom url http://struts.apache.org Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor jar package name struts Highest Vendor pom name Struts Annotations High Vendor pom groupid org.apache.struts Highest Vendor pom parent-groupid org.apache.struts Medium Product file name struts-annotations High Product pom groupid apache.struts Highest Product pom artifactid struts-annotations Highest Product jar package name apache Highest Product jar package name annotations Highest Product Manifest build-jdk-spec 1.8 Low Product jar package name struts Highest Product pom name Struts Annotations High Product Manifest specification-title Struts Annotations Medium Product pom url http://struts.apache.org Medium Product pom parent-groupid org.apache.struts Medium Product pom parent-artifactid struts-master Medium Product Manifest Implementation-Title Struts Annotations High Version file version 1.0.7 High Version Manifest Implementation-Version 1.0.7 High Version pom version 1.0.7 Highest Version pom parent-version 1.0.7 Low
Suppressed Vulnerabilities CVE-2006-1546 suppressed
Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check. NVD-CWE-Other
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions:
CVE-2006-1547 suppressed
ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils. NVD-CWE-Other
CVSSv2:
Base Score: HIGH (7.8) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:C References:
Vulnerable Software & Versions: (show all )
CVE-2006-1548 suppressed
Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message. NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2012-0394 suppressed
** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself." CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2013-2115 suppressed
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966. CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSSv2:
Base Score: HIGH (9.3) Vector: /AV:N/AC:M/Au:N/C:C/I:C/A:C References:
Vulnerable Software & Versions: (show all )
CVE-2015-2992 suppressed
Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
MEDIUM (6.1) /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions: