5.2.1NVD CVE Checked2019-08-22T22:02:44NVD CVE Modified2019-08-22T21:33:49VersionCheckOn2019-08-22T22:02:44Devsecops2019-08-24T07:41:56.905ZThis report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community.javax.inject-1.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/javax.inject-1.jar289075e48b909e9e74e6c915b3631d2e6975da39a7040257bd51d21a231b76c915872d3891c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ffThe javax.inject APIThe Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtcentralgroupidjavax.injectpomnamejavax.injectjarpackage nameinjectpomgroupidjavax.injectjarpackage namejavaxpomurlhttp://code.google.com/p/atinject/pomartifactidjavax.injectfilenamejavax.inject-1pomurlhttp://code.google.com/p/atinject/pomnamejavax.injectjarpackage nameinjectcentralartifactidjavax.injectpomartifactidjavax.injectfilenamejavax.inject-1pomgroupidjavax.injectcentralversion1fileversion1pomversion1pkg:maven/javax.inject/javax.inject@1https://ossindex.sonatype.org/component/pkg:maven/javax.inject/javax.inject@1pkg:maven/javax.inject/javax.inject@1https://ossindex.sonatype.org/component/pkg:maven/javax.inject/javax.inject@1commons-text-1.7.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/commons-text-1.7.jarb621c9817128bb34db92a04c6137379d4d7d6dc210f80d0bff18645cc534a0c45324d0d68434bbfb887e7a0f3dfef92ac84e783f847bc0f0f43b8cc9e026646b137b6065Apache Commons Text is a library focused on algorithms working on strings.https://www.apache.org/licenses/LICENSE-2.0.txtManifestbundle-symbolicnameorg.apache.commons.commons-textManifestImplementation-Vendor-Idorg.apache.commonspomnameApache Commons Textpomparent-artifactidcommons-parentManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"pomgroupidapache.commonsManifestimplementation-urlhttp://commons.apache.org/proper/commons-textpomparent-groupidorg.apache.commonsjarpackage nameapacheManifestautomatic-module-nameorg.apache.commons.textfilenamecommons-textManifestspecification-vendorThe Apache Software Foundationjarpackage namecommonspomurlhttp://commons.apache.org/proper/commons-textjarpackage nametextManifestbundle-docurlhttp://commons.apache.org/proper/commons-textpomartifactidcommons-textManifestImplementation-VendorThe Apache Software FoundationManifestbundle-symbolicnameorg.apache.commons.commons-textpomparent-artifactidcommons-parentpomnameApache Commons TextManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"pomartifactidcommons-textManifestimplementation-urlhttp://commons.apache.org/proper/commons-textjarpackage nameapacheManifestspecification-titleApache Commons TextManifestImplementation-TitleApache Commons TextManifestautomatic-module-nameorg.apache.commons.textfilenamecommons-textpomurlhttp://commons.apache.org/proper/commons-textjarpackage namecommonspomgroupidapache.commonspomparent-groupidorg.apache.commonsjarpackage nametextManifestbundle-docurlhttp://commons.apache.org/proper/commons-textManifestBundle-NameApache Commons Textpomversion1.7fileversion1.7pomparent-version1.7ManifestImplementation-Version1.7pkg:maven/org.apache.commons/commons-text@1.7https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-text@1.7pkg:maven/org.apache.commons/commons-text@1.7https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-text@1.7h2-1.4.196.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/h2-1.4.196.jar4ce376a2466f5b29573fc3e40606af6bdd0034398d593aa3588c6773faac429bbd9aea0e0a05f4a0d5b85840148aadce63a423b5d3c36ef44756389b4faad08d2733faf5H2 Database EngineMPL 2.0 or EPL 1.0: http://h2database.com/html/license.htmlManifestprovide-capabilityosgi.service;objectClass:List=org.osgi.service.jdbc.DataSourceFactorypomurlhttp://www.h2database.comfilenameh2jarpackage nameh2centralgroupidcom.h2databasejarpackage nameh2Manifestimplementation-urlhttp://www.h2database.compomnameH2 Database EngineManifestbundle-symbolicnameorg.h2pomgroupidh2databasepomartifactidh2Manifestbundle-categoryjdbcManifestprovide-capabilityosgi.service;objectClass:List=org.osgi.service.jdbc.DataSourceFactoryfilenameh2centralartifactidh2ManifestImplementation-TitleH2 Database Enginejarpackage nameh2jarpackage nameserviceManifestimplementation-urlhttp://www.h2database.comManifestBundle-NameH2 Database Enginepomartifactidh2pomnameH2 Database Enginepomurlhttp://www.h2database.comManifestbundle-symbolicnameorg.h2jarpackage nameenginepomgroupidh2databasejarpackage namedatabaseManifestbundle-categoryjdbcjarpackage namejdbcManifestImplementation-Version1.4.196ManifestBundle-Version1.4.196fileversion1.4.196pomversion1.4.196centralversion1.4.196pkg:maven/com.h2database/h2@1.4.196https://ossindex.sonatype.org/component/pkg:maven/com.h2database/h2@1.4.196pkg:maven/com.h2database/h2@1.4.196https://ossindex.sonatype.org/component/pkg:maven/com.h2database/h2@1.4.196jcip-annotations-1.0.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/jcip-annotations-1.0.jar9d5272954896c5a5d234f66b7372b17aafba4942caaeaf46aab0b976afd57cc7c181467ebe5805392060c71474bf6c9a67a099471274d30b83eef84bfc4e0889a4f1dcc0/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/jcip-annotations-1.0.jarbe5805392060c71474bf6c9a67a099471274d30b83eef84bfc4e0889a4f1dcc0afba4942caaeaf46aab0b976afd57cc7c181467e9d5272954896c5a5d234f66b7372b17afilenamejcip-annotationspomurlhttp://jcip.net/pomgroupidnet.jcipjarpackage namenetcentralgroupidnet.jcipjarpackage nameannotationspomartifactidjcip-annotationspomname"Java Concurrency in Practice" book annotationsjarpackage namejcipfilenamejcip-annotationspomurlhttp://jcip.net/centralartifactidjcip-annotationspomartifactidjcip-annotationsjarpackage nameannotationspomname"Java Concurrency in Practice" book annotationspomgroupidnet.jcipjarpackage namejcipcentralversion1.0pomversion1.0fileversion1.0pkg:maven/net.jcip/jcip-annotations@1.0https://ossindex.sonatype.org/component/pkg:maven/net.jcip/jcip-annotations@1.0pkg:maven/net.jcip/jcip-annotations@1.0https://ossindex.sonatype.org/component/pkg:maven/net.jcip/jcip-annotations@1.0jboss-logging-3.1.0.GA.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/jboss-logging-3.1.0.GA.jar735bcea3e47fd715900cfb95ec68b50fc71f2856e7b60efe485db39b37a31811e6c84365dea2fe7895033bdbbe2c1688ad08a0588d9d9b0f17d53349081cc20dda31353eThe JBoss Logging FrameworkGNU Lesser General Public License, version 2.1: http://www.gnu.org/licenses/lgpl-2.1.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/jboss-logging-3.1.0.GA.jardea2fe7895033bdbbe2c1688ad08a0588d9d9b0f17d53349081cc20dda31353ec71f2856e7b60efe485db39b37a31811e6c84365735bcea3e47fd715900cfb95ec68b50fpomurlhttp://www.jboss.orgfilenamejboss-loggingjarpackage nameloggingManifestImplementation-VendorJBoss by Red HatManifestbundle-docurlhttp://www.jboss.orgpomparent-artifactidjboss-parentManifestbundle-symbolicnameorg.jboss.logging.jboss-loggingpomnameJBoss Logging 3jarpackage namejbossManifestspecification-vendorJBoss by Red HatManifestimplementation-urlhttp://www.jboss.orgpomgroupidjboss.loggingpomparent-groupidorg.jbossManifestImplementation-Vendor-Idorg.jboss.loggingpomartifactidjboss-loggingpomparent-artifactidjboss-parentfilenamejboss-loggingjarpackage nameloggingManifestbundle-docurlhttp://www.jboss.orgManifestbundle-symbolicnameorg.jboss.logging.jboss-loggingpomnameJBoss Logging 3pomurlhttp://www.jboss.orgjarpackage namejbosspomgroupidjboss.loggingManifestimplementation-urlhttp://www.jboss.orgpomparent-groupidorg.jbossManifestspecification-titleJBoss Logging 3pomartifactidjboss-loggingManifestBundle-NameJBoss Logging 3ManifestImplementation-TitleJBoss Logging 3pomversion3.1.0.GAManifestBundle-Version3.1.0.GApomparent-version3.1.0.GAManifestImplementation-Version3.1.0.GApkg:maven/org.jboss.logging/jboss-logging@3.1.0.GAhttps://ossindex.sonatype.org/component/pkg:maven/org.jboss.logging/jboss-logging@3.1.0.GApkg:maven/org.jboss.logging/jboss-logging@3.1.0.GAhttps://ossindex.sonatype.org/component/pkg:maven/org.jboss.logging/jboss-logging@3.1.0.GAguava-28.0-jre.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/guava-28.0-jre.jar6eb33b6c6d29d7f6cfece0543f13fad354fed371b4b8a8cce1e94a9abd9620982d3aa54b73e4d6ae5f0e8f9d292a4db83a2479b5468f83d972ac1ff36d6d0b43943b4f91
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
http://www.apache.org/licenses/LICENSE-2.0.txtjarpackage namegooglepomnameGuava: Google Core Libraries for JavaManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"Manifestbundle-symbolicnamecom.google.guavapomparent-groupidcom.google.guavaManifestautomatic-module-namecom.google.commonfilenameguavapomgroupidgoogle.guavapomartifactidguavajarpackage namecommonManifestbundle-docurlhttps://github.com/google/guava/pomparent-artifactidguava-parentjarpackage namegooglepomnameGuava: Google Core Libraries for JavaManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"pomparent-artifactidguava-parentpomartifactidguavaManifestbundle-symbolicnamecom.google.guavapomparent-groupidcom.google.guavaManifestautomatic-module-namecom.google.commonpomgroupidgoogle.guavafilenameguavaManifestBundle-NameGuava: Google Core Libraries for Javajarpackage namecommonManifestbundle-docurlhttps://github.com/google/guava/pomversion28.0-jrepkg:maven/com.google.guava/guava@28.0-jrehttps://ossindex.sonatype.org/component/pkg:maven/com.google.guava/guava@28.0-jrepkg:maven/com.google.guava/guava@28.0-jrehttps://ossindex.sonatype.org/component/pkg:maven/com.google.guava/guava@28.0-jrejquery.scrollUp.min.js/var/lib/jenkins/workspace/test@2/src/main/webapp/js/jquery.scrollUp.min.jscbe4344d551f7c153fb3b84c44f2db8d4c88929519b25690084dd3a91df86dab3c6316a9d2c96e4da11d59d025a80d8f5abc2d6a375e3f18f67ddd5051244234f50c2cf6/var/lib/jenkins/workspace/test@2/target/devsecops/js/jquery.scrollUp.min.jsd2c96e4da11d59d025a80d8f5abc2d6a375e3f18f67ddd5051244234f50c2cf64c88929519b25690084dd3a91df86dab3c6316a9cbe4344d551f7c153fb3b84c44f2db8d/var/lib/jenkins/workspace/test@2/target/devsecops.war/js/jquery.scrollUp.min.jsd2c96e4da11d59d025a80d8f5abc2d6a375e3f18f67ddd5051244234f50c2cf64c88929519b25690084dd3a91df86dab3c6316a9cbe4344d551f7c153fb3b84c44f2db8dasm-commons-3.3.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/asm-commons-3.3.jar47d6178194c38fc70d4e27db08ae5d103630d2095238beee3f94670af3d9a9dc115ce8871cc6e5bcfab550397289875ac133d86562d4ec2f3875afa7c5c033d1f0ee96af/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/asm-commons-3.3.jar1cc6e5bcfab550397289875ac133d86562d4ec2f3875afa7c5c033d1f0ee96af3630d2095238beee3f94670af3d9a9dc115ce88747d6178194c38fc70d4e27db08ae5d10jarpackage nameobjectwebpomparent-artifactidasm-parentpomartifactidasm-commonsManifestImplementation-VendorFrance Telecom R&Dfilenameasm-commonspomgroupidasmjarpackage nameasmpomnameASM Commonscentralgroupidasmjarpackage namecommonspomartifactidasm-commonscentralartifactidasm-commonspomparent-artifactidasm-parentfilenameasm-commonsjarpackage namecommonsManifestImplementation-TitleASM commonsjarpackage nameasmjarpackage nameasmpomnameASM Commonspomgroupidasmjarpackage namecommonsManifestImplementation-Version3.3centralversion3.3pomversion3.3fileversion3.3pkg:maven/asm/asm-commons@3.3https://ossindex.sonatype.org/component/pkg:maven/asm/asm-commons@3.3pkg:maven/asm/asm-commons@3.3https://ossindex.sonatype.org/component/pkg:maven/asm/asm-commons@3.3lucene-core-8.2.0.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/lucene-core-8.2.0.jar38017372e81035c484ad5cf94d88d8eaf6da40436d3633de272810fae1e339c237adfcf625564b27cebe18a5f0e988b5aeee342e1dd163b2dfca888eb1cea4dcadb32dd2Apache Lucene Java Core/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/lucene-queryparser-8.2.0.jar25564b27cebe18a5f0e988b5aeee342e1dd163b2dfca888eb1cea4dcadb32dd28925df7b104e78e308e236ff0740a064dd93cadd26da5109a008179e59c6f3c39b46a5dapkg:maven/org.apache.lucene/lucene-queryparser@8.2.0https://ossindex.sonatype.org/component/pkg:maven/org.apache.lucene/lucene-queryparser@8.2.0/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/lucene-queries-8.2.0.jar25564b27cebe18a5f0e988b5aeee342e1dd163b2dfca888eb1cea4dcadb32dd25da383678cb0a35a07ccb03487ba00cf184d1d71e9fae556c8d24a4273d8600b851b33e7pkg:maven/org.apache.lucene/lucene-queries@8.2.0https://ossindex.sonatype.org/component/pkg:maven/org.apache.lucene/lucene-queries@8.2.0/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/lucene-sandbox-8.2.0.jar25564b27cebe18a5f0e988b5aeee342e1dd163b2dfca888eb1cea4dcadb32dd2f50931f1db40cdcc31e5044439d4e5522a23f6c11de8e63c42e6db085d15d82ee5628921pkg:maven/org.apache.lucene/lucene-sandbox@8.2.0https://ossindex.sonatype.org/component/pkg:maven/org.apache.lucene/lucene-sandbox@8.2.0/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/lucene-analyzers-common-8.2.0.jar25564b27cebe18a5f0e988b5aeee342e1dd163b2dfca888eb1cea4dcadb32dd28e8abc90572ed74b110c75b546c675153aecc57067e169936aefc775697cdf759794e31bpkg:maven/org.apache.lucene/lucene-analyzers-common@8.2.0https://ossindex.sonatype.org/component/pkg:maven/org.apache.lucene/lucene-analyzers-common@8.2.0centralgroupidorg.apache.luceneManifestextension-nameorg.apache.lucenepomparent-groupidorg.apache.lucenejarpackage nameapachepomartifactidlucene-corefilenamelucene-corejarpackage namelucenejarpackage namelucenejarpackage nameorgjarpackage nameapacheManifestspecification-vendorThe Apache Software Foundationpomparent-artifactidlucene-parentpomgroupidapache.luceneManifestmulti-releasetruepomnameLucene CoreManifestImplementation-VendorThe Apache Software FoundationManifestspecification-titleLucene Search Engine: corecentralartifactidlucene-coreManifestextension-nameorg.apache.lucenepomgroupidapache.lucenefilenamelucene-corejarpackage namelucenejarpackage namelucenepomartifactidlucene-corejarpackage nameorgjarpackage nameapachejarpackage namesearchpomparent-groupidorg.apache.luceneManifestImplementation-Titleorg.apache.lucenepomparent-artifactidlucene-parentManifestmulti-releasetruepomnameLucene Corefileversion8.2.0centralversion8.2.0pomversion8.2.0pkg:maven/org.apache.lucene/lucene-core@8.2.0https://ossindex.sonatype.org/component/pkg:maven/org.apache.lucene/lucene-core@8.2.0pkg:maven/org.apache.lucene/lucene-core@8.2.0https://ossindex.sonatype.org/component/pkg:maven/org.apache.lucene/lucene-core@8.2.0packageurl-java-1.1.0.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/packageurl-java-1.1.0.jar261fa48c4d0c6a302e2b8ecc65ce3431e8969ecdafc70aad1b66521fcb5b8b252c1836b05b67a1b886af568ec31a630ee960635c3b01a6adc363d863d9d1f48843beac05The official Java implementation of the PackageURL specification. PackageURL (purl) is a minimal
specification for describing a package via a "mostly universal" URL.
MIT: https://opensource.org/licenses/MITpomartifactidpackageurl-javapomgroupidgithub.package-urlfilenamepackageurl-javajarpackage namepackageurlpomnamePackage URLpomurlpackage-url/packageurl-javajarpackage namegithubjarpackage namegithubjarpackage namepackageurlpomartifactidpackageurl-javapomgroupidgithub.package-urlfilenamepackageurl-javajarpackage namepackageurlpomnamePackage URLjarpackage namegithubpomurlpackage-url/packageurl-javajarpackage namepackageurlfileversion1.1.0pomversion1.1.0pkg:maven/com.github.package-url/packageurl-java@1.1.0https://ossindex.sonatype.org/component/pkg:maven/com.github.package-url/packageurl-java@1.1.0pkg:maven/com.github.package-url/packageurl-java@1.1.0https://ossindex.sonatype.org/component/pkg:maven/com.github.package-url/packageurl-java@1.1.0findsecbugs-plugin-1.9.0.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/findsecbugs-plugin-1.9.0.jar835db1e3bea68fbec6d8ab3b78a43faff8b7b42c7008ad126ac12b5ee4ade33ca9ef56a10e2fcbdd15e6c333b6450c63e2f4ee89f0f3d4f85862e41c0b1d3e5de9a566c9
Core module of the project. It include all the FindBugs detectors.
The resulting jar is the published plugin.
pomparent-artifactidfindsecbugs-root-pompomgroupidh3xstream.findsecbugsfilenamefindsecbugs-plugincentralgroupidcom.h3xstream.findsecbugsjarpackage nameh3xstreampomparent-groupidcom.h3xstream.findsecbugspomartifactidfindsecbugs-pluginjarpackage namefindsecbugspomnameFind Security Bugs Pluginpomgroupidh3xstream.findsecbugsfilenamefindsecbugs-pluginpomartifactidfindsecbugs-pluginpomparent-artifactidfindsecbugs-root-pomcentralartifactidfindsecbugs-pluginpomparent-groupidcom.h3xstream.findsecbugsjarpackage namefindsecbugspomnameFind Security Bugs Pluginfileversion1.9.0centralversion1.9.0pomversion1.9.0pkg:maven/com.h3xstream.findsecbugs/findsecbugs-plugin@1.9.0https://ossindex.sonatype.org/component/pkg:maven/com.h3xstream.findsecbugs/findsecbugs-plugin@1.9.0pkg:maven/com.h3xstream.findsecbugs/findsecbugs-plugin@1.9.0https://ossindex.sonatype.org/component/pkg:maven/com.h3xstream.findsecbugs/findsecbugs-plugin@1.9.0javassist-3.11.0.GA.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/javassist-3.11.0.GA.jarcb8f91e65864b85c8c6f87164e3252a52c00105734a57e9ee4f27e4b17cd43200e5f0ff8aa8c27fc46be68c58c25eab15bf3073587945e009455385da78439dea684ef58Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
simple. It is a class library for editing bytecodes in Java.
/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/javassist-3.11.0.GA.jaraa8c27fc46be68c58c25eab15bf3073587945e009455385da78439dea684ef582c00105734a57e9ee4f27e4b17cd43200e5f0ff8cb8f91e65864b85c8c6f87164e3252a5jarpackage namejavassistpomartifactidjavassistManifestspecification-vendorShigeru Chiba, Tokyo Institute of TechnologypomgroupidjavassistpomnameJavassistpomurlhttp://www.javassist.org/filenamejavassistcentralgroupidjavassistpomartifactidjavassistjarpackage namejavassistManifestspecification-titleJavassistpomnameJavassistpomurlhttp://www.javassist.org/filenamejavassistpomgroupidjavassistcentralartifactidjavassistpomversion3.11.0.GAmanifest: javassist/specification-version3.11.0.GAcentralversion3.11.0.GApkg:maven/javassist/javassist@3.11.0.GAhttps://ossindex.sonatype.org/component/pkg:maven/javassist/javassist@3.11.0.GApkg:maven/javassist/javassist@3.11.0.GAhttps://ossindex.sonatype.org/component/pkg:maven/javassist/javassist@3.11.0.GAjquery.prettyPhoto.js/var/lib/jenkins/workspace/test@2/target/devsecops/js/jquery.prettyPhoto.js51d2c2977e3dbb58e8ee5a5f52673aa081e3ee36772fe61b742073a973be1fb840a5cafa7d4adb5e9401f2d3c71467d1c2ab1a153e5b65fdc1d9f90ba7504fd700d7fac6/var/lib/jenkins/workspace/test@2/src/main/webapp/js/jquery.prettyPhoto.js7d4adb5e9401f2d3c71467d1c2ab1a153e5b65fdc1d9f90ba7504fd700d7fac681e3ee36772fe61b742073a973be1fb840a5cafa51d2c2977e3dbb58e8ee5a5f52673aa0/var/lib/jenkins/workspace/test@2/target/devsecops.war/js/jquery.prettyPhoto.js7d4adb5e9401f2d3c71467d1c2ab1a153e5b65fdc1d9f90ba7504fd700d7fac681e3ee36772fe61b742073a973be1fb840a5cafa51d2c2977e3dbb58e8ee5a5f52673aa0filenamejquery.prettyPhotofilenamejquery.prettyPhotofileversion3.1.5pkg:javascript/jquery.prettyPhoto@3.1.5https://ossindex.sonatype.org/component/pkg:javascript/jquery.prettyPhoto@3.1.5pkg:javascript/jquery.prettyPhoto@3.1.5https://ossindex.sonatype.org/component/pkg:javascript/jquery.prettyPhoto@3.1.5Vulnerability in jquery.prettyPhotohighinfohttps://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphotoinfoinfohttps://github.com/scaron/prettyphoto/issues/149infospring-vault-core-2.1.1.RELEASE.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/spring-vault-core-2.1.1.RELEASE.jar7c0a62fa72e6dfc1d57aef0a34294fc1ab5e3c0c6c40eac30993260cf4a0912499991a7137cb59f9a16901414b1debeeb7aed013d1ec631a3d5a5963222e7119fdfbb881Spring Vault Core Components/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/spring-vault-core-2.1.1.RELEASE.jar37cb59f9a16901414b1debeeb7aed013d1ec631a3d5a5963222e7119fdfbb881ab5e3c0c6c40eac30993260cf4a0912499991a717c0a62fa72e6dfc1d57aef0a34294fc1pomartifactidspring-vault-corejarpackage namecorepomgroupidspringframework.vaultjarpackage namespringframeworkpomnameSpring Vault Corejarpackage namevaultpomparent-artifactidspring-vault-parentfilenamespring-vault-corepomparent-groupidorg.springframework.vaultManifestautomatic-module-namespring.vault.corepomartifactidspring-vault-corejarpackage namecorepomparent-groupidorg.springframework.vaultManifestImplementation-TitleSpring Vault Corejarpackage namespringframeworkpomparent-artifactidspring-vault-parentpomnameSpring Vault Corejarpackage namevaultfilenamespring-vault-corepomgroupidspringframework.vaultManifestautomatic-module-namespring.vault.coreManifestImplementation-Version2.1.1.RELEASEpomversion2.1.1.RELEASEpkg:maven/org.springframework.vault/spring-vault-core@2.1.1.RELEASEhttps://ossindex.sonatype.org/component/pkg:maven/org.springframework.vault/spring-vault-core@2.1.1.RELEASEpkg:maven/org.springframework.vault/spring-vault-core@2.1.1.RELEASEhttps://ossindex.sonatype.org/component/pkg:maven/org.springframework.vault/spring-vault-core@2.1.1.RELEASEbootstrap.min.js/var/lib/jenkins/workspace/test@2/target/devsecops/js/bootstrap.min.js903657654e9be147571c1b0c4a657fc41261cc1e82c337ffd44b2b576c8685f7d77d51397f02a98976eb67a5f01fcb8d4f3220a5d7a8a757d9a41352b4d20f89036923dc/var/lib/jenkins/workspace/test@2/target/devsecops.war/js/bootstrap.min.js7f02a98976eb67a5f01fcb8d4f3220a5d7a8a757d9a41352b4d20f89036923dc1261cc1e82c337ffd44b2b576c8685f7d77d5139903657654e9be147571c1b0c4a657fc4/var/lib/jenkins/workspace/test@2/src/main/webapp/js/bootstrap.min.js7f02a98976eb67a5f01fcb8d4f3220a5d7a8a757d9a41352b4d20f89036923dc1261cc1e82c337ffd44b2b576c8685f7d77d5139903657654e9be147571c1b0c4a657fc4filenamebootstrapfilenamebootstrapfileversion3.0.3pkg:javascript/bootstrap@3.0.3https://ossindex.sonatype.org/component/pkg:javascript/bootstrap@3.0.3pkg:javascript/bootstrap@3.0.3https://ossindex.sonatype.org/component/pkg:javascript/bootstrap@3.0.3CVE-2018-14040MEDIUM4.3NETWORKMEDIUMNONENONENONENONEMEDIUM6.1NETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONEMEDIUMCWE-79In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.MISChttps://github.com/twbs/bootstrap/issues/26423https://github.com/twbs/bootstrap/issues/26423infohttps://github.com/twbs/bootstrap/issues/20184infoBUGTRAQhttps://seclists.org/bugtraq/2019/May/1820190509 dotCMS v5.1.1 VulnerabilitiesFULLDISChttp://seclists.org/fulldisclosure/2019/May/1320190510 Re: dotCMS v5.1.1 HTML Injection & XSS VulnerabilityFULLDISChttp://seclists.org/fulldisclosure/2019/May/1120190510 dotCMS v5.1.1 HTML Injection & XSS VulnerabilityMISChttps://github.com/twbs/bootstrap/pull/26630https://github.com/twbs/bootstrap/pull/26630MISChttps://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/MISChttps://github.com/twbs/bootstrap/issues/26625https://github.com/twbs/bootstrap/issues/26625MLISThttps://lists.debian.org/debian-lts-announce/2018/08/msg00027.html[debian-lts-announce] 20180827 [SECURITY] [DLA 1479-1] twitter-bootstrap3 security updateFULLDISChttp://seclists.org/fulldisclosure/2019/May/1020190510 dotCMS v5.1.1 VulnerabilitiesMISChttp://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.htmlhttp://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.htmlcpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*CVE-2018-14041MEDIUM4.3NETWORKMEDIUMNONENONENONENONEMEDIUM6.1NETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONEMEDIUMCWE-79In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.MISChttps://github.com/twbs/bootstrap/issues/26423https://github.com/twbs/bootstrap/issues/26423infohttps://github.com/twbs/bootstrap/issues/20184infoREDHAThttps://access.redhat.com/errata/RHSA-2019:1456RHSA-2019:1456BUGTRAQhttps://seclists.org/bugtraq/2019/May/1820190509 dotCMS v5.1.1 VulnerabilitiesFULLDISChttp://seclists.org/fulldisclosure/2019/May/1320190510 Re: dotCMS v5.1.1 HTML Injection & XSS VulnerabilityFULLDISChttp://seclists.org/fulldisclosure/2019/May/1120190510 dotCMS v5.1.1 HTML Injection & XSS VulnerabilityMISChttps://github.com/twbs/bootstrap/pull/26630https://github.com/twbs/bootstrap/pull/26630MISChttps://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/FULLDISChttp://seclists.org/fulldisclosure/2019/May/1020190510 dotCMS v5.1.1 VulnerabilitiesMISChttp://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.htmlhttp://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.htmlMISChttps://github.com/twbs/bootstrap/issues/26627https://github.com/twbs/bootstrap/issues/26627cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*CVE-2018-14042MEDIUM4.3NETWORKMEDIUMNONENONENONENONEMEDIUM6.1NETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONEMEDIUMCWE-79In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.MISChttps://github.com/twbs/bootstrap/issues/26423https://github.com/twbs/bootstrap/issues/26423infohttps://github.com/twbs/bootstrap/issues/20184infoBUGTRAQhttps://seclists.org/bugtraq/2019/May/1820190509 dotCMS v5.1.1 VulnerabilitiesFULLDISChttp://seclists.org/fulldisclosure/2019/May/1320190510 Re: dotCMS v5.1.1 HTML Injection & XSS VulnerabilityFULLDISChttp://seclists.org/fulldisclosure/2019/May/1120190510 dotCMS v5.1.1 HTML Injection & XSS VulnerabilityMISChttps://github.com/twbs/bootstrap/pull/26630https://github.com/twbs/bootstrap/pull/26630MISChttps://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/MISChttps://github.com/twbs/bootstrap/issues/26628https://github.com/twbs/bootstrap/issues/26628FULLDISChttp://seclists.org/fulldisclosure/2019/May/1020190510 dotCMS v5.1.1 Vulnerabilitiescpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*CVE-2019-8331MEDIUM4.3NETWORKMEDIUMNONENONENONENONEMEDIUM6.1NETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONEMEDIUMCWE-79In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.REDHAThttps://access.redhat.com/errata/RHSA-2019:1456RHSA-2019:1456BUGTRAQhttps://seclists.org/bugtraq/2019/May/1820190509 dotCMS v5.1.1 VulnerabilitiesFULLDISChttp://seclists.org/fulldisclosure/2019/May/1320190510 Re: dotCMS v5.1.1 HTML Injection & XSS VulnerabilityCONFIRMhttps://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/infohttps://github.com/twbs/bootstrap/issues/28236infoMISChttps://github.com/twbs/bootstrap/pull/28236https://github.com/twbs/bootstrap/pull/28236BIDhttp://www.securityfocus.com/bid/107375107375MLISThttps://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E[flink-dev] 20190811 Apache flink 1.7.2 security issuesMLISThttps://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E[flink-user] 20190811 Apache flink 1.7.2 security issuesMLISThttps://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E[flink-user] 20190813 Apache flink 1.7.2 security issuesFULLDISChttp://seclists.org/fulldisclosure/2019/May/1120190510 dotCMS v5.1.1 HTML Injection & XSS VulnerabilityMLISThttps://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E[flink-user] 20190813 Re: Apache flink 1.7.2 security issuesCONFIRMhttps://support.f5.com/csp/article/K24383845https://support.f5.com/csp/article/K24383845MISChttps://github.com/twbs/bootstrap/releases/tag/v4.3.1https://github.com/twbs/bootstrap/releases/tag/v4.3.1FULLDISChttp://seclists.org/fulldisclosure/2019/May/1020190510 dotCMS v5.1.1 VulnerabilitiesMISChttps://github.com/twbs/bootstrap/releases/tag/v3.4.1https://github.com/twbs/bootstrap/releases/tag/v3.4.1cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*jackson-annotations-2.9.0.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/jackson-annotations-2.9.0.jarc09faa1b063681cf45706c6df50685b607c10d545325e3a6e72e06381afe469fd40eb70145d32ac61ef8a744b464c54c2b3414be571016dd46bfc2bec226761cf7ae457aCore annotations used for value types, used by Jackson data binding package.
http://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/jackson-annotations-2.9.0.jar45d32ac61ef8a744b464c54c2b3414be571016dd46bfc2bec226761cf7ae457a07c10d545325e3a6e72e06381afe469fd40eb701c09faa1b063681cf45706c6df50685b6/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/jackson-annotations-2.9.0.jar45d32ac61ef8a744b464c54c2b3414be571016dd46bfc2bec226761cf7ae457a07c10d545325e3a6e72e06381afe469fd40eb701c09faa1b063681cf45706c6df50685b6pomparent-artifactidjackson-parentManifestImplementation-Vendor-Idcom.fasterxml.jackson.corepomnameJackson-annotationsManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"pomartifactidjackson-annotationsManifestImplementation-VendorFasterXMLpomparent-groupidcom.fasterxml.jacksonjarpackage namejacksonManifestbundle-docurlhttp://github.com/FasterXML/jacksonfilenamejackson-annotationsManifestspecification-vendorFasterXMLpomurlhttp://github.com/FasterXML/jacksonManifestimplementation-build-date2017-07-30 03:53:23+0000pomgroupidfasterxml.jackson.coreManifestbundle-symbolicnamecom.fasterxml.jackson.core.jackson-annotationsjarpackage namefasterxmlpomparent-groupidcom.fasterxml.jacksonpomnameJackson-annotationsManifestBundle-NameJackson-annotationspomurlhttp://github.com/FasterXML/jacksonManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"pomgroupidfasterxml.jackson.coreManifestspecification-titleJackson-annotationsManifestImplementation-TitleJackson-annotationspomartifactidjackson-annotationsjarpackage namejacksonManifestbundle-docurlhttp://github.com/FasterXML/jacksonfilenamejackson-annotationsManifestimplementation-build-date2017-07-30 03:53:23+0000Manifestbundle-symbolicnamecom.fasterxml.jackson.core.jackson-annotationspomparent-artifactidjackson-parentjarpackage namefasterxmlManifestImplementation-Version2.9.0ManifestBundle-Version2.9.0fileversion2.9.0pomversion2.9.0pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.0https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.0pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.0https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.0listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jard094c22570d65e132c19cea5d352e381b421526c5f297295adef1c886e5246c39d4ac629b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99
An empty artifact that Guava depends on to signal that it is providing
ListenableFuture -- but is also available in a second "version" that
contains com.google.common.util.concurrent.ListenableFuture class, without
any other Guava classes. The idea is:
- If users want only ListenableFuture, they depend on listenablefuture-1.0.
- If users want all of Guava, they depend on guava, which, as of Guava
27.0, depends on
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-...
version number is enough for some build systems (notably, Gradle) to select
that empty artifact over the "real" listenablefuture-1.0 -- avoiding a
conflict with the copy of ListenableFuture in guava itself. If users are
using an older version of Guava or a build system other than Gradle, they
may see class conflicts. If so, they can solve them by manually excluding
the listenablefuture artifact or manually forcing their build systems to
use 9999.0-....
pomartifactidlistenablefuturepomgroupidgoogle.guavapomnameGuava ListenableFuture onlypomparent-groupidcom.google.guavapomparent-artifactidguava-parentfilenamelistenablefuturepomparent-artifactidguava-parentpomnameGuava ListenableFuture onlypomparent-groupidcom.google.guavapomartifactidlistenablefuturepomgroupidgoogle.guavafilenamelistenablefuturepomparent-version9999.0-empty-to-avoid-conflict-with-guavapomversion9999.0-empty-to-avoid-conflict-with-guavapkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guavahttps://ossindex.sonatype.org/component/pkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guavapkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guavahttps://ossindex.sonatype.org/component/pkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guavaognl-3.0.19.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/ognl-3.0.19.jar06c9faa866cd2c8b3ff307d7f4c04ed5b15af43375b38289cee867649125d5417adede817aa3897a57727a74519878862827cc6ff55bb1f19bd582c9c69f0e0e7887cb0dOGNL - Object Graph Navigation LibraryThe Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/ognl-3.0.19.jar7aa3897a57727a74519878862827cc6ff55bb1f19bd582c9c69f0e0e7887cb0db15af43375b38289cee867649125d5417adede8106c9faa866cd2c8b3ff307d7f4c04ed5filenameognljarpackage nameognlpomartifactidognlpomorganization nameOpenSymphonyjarpackage nameognlpomurlhttp://ognl.orgpomnameOGNL - Object Graph Navigation Librarypomorganization urlhttp://www.opensymphony.compomgroupidognlfilenameognlpomorganization urlhttp://www.opensymphony.compomgroupidognlpomurlhttp://ognl.orgjarpackage nameognlpomorganization nameOpenSymphonypomnameOGNL - Object Graph Navigation Librarypomartifactidognlpomversion3.0.19fileversion3.0.19pkg:maven/ognl/ognl@3.0.19https://ossindex.sonatype.org/component/pkg:maven/ognl/ognl@3.0.19pkg:maven/ognl/ognl@3.0.19https://ossindex.sonatype.org/component/pkg:maven/ognl/ognl@3.0.19json-20140107.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/json-20140107.jar8ca2437d3dbbaa2e76195adedfd901f4d1ffca6e2482b002702c6a576166fd685e3370e38e5aa0a368bee60347b5a4ad861d9f68c7793f60deeea89efd449eb70d5ae622
JSON is a light-weight, language independent, data interchange format.
See http://www.JSON.org/
The files in this package implement JSON encoders/decoders in Java.
It also includes the capability to convert between JSON and XML, HTTP
headers, Cookies, and CDL.
This is a reference implementation. There is a large number of JSON packages
in Java. Perhaps someday the Java community will standardize on one. Until
then, choose carefully.
The license includes this restriction: "The software shall be used for good,
not evil." If your conscience cannot live with that, then choose a different
package.
The package compiles on Java 1.2 thru Java 1.4.
The JSON License: http://json.org/license.htmljarpackage namexmljarpackage namecdljarpackage namehttpfilenamejson-20140107pomgroupidjsonjarpackage namejsonjarpackage namejsonpomartifactidjsonpomurldouglascrockford/JSON-javapomnameJSON in Javajarpackage namexmljarpackage namecdljarpackage namehttppomgroupidjsonfilenamejson-20140107jarpackage namejsonpomartifactidjsonpomurldouglascrockford/JSON-javapomnameJSON in Javapomversion20140107fileversion20140107pkg:maven/org.json/json@20140107https://ossindex.sonatype.org/component/pkg:maven/org.json/json@20140107pkg:maven/org.json/json@20140107https://ossindex.sonatype.org/component/pkg:maven/org.json/json@20140107toml4j-0.7.2.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/toml4j-0.7.2.jarefaec2fac998dce5bc118362bf7245270a03337911d0bd2c40932aca3946edb30d0e7d0cf5475e63e7e89e5db62223489aec7a56bd303543772077a17c2cb54c19ca3a20A parser for TOMLThe MIT License: http://www.opensource.org/licenses/mit-license.phpjarpackage namemoandjiezanafilenametoml4jjarpackage namemoandjiezanapomurlhttp://moandjiezana.com/toml/toml4jpomartifactidtoml4jjarpackage nametomlpomgroupidmoandjiezana.tomljarpackage nametomlpomnametoml4jpomurlhttp://moandjiezana.com/toml/toml4jjarpackage namemoandjiezanafilenametoml4jpomgroupidmoandjiezana.tomlpomartifactidtoml4jjarpackage nametomljarpackage nametomlpomnametoml4jfileversion0.7.2pomversion0.7.2pkg:maven/com.moandjiezana.toml/toml4j@0.7.2https://ossindex.sonatype.org/component/pkg:maven/com.moandjiezana.toml/toml4j@0.7.2pkg:maven/com.moandjiezana.toml/toml4j@0.7.2https://ossindex.sonatype.org/component/pkg:maven/com.moandjiezana.toml/toml4j@0.7.2html5shiv.js/var/lib/jenkins/workspace/test@2/target/devsecops/js/html5shiv.js0663c0c5da0bc9c27ac7e4a8e732552e857ce461a7c72af1851531a1b4b5a1cd4794cea0c01f0b67bea0acdf53dc73dd03c99adfcece8ca8d26dc1d7bfd18ba19b38ec5b/var/lib/jenkins/workspace/test@2/src/main/webapp/js/html5shiv.jsc01f0b67bea0acdf53dc73dd03c99adfcece8ca8d26dc1d7bfd18ba19b38ec5b857ce461a7c72af1851531a1b4b5a1cd4794cea00663c0c5da0bc9c27ac7e4a8e732552e/var/lib/jenkins/workspace/test@2/target/devsecops.war/js/html5shiv.jsc01f0b67bea0acdf53dc73dd03c99adfcece8ca8d26dc1d7bfd18ba19b38ec5b857ce461a7c72af1851531a1b4b5a1cd4794cea00663c0c5da0bc9c27ac7e4a8e732552eslf4j-log4j12-1.7.5.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/slf4j-log4j12-1.7.5.jar371e35747d6bd35e3800034bdac4150e6edffc576ce104ec769d954618764f39f0f0f10de3393b87604eeab24d72d71d0bfceb3436658ab0593f48f16523ad90f270c88fSLF4J LOG4J-12 Binding/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/slf4j-log4j12-1.7.5.jare3393b87604eeab24d72d71d0bfceb3436658ab0593f48f16523ad90f270c88f6edffc576ce104ec769d954618764f39f0f0f10d371e35747d6bd35e3800034bdac4150epomurlhttp://www.slf4j.orgfilenameslf4j-log4j12pomgroupidslf4jpomartifactidslf4j-log4j12Manifestbundle-symbolicnameslf4j.log4j12pomparent-artifactidslf4j-parentpomnameSLF4J LOG4J-12 BindingManifestbundle-requiredexecutionenvironmentJ2SE-1.3pomparent-groupidorg.slf4jjarpackage nameslf4jpomartifactidslf4j-log4j12ManifestBundle-Nameslf4j-log4j12pomparent-groupidorg.slf4jpomnameSLF4J LOG4J-12 Bindingfilenameslf4j-log4j12ManifestImplementation-Titleslf4j-log4j12pomparent-artifactidslf4j-parentManifestbundle-symbolicnameslf4j.log4j12pomgroupidslf4jpomurlhttp://www.slf4j.orgManifestbundle-requiredexecutionenvironmentJ2SE-1.3jarpackage nameslf4jManifestBundle-Version1.7.5ManifestImplementation-Version1.7.5fileversion1.7.5pomversion1.7.5pkg:maven/org.slf4j/slf4j-log4j12@1.7.5https://ossindex.sonatype.org/component/pkg:maven/org.slf4j/slf4j-log4j12@1.7.5pkg:maven/org.slf4j/slf4j-log4j12@1.7.5https://ossindex.sonatype.org/component/pkg:maven/org.slf4j/slf4j-log4j12@1.7.5xwork-core-2.3.8.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/xwork-core-2.3.8.jar5b8f8d7a2a23c2d3412131380ed1a216ac2a11eaa83c3b112ed3da9360bdf9ee4b80ce09664d6b8be7da4bdbc566e68cf054517779c028b84430e5b5eafafa94e960d4f7Apache Struts 2http://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/xwork-core-2.3.8.jar664d6b8be7da4bdbc566e68cf054517779c028b84430e5b5eafafa94e960d4f7ac2a11eaa83c3b112ed3da9360bdf9ee4b80ce095b8f8d7a2a23c2d3412131380ed1a216filenamexwork-coreManifestbundle-docurlhttp://www.apache.orgManifestbundle-symbolicnameorg.apache.struts.xwork.coreManifestoriginally-created-by1.6.0_37 (Apple Inc.)ManifestImplementation-Vendor-Idorg.apache.struts.xworkpomartifactidxwork-corepomparent-artifactidstruts2-parentManifestImplementation-VendorApache Software FoundationpomnameXWork: CoreManifestspecification-vendorApache Software Foundationjarpackage namexworkpomgroupidapache.struts.xworkpomparent-groupidorg.apache.strutsManifestspecification-titleXWork: CoreManifestImplementation-TitleXWork: Corefilenamexwork-coreManifestBundle-NameXWork: CoreManifestbundle-docurlhttp://www.apache.orgManifestbundle-symbolicnameorg.apache.struts.xwork.coreManifestoriginally-created-by1.6.0_37 (Apple Inc.)pomparent-groupidorg.apache.strutspomartifactidxwork-corepomparent-artifactidstruts2-parentpomgroupidapache.struts.xworkpomnameXWork: Corejarpackage namexworkManifestBundle-Version2.3.8ManifestImplementation-Version2.3.8fileversion2.3.8pomversion2.3.8pkg:maven/org.apache.struts.xwork/xwork-core@2.3.8https://ossindex.sonatype.org/component/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.8pkg:maven/org.apache.struts.xwork/xwork-core@2.3.8https://ossindex.sonatype.org/component/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.8CVE-2013-1966HIGH9.3NMNCCCHIGHApache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.OSSINDEXhttps://ossindex.sonatype.org/vuln/64959e54-560d-4c85-b1ba-bae91251f948[CVE-2013-1966] Improper Control of Generation of Code ("Code Injection")cpe:2.3:a:org.apache.struts.xwork:xwork-core:2.3.8:*:*:*:*:*:*:*CVE-2013-2135HIGH9.3NMNCCCHIGHApache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.OSSINDEXhttps://ossindex.sonatype.org/vuln/35c24ffb-ba83-44a8-95a7-008281c53ec9[CVE-2013-2135] Improper Control of Generation of Code ("Code Injection")cpe:2.3:a:org.apache.struts.xwork:xwork-core:2.3.8:*:*:*:*:*:*:*CVE-2014-0112HIGH7.5NLNPPPHIGHParametersInterceptor in Apache Struts before 2.3.16.2 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.OSSINDEXhttps://ossindex.sonatype.org/vuln/434eada7-81e4-4e5b-854c-a4ea6eedab39[CVE-2014-0112] Permissions, Privileges, and Access Controlscpe:2.3:a:org.apache.struts.xwork:xwork-core:2.3.8:*:*:*:*:*:*:*CVE-2016-0785HIGH8.8NLLNUHHHHIGHApache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.OSSINDEXhttps://ossindex.sonatype.org/vuln/5684f0fd-6580-461f-a0f6-eda4176de9bb[CVE-2016-0785] Improper Input Validationcpe:2.3:a:org.apache.struts.xwork:xwork-core:2.3.8:*:*:*:*:*:*:*CVE-2016-2162MEDIUM6.1NLNRCLLNMEDIUMApache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.OSSINDEXhttps://ossindex.sonatype.org/vuln/4fa8ad37-bc1f-4136-a277-c1974de7242a[CVE-2016-2162] Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")cpe:2.3:a:org.apache.struts.xwork:xwork-core:2.3.8:*:*:*:*:*:*:*CVE-2016-3093MEDIUM5.3NLNNUNNLMEDIUMApache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.OSSINDEXhttps://ossindex.sonatype.org/vuln/74cddd35-3e8e-4460-bb8f-03eef3b4d382[CVE-2016-3093] Improper Input Validationcpe:2.3:a:org.apache.struts.xwork:xwork-core:2.3.8:*:*:*:*:*:*:*jFormatString-3.0.0.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/jFormatString-3.0.0.jar22a6baee6cada23d5f4eab91acd81f44d3995f9be450813bc2ccee8f0774c1a3033a0f304c0c5bbe29cf76fb59b23e821178e3e22c72380b2453cc952dc67324baad7f53jFormatString for FindbugsGNU Lesser Public License: http://www.gnu.org/licenses/lgpl.html/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/jFormatString-3.0.0.jar4c0c5bbe29cf76fb59b23e821178e3e22c72380b2453cc952dc67324baad7f53d3995f9be450813bc2ccee8f0774c1a3033a0f3022a6baee6cada23d5f4eab91acd81f44jarpackage namecspomurlhttp://findbugs.sourceforge.net/filenamejFormatStringpomgroupidgoogle.code.findbugspomnameFindBugs-jFormatStringcentralgroupidcom.google.code.findbugspomartifactidjFormatStringjarpackage nameedujarpackage nameumdjarpackage namecsfilenamejFormatStringpomartifactidjFormatStringpomnameFindBugs-jFormatStringjarpackage namefindbugscentralartifactidjFormatStringpomgroupidgoogle.code.findbugspomurlhttp://findbugs.sourceforge.net/jarpackage nameumdpomversion3.0.0centralversion3.0.0fileversion3.0.0pkg:maven/com.google.code.findbugs/jFormatString@3.0.0https://ossindex.sonatype.org/component/pkg:maven/com.google.code.findbugs/jFormatString@3.0.0pkg:maven/com.google.code.findbugs/jFormatString@3.0.0https://ossindex.sonatype.org/component/pkg:maven/com.google.code.findbugs/jFormatString@3.0.0mysql-connector-java-5.1.18.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/mysql-connector-java-5.1.18.jar78467fb2adf7f02bcfbff3ad022bc4e985dfedad243dc0303ad7ae3a323c39421d2206905ce7735be853c1a6deaf88b6ea7659fb0f4aff2beb717430bd28efae3de35695MySQL JDBC Type 4 driverThe GNU General Public License, Version 2: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/mysql-connector-java-5.1.18.jar5ce7735be853c1a6deaf88b6ea7659fb0f4aff2beb717430bd28efae3de3569585dfedad243dc0303ad7ae3a323c39421d22069078467fb2adf7f02bcfbff3ad022bc4e9hint analyzer (hint)vendorsunmanifest: commonImplementation-VendorOracleManifestbundle-symbolicnamecom.mysql.jdbccentralgroupidmysqlpomgroupidmysqlpomartifactidmysql-connector-javahint analyzervendororaclemanifest: common (hint)Implementation-Vendorsunjarpackage namemysqlpomorganization urlhttp://www.oracle.compomurlhttp://dev.mysql.com/doc/connector-j/en/filenamemysql-connector-javajarpackage namejdbcpomnameMySQL Connector/Jjarpackage namemysqljarpackage namejdbcpomorganization nameOracle Corporationpomartifactidmysql-connector-javapomurlhttp://dev.mysql.com/doc/connector-j/en/Manifestbundle-symbolicnamecom.mysql.jdbcmanifest: commonImplementation-TitleMySQL Connector/Jhint analyzerproductmysql_connectorsmanifest: commonSpecification-TitleJDBCpomorganization urlhttp://www.oracle.comhint analyzerproductmysql_connector/jjarpackage namemysqlcentralartifactidmysql-connector-javafilenamemysql-connector-javajarpackage namejdbcpomgroupidmysqlhint analyzerproductmysql_connector_jManifestBundle-NameSun Microsystems' JDBC Driver for MySQLpomnameMySQL Connector/Jjarpackage namejdbcjarpackage namedriverpomorganization nameOracle Corporationpomversion5.1.18manifest: commonImplementation-Version5.1.18fileversion5.1.18centralversion5.1.18ManifestBundle-Version5.1.18pkg:maven/mysql/mysql-connector-java@5.1.18https://ossindex.sonatype.org/component/pkg:maven/mysql/mysql-connector-java@5.1.18pkg:maven/mysql/mysql-connector-java@5.1.18https://ossindex.sonatype.org/component/pkg:maven/mysql/mysql-connector-java@5.1.18CVE-2017-3523HIGH6.0NETWORKMEDIUMSINGLEPARTIALPARTIALPARTIALMEDIUM8.5NETWORKHIGHLOWNONECHANGEDHIGHHIGHHIGHHIGHCWE-284Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).CONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.htmlBIDhttp://www.securityfocus.com/bid/9798297982DEBIANhttp://www.debian.org/security/2017/dsa-3840DSA-3840cpe:2.3:a:oracle:connector\/j:*:*:*:*:*:*:*:*CVE-2017-3589LOW2.1LOCALLOWNONENONENONENONELOW3.3LOCALLOWLOWNONEUNCHANGEDNONELOWNONELOWCWE-284Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).CONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.htmlBIDhttp://www.securityfocus.com/bid/9783697836DEBIANhttp://www.debian.org/security/2017/dsa-3857DSA-3857SECTRACKhttp://www.securitytracker.com/id/10382871038287cpe:2.3:a:oracle:connector\/j:*:*:*:*:*:*:*:*CVE-2018-3258HIGH6.5NETWORKLOWSINGLEPARTIALPARTIALPARTIALMEDIUM8.8NETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGHHIGHCWE-284Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).BIDhttp://www.securityfocus.com/bid/105589105589SECTRACKhttp://www.securitytracker.com/id/10418881041888CONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlCONFIRMhttps://security.netapp.com/advisory/ntap-20181018-0002/https://security.netapp.com/advisory/ntap-20181018-0002/REDHAThttps://access.redhat.com/errata/RHSA-2019:1545RHSA-2019:1545cpe:2.3:a:oracle:connector\/j:*:*:*:*:*:*:*:*CVE-2019-2692MEDIUM3.5LOCALHIGHSINGLEPARTIALPARTIALPARTIALLOW6.3LOCALHIGHHIGHREQUIREDUNCHANGEDHIGHHIGHHIGHMEDIUMCWE-20Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).MISChttp://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlcpe:2.3:a:oracle:mysql_connector\/j:*:*:*:*:*:*:*:*ossindex-service-client-1.2.0.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/ossindex-service-client-1.2.0.jar201dbfb49f0b22a006243a5841a7dafc802db8efdc5377ec4798324885e88f13bc4b2d2aaa4d40d0d3a5cefa5d2dd908ddde15106f0b66cc2d0e3aaaf74b609e0b6e335apomparent-groupidorg.sonatype.ossindexfilenameossindex-service-clientpomparent-artifactidossindex-servicejarpackage nameservicepomgroupidsonatype.ossindexManifestImplementation-Vendor-Idorg.sonatype.ossindexjarpackage namesonatypejarpackage nameossindexManifestimplementation-urlhttps://sonatype.github.io/ossindex-public/ossindex-service-client/pomartifactidossindex-service-clientjarpackage nameclientManifestImplementation-VendorSonatype, Inc.filenameossindex-service-clientpomgroupidsonatype.ossindexpomparent-groupidorg.sonatype.ossindexjarpackage nameservicepomparent-artifactidossindex-serviceManifestspecification-titleorg.sonatype.ossindex:ossindex-service-clientManifestImplementation-Titleorg.sonatype.ossindex:ossindex-service-clientjarpackage namesonatypejarpackage nameossindexManifestimplementation-urlhttps://sonatype.github.io/ossindex-public/ossindex-service-client/jarpackage nameclientpomartifactidossindex-service-clientpomversion1.2.0fileversion1.2.0ManifestImplementation-Version1.2.0pkg:maven/org.sonatype.ossindex/ossindex-service-client@1.2.0https://ossindex.sonatype.org/component/pkg:maven/org.sonatype.ossindex/ossindex-service-client@1.2.0pkg:maven/org.sonatype.ossindex/ossindex-service-client@1.2.0https://ossindex.sonatype.org/component/pkg:maven/org.sonatype.ossindex/ossindex-service-client@1.2.0asm-commons-6.2.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/asm-commons-6.2.jara031c9a32770c02c2f91d2bcbeceabcdf0df1c69e34a0463679d7c8db36ddb4312836e7615545913db06c987aa404f028e33501d9f27f8ced612f73727e3547ac4de878cUsefull class adapters based on ASM, a very small and fast Java bytecode manipulation frameworkBSD: http://asm.ow2.org/license.html/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/asm-commons-6.2.jar15545913db06c987aa404f028e33501d9f27f8ced612f73727e3547ac4de878cf0df1c69e34a0463679d7c8db36ddb4312836e76a031c9a32770c02c2f91d2bcbeceabcdjarpackage nameobjectwebpomartifactidasm-commonsManifestbundle-docurlhttp://asm.ow2.orgpomorganization nameOW2Manifestmodule-requiresorg.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true,org.objectweb.asm.tree.analysis;transitive=truepomurlhttp://asm.ow2.org/filenameasm-commonspomgroupidow2.asmpomparent-artifactidow2Manifestbundle-symbolicnameorg.objectweb.asm.commonsjarpackage nameasmjarpackage namecommonscentralgroupidorg.ow2.asmjarpackage nameobjectwebpomorganization urlhttp://www.ow2.org/pomnameasm-commonsjarpackage namecommonsjarpackage nameasmManifestbundle-requiredexecutionenvironmentJ2SE-1.5pomparent-groupidorg.ow2centralartifactidasm-commonsManifestBundle-Nameorg.objectweb.asm.commonsManifestbundle-docurlhttp://asm.ow2.orgManifestmodule-requiresorg.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true,org.objectweb.asm.tree.analysis;transitive=truefilenameasm-commonspomparent-groupidorg.ow2pomorganization nameOW2Manifestbundle-symbolicnameorg.objectweb.asm.commonsjarpackage nameasmjarpackage namecommonsjarpackage nameobjectwebpomartifactidasm-commonspomurlhttp://asm.ow2.org/pomorganization urlhttp://www.ow2.org/pomnameasm-commonsManifestImplementation-TitleUsefull class adapters based on ASM, a very small and fast Java bytecode manipulation frameworkjarpackage namecommonsjarpackage nameasmpomparent-artifactidow2Manifestbundle-requiredexecutionenvironmentJ2SE-1.5pomgroupidow2.asmpomparent-version6.2fileversion6.2pomversion6.2centralversion6.2pkg:maven/org.ow2.asm/asm-commons@6.2https://ossindex.sonatype.org/component/pkg:maven/org.ow2.asm/asm-commons@6.2pkg:maven/org.ow2.asm/asm-commons@6.2https://ossindex.sonatype.org/component/pkg:maven/org.ow2.asm/asm-commons@6.2jackson-databind-2.9.7.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/jackson-databind-2.9.7.jar2916db8b36f4078f07dd9580bccec6c2e6faad47abd3179666e89068485a1b88a195ceb7675376decfc070b039d2be773a97002f1ee1e1346d95bd99feee0d56683a92bfGeneral data-binding functionality for Jackson: works on core streaming APIhttp://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/jackson-databind-2.9.7.jar675376decfc070b039d2be773a97002f1ee1e1346d95bd99feee0d56683a92bfe6faad47abd3179666e89068485a1b88a195ceb72916db8b36f4078f07dd9580bccec6c2pomnamejackson-databindManifestImplementation-Vendor-Idcom.fasterxml.jackson.coreManifestImplementation-VendorFasterXMLManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"pomparent-groupidcom.fasterxml.jacksonManifestimplementation-build-date2018-09-19 02:48:44+0000filenamejackson-databindjarpackage namedatabindjarpackage namejacksonpomparent-artifactidjackson-baseManifestbundle-docurlhttp://github.com/FasterXML/jacksonManifestbundle-symbolicnamecom.fasterxml.jackson.core.jackson-databindManifestspecification-vendorFasterXMLpomurlhttp://github.com/FasterXML/jacksonpomartifactidjackson-databindpomgroupidfasterxml.jackson.coreManifestautomatic-module-namecom.fasterxml.jackson.databindjarpackage namefasterxmlpomparent-groupidcom.fasterxml.jacksonpomnamejackson-databindpomartifactidjackson-databindpomurlhttp://github.com/FasterXML/jacksonManifestBundle-Namejackson-databindpomgroupidfasterxml.jackson.coreManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"Manifestimplementation-build-date2018-09-19 02:48:44+0000filenamejackson-databindjarpackage namedatabindjarpackage namejacksonManifestbundle-docurlhttp://github.com/FasterXML/jacksonManifestImplementation-Titlejackson-databindManifestbundle-symbolicnamecom.fasterxml.jackson.core.jackson-databindManifestautomatic-module-namecom.fasterxml.jackson.databindpomparent-artifactidjackson-baseManifestspecification-titlejackson-databindjarpackage namefasterxmlManifestImplementation-Version2.9.7ManifestBundle-Version2.9.7fileversion2.9.7pomversion2.9.7pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7CVE-2018-1000873MEDIUM4.3NETWORKMEDIUMNONENONENONEPARTIALMEDIUM6.5NETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGHMEDIUMCWE-20Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.MISChttps://github.com/FasterXML/jackson-modules-java8/issues/90https://github.com/FasterXML/jackson-modules-java8/issues/90CONFIRMhttps://bugzilla.redhat.com/show_bug.cgi?id=1665601https://bugzilla.redhat.com/show_bug.cgi?id=1665601MLISThttps://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1MISChttps://github.com/FasterXML/jackson-modules-java8/pull/87https://github.com/FasterXML/jackson-modules-java8/pull/87MISChttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlOSSINDEXhttps://ossindex.sonatype.org/vuln/292c11e9-cf66-4d76-aaf7-b63a091f8891[CVE-2018-1000873] Improper Input Validationcpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*CVE-2018-19360CRITICAL7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGH9.8NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGHCRITICALCWE-502FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.MLISThttps://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilitiesMLISThttps://lists.debian.org/debian-lts-announce/2019/03/msg00005.html[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security updateOSSINDEXhttps://ossindex.sonatype.org/vuln/dc5c85aa-ec0c-42b9-a11b-935184041ee7[CVE-2018-19360] Deserialization of Untrusted DataMLISThttps://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1BIDhttp://www.securityfocus.com/bid/107985107985MLISThttps://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilitiesREDHAThttps://access.redhat.com/errata/RHSA-2019:1822RHSA-2019:1822REDHAThttps://access.redhat.com/errata/RHSA-2019:1782RHSA-2019:1782MISChttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlREDHAThttps://access.redhat.com/errata/RHSA-2019:1823RHSA-2019:1823BUGTRAQhttps://seclists.org/bugtraq/2019/May/6820190527 [SECURITY] [DSA 4452-1] jackson-databind security updateREDHAThttps://access.redhat.com/errata/RHSA-2019:0877RHSA-2019:0877REDHAThttps://access.redhat.com/errata/RHBA-2019:0959RHBA-2019:0959REDHAThttps://access.redhat.com/errata/RHSA-2019:0782RHSA-2019:0782CONFIRMhttps://issues.apache.org/jira/browse/TINKERPOP-2121https://issues.apache.org/jira/browse/TINKERPOP-2121CONFIRMhttps://github.com/FasterXML/jackson-databind/issues/2186https://github.com/FasterXML/jackson-databind/issues/2186MISChttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlCONFIRMhttps://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2bhttps://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2bCONFIRMhttps://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8CONFIRMhttps://security.netapp.com/advisory/ntap-20190530-0003/https://security.netapp.com/advisory/ntap-20190530-0003/REDHAThttps://access.redhat.com/errata/RHSA-2019:1797RHSA-2019:1797DEBIANhttps://www.debian.org/security/2019/dsa-4452DSA-4452cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*cpe:2.3:a:redhat:jboss_bpm_suite:6.4.11:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:redhat:automation_manager:7.3.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9.0.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*cpe:2.3:a:redhat:decision_manager:7.3.1:*:*:*:*:*:*:*cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:redhat:jboss_brms:6.4.10:*:*:*:*:*:*:*cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*CVE-2018-19361CRITICAL7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGH9.8NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGHCRITICALCWE-502FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.MLISThttps://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilitiesMLISThttps://lists.debian.org/debian-lts-announce/2019/03/msg00005.html[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security updateOSSINDEXhttps://ossindex.sonatype.org/vuln/5a041483-5b69-47f8-b8a9-e631830ceaf9[CVE-2018-19361] Deserialization of Untrusted DataMLISThttps://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1BIDhttp://www.securityfocus.com/bid/107985107985MLISThttps://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilitiesREDHAThttps://access.redhat.com/errata/RHSA-2019:1822RHSA-2019:1822REDHAThttps://access.redhat.com/errata/RHSA-2019:1782RHSA-2019:1782MISChttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlREDHAThttps://access.redhat.com/errata/RHSA-2019:1823RHSA-2019:1823BUGTRAQhttps://seclists.org/bugtraq/2019/May/6820190527 [SECURITY] [DSA 4452-1] jackson-databind security updateREDHAThttps://access.redhat.com/errata/RHSA-2019:0877RHSA-2019:0877REDHAThttps://access.redhat.com/errata/RHBA-2019:0959RHBA-2019:0959REDHAThttps://access.redhat.com/errata/RHSA-2019:0782RHSA-2019:0782CONFIRMhttps://issues.apache.org/jira/browse/TINKERPOP-2121https://issues.apache.org/jira/browse/TINKERPOP-2121CONFIRMhttps://github.com/FasterXML/jackson-databind/issues/2186https://github.com/FasterXML/jackson-databind/issues/2186MISChttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlCONFIRMhttps://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2bhttps://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2bCONFIRMhttps://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8CONFIRMhttps://security.netapp.com/advisory/ntap-20190530-0003/https://security.netapp.com/advisory/ntap-20190530-0003/REDHAThttps://access.redhat.com/errata/RHSA-2019:1797RHSA-2019:1797DEBIANhttps://www.debian.org/security/2019/dsa-4452DSA-4452cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*cpe:2.3:a:redhat:jboss_bpm_suite:6.4.11:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:redhat:automation_manager:7.3.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9.0.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*cpe:2.3:a:redhat:decision_manager:7.3.1:*:*:*:*:*:*:*cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:redhat:jboss_brms:6.4.10:*:*:*:*:*:*:*cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*CVE-2018-19362CRITICAL7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGH9.8NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGHCRITICALCWE-502FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.MLISThttps://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilitiesMLISThttps://lists.debian.org/debian-lts-announce/2019/03/msg00005.html[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security updateMLISThttps://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1BIDhttp://www.securityfocus.com/bid/107985107985MLISThttps://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilitiesREDHAThttps://access.redhat.com/errata/RHSA-2019:1822RHSA-2019:1822REDHAThttps://access.redhat.com/errata/RHSA-2019:1782RHSA-2019:1782MISChttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlREDHAThttps://access.redhat.com/errata/RHSA-2019:1823RHSA-2019:1823BUGTRAQhttps://seclists.org/bugtraq/2019/May/6820190527 [SECURITY] [DSA 4452-1] jackson-databind security updateREDHAThttps://access.redhat.com/errata/RHSA-2019:0877RHSA-2019:0877REDHAThttps://access.redhat.com/errata/RHBA-2019:0959RHBA-2019:0959REDHAThttps://access.redhat.com/errata/RHSA-2019:0782RHSA-2019:0782CONFIRMhttps://issues.apache.org/jira/browse/TINKERPOP-2121https://issues.apache.org/jira/browse/TINKERPOP-2121CONFIRMhttps://github.com/FasterXML/jackson-databind/issues/2186https://github.com/FasterXML/jackson-databind/issues/2186MISChttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlCONFIRMhttps://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2bhttps://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2bOSSINDEXhttps://ossindex.sonatype.org/vuln/5afe3c10-61cc-4ca0-99ae-c6ba8f330b45[CVE-2018-19362] Deserialization of Untrusted DataCONFIRMhttps://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8CONFIRMhttps://security.netapp.com/advisory/ntap-20190530-0003/https://security.netapp.com/advisory/ntap-20190530-0003/REDHAThttps://access.redhat.com/errata/RHSA-2019:1797RHSA-2019:1797DEBIANhttps://www.debian.org/security/2019/dsa-4452DSA-4452cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*cpe:2.3:a:redhat:jboss_bpm_suite:6.4.11:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:redhat:automation_manager:7.3.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9.0.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*cpe:2.3:a:redhat:decision_manager:7.3.1:*:*:*:*:*:*:*cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:redhat:jboss_brms:6.4.10:*:*:*:*:*:*:*cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*CVE-2019-12086HIGH5.0NETWORKLOWNONEPARTIALPARTIALNONEMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDHIGHNONENONEHIGHCWE-200A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.MISChttps://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062OSSINDEXhttps://ossindex.sonatype.org/vuln/5bbadb96-496f-4534-a513-7a6396f54029[CVE-2019-12086] Information ExposureMLISThttps://lists.debian.org/debian-lts-announce/2019/05/msg00030.html[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security updateMISChttp://russiansecurity.expert/2016/04/20/mysql-connect-file-read/http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/CONFIRMhttps://security.netapp.com/advisory/ntap-20190530-0003/https://security.netapp.com/advisory/ntap-20190530-0003/CONFIRMhttps://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9MISChttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlBIDhttp://www.securityfocus.com/bid/109227109227MISChttps://github.com/FasterXML/jackson-databind/issues/2326https://github.com/FasterXML/jackson-databind/issues/2326BUGTRAQhttps://seclists.org/bugtraq/2019/May/6820190527 [SECURITY] [DSA 4452-1] jackson-databind security updateDEBIANhttps://www.debian.org/security/2019/dsa-4452DSA-4452MLISThttps://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*CVE-2019-12384MEDIUM4.3NETWORKMEDIUMNONEPARTIALPARTIALNONEMEDIUM5.9NETWORKHIGHNONENONEUNCHANGEDHIGHNONENONEMEDIUMCWE-502FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.REDHAThttps://access.redhat.com/errata/RHSA-2019:1820RHSA-2019:1820MISChttps://doyensec.com/research.htmlhttps://doyensec.com/research.htmlOSSINDEXhttps://ossindex.sonatype.org/vuln/33d59f1d-83ff-4527-9707-c3f1507b6125[CVE-2019-12384] Deserialization of Untrusted DataCONFIRMhttps://lists.debian.org/debian-lts-announce/2019/06/msg00019.htmlhttps://lists.debian.org/debian-lts-announce/2019/06/msg00019.htmlCONFIRMhttps://security.netapp.com/advisory/ntap-20190703-0002/https://security.netapp.com/advisory/ntap-20190703-0002/MISChttps://blog.doyensec.com/2019/07/22/jackson-gadgets.htmlhttps://blog.doyensec.com/2019/07/22/jackson-gadgets.htmlMISChttps://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aadhttps://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aadcpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*CVE-2019-12814MEDIUM4.3NETWORKMEDIUMNONEPARTIALPARTIALNONEMEDIUM5.9NETWORKHIGHNONENONEUNCHANGEDHIGHNONENONEMEDIUMCWE-200A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.MLISThttps://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1@%3Cissues.zookeeper.apache.org%3E[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814MLISThttps://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3@%3Cissues.zookeeper.apache.org%3E[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814CONFIRMhttps://security.netapp.com/advisory/ntap-20190625-0006/https://security.netapp.com/advisory/ntap-20190625-0006/MLISThttps://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560@%3Cissues.zookeeper.apache.org%3E[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814OSSINDEXhttps://ossindex.sonatype.org/vuln/3e008100-e0d4-45bf-afd2-9d5e9b13efa7[CVE-2019-12814] Information ExposureMLISThttps://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731@%3Cdev.zookeeper.apache.org%3E[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814MLISThttps://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682@%3Cnotifications.zookeeper.apache.org%3E[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814MLISThttps://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c@%3Cissues.zookeeper.apache.org%3E[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814MLISThttps://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209@%3Cissues.zookeeper.apache.org%3E[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814MLISThttps://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4@%3Cnotifications.zookeeper.apache.org%3E[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814MISChttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlMLISThttps://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2@%3Cnotifications.zookeeper.apache.org%3E[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814MLISThttps://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814MLISThttps://lists.debian.org/debian-lts-announce/2019/06/msg00019.html[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security updateMLISThttps://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324@%3Cnotifications.zookeeper.apache.org%3E[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814MLISThttps://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f@%3Cissues.zookeeper.apache.org%3E[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814MLISThttps://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957@%3Cissues.zookeeper.apache.org%3E[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814MLISThttps://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0@%3Cnotifications.zookeeper.apache.org%3E[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814MLISThttps://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd@%3Ccommits.accumulo.apache.org%3E[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1CONFIRMhttps://github.com/FasterXML/jackson-databind/issues/2341https://github.com/FasterXML/jackson-databind/issues/2341cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*CVE-2019-14379CRITICAL7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGH9.8NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGHCRITICALCWE-20SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used, leading to remote code execution.MLISThttps://lists.debian.org/debian-lts-announce/2019/08/msg00011.html[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security updateCONFIRMhttps://security.netapp.com/advisory/ntap-20190814-0001/https://security.netapp.com/advisory/ntap-20190814-0001/MLISThttps://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f@%3Ccommits.ambari.apache.org%3E[ambari-commits] 20190813 [ambari] branch branch-2.7 updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379 (#3066)OSSINDEXhttps://ossindex.sonatype.org/vuln/e5794172-1257-4372-9baf-7b87307a3cc9[CVE-2019-14379] SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles de...MISChttps://github.com/FasterXML/jackson-databind/issues/2387https://github.com/FasterXML/jackson-databind/issues/2387MLISThttps://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a@%3Ccommits.ambari.apache.org%3E[ambari-commits] 20190813 [ambari] branch trunk updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379(trunk) (#3067)MLISThttps://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb@%3Ccommits.pulsar.apache.org%3E[pulsar-commits] 20190822 [GitHub] [pulsar] massakam opened a new pull request #5011: [security] Upgrade jackson-databindMISChttps://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*CVE-2019-14439HIGH5.0NETWORKLOWNONEPARTIALPARTIALNONEMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDHIGHNONENONEHIGHCWE-200A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.MISChttps://github.com/FasterXML/jackson-databind/issues/2389https://github.com/FasterXML/jackson-databind/issues/2389MLISThttps://lists.debian.org/debian-lts-announce/2019/08/msg00011.html[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security updateMISChttps://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125bhttps://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125bCONFIRMhttps://security.netapp.com/advisory/ntap-20190814-0001/https://security.netapp.com/advisory/ntap-20190814-0001/OSSINDEXhttps://ossindex.sonatype.org/vuln/ac9dce23-7b35-4691-b05e-a68f58d48b8c[CVE-2019-14439] A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x befo...MISChttps://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*devsecops.war/var/lib/jenkins/workspace/test@2/target/devsecops.war982a1d844cc0246c765dc2c5463194b5c5422e071104c0cbb50e62d75c576a0af93fd5778bb458535f6e79fa915e63a44a9198c2c995d1ee097d07f941906bd09d44d93fjarpackage nameweb-infpomurlhttp://maven.apache.orgpomgroupidnotsosecurejarpackage namecomjarpackage namenotsosecurepomartifactiddevsecopsjarpackage nameclassesfilenamedevsecopspomnamedevsecopspomgroupidnotsosecurepomurlhttp://maven.apache.orgjarpackage namecompomartifactiddevsecopsjarpackage namenotsosecurejarpackage namenotsosecurejarpackage nameclassesfilenamedevsecopspomnamedevsecopspomversion0.0.1-SNAPSHOTpkg:maven/com.notsosecure/devsecops@0.0.1-SNAPSHOThttps://ossindex.sonatype.org/component/pkg:maven/com.notsosecure/devsecops@0.0.1-SNAPSHOTpkg:maven/com.notsosecure/devsecops@0.0.1-SNAPSHOThttps://ossindex.sonatype.org/component/pkg:maven/com.notsosecure/devsecops@0.0.1-SNAPSHOTasm-tree-3.3.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/asm-tree-3.3.jar3eeafc985d3ca624abf2d3ad549180d033c13070f194e1f0385877ec9306a24e983b00e3d0d8a92d855a015db402675af123c8f39010501ba1d34a5072301ce6caf137ea/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/asm-tree-3.3.jard0d8a92d855a015db402675af123c8f39010501ba1d34a5072301ce6caf137ea33c13070f194e1f0385877ec9306a24e983b00e33eeafc985d3ca624abf2d3ad549180d0pomartifactidasm-treejarpackage nameobjectwebpomparent-artifactidasm-parentManifestImplementation-VendorFrance Telecom R&Djarpackage nametreepomgroupidasmjarpackage nameasmfilenameasm-treecentralgroupidasmpomnameASM Treepomartifactidasm-treeManifestImplementation-TitleASM Tree class visitorpomparent-artifactidasm-parentjarpackage nametreejarpackage nametreejarpackage nameasmjarpackage nameasmfilenameasm-treepomnameASM Treepomgroupidasmcentralartifactidasm-treeManifestImplementation-Version3.3centralversion3.3pomversion3.3fileversion3.3pkg:maven/asm/asm-tree@3.3https://ossindex.sonatype.org/component/pkg:maven/asm/asm-tree@3.3pkg:maven/asm/asm-tree@3.3https://ossindex.sonatype.org/component/pkg:maven/asm/asm-tree@3.3commons-io-2.6.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/commons-io-2.6.jar467c2a1f64319c99b5faf03fc78572af815893df5f31da2ece4040fe0a12fd44b577afaff877d304660ac2a142f3865badfc971dec7ed73c747c7f8d5d2f5139ca736513
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
https://www.apache.org/licenses/LICENSE-2.0.txtManifestautomatic-module-nameorg.apache.commons.iopomurlhttp://commons.apache.org/proper/commons-io/pomparent-artifactidcommons-parentjarpackage nameioManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"pomparent-groupidorg.apache.commonsjarpackage nameapacheManifestimplementation-urlhttp://commons.apache.org/proper/commons-io/ManifestImplementation-Vendor-Idcommons-iopomgroupidcommons-ioManifestspecification-vendorThe Apache Software Foundationpomartifactidcommons-iojarpackage namecommonsManifestbundle-symbolicnameorg.apache.commons.iopomnameApache Commons IOfilenamecommons-ioManifestbundle-docurlhttp://commons.apache.org/proper/commons-io/ManifestImplementation-VendorThe Apache Software Foundationpomparent-artifactidcommons-parentManifestautomatic-module-nameorg.apache.commons.iopomgroupidcommons-ioManifestBundle-NameApache Commons IOjarpackage nameiopomurlhttp://commons.apache.org/proper/commons-io/Manifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"jarpackage nameapacheManifestimplementation-urlhttp://commons.apache.org/proper/commons-io/jarpackage namecommonsManifestspecification-titleApache Commons IOManifestImplementation-TitleApache Commons IOpomparent-groupidorg.apache.commonsManifestbundle-symbolicnameorg.apache.commons.iopomnameApache Commons IOfilenamecommons-iopomartifactidcommons-ioManifestbundle-docurlhttp://commons.apache.org/proper/commons-io/pomparent-version2.6ManifestImplementation-Version2.6fileversion2.6pomversion2.6pkg:maven/commons-io/commons-io@2.6https://ossindex.sonatype.org/component/pkg:maven/commons-io/commons-io@2.6pkg:maven/commons-io/commons-io@2.6https://ossindex.sonatype.org/component/pkg:maven/commons-io/commons-io@2.6hibernate-entitymanager-4.2.6.Final.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/hibernate-entitymanager-4.2.6.Final.jar3ba0c05dc44a2858535bdfa57defc71c31d70c201eacd2e19e9feafdf42523527a08b85bea8b7731d1b77db42054194a4013c565d92306f404c8f436fc4dca522174fc99A module of the Hibernate Core projectGNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/hibernate-entitymanager-4.2.6.Final.jarea8b7731d1b77db42054194a4013c565d92306f404c8f436fc4dca522174fc9931d70c201eacd2e19e9feafdf42523527a08b85b3ba0c05dc44a2858535bdfa57defc71cManifestimplementation-urlhttp://hibernate.orgjarpackage namehibernatejarpackage nameejbcentralgroupidorg.hibernatepomnameA Hibernate Core Modulejarpackage namehibernateManifestbundle-symbolicnameorg.hibernate.entitymanagerManifestImplementation-VendorHibernate.orgpomurlhttp://hibernate.orgfilenamehibernate-entitymanagerManifestImplementation-Vendor-Idorg.hibernatepomorganization nameHibernate.orgpomgroupidhibernatepomartifactidhibernate-entitymanagerpomorganization urlhttp://hibernate.orgManifestimplementation-urlhttp://hibernate.orgjarpackage namehibernateManifestBundle-Namehibernate-entitymanagerpomorganization urlhttp://hibernate.orgjarpackage nameejbcentralartifactidhibernate-entitymanagerpomnameA Hibernate Core Modulepomgroupidhibernatepomartifactidhibernate-entitymanagerManifestbundle-symbolicnameorg.hibernate.entitymanagerfilenamehibernate-entitymanagerpomorganization nameHibernate.orgpomurlhttp://hibernate.orgcentralversion4.2.6.Finalpomversion4.2.6.FinalManifestBundle-Version4.2.6.FinalManifestImplementation-Version4.2.6.Finalpkg:maven/org.hibernate/hibernate-entitymanager@4.2.6.Finalhttps://ossindex.sonatype.org/component/pkg:maven/org.hibernate/hibernate-entitymanager@4.2.6.Finalpkg:maven/org.hibernate/hibernate-entitymanager@4.2.6.Finalhttps://ossindex.sonatype.org/component/pkg:maven/org.hibernate/hibernate-entitymanager@4.2.6.Finallog4j-1.2.17.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/log4j-1.2.17.jar04a41f0a068986f0f73485cf507c0f405af35056b4d257e4b64b9e8069c0746e8b08629f1d31696445697720527091754369082a6651bd49781b6005deb94e56753406f9Apache Log4j 1.2The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/log4j-1.2.17.jar1d31696445697720527091754369082a6651bd49781b6005deb94e56753406f95af35056b4d257e4b64b9e8069c0746e8b08629f04a41f0a068986f0f73485cf507c0f40pomurlhttp://logging.apache.org/log4j/1.2/manifest: org.apache.log4jImplementation-Vendor"Apache Software Foundation"jarpackage namelog4jManifestbundle-docurlhttp://logging.apache.org/log4j/1.2pomorganization nameApache Software FoundationManifestbundle-symbolicnamelog4jjarpackage nameapachepomgroupidlog4jpomorganization urlhttp://www.apache.orgpomartifactidlog4jfilenamelog4jpomnameApache Log4jpomgroupidlog4jmanifest: org.apache.log4jImplementation-Titlelog4jjarpackage namelog4jManifestBundle-NameApache Log4jManifestbundle-docurlhttp://logging.apache.org/log4j/1.2pomorganization nameApache Software FoundationManifestbundle-symbolicnamelog4jjarpackage nameapachepomorganization urlhttp://www.apache.orgpomurlhttp://logging.apache.org/log4j/1.2/filenamelog4jpomartifactidlog4jpomnameApache Log4jpomversion1.2.17fileversion1.2.17ManifestBundle-Version1.2.17manifest: org.apache.log4jImplementation-Version1.2.17pkg:maven/log4j/log4j@1.2.17https://ossindex.sonatype.org/component/pkg:maven/log4j/log4j@1.2.17pkg:maven/log4j/log4j@1.2.17https://ossindex.sonatype.org/component/pkg:maven/log4j/log4j@1.2.17asm-3.3.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/asm-3.3.jar968575ef15e4024d205fa6ecddec67a9fb0f302a91a376fd5cfe23167c419375e8fc9b8f07e685c385c652a3d2c4a08312004f653ba508e325d70ff3d9e8687d1ac6a8da/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/asm-3.3.jar07e685c385c652a3d2c4a08312004f653ba508e325d70ff3d9e8687d1ac6a8dafb0f302a91a376fd5cfe23167c419375e8fc9b8f968575ef15e4024d205fa6ecddec67a9filenameasmjarpackage nameobjectwebpomparent-artifactidasm-parentManifestImplementation-VendorFrance Telecom R&Dpomgroupidasmjarpackage nameasmpomartifactidasmpomnameASM Corecentralgroupidasmfilenameasmpomparent-artifactidasm-parentManifestImplementation-TitleASMjarpackage nameasmpomnameASM Corejarpackage nameasmcentralartifactidasmpomartifactidasmpomgroupidasmManifestImplementation-Version3.3centralversion3.3pomversion3.3fileversion3.3pkg:maven/asm/asm@3.3https://ossindex.sonatype.org/component/pkg:maven/asm/asm@3.3pkg:maven/asm/asm@3.3https://ossindex.sonatype.org/component/pkg:maven/asm/asm@3.3spotbugs-3.1.5.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/spotbugs-3.1.5.jarfcf3dd502f5be304413eec3f706b8ad039b5e21aa02e007a5347dd3e4d5d9421e2f1aa4698ec84eb0a4dc0502773aca061750d655b9f398f8efc2ebf88d5540106d43e4eSpotBugs: Because it's easy!GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/spotbugs-3.1.5.jar98ec84eb0a4dc0502773aca061750d655b9f398f8efc2ebf88d5540106d43e4e39b5e21aa02e007a5347dd3e4d5d9421e2f1aa46fcf3dd502f5be304413eec3f706b8ad0filenamespotbugsjarpackage namecspomnameSpotBugspomgroupidgithub.spotbugsManifestautomatic-module-namecom.github.spotbugs.spotbugspomartifactidspotbugspomurlhttps://spotbugs.github.io/centralgroupidcom.github.spotbugsjarpackage nameedujarpackage nameumdfilenamespotbugsjarpackage namecspomnameSpotBugsjarpackage namefindbugscentralartifactidspotbugspomartifactidspotbugspomgroupidgithub.spotbugsManifestautomatic-module-namecom.github.spotbugs.spotbugspomurlhttps://spotbugs.github.io/jarpackage nameumdManifestBundle-Version3.1.5fileversion3.1.5centralversion3.1.5pomversion3.1.5pkg:maven/com.github.spotbugs/spotbugs@3.1.5https://ossindex.sonatype.org/component/pkg:maven/com.github.spotbugs/spotbugs@3.1.5pkg:maven/com.github.spotbugs/spotbugs@3.1.5https://ossindex.sonatype.org/component/pkg:maven/com.github.spotbugs/spotbugs@3.1.5commons-collections4-4.0.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/commons-collections4-4.0.jara18f2d0153b5607dff8c5becbdd76dd1da217367fd25e88df52ba79e47658d4cf928b0d193f8dfcd20831a28d092427723f696bceb70b28e7fb89d7914f14d5ea492ce5aThe Apache Commons Collections package contains types that extend and augment the Java Collections Framework.http://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/commons-collections4-4.0.jar93f8dfcd20831a28d092427723f696bceb70b28e7fb89d7914f14d5ea492ce5ada217367fd25e88df52ba79e47658d4cf928b0d1a18f2d0153b5607dff8c5becbdd76dd1Manifestimplementation-buildtags/COLLECTIONS_4_0_RC5@r1543977; 2013-11-20 23:44:45+0100pomnameApache Commons Collectionspomurlhttp://commons.apache.org/proper/commons-collections/Manifestbundle-docurlhttp://commons.apache.org/proper/commons-collections/pomparent-artifactidcommons-parentManifestbundle-symbolicnameorg.apache.commons.collections4pomgroupidapache.commonsfilenamecommons-collections4pomparent-groupidorg.apache.commonsjarpackage nameapacheManifestImplementation-Vendor-Idorg.apacheManifestspecification-vendorThe Apache Software Foundationjarpackage namecommonspomartifactidcommons-collections4jarpackage namecollections4ManifestImplementation-VendorThe Apache Software Foundationpomparent-artifactidcommons-parentManifestimplementation-buildtags/COLLECTIONS_4_0_RC5@r1543977; 2013-11-20 23:44:45+0100pomnameApache Commons CollectionsManifestbundle-docurlhttp://commons.apache.org/proper/commons-collections/Manifestbundle-symbolicnameorg.apache.commons.collections4filenamecommons-collections4pomartifactidcommons-collections4jarpackage nameapacheManifestspecification-titleApache Commons CollectionsManifestImplementation-TitleApache Commons CollectionsManifestBundle-NameApache Commons Collectionsjarpackage namecommonspomgroupidapache.commonspomparent-groupidorg.apache.commonspomurlhttp://commons.apache.org/proper/commons-collections/jarpackage namecollections4ManifestImplementation-Version4.0pomversion4.0fileversion4.0pomparent-version4.0pkg:maven/org.apache.commons/commons-collections4@4.0https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-collections4@4.0pkg:maven/org.apache.commons/commons-collections4@4.0https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-collections4@4.0CVE-2015-6420HIGH7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGHCWE-502Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.CONFIRMhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917BIDhttp://www.securityfocus.com/bid/7887278872CISCOhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization20151209 Vulnerability in Java Deserialization Affecting Cisco ProductsCONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlCONFIRMhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722MISChttps://www.tenable.com/security/research/tra-2017-14https://www.tenable.com/security/research/tra-2017-14CERT-VNhttps://www.kb.cert.org/vuls/id/581311VU#581311MISChttps://www.kb.cert.org/vuls/id/576313https://www.kb.cert.org/vuls/id/576313OSSINDEXhttps://ossindex.sonatype.org/vuln/ac157388-2d0e-4c78-b3f4-033572d19286[CVE-2015-6420] Serialized-object interfaces in certain Cisco Collaboration and Social Media; En...MISChttps://www.tenable.com/security/research/tra-2017-23https://www.tenable.com/security/research/tra-2017-23cpe:2.3:a:apache:commons_collections:4.0:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_collections:*:*:*:*:*:*:*:*javax.ws.rs-api-2.0.1.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/javax.ws.rs-api-2.0.1.jaredcd111cf4d3ba8ac8e1f326efc37a17104e9c2b5583cfcfeac0402316221648d6d8ea6b38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466dJava API for RESTful Web Services (JAX-RS)CDDL 1.1: http://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: http://glassfish.java.net/public/CDDL+GPL_1_1.htmlpomgroupidjavax.ws.rsjarpackage namewspomartifactidjavax.ws.rs-apiManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"pomnamejavax.ws.rs-apifilenamejavax.ws.rs-apipomparent-artifactidjvnet-parentManifestbundle-docurlhttp://www.oracle.com/pomparent-groupidnet.javajarpackage namersjarpackage namejavaxManifestbundle-symbolicnamejavax.ws.rs-apiManifestspecification-vendorOracle CorporationManifestextension-namejavax.ws.rspomurlhttp://jax-rs-spec.java.netpomorganization urlhttp://www.oracle.com/pomorganization nameOracle CorporationManifestBundle-Namejavax.ws.rs-apipomorganization urlhttp://www.oracle.com/jarpackage namewspomurlhttp://jax-rs-spec.java.netpomparent-artifactidjvnet-parentManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"pomnamejavax.ws.rs-apifilenamejavax.ws.rs-apiManifestbundle-docurlhttp://www.oracle.com/jarpackage namersjarpackage namejavaxpomgroupidjavax.ws.rspomartifactidjavax.ws.rs-apiManifestbundle-symbolicnamejavax.ws.rs-apiManifestextension-namejavax.ws.rspomparent-groupidnet.javapomorganization nameOracle CorporationManifestImplementation-Version2.0.1ManifestBundle-Version2.0.1pomversion2.0.1fileversion2.0.1pomparent-version2.0.1pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1https://ossindex.sonatype.org/component/pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1https://ossindex.sonatype.org/component/pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1struts2-core-2.3.8.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/struts2-core-2.3.8.jar6eec4c966b11d3288216917c1781d503b6f740a8626b1531b65701bd31fd80e066df7c8e180feca55fc93f6c882546ed299493cb761bae062031b867d46e7af213259ccbApache Struts 2http://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/struts2-core-2.3.8.jar180feca55fc93f6c882546ed299493cb761bae062031b867d46e7af213259ccbb6f740a8626b1531b65701bd31fd80e066df7c8e6eec4c966b11d3288216917c1781d503Manifestbundle-symbolicnameorg.apache.struts.2-coreManifestbundle-docurlhttp://www.apache.orgManifestoriginally-created-by1.6.0_37 (Apple Inc.)ManifestImplementation-Vendor-Idorg.apache.strutsjarpackage namestruts2pomparent-artifactidstruts2-parentpomartifactidstruts2-corejarpackage nameapacheManifestImplementation-VendorApache Software Foundationfilenamestruts2-corepomgroupidapache.strutsManifestspecification-vendorApache Software FoundationpomnameStruts 2 Corepomparent-groupidorg.apache.strutspomartifactidstruts2-coreManifestspecification-titleStruts 2 CoreManifestbundle-symbolicnameorg.apache.struts.2-coreManifestbundle-docurlhttp://www.apache.orgManifestoriginally-created-by1.6.0_37 (Apple Inc.)ManifestImplementation-TitleStruts 2 Corejarpackage namestruts2ManifestBundle-NameStruts 2 Corejarpackage nameapachepomparent-groupidorg.apache.strutsfilenamestruts2-corepomparent-artifactidstruts2-parentpomnameStruts 2 Corepomgroupidapache.strutsManifestBundle-Version2.3.8ManifestImplementation-Version2.3.8fileversion2.3.8pomversion2.3.8pkg:maven/org.apache.struts/struts2-core@2.3.8https://ossindex.sonatype.org/component/pkg:maven/org.apache.struts/struts2-core@2.3.8pkg:maven/org.apache.struts/struts2-core@2.3.8https://ossindex.sonatype.org/component/pkg:maven/org.apache.struts/struts2-core@2.3.8CVE-2013-1965HIGH9.3NETWORKMEDIUMNONECOMPLETECOMPLETECOMPLETEHIGHCWE-94Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.BIDhttp://www.securityfocus.com/bid/6008260082MISChttps://bugzilla.redhat.com/show_bug.cgi?id=967655https://bugzilla.redhat.com/show_bug.cgi?id=967655CONFIRMhttp://struts.apache.org/development/2.x/docs/s2-012.htmlhttp://struts.apache.org/development/2.x/docs/s2-012.htmlOSSINDEXhttps://ossindex.sonatype.org/vuln/7aa02cd2-5370-4f43-b202-d30665527d05[CVE-2013-1965] Improper Control of Generation of Code ("Code Injection")cpe:2.3:a:apache:struts2-showcase:*:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2013-1966HIGH9.3NETWORKMEDIUMNONECOMPLETECOMPLETECOMPLETEHIGHCWE-94Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.BIDhttp://www.securityfocus.com/bid/6016660166MISChttps://bugzilla.redhat.com/show_bug.cgi?id=967656https://bugzilla.redhat.com/show_bug.cgi?id=967656CONFIRMhttp://struts.apache.org/development/2.x/docs/s2-013.htmlhttp://struts.apache.org/development/2.x/docs/s2-013.htmlOSSINDEXhttps://ossindex.sonatype.org/vuln/64959e54-560d-4c85-b1ba-bae91251f948[CVE-2013-1966] Improper Control of Generation of Code ("Code Injection")MISChttps://cwiki.apache.org/confluence/display/WW/S2-013https://cwiki.apache.org/confluence/display/WW/S2-013cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2013-2115HIGH9.3NETWORKMEDIUMNONECOMPLETECOMPLETECOMPLETEHIGHCWE-94Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.MISChttps://bugzilla.redhat.com/show_bug.cgi?id=967656https://bugzilla.redhat.com/show_bug.cgi?id=967656OSSINDEXhttps://ossindex.sonatype.org/vuln/a902e7ce-8d2b-4de9-a3a4-e717c9ebea3e[CVE-2013-2115] Improper Control of Generation of Code ("Code Injection")BIDhttp://www.securityfocus.com/bid/6016760167CONFIRMhttp://struts.apache.org/development/2.x/docs/s2-014.htmlhttp://struts.apache.org/development/2.x/docs/s2-014.htmlMISChttps://cwiki.apache.org/confluence/display/WW/S2-014https://cwiki.apache.org/confluence/display/WW/S2-014cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*CVE-2013-2134HIGH9.3NETWORKMEDIUMNONECOMPLETECOMPLETECOMPLETEHIGHCWE-94Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.BIDhttp://www.securityfocus.com/bid/6475864758GENTOOhttp://security.gentoo.org/glsa/glsa-201409-04.xmlGLSA-201409-04BIDhttp://www.securityfocus.com/bid/6034660346CONFIRMhttp://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.htmlMISChttps://cwiki.apache.org/confluence/display/WW/S2-015https://cwiki.apache.org/confluence/display/WW/S2-015CONFIRMhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlCONFIRMhttp://struts.apache.org/development/2.x/docs/s2-015.htmlhttp://struts.apache.org/development/2.x/docs/s2-015.htmlOSSINDEXhttps://ossindex.sonatype.org/vuln/5caecd83-b961-48ca-b29e-f39b8f302d08[CVE-2013-2134] Improper Control of Generation of Code ("Code Injection")cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2013-2135HIGH9.3NETWORKMEDIUMNONECOMPLETECOMPLETECOMPLETEHIGHCWE-94Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.BIDhttp://www.securityfocus.com/bid/6475864758CONFIRMhttp://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.htmlOSSINDEXhttps://ossindex.sonatype.org/vuln/35c24ffb-ba83-44a8-95a7-008281c53ec9[CVE-2013-2135] Improper Control of Generation of Code ("Code Injection")MISChttps://cwiki.apache.org/confluence/display/WW/S2-015https://cwiki.apache.org/confluence/display/WW/S2-015CONFIRMhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlCONFIRMhttp://struts.apache.org/development/2.x/docs/s2-015.htmlhttp://struts.apache.org/development/2.x/docs/s2-015.htmlcpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2013-2248MEDIUM5.8NETWORKMEDIUMNONEPARTIALPARTIALNONEMEDIUMCWE-20Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.BIDhttp://www.securityfocus.com/bid/6475864758BIDhttp://www.securityfocus.com/bid/6119661196OSSINDEXhttps://ossindex.sonatype.org/vuln/c9390e41-5b7a-44fb-a710-7b90ad7d184d[CVE-2013-2248] Improper Input ValidationCONFIRMhttp://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.htmlCONFIRMhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlCONFIRMhttp://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.htmlhttp://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.htmlCONFIRMhttp://struts.apache.org/release/2.3.x/docs/s2-017.htmlhttp://struts.apache.org/release/2.3.x/docs/s2-017.htmlcpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*CVE-2013-2251HIGH9.3NETWORKMEDIUMNONECOMPLETECOMPLETECOMPLETEHIGHCWE-20Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.FULLDISChttp://seclists.org/fulldisclosure/2013/Oct/9620131013 Apache Software Foundation A Subsite Remote command executionCISCOhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts220131023 Apache Struts 2 Command Execution Vulnerability in Multiple Cisco ProductsBIDhttp://www.securityfocus.com/bid/6118961189CONFIRMhttp://struts.apache.org/release/2.3.x/docs/s2-016.htmlhttp://struts.apache.org/release/2.3.x/docs/s2-016.htmlCONFIRMhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlSECTRACKhttp://www.securitytracker.com/id/10291841029184CONFIRMhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlBIDhttp://www.securityfocus.com/bid/6475864758MLISThttp://seclists.org/oss-sec/2014/q1/89[oss-security] 20140114 Re: CVE Request: Apache Archiva Remote Command Execution 0dayOSVDBhttp://osvdb.org/9844598445SECTRACKhttp://www.securitytracker.com/id/10329161032916MISChttp://cxsecurity.com/issue/WLB-2014010087http://cxsecurity.com/issue/WLB-2014010087CONFIRMhttp://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.htmlhttp://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.htmlCONFIRMhttp://archiva.apache.org/security.htmlhttp://archiva.apache.org/security.htmlOSSINDEXhttps://ossindex.sonatype.org/vuln/65c550a7-b490-400a-9858-dd19c74a8a76[CVE-2013-2251] Improper Input ValidationXFhttps://exchange.xforce.ibmcloud.com/vulnerabilities/90392apache-archiva-ognl-command-exec(90392)cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*CVE-2013-4310MEDIUM5.8NETWORKMEDIUMNONEPARTIALPARTIALNONEMEDIUMCWE-264Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix.BIDhttp://www.securityfocus.com/bid/6475864758BUGTRAQhttp://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html20130921 [ANN] Struts 2.3.15.2 GA release available - security fixSECUNIAhttp://secunia.com/advisories/5491954919SECUNIAhttp://secunia.com/advisories/5649256492CONFIRMhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlCONFIRMhttp://struts.apache.org/release/2.3.x/docs/s2-018.htmlhttp://struts.apache.org/release/2.3.x/docs/s2-018.htmlBUGTRAQhttp://archives.neohapsis.com/archives/bugtraq/2013-10/0083.html20131017 [ANN] Struts 2.3.15.3 GA release available - security fixOSSINDEXhttps://ossindex.sonatype.org/vuln/5a506927-e6fa-4857-b80f-0c04f3d31a86[CVE-2013-4310] Permissions, Privileges, and Access ControlsSECTRACKhttp://www.securitytracker.com/id/10290771029077SECUNIAhttp://secunia.com/advisories/5648356483cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*CVE-2013-4316HIGH10.0NETWORKLOWNONECOMPLETECOMPLETECOMPLETEHIGHCWE-284NVD-CWE-noinfoCWE-16Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.BIDhttp://www.securityfocus.com/bid/6475864758BUGTRAQhttp://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html20130921 [ANN] Struts 2.3.15.2 GA release available - security fixOSSINDEXhttps://ossindex.sonatype.org/vuln/9da89f99-d083-43d3-a74c-b20fd6cb2da7[CVE-2013-4316] Improper Access ControlCONFIRMhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlSECTRACKhttp://www.securitytracker.com/id/10290781029078CONFIRMhttp://struts.apache.org/release/2.3.x/docs/s2-019.htmlhttp://struts.apache.org/release/2.3.x/docs/s2-019.htmlcpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_private_banking:2.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_private_banking:1.7:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_private_banking:12.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_private_banking:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_private_banking:3.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_private_banking:12.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:webcenter_sites:11.1.1.6.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_private_banking:2.2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*CVE-2014-0094MEDIUM5.0NETWORKLOWNONENONENONENONEMEDIUMNVD-CWE-noinfoThe ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.CONFIRMhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlOSSINDEXhttps://ossindex.sonatype.org/vuln/46502110-4592-408e-836b-331e9ee41e6b[CVE-2014-0094] The ParametersInterceptor in Apache Struts before 2.3.16.1 allows remote attacke...BUGTRAQhttp://www.securityfocus.com/archive/1/532549/100/0/threaded20140625 NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts librarySECUNIAhttp://secunia.com/advisories/5644056440CONFIRMhttp://struts.apache.org/release/2.3.x/docs/s2-020.htmlhttp://struts.apache.org/release/2.3.x/docs/s2-020.htmlBUGTRAQhttp://www.securityfocus.com/archive/1/531362/100/0/threaded20140306 [ANN] Struts 2.3.16.1 GA release available - security fixJVNDBhttp://jvndb.jvn.jp/jvndb/JVNDB-2014-000045JVNDB-2014-000045MISChttp://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.htmlhttp://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.htmlSECUNIAhttp://secunia.com/advisories/5917859178CONFIRMhttp://www.konakart.com/downloads/ver-7-3-0-0-whats-newhttp://www.konakart.com/downloads/ver-7-3-0-0-whats-newSECTRACKhttp://www.securitytracker.com/id/10298761029876BIDhttp://www.securityfocus.com/bid/6599965999CONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21676706http://www-01.ibm.com/support/docview.wss?uid=swg21676706JVNhttp://jvn.jp/en/jp/JVN19294237/index.htmlJVN#19294237CONFIRMhttp://www.vmware.com/security/advisories/VMSA-2014-0007.htmlhttp://www.vmware.com/security/advisories/VMSA-2014-0007.htmlCONFIRMhttp://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htmhttp://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htmcpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2014-0112HIGH7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGHCWE-264ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.CONFIRMhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlCONFIRMhttps://bugzilla.redhat.com/show_bug.cgi?id=1091939https://bugzilla.redhat.com/show_bug.cgi?id=1091939BIDhttp://www.securityfocus.com/bid/6706467064SECUNIAhttp://secunia.com/advisories/5950059500CONFIRMhttps://cwiki.apache.org/confluence/display/WW/S2-021https://cwiki.apache.org/confluence/display/WW/S2-021BUGTRAQhttp://www.securityfocus.com/archive/1/531952/100/0/threaded20140426 [ANN] Struts 2.3.16.2 GA release available - security fixOSSINDEXhttps://ossindex.sonatype.org/vuln/434eada7-81e4-4e5b-854c-a4ea6eedab39[CVE-2014-0112] Permissions, Privileges, and Access ControlsBUGTRAQhttp://www.securityfocus.com/archive/1/532549/100/0/threaded20140625 NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts libraryREDHAThttps://access.redhat.com/errata/RHSA-2019:0910RHSA-2019:0910JVNDBhttp://jvndb.jvn.jp/jvndb/JVNDB-2014-000045JVNDB-2014-000045MISChttp://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.htmlhttp://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.htmlSECUNIAhttp://secunia.com/advisories/5917859178CONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21676706http://www-01.ibm.com/support/docview.wss?uid=swg21676706JVNhttp://jvn.jp/en/jp/JVN19294237/index.htmlJVN#19294237CONFIRMhttp://www.vmware.com/security/advisories/VMSA-2014-0007.htmlhttp://www.vmware.com/security/advisories/VMSA-2014-0007.htmlcpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2014-0113HIGH7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGHCWE-264CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.OSSINDEXhttps://ossindex.sonatype.org/vuln/ff890408-a4b8-4e3f-a892-ee7e72b2c8e3[CVE-2014-0113] Permissions, Privileges, and Access ControlsCONFIRMhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlSECUNIAhttp://secunia.com/advisories/5917859178CONFIRMhttps://cwiki.apache.org/confluence/display/WW/S2-021https://cwiki.apache.org/confluence/display/WW/S2-021BUGTRAQhttp://www.securityfocus.com/archive/1/531952/100/0/threaded20140426 [ANN] Struts 2.3.16.2 GA release available - security fixCONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21676706http://www-01.ibm.com/support/docview.wss?uid=swg21676706cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2014-0116MEDIUM5.8NETWORKMEDIUMNONENONENONEPARTIALMEDIUMCWE-264CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113.CONFIRMhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlBIDhttp://www.securityfocus.com/bid/6721867218OSSINDEXhttps://ossindex.sonatype.org/vuln/4fe47992-e6ac-4907-9255-dc29ce47c288[CVE-2014-0116] Permissions, Privileges, and Access ControlsSECUNIAhttp://secunia.com/advisories/5981659816CONFIRMhttp://struts.apache.org/release/2.3.x/docs/s2-022.htmlhttp://struts.apache.org/release/2.3.x/docs/s2-022.htmlCONFIRMhttp://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htmhttp://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htmcpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2014-7809MEDIUM6.8NETWORKMEDIUMNONEPARTIALPARTIALPARTIALMEDIUMCWE-352Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism.MISChttp://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.htmlhttp://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.htmlCONFIRMhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlCONFIRMhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlOSSINDEXhttps://ossindex.sonatype.org/vuln/5649009f-ed2c-4307-b48a-77ba1fd80ac1[CVE-2014-7809] Cross-Site Request Forgery (CSRF)BIDhttp://www.securityfocus.com/bid/7154871548CONFIRMhttp://struts.apache.org/docs/s2-023.htmlhttp://struts.apache.org/docs/s2-023.htmlCONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlSECTRACKhttp://www.securitytracker.com/id/10313091031309BUGTRAQhttp://www.securityfocus.com/archive/1/534175/100/0/threaded20141208 [ANN] Apache Struts 2.3.20 GA release available with security fixcpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2015-5169MEDIUM4.3NETWORKMEDIUMNONENONENONENONEMEDIUM6.1NETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONEMEDIUMCWE-79Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.CONFIRMhttps://bugzilla.redhat.com/show_bug.cgi?id=1260087https://bugzilla.redhat.com/show_bug.cgi?id=1260087CONFIRMhttps://struts.apache.org/docs/s2-025.htmlhttps://struts.apache.org/docs/s2-025.htmlJVNDBhttp://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.htmlJVNDB-2015-000125OSSINDEXhttps://ossindex.sonatype.org/vuln/6bd24132-f4fa-4dc0-b479-b69b115bd59f[CVE-2015-5169] Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.BIDhttp://www.securityfocus.com/bid/7662576625CONFIRMhttps://security.netapp.com/advisory/ntap-20180629-0003/https://security.netapp.com/advisory/ntap-20180629-0003/JVNhttp://jvn.jp/en/jp/JVN95989300/index.htmlJVN#95989300cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2015-5209HIGH5.0NETWORKLOWNONENONENONENONEMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDNONEHIGHNONEHIGHCWE-20Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.CONFIRMhttps://security.netapp.com/advisory/ntap-20180629-0002/https://security.netapp.com/advisory/ntap-20180629-0002/OSSINDEXhttps://ossindex.sonatype.org/vuln/d8c9a55c-b6f6-4b1c-a675-947ac1c64ec7[CVE-2015-5209] Improper Input ValidationBIDhttp://www.securityfocus.com/bid/8255082550SECTRACKhttp://www.securitytracker.com/id/10339081033908CONFIRMhttps://struts.apache.org/docs/s2-026.htmlhttps://struts.apache.org/docs/s2-026.htmlcpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-0785HIGH9.0NETWORKLOWSINGLECOMPLETECOMPLETECOMPLETEHIGH8.8NETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGHHIGHCWE-20Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.CONFIRMhttp://struts.apache.org/docs/s2-029.htmlhttp://struts.apache.org/docs/s2-029.htmlSECTRACKhttp://www.securitytracker.com/id/10352711035271BIDhttp://www.securityfocus.com/bid/8506685066OSSINDEXhttps://ossindex.sonatype.org/vuln/5684f0fd-6580-461f-a0f6-eda4176de9bb[CVE-2016-0785] Improper Input Validationcpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2016-2162MEDIUM4.3NETWORKMEDIUMNONENONENONENONEMEDIUM6.1NETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONEMEDIUMCWE-79Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.SECTRACKhttp://www.securitytracker.com/id/10352721035272CONFIRMhttp://struts.apache.org/docs/s2-030.htmlhttp://struts.apache.org/docs/s2-030.htmlBIDhttp://www.securityfocus.com/bid/8507085070OSSINDEXhttps://ossindex.sonatype.org/vuln/4fa8ad37-bc1f-4136-a277-c1974de7242a[CVE-2016-2162] Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2_beta:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-3081HIGH9.3NETWORKMEDIUMNONECOMPLETECOMPLETECOMPLETEHIGH8.1NETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGHHIGHCWE-77Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.CONFIRMhttps://struts.apache.org/docs/s2-032.htmlhttps://struts.apache.org/docs/s2-032.htmlBIDhttp://www.securityfocus.com/bid/8732787327MISChttp://www.rapid7.com/db/modules/exploit/multi/http/struts_dmi_exechttp://www.rapid7.com/db/modules/exploit/multi/http/struts_dmi_execOSSINDEXhttps://ossindex.sonatype.org/vuln/fddf085b-72d4-4af0-a0a2-c1c1515e801b[CVE-2016-3081] Improper Neutralization of Special Elements used in a Command (Command Injection)CONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlCONFIRMhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160527-01-struts2-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160527-01-struts2-enCONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlMISChttp://packetstormsecurity.com/files/136856/Apache-Struts-2.3.28-Dynamic-Method-Invocation-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/136856/Apache-Struts-2.3.28-Dynamic-Method-Invocation-Remote-Code-Execution.htmlMISChttp://www.rapid7.com/db/modules/exploit/linux/http/struts_dmi_exechttp://www.rapid7.com/db/modules/exploit/linux/http/struts_dmi_execSECTRACKhttp://www.securitytracker.com/id/10356651035665EXPLOIT-DBhttps://www.exploit-db.com/exploits/39756/39756BIDhttp://www.securityfocus.com/bid/9178791787cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:oracle:siebel_e-billing:7.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-3082CRITICAL10.0NETWORKLOWNONECOMPLETECOMPLETECOMPLETEHIGH9.8NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGHCRITICALCWE-20XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.SECTRACKhttp://www.securitytracker.com/id/10356641035664CONFIRMhttp://struts.apache.org/docs/s2-031.htmlhttp://struts.apache.org/docs/s2-031.htmlBIDhttp://www.securityfocus.com/bid/8882688826OSSINDEXhttps://ossindex.sonatype.org/vuln/f996580c-3f8a-48b4-9aac-083e8a576ef6[CVE-2016-3082] Improper Input Validationcpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-3090HIGH6.5NETWORKLOWSINGLEPARTIALPARTIALPARTIALMEDIUM8.8NETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGHHIGHCWE-20The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.CONFIRMhttps://struts.apache.org/docs/s2-027.htmlhttps://struts.apache.org/docs/s2-027.htmlCONFIRMhttps://security.netapp.com/advisory/ntap-20180629-0005/https://security.netapp.com/advisory/ntap-20180629-0005/BIDhttp://www.securityfocus.com/bid/8513185131SECTRACKhttps://www.securitytracker.com/id/10352671035267OSSINDEXhttps://ossindex.sonatype.org/vuln/e5b8e18a-9921-4c6f-9d11-8bc2497571f0[CVE-2016-3090] The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 a...cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-3093MEDIUM5.0NETWORKLOWNONENONENONEPARTIALMEDIUM5.3NETWORKLOWNONENONEUNCHANGEDNONENONELOWMEDIUMCWE-20Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.CONFIRMhttp://struts.apache.org/docs/s2-034.htmlhttp://struts.apache.org/docs/s2-034.htmlOSSINDEXhttps://ossindex.sonatype.org/vuln/74cddd35-3e8e-4460-bb8f-03eef3b4d382[CVE-2016-3093] Improper Input ValidationCONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21987854http://www-01.ibm.com/support/docview.wss?uid=swg21987854SECTRACKhttp://www.securitytracker.com/id/10360181036018BIDhttp://www.securityfocus.com/bid/9096190961cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:ognl_project:ognl:*:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-4003MEDIUM4.3NETWORKMEDIUMNONENONENONENONEMEDIUM6.1NETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONEMEDIUMCWE-79Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter.BIDhttp://www.securityfocus.com/bid/8631186311CONFIRMhttp://struts.apache.org/docs/s2-028.htmlhttp://struts.apache.org/docs/s2-028.htmlSECTRACKhttp://www.securitytracker.com/id/10352681035268CONFIRMhttps://issues.apache.org/jira/browse/WW-4507https://issues.apache.org/jira/browse/WW-4507OSSINDEXhttps://ossindex.sonatype.org/vuln/0081c46d-8e5f-4553-9937-d25f3399d130[CVE-2016-4003] Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2016-4436CRITICAL7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGH9.8NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGHCRITICALNVD-CWE-noinfoApache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.BIDhttp://www.securityfocus.com/bid/9128091280OSSINDEXhttps://ossindex.sonatype.org/vuln/63b9193d-7f44-46d5-8779-4a757d7bf37f[CVE-2016-4436] Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have uns...CONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282CONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlCONFIRMhttps://struts.apache.org/docs/s2-035.htmlhttps://struts.apache.org/docs/s2-035.htmlCONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21987854http://www-01.ibm.com/support/docview.wss?uid=swg21987854cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-4461HIGH9.0NETWORKLOWSINGLECOMPLETECOMPLETECOMPLETEHIGH8.8NETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGHHIGHCWE-20Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.OSSINDEXhttps://ossindex.sonatype.org/vuln/12d9b800-934d-4726-94e9-7b83a650d274[CVE-2016-4461] Improper Input ValidationBIDhttp://www.securityfocus.com/bid/9127791277CONFIRMhttps://struts.apache.org/docs/s2-036.htmlhttps://struts.apache.org/docs/s2-036.htmlCONFIRMhttps://security.netapp.com/advisory/ntap-20180629-0004/https://security.netapp.com/advisory/ntap-20180629-0004/cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*CVE-2017-12611CRITICAL7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGH9.8NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGHCRITICALCWE-20In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.BIDhttp://www.securityfocus.com/bid/100829100829CONFIRMhttps://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001OSSINDEXhttps://ossindex.sonatype.org/vuln/dc3edaf8-51de-40d2-9ad1-725d1040aad2[CVE-2017-12611] In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10, using an unintenti...CONFIRMhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlCONFIRMhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txthttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txtCONFIRMhttps://struts.apache.org/docs/s2-053.htmlhttps://struts.apache.org/docs/s2-053.htmlcpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2017-5638CRITICAL10.0NETWORKLOWNONECOMPLETECOMPLETECOMPLETEHIGH10.0NETWORKLOWNONENONECHANGEDHIGHHIGHHIGHCRITICALCWE-20The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.MISChttp://blog.talosintelligence.com/2017/03/apache-0-day-exploited.htmlhttp://blog.talosintelligence.com/2017/03/apache-0-day-exploited.htmlMISChttps://twitter.com/theog150/status/841146956135124993https://twitter.com/theog150/status/841146956135124993EXPLOIT-DBhttps://exploit-db.com/exploits/4157041570CONFIRMhttps://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519ahttps://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519aOSSINDEXhttps://ossindex.sonatype.org/vuln/6fb3b58b-cf18-450e-ba0d-74432bc5ecff[CVE-2017-5638] Improper Input ValidationCONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlCONFIRMhttps://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228SECTRACKhttp://www.securitytracker.com/id/10379731037973EXPLOIT-DBhttps://www.exploit-db.com/exploits/41614/41614CONFIRMhttps://www.symantec.com/security-center/network-protection-security-advisories/SA145https://www.symantec.com/security-center/network-protection-security-advisories/SA145CONFIRMhttps://support.lenovo.com/us/en/product_security/len-14200https://support.lenovo.com/us/en/product_security/len-14200CONFIRMhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txthttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txtCONFIRMhttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_usCONFIRMhttps://cwiki.apache.org/confluence/display/WW/S2-045https://cwiki.apache.org/confluence/display/WW/S2-045BIDhttp://www.securityfocus.com/bid/9672996729CONFIRMhttps://cwiki.apache.org/confluence/display/WW/S2-046https://cwiki.apache.org/confluence/display/WW/S2-046MISChttps://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/MISChttps://github.com/rapid7/metasploit-framework/issues/8064https://github.com/rapid7/metasploit-framework/issues/8064CONFIRMhttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_usCERT-VNhttps://www.kb.cert.org/vuls/id/834067VU#834067MISChttps://packetstormsecurity.com/files/141494/S2-45-poc.py.txthttps://packetstormsecurity.com/files/141494/S2-45-poc.py.txtMISChttps://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.htmlhttps://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.htmlMISChttps://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/CONFIRMhttps://security.netapp.com/advisory/ntap-20170310-0001/https://security.netapp.com/advisory/ntap-20170310-0001/MISChttp://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/MISChttps://isc.sans.edu/diary/22169https://isc.sans.edu/diary/22169CONFIRMhttps://struts.apache.org/docs/s2-046.htmlhttps://struts.apache.org/docs/s2-046.htmlMISChttps://github.com/mazen160/struts-pwnhttps://github.com/mazen160/struts-pwnMISChttp://www.eweek.com/security/apache-struts-vulnerability-under-attack.htmlhttp://www.eweek.com/security/apache-struts-vulnerability-under-attack.htmlCONFIRMhttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_usCONFIRMhttps://struts.apache.org/docs/s2-045.htmlhttps://struts.apache.org/docs/s2-045.htmlcpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2017-9787HIGH5.0NETWORKLOWNONENONENONEPARTIALMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDNONENONEHIGHHIGHCWE-284When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.BIDhttp://www.securityfocus.com/bid/9956299562OSSINDEXhttps://ossindex.sonatype.org/vuln/e2ebe514-dc44-474a-82ab-d20bd81bfc4c[CVE-2017-9787] Improper Access ControlSECTRACKhttp://www.securitytracker.com/id/10391151039115CONFIRMhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlMLISThttps://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E[announcements] 20170713 Apache Struts 2.5.12 GA with Security Fixes ReleaseCONFIRMhttps://security.netapp.com/advisory/ntap-20180706-0002/https://security.netapp.com/advisory/ntap-20180706-0002/MLISThttps://lists.apache.org/thread.html/de3d325f0433cd3b42258b6a302c0d7a72b69eedc1480ed561d3b065@%3Cannouncements.struts.apache.org%3E[announcements] 20170810 [ANN] Apache Struts: S2-049 Security Bulletin updateCONFIRMhttp://struts.apache.org/docs/s2-049.htmlhttp://struts.apache.org/docs/s2-049.htmlcpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2017-9791CRITICAL7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGH9.8NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGHCRITICALCWE-20The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.BIDhttp://www.securityfocus.com/bid/9948499484SECTRACKhttp://www.securitytracker.com/id/10388381038838EXPLOIT-DBhttps://www.exploit-db.com/exploits/42324/42324CONFIRMhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlCONFIRMhttps://security.netapp.com/advisory/ntap-20180706-0002/https://security.netapp.com/advisory/ntap-20180706-0002/EXPLOIT-DBhttps://www.exploit-db.com/exploits/44643/44643CONFIRMhttp://struts.apache.org/docs/s2-048.htmlhttp://struts.apache.org/docs/s2-048.htmlOSSINDEXhttps://ossindex.sonatype.org/vuln/f2eb9ab7-09aa-4599-a351-7ebbd11ff11b[CVE-2017-9791] Improper Input Validationcpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2017-9793HIGH5.0NETWORKLOWNONENONENONEPARTIALMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDNONENONEHIGHHIGHCWE-20The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.BIDhttp://www.securityfocus.com/bid/100611100611SECTRACKhttp://www.securitytracker.com/id/10392621039262OSSINDEXhttps://ossindex.sonatype.org/vuln/bf32e61b-04ce-4d34-b884-d775b7acf109[CVE-2017-9793] The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is ...CONFIRMhttp://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htmhttp://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htmCONFIRMhttps://security.netapp.com/advisory/ntap-20180629-0001/https://security.netapp.com/advisory/ntap-20180629-0001/CISCOhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts220170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017CONFIRMhttps://struts.apache.org/docs/s2-051.htmlhttps://struts.apache.org/docs/s2-051.htmlCONFIRMhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlcpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2017-9804HIGH5.0NETWORKLOWNONENONENONEPARTIALMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDNONENONEHIGHHIGHCWE-399In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672.SECTRACKhttp://www.securitytracker.com/id/10392611039261CONFIRMhttps://security.netapp.com/advisory/ntap-20180629-0001/https://security.netapp.com/advisory/ntap-20180629-0001/CISCOhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts220170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017OSSINDEXhttps://ossindex.sonatype.org/vuln/57ce5eee-b4a2-4054-9648-393b287cd86f[CVE-2017-9804] In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application ...CONFIRMhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlBIDhttp://www.securityfocus.com/bid/100612100612CONFIRMhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txthttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txtCONFIRMhttps://struts.apache.org/docs/s2-050.htmlhttps://struts.apache.org/docs/s2-050.htmlcpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2017-9805HIGH6.8NETWORKMEDIUMNONEPARTIALPARTIALPARTIALMEDIUM8.1NETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGHHIGHCWE-502The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.CONFIRMhttps://cwiki.apache.org/confluence/display/WW/S2-052https://cwiki.apache.org/confluence/display/WW/S2-052EXPLOIT-DBhttps://www.exploit-db.com/exploits/42627/42627CISCOhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts220170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017CERT-VNhttps://www.kb.cert.org/vuls/id/112992VU#112992CONFIRMhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlOSSINDEXhttps://ossindex.sonatype.org/vuln/3c254119-620e-4d3a-b456-f150d179e2c1[CVE-2017-9805] Deserialization of Untrusted DataBIDhttp://www.securityfocus.com/bid/100609100609MISChttps://lgtm.com/blog/apache_struts_CVE-2017-9805https://lgtm.com/blog/apache_struts_CVE-2017-9805CONFIRMhttps://bugzilla.redhat.com/show_bug.cgi?id=1488482https://bugzilla.redhat.com/show_bug.cgi?id=1488482CONFIRMhttps://security.netapp.com/advisory/ntap-20170907-0001/https://security.netapp.com/advisory/ntap-20170907-0001/CONFIRMhttps://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifaxhttps://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifaxCONFIRMhttps://struts.apache.org/docs/s2-052.htmlhttps://struts.apache.org/docs/s2-052.htmlSECTRACKhttp://www.securitytracker.com/id/10392631039263cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2018-11776HIGH9.3NETWORKMEDIUMNONECOMPLETECOMPLETECOMPLETEHIGH8.1NETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGHHIGHCWE-20Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.SECTRACKhttp://www.securitytracker.com/id/10415471041547EXPLOIT-DBhttps://www.exploit-db.com/exploits/45262/45262CONFIRMhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012BIDhttp://www.securityfocus.com/bid/105125105125SECTRACKhttp://www.securitytracker.com/id/10418881041888CONFIRMhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.htmlCONFIRMhttps://security.netapp.com/advisory/ntap-20181018-0002/https://security.netapp.com/advisory/ntap-20181018-0002/EXPLOIT-DBhttps://www.exploit-db.com/exploits/45367/45367OSSINDEXhttps://ossindex.sonatype.org/vuln/aea7ad84-58a9-4883-a9ef-f69fae4dcd9c[CVE-2018-11776] Improper Input ValidationCONFIRMhttps://cwiki.apache.org/confluence/display/WW/S2-057https://cwiki.apache.org/confluence/display/WW/S2-057MISChttps://github.com/hook-s3c/CVE-2018-11776-Python-PoChttps://github.com/hook-s3c/CVE-2018-11776-Python-PoCCONFIRMhttps://security.netapp.com/advisory/ntap-20180822-0001/https://security.netapp.com/advisory/ntap-20180822-0001/CONFIRMhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txthttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txtCONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlCONFIRMhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlMISChttps://lgtm.com/blog/apache_struts_CVE-2018-11776https://lgtm.com/blog/apache_struts_CVE-2018-11776EXPLOIT-DBhttps://www.exploit-db.com/exploits/45260/45260cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2018-1327HIGH5.0NETWORKLOWNONENONENONEPARTIALMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDNONENONEHIGHHIGHCWE-20The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16.SECTRACKhttp://www.securitytracker.com/id/10405751040575OSSINDEXhttps://ossindex.sonatype.org/vuln/9b82d7bc-5262-43b8-bd0d-50ede8e76e56[CVE-2018-1327] Improper Input ValidationMISChttps://cwiki.apache.org/confluence/display/WW/S2-056https://cwiki.apache.org/confluence/display/WW/S2-056CONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlCONFIRMhttps://security.netapp.com/advisory/ntap-20180330-0001/https://security.netapp.com/advisory/ntap-20180330-0001/BIDhttp://www.securityfocus.com/bid/103516103516cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')MEDIUM6.1NLNRCLLNMEDIUMCWE-79The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.OSSINDEXhttps://ossindex.sonatype.org/vuln/69f81156-32f8-4ad5-b58a-ec60e2a7fde6CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')cpe:2.3:a:org.apache.struts:struts2-core:2.3.8:*:*:*:*:*:*:*Manipulation of Struts' internals0.0> ValueStack defines special top object which represents root of execution context. It can be used to manipulate Struts' internals or can be used to affect container's settings
>
> -- [apache.org](https://struts.apache.org/docs/s2-026.html)OSSINDEXhttps://ossindex.sonatype.org/vuln/d8afbd24-c683-4aec-b28f-218fbe5ad76bManipulation of Struts' internalscpe:2.3:a:org.apache.struts:struts2-core:2.3.8:*:*:*:*:*:*:*semver4j-2.2.0.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/semver4j-2.2.0.jar3b731d492b1f97c77d7b3c44228fe17e2846945cb3bd65b65abf49a809f6cb907bbdb745795d67b6e5854edb70d0925bd3dfc9595dd2a6862f9e0227ec9fc4d76d571f5eSemantic versioning for Java apps.The MIT License: http://www.opensource.org/licenses/mit-license.phpjarpackage namesemver4jpomartifactidsemver4jpomnamesemver4jfilenamesemver4jpomgroupidvdurmontpomurlvdurmont/semver4jjarpackage namesemver4jjarpackage namevdurmontjarpackage namevdurmontpomartifactidsemver4jjarpackage namesemver4jpomnamesemver4jfilenamesemver4jjarpackage namesemver4jpomurlvdurmont/semver4jpomgroupidvdurmontjarpackage namevdurmontfileversion2.2.0pomversion2.2.0pkg:maven/com.vdurmont/semver4j@2.2.0https://ossindex.sonatype.org/component/pkg:maven/com.vdurmont/semver4j@2.2.0pkg:maven/com.vdurmont/semver4j@2.2.0https://ossindex.sonatype.org/component/pkg:maven/com.vdurmont/semver4j@2.2.0spring-hashcorp-vault-tomcat.jar/var/lib/jenkins/workspace/test@2/infrastructure/production/tomcat/files/spring-hashcorp-vault-tomcat.jar1a2c28d892cf726d93f2fd73ae93e07dc5055bb00a86c86bd14b7cba9b66e8d9a9ab26ccdea548c8db12e1c0023006a9345acee9d21a6b279bfbe370d2b7cb4b67f3d347jarpackage nametomcatfilenamespring-hashcorp-vault-tomcatpomgroupidrohitsalechajarpackage namespringframeworkjarpackage namevaultpomartifactidspring-hashcorp-vault-tomcatjarpackage namerohitsalechapomartifactidspring-hashcorp-vault-tomcatjarpackage nametomcatfilenamespring-hashcorp-vault-tomcatjarpackage namevaultpomgroupidrohitsalechajarpackage namerohitsalechapomversion0.0.1-SNAPSHOTpkg:maven/com.rohitsalecha/spring-hashcorp-vault-tomcat@0.0.1-SNAPSHOThttps://ossindex.sonatype.org/component/pkg:maven/com.rohitsalecha/spring-hashcorp-vault-tomcat@0.0.1-SNAPSHOTpkg:maven/com.rohitsalecha/spring-hashcorp-vault-tomcat@0.0.1-SNAPSHOThttps://ossindex.sonatype.org/component/pkg:maven/com.rohitsalecha/spring-hashcorp-vault-tomcat@0.0.1-SNAPSHOTossindex-service-api-1.2.0.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/ossindex-service-api-1.2.0.jar9348df420e1023fe344a429452bebeefc83599f23ad778277fbf6766e0052da3923d1633d6b70dfcc8931dc953170bd14532417f5bacde906222d98f3db1810a1af81479pomparent-groupidorg.sonatype.ossindexpomartifactidossindex-service-apipomparent-artifactidossindex-servicejarpackage nameapifilenameossindex-service-apiManifestimplementation-urlhttps://sonatype.github.io/ossindex-public/ossindex-service-api/jarpackage nameservicepomgroupidsonatype.ossindexManifestImplementation-Vendor-Idorg.sonatype.ossindexjarpackage namesonatypejarpackage nameossindexManifestImplementation-VendorSonatype, Inc.jarpackage nameapiManifestspecification-titleorg.sonatype.ossindex:ossindex-service-apipomgroupidsonatype.ossindexpomparent-groupidorg.sonatype.ossindexfilenameossindex-service-apijarpackage nameserviceManifestimplementation-urlhttps://sonatype.github.io/ossindex-public/ossindex-service-api/pomartifactidossindex-service-apipomparent-artifactidossindex-servicejarpackage namesonatypejarpackage nameossindexManifestImplementation-Titleorg.sonatype.ossindex:ossindex-service-apipomversion1.2.0fileversion1.2.0ManifestImplementation-Version1.2.0pkg:maven/org.sonatype.ossindex/ossindex-service-api@1.2.0https://ossindex.sonatype.org/component/pkg:maven/org.sonatype.ossindex/ossindex-service-api@1.2.0pkg:maven/org.sonatype.ossindex/ossindex-service-api@1.2.0https://ossindex.sonatype.org/component/pkg:maven/org.sonatype.ossindex/ossindex-service-api@1.2.0compiler-0.8.17.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/compiler-0.8.17.jare0e52f6ea100529dfb5f1e6ea54e72b450a290cf88e5981653796573c97fba1e0071ef072b1ece537f09457a459a256d3ddd434beec8077c19db9842e7f079acf8e7dd51Implementation of mustache.js for JavaApache License 2.0: http://www.apache.org/licenses/LICENSE-2.0pomparent-artifactidmustache.javajarpackage namemustachepomartifactidcompilerpomnamecompilerpomparent-groupidcom.github.spullara.mustache.javapomurlhttp://github.com/spullara/mustache.javajarpackage namegithubjarpackage namemustachejavajarpackage namegithubfilenamecompilerpomgroupidgithub.spullara.mustache.javapomartifactidcompilerjarpackage namemustachepomparent-artifactidmustache.javapomnamecompilerpomgroupidgithub.spullara.mustache.javapomurlhttp://github.com/spullara/mustache.javajarpackage namemustachejavajarpackage namegithubfilenamecompilerpomparent-groupidcom.github.spullara.mustache.javafileversion0.8.17pomversion0.8.17pkg:maven/com.github.spullara.mustache.java/compiler@0.8.17https://ossindex.sonatype.org/component/pkg:maven/com.github.spullara.mustache.java/compiler@0.8.17pkg:maven/com.github.spullara.mustache.java/compiler@0.8.17https://ossindex.sonatype.org/component/pkg:maven/com.github.spullara.mustache.java/compiler@0.8.17commons-lang3-3.4.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/commons-lang3-3.4.jar8667a442ee77e509fbe8176b94726eb25fe28b9518e58819180a43a850fbc0dd24b7c050734c8356420cc8e30c795d64fd1fcd5d44ea9d90342a2cc3262c5158fbc6d98b
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
http://www.apache.org/licenses/LICENSE-2.0.txtfilenamecommons-lang3pomparent-artifactidcommons-parentpomnameApache Commons LangManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"pomartifactidcommons-lang3pomgroupidapache.commonspomparent-groupidorg.apache.commonsjarpackage nameapacheManifestImplementation-Vendor-Idorg.apacheManifestimplementation-buildtags/LANG_3_4_RC2@r1671054; 2015-04-03 12:30:21+0000Manifestbundle-docurlhttp://commons.apache.org/proper/commons-lang/Manifestspecification-vendorThe Apache Software Foundationjarpackage namecommonsjarpackage namelang3pomurlhttp://commons.apache.org/proper/commons-lang/Manifestbundle-symbolicnameorg.apache.commons.lang3ManifestImplementation-VendorThe Apache Software Foundationpomurlhttp://commons.apache.org/proper/commons-lang/pomparent-artifactidcommons-parentfilenamecommons-lang3pomnameApache Commons LangManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"jarpackage nameapacheManifestimplementation-buildtags/LANG_3_4_RC2@r1671054; 2015-04-03 12:30:21+0000ManifestBundle-NameApache Commons LangManifestbundle-docurlhttp://commons.apache.org/proper/commons-lang/jarpackage namecommonspomgroupidapache.commonsManifestspecification-titleApache Commons Langpomparent-groupidorg.apache.commonspomartifactidcommons-lang3jarpackage namelang3ManifestImplementation-TitleApache Commons LangManifestbundle-symbolicnameorg.apache.commons.lang3ManifestImplementation-Version3.4pomparent-version3.4pomversion3.4fileversion3.4pkg:maven/org.apache.commons/commons-lang3@3.4https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-lang3@3.4pkg:maven/org.apache.commons/commons-lang3@3.4https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-lang3@3.4jsoup-1.12.1.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/jsoup-1.12.1.jar79bb9e9e8b50ef80a18bd46426befc5a55819a28fc834c2f2bcf4dcdb278524dc3cf088f4f961f68e47740dd7576c9685774a7b25b92f1017af24e2f707b30e893abade3jsoup is a Java library for working with real-world HTML. It provides a very convenient API for extracting and manipulating data, using the best of DOM, CSS, and jquery-like methods. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do.The MIT License: https://jsoup.org/licensejarpackage nameparserfilenamejsoupManifestbundle-docurlhttps://jsoup.org/Manifestautomatic-module-nameorg.jsouppomorganization nameJonathan Hedleypomnamejsoup Java HTML ParserManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"pomgroupidjsouppomartifactidjsouppomorganization urlhttps://jhy.io/pomurlhttps://jsoup.org/jarpackage namejsoupManifestbundle-symbolicnameorg.jsouppomgroupidjsoupManifestBundle-Namejsoup Java HTML Parserjarpackage nameparserfilenamejsoupManifestbundle-docurlhttps://jsoup.org/Manifestautomatic-module-nameorg.jsouppomorganization nameJonathan Hedleypomnamejsoup Java HTML ParserpomartifactidjsoupManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"pomorganization urlhttps://jhy.io/pomurlhttps://jsoup.org/jarpackage namejsoupManifestbundle-symbolicnameorg.jsouppomversion1.12.1fileversion1.12.1ManifestBundle-Version1.12.1pkg:maven/org.jsoup/jsoup@1.12.1https://ossindex.sonatype.org/component/pkg:maven/org.jsoup/jsoup@1.12.1pkg:maven/org.jsoup/jsoup@1.12.1https://ossindex.sonatype.org/component/pkg:maven/org.jsoup/jsoup@1.12.1commons-beanutils-1.7.0.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/commons-beanutils-1.7.0.jar0f18acf5fa857f9959675e14d901a7ce5675fd96b29656504b86029551973d60fb41339b24bcaa20ccbdc7c856ce0c0aea144566943403e2e9f27bd9779cda1d76823ef4/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/commons-beanutils-1.7.0.jar24bcaa20ccbdc7c856ce0c0aea144566943403e2e9f27bd9779cda1d76823ef45675fd96b29656504b86029551973d60fb41339b0f18acf5fa857f9959675e14d901a7cecentralgroupidcommons-beanutilsManifestextension-nameorg.apache.commons.beanutilsjarpackage namebeanutilsjarpackage nameapachejarpackage namecommonsjarpackage nameapacheManifestImplementation-VendorApache Software Foundationpomgroupidcommons-beanutilsjarpackage namebeanutilspomartifactidcommons-beanutilsjarpackage namecommonsManifestspecification-vendorApache Software Foundationfilenamecommons-beanutilsManifestextension-nameorg.apache.commons.beanutilsjarpackage namebeanutilspomgroupidcommons-beanutilsManifestImplementation-Titleorg.apache.commons.beanutilsjarpackage namecommonsjarpackage nameapachejarpackage namebeanutilsManifestspecification-titleJakarta Commons Beanutilscentralartifactidcommons-beanutilsjarpackage namecommonspomartifactidcommons-beanutilsfilenamecommons-beanutilscentralversion1.7.0pomversion1.7.0fileversion1.7.0pkg:maven/commons-beanutils/commons-beanutils@1.7.0https://ossindex.sonatype.org/component/pkg:maven/commons-beanutils/commons-beanutils@1.7.0pkg:maven/commons-beanutils/commons-beanutils@1.7.0https://ossindex.sonatype.org/component/pkg:maven/commons-beanutils/commons-beanutils@1.7.0CVE-2014-0114HIGH7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGHCWE-20Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.MISChttps://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5@%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5@%3Cissues.commons.apache.org%3EMLISThttp://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html[apache-ignite-developers] 20180601 [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114CONFIRMhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755MLISThttps://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd@%3Ccommits.commons.apache.org%3E[commons-commits] 20190528 [commons-beanutils] branch master updated: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesBeanIntrospector.SUPPRESS_CLASS by default. (#7)CONFIRMhttp://advisories.mageia.org/MGASA-2014-0219.htmlhttp://advisories.mageia.org/MGASA-2014-0219.htmlMLISThttps://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f@%3Cissues.commons.apache.org%3E[commons-issues] 20190522 [jira] [Commented] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114MLISThttps://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883@%3Cissues.commons.apache.org%3E[commons-issues] 20190528 [jira] [Closed] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114GENTOOhttps://security.gentoo.org/glsa/201607-09GLSA-201607-09SECUNIAhttp://secunia.com/advisories/5943059430CONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21675972http://www-01.ibm.com/support/docview.wss?uid=swg21675972FEDORAhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.htmlFEDORA-2014-9380SECUNIAhttp://secunia.com/advisories/5924559245CONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21676110http://www-01.ibm.com/support/docview.wss?uid=swg21676110DEBIANhttp://www.debian.org/security/2014/dsa-2940DSA-2940CONFIRMhttps://access.redhat.com/solutions/869353https://access.redhat.com/solutions/869353CONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21674812http://www-01.ibm.com/support/docview.wss?uid=swg21674812CONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21674128http://www-01.ibm.com/support/docview.wss?uid=swg21674128MLISThttps://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86@%3Cdev.commons.apache.org%3E[commons-dev] 20190605 Re: [beanutils] Towards 1.10CONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg27042296http://www-01.ibm.com/support/docview.wss?uid=swg27042296CONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21675387http://www-01.ibm.com/support/docview.wss?uid=swg21675387CONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21675266http://www-01.ibm.com/support/docview.wss?uid=swg21675266SECUNIAhttp://secunia.com/advisories/5970459704CONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21676303http://www-01.ibm.com/support/docview.wss?uid=swg21676303MISChttps://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0@%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0@%3Cissues.commons.apache.org%3EOSSINDEXhttps://ossindex.sonatype.org/vuln/cc1835c0-63c3-4b0a-baa5-a3891271bf60[CVE-2014-0114] Improper Input ValidationSECUNIAhttp://secunia.com/advisories/5948059480CONFIRMhttps://issues.apache.org/jira/browse/BEANUTILS-463https://issues.apache.org/jira/browse/BEANUTILS-463MISChttps://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64@%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64@%3Cissues.commons.apache.org%3EMLISThttps://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilitiesSECUNIAhttp://secunia.com/advisories/5947959479HPhttp://marc.info/?l=bugtraq&m=141451023707502&w=2HPSBST03160CONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21676375http://www-01.ibm.com/support/docview.wss?uid=swg21676375MLISThttps://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f@%3Cuser.commons.apache.org%3E[commons-user] 20190814 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.CONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlMLISThttps://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25@%3Cdev.commons.apache.org%3E[commons-dev] 20190814 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.HPhttp://marc.info/?l=bugtraq&m=140801096002766&w=2HPSBMU03090SECUNIAhttp://secunia.com/advisories/5922859228MISChttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlCONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21675898http://www-01.ibm.com/support/docview.wss?uid=swg21675898MISChttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlSECUNIAhttp://secunia.com/advisories/5924659246CONFIRMhttps://bugzilla.redhat.com/show_bug.cgi?id=1091938https://bugzilla.redhat.com/show_bug.cgi?id=1091938MLISThttp://openwall.com/lists/oss-security/2014/07/08/1[oss-security] 20140707 Re: CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCECONFIRMhttps://security.netapp.com/advisory/ntap-20140911-0001/https://security.netapp.com/advisory/ntap-20140911-0001/SECUNIAhttp://secunia.com/advisories/5885158851SECUNIAhttp://secunia.com/advisories/5971859718CONFIRMhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlCONFIRMhttps://bugzilla.redhat.com/show_bug.cgi?id=1116665https://bugzilla.redhat.com/show_bug.cgi?id=1116665MLISThttps://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859@%3Cdev.commons.apache.org%3E[commons-dev] 20190525 Re: [beanutils2] CVE-2014-0114 Pull RequestMLISThttps://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639@%3Ccommits.commons.apache.org%3E[commons-commits] 20190528 [commons-beanutils] branch master updated: [BEANUTILS-520] BeanUtils2 mitigate CVE-2014-0114.MISChttps://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb@%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb@%3Cissues.commons.apache.org%3EMLISThttps://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f@%3Cnotifications.commons.apache.org%3E[commons-notifications] 20190528 Build failed in Jenkins: commons-beanutils #75CONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlCONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21677110http://www-01.ibm.com/support/docview.wss?uid=swg21677110HPhttp://marc.info/?l=bugtraq&m=140119284401582&w=2HPSBGN03041FULLDISChttp://seclists.org/fulldisclosure/2014/Dec/2320141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilitiesCONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlSECUNIAhttp://secunia.com/advisories/5747757477MLISThttps://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a@%3Cissues.commons.apache.org%3E[commons-issues] 20190521 [jira] [Created] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114MLISThttps://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b@%3Cannounce.apache.org%3E[announce] 20190814 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.SECUNIAhttp://secunia.com/advisories/6017760177MISChttps://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6@%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6@%3Cissues.commons.apache.org%3EMLISThttps://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8@%3Cissues.commons.apache.org%3E[commons-issues] 20190615 [jira] [Reopened] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114MLISThttps://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3@%3Cissues.commons.apache.org%3E[commons-issues] 20190522 [jira] [Work logged] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114SECUNIAhttp://secunia.com/advisories/5901459014MISChttps://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3@%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3@%3Cissues.commons.apache.org%3ECONFIRMhttp://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txthttp://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txtCONFIRMhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlMLISThttps://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478@%3Cissues.commons.apache.org%3E[commons-issues] 20190818 [jira] [Commented] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114MISChttps://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263@%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263@%3Cissues.commons.apache.org%3EMLISThttps://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilitiesSECUNIAhttp://secunia.com/advisories/6070360703SECUNIAhttp://secunia.com/advisories/5894758947CONFIRMhttp://www.vmware.com/security/advisories/VMSA-2014-0012.htmlhttp://www.vmware.com/security/advisories/VMSA-2014-0012.htmlSECUNIAhttp://secunia.com/advisories/5911859118MISChttps://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f@%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f@%3Cissues.commons.apache.org%3ECONFIRMhttps://security.netapp.com/advisory/ntap-20180629-0006/https://security.netapp.com/advisory/ntap-20180629-0006/SECUNIAhttp://secunia.com/advisories/5946459464MLISThttps://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0@%3Cissues.commons.apache.org%3E[commons-issues] 20190615 [jira] [Resolved] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114CONFIRMhttp://www.ibm.com/support/docview.wss?uid=swg21675496http://www.ibm.com/support/docview.wss?uid=swg21675496CONFIRMhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlCONFIRMhttp://www.vmware.com/security/advisories/VMSA-2014-0008.htmlhttp://www.vmware.com/security/advisories/VMSA-2014-0008.htmlCONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21675689http://www-01.ibm.com/support/docview.wss?uid=swg21675689MISChttps://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e@%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e@%3Cissues.commons.apache.org%3EMLISThttps://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346@%3Cissues.commons.apache.org%3E[commons-issues] 20190528 [jira] [Work logged] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114CONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlCONFIRMhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlMANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2014:095MDVSA-2014:095SECUNIAhttp://secunia.com/advisories/5871058710BIDhttp://www.securityfocus.com/bid/6712167121MLISThttps://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1@%3Cdev.commons.apache.org%3E[commons-dev] 20190522 [beanutils2] CVE-2014-0114 Pull RequestMLISThttps://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a@%3Cissues.commons.apache.org%3E[commons-issues] 20190615 [jira] [Updated] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114CONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21676931http://www-01.ibm.com/support/docview.wss?uid=swg21676931BUGTRAQhttp://www.securityfocus.com/archive/1/534161/100/0/threaded20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilitiesMISChttps://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3@%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3@%3Cissues.commons.apache.org%3EMLISThttp://openwall.com/lists/oss-security/2014/06/15/10[oss-security] 20140616 CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCECONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlREDHAThttps://access.redhat.com/errata/RHSA-2018:2669RHSA-2018:2669MLISThttps://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3@%3Cnotifications.commons.apache.org%3E[commons-notifications] 20190528 Build failed in Jenkins: commons-beanutils #74CONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21676091http://www-01.ibm.com/support/docview.wss?uid=swg21676091cpe:2.3:a:apache:struts:1.1:b2:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.1:rc1:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.2.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.1:rc2:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.2.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.1:b3:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.3.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.2.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.2.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.1:b1:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.2.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.2.8:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_beanutils:*:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.0:*:*:*:*:*:*:*commons-io-2.0.1.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/commons-io-2.0.1.jaredb9481c6eee07f4feaa61502af855da7ffdb02f95af1c1a208544e076cea5b8e66e731a2a3f5a206480863aae9dff03f53c930c3add6912f8785498d59442c7ebb98c5c
Commons-IO contains utility classes, stream implementations, file filters, file comparators and endian classes.
http://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/commons-io-2.0.1.jar2a3f5a206480863aae9dff03f53c930c3add6912f8785498d59442c7ebb98c5c7ffdb02f95af1c1a208544e076cea5b8e66e731aedb9481c6eee07f4feaa61502af855dapomparent-artifactidcommons-parentjarpackage nameiopomnameCommons IOpomparent-groupidorg.apache.commonsjarpackage nameapacheManifestImplementation-Vendor-Idorg.apachepomgroupidcommons-ioManifestspecification-vendorThe Apache Software Foundationpomartifactidcommons-iojarpackage namecommonspomurlhttp://commons.apache.org/io/Manifestbundle-symbolicnameorg.apache.commons.ioManifestbundle-docurlhttp://commons.apache.org/io/filenamecommons-ioManifestImplementation-VendorThe Apache Software Foundationpomparent-artifactidcommons-parentpomgroupidcommons-iopomurlhttp://commons.apache.org/io/jarpackage nameiopomnameCommons IOManifestspecification-titleCommons IOjarpackage nameapacheManifestBundle-NameCommons IOjarpackage namecommonsManifestImplementation-TitleCommons IOpomparent-groupidorg.apache.commonsManifestbundle-symbolicnameorg.apache.commons.ioManifestbundle-docurlhttp://commons.apache.org/io/filenamecommons-iopomartifactidcommons-ioManifestImplementation-Version2.0.1ManifestBundle-Version2.0.1pomversion2.0.1fileversion2.0.1pomparent-version2.0.1pkg:maven/commons-io/commons-io@2.0.1https://ossindex.sonatype.org/component/pkg:maven/commons-io/commons-io@2.0.1pkg:maven/commons-io/commons-io@2.0.1https://ossindex.sonatype.org/component/pkg:maven/commons-io/commons-io@2.0.1asm-analysis-6.2.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/asm-analysis-6.2.jarbc8eb8c23002b2dd68672a5ed25acbbdc7d9a90d221cbb977848d2c777eb3aa7637e89df62b2c0d818fde5c52cf6404aa10836dbb170a2c3fa8466e656f0f991732fa01fStatic code analysis API of ASM, a very small and fast Java bytecode manipulation frameworkBSD: http://asm.ow2.org/license.html/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/asm-analysis-6.2.jar62b2c0d818fde5c52cf6404aa10836dbb170a2c3fa8466e656f0f991732fa01fc7d9a90d221cbb977848d2c777eb3aa7637e89dfbc8eb8c23002b2dd68672a5ed25acbbdjarpackage nameobjectwebManifestbundle-symbolicnameorg.objectweb.asm.tree.analysisjarpackage nametreejarpackage nameanalysisManifestbundle-docurlhttp://asm.ow2.orgpomorganization nameOW2pomurlhttp://asm.ow2.org/pomgroupidow2.asmpomparent-artifactidow2jarpackage nameasmpomartifactidasm-analysiscentralgroupidorg.ow2.asmjarpackage nameobjectwebpomorganization urlhttp://www.ow2.org/pomnameasm-analysisjarpackage nametreeManifestmodule-requiresorg.objectweb.asm.tree;transitive=truejarpackage nameasmfilenameasm-analysisManifestbundle-requiredexecutionenvironmentJ2SE-1.5pomparent-groupidorg.ow2Manifestbundle-symbolicnameorg.objectweb.asm.tree.analysisjarpackage nametreejarpackage nameanalysisManifestbundle-docurlhttp://asm.ow2.orgpomparent-groupidorg.ow2pomorganization nameOW2jarpackage nameasmjarpackage nameobjectwebpomurlhttp://asm.ow2.org/pomnameasm-analysisjarpackage nametreepomorganization urlhttp://www.ow2.org/Manifestmodule-requiresorg.objectweb.asm.tree;transitive=truecentralartifactidasm-analysisjarpackage nameasmpomartifactidasm-analysisManifestBundle-Nameorg.objectweb.asm.tree.analysispomparent-artifactidow2ManifestImplementation-TitleStatic code analysis API of ASM, a very small and fast Java bytecode manipulation frameworkfilenameasm-analysisManifestbundle-requiredexecutionenvironmentJ2SE-1.5jarpackage nameanalysispomgroupidow2.asmpomparent-version6.2fileversion6.2pomversion6.2centralversion6.2pkg:maven/org.ow2.asm/asm-analysis@6.2https://ossindex.sonatype.org/component/pkg:maven/org.ow2.asm/asm-analysis@6.2pkg:maven/org.ow2.asm/asm-analysis@6.2https://ossindex.sonatype.org/component/pkg:maven/org.ow2.asm/asm-analysis@6.2hibernate-jpa-2.0-api-1.0.1.Final.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/hibernate-jpa-2.0-api-1.0.1.Final.jard7e7d8f60fc44a127ba702d43e71abec3306a165afa81938fc3d8a0948e891de9f6b192bbacfb6460317d421aa2906d9e63c293b69dc1a5dac480d0f6416df50796a4bb3
Hibernate definition of the Java Persistence 2.0 (JSR 317) API.
license.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/hibernate-jpa-2.0-api-1.0.1.Final.jarbacfb6460317d421aa2906d9e63c293b69dc1a5dac480d0f6416df50796a4bb33306a165afa81938fc3d8a0948e891de9f6b192bd7e7d8f60fc44a127ba702d43e71abecjarpackage namejavaxpomgroupidhibernate.javax.persistencefilenamehibernate-jpa-2.0-api-1.0.1.Finalpomorganization nameHibernate.orgjarpackage namepersistenceManifestspecification-vendorSun Microsystems, Inc.pomartifactidhibernate-jpa-2.0-apiManifestImplementation-Vendorhibernate.orgpomorganization urlhttp://hibernate.orgpomnameJPA 2.0 APIpomurlhttp://hibernate.orgManifestImplementation-TitleJPA APIpomorganization urlhttp://hibernate.orgfilenamehibernate-jpa-2.0-api-1.0.1.Finalpomartifactidhibernate-jpa-2.0-apijarpackage namepersistencepomgroupidhibernate.javax.persistencepomnameJPA 2.0 APIjarpackage namejavaxjarpackage nameversionpomorganization nameHibernate.orgManifestspecification-titleJava Persistence API, Version 2.0pomurlhttp://hibernate.orgManifestImplementation-Version1.0.1.Finalpomversion1.0.1.Finalpkg:maven/org.hibernate.javax.persistence/hibernate-jpa-2.0-api@1.0.1.Finalhttps://ossindex.sonatype.org/component/pkg:maven/org.hibernate.javax.persistence/hibernate-jpa-2.0-api@1.0.1.Finalpkg:maven/org.hibernate.javax.persistence/hibernate-jpa-2.0-api@1.0.1.Finalhttps://ossindex.sonatype.org/component/pkg:maven/org.hibernate.javax.persistence/hibernate-jpa-2.0-api@1.0.1.Finalant-1.9.9.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/ant-1.9.9.jar03bbb3ac9cef4cea901c11ab10ea1b1a9dc55233d8c0809e57b2ec7f78376da3f32872bdd81254bcb2e170c9ea16cd418050f3340da1736380a02415c8ddda9a0a0b8a1bpomurlhttp://ant.apache.org/filenameantjarpackage nameapachemanifest: org/apache/tools/ant/Implementation-VendorApache Software Foundationpomgroupidapache.antpomparent-groupidorg.apache.antjarpackage nameapachejarpackage nameantcentralgroupidorg.apache.antpomparent-artifactidant-parentjarpackage nametoolspomnameApache Ant Corepomartifactidantfilenameantpomartifactidantpomgroupidapache.antjarpackage nametoolspomparent-artifactidant-parentmanifest: org/apache/tools/ant/Specification-TitleApache Antjarpackage nameantjarpackage nameapachepomurlhttp://ant.apache.org/centralartifactidantjarpackage nameantmanifest: org/apache/tools/ant/Implementation-Titleorg.apache.tools.antjarpackage nametoolspomnameApache Ant Corepomparent-groupidorg.apache.antmanifest: org/apache/tools/ant/Implementation-Version1.9.9fileversion1.9.9centralversion1.9.9pomversion1.9.9pkg:maven/org.apache.ant/ant@1.9.9https://ossindex.sonatype.org/component/pkg:maven/org.apache.ant/ant@1.9.9pkg:maven/org.apache.ant/ant@1.9.9https://ossindex.sonatype.org/component/pkg:maven/org.apache.ant/ant@1.9.9commons-digester-1.8.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/commons-digester-1.8.jarcf89c593f0378e9509a06fce7030aebadc6a73fdbd1fa3f0944e8497c6c872fa21dca37e05662373044f3dff112567b7bb5dfa1174e91e074c0c727b4412788013f49d56The Digester package lets you configure an XML->Java object mapping module
which triggers certain actions called rules whenever a particular
pattern of nested XML elements is recognized.The Apache Software License, Version 2.0: /LICENSE.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/commons-digester-1.8.jar05662373044f3dff112567b7bb5dfa1174e91e074c0c727b4412788013f49d56dc6a73fdbd1fa3f0944e8497c6c872fa21dca37ecf89c593f0378e9509a06fce7030aebapomorganization urlhttp://jakarta.apache.orgjarpackage nameapachepomartifactidcommons-digesterjarpackage namecommonspomgroupidcommons-digesterpomnameDigesterManifestImplementation-Vendor-Idorg.apachejarpackage nameapachepomurlhttp://jakarta.apache.org/commons/digester/centralgroupidcommons-digesterManifestspecification-vendorThe Apache Software Foundationjarpackage namecommonsjarpackage namedigesterpomorganization nameThe Apache Software Foundationjarpackage namedigesterfilenamecommons-digesterManifestextension-namecommons-digesterManifestImplementation-VendorThe Apache Software Foundationjarpackage namerulepomurlhttp://jakarta.apache.org/commons/digester/ManifestImplementation-Titleorg.apache.commons.digesterjarpackage namecommonspomorganization urlhttp://jakarta.apache.orgpomnameDigesterjarpackage nameapachejarpackage namecommonsjarpackage namedigesterpomgroupidcommons-digesterpomorganization nameThe Apache Software Foundationcentralartifactidcommons-digesterpomartifactidcommons-digesterManifestspecification-titleRule based XML->Java object mapping modulejarpackage namedigesterfilenamecommons-digesterManifestextension-namecommons-digesterpomversion1.8fileversion1.8centralversion1.8ManifestImplementation-Version1.8pkg:maven/commons-digester/commons-digester@1.8https://ossindex.sonatype.org/component/pkg:maven/commons-digester/commons-digester@1.8pkg:maven/commons-digester/commons-digester@1.8https://ossindex.sonatype.org/component/pkg:maven/commons-digester/commons-digester@1.8jquery.js/var/lib/jenkins/workspace/test@2/target/devsecops/js/jquery.js841dc30647f93349b7d8ef61deebe411e0f962936599a6cd266f004b9d04b29d46811483c3a7b608ebfa8d1dfe658bc119e6236a6aaf878a779e7c560aa11dd30881a56a/var/lib/jenkins/workspace/test@2/src/main/webapp/js/jquery.jsc3a7b608ebfa8d1dfe658bc119e6236a6aaf878a779e7c560aa11dd30881a56ae0f962936599a6cd266f004b9d04b29d46811483841dc30647f93349b7d8ef61deebe411/var/lib/jenkins/workspace/test@2/target/devsecops.war/js/jquery.jsc3a7b608ebfa8d1dfe658bc119e6236a6aaf878a779e7c560aa11dd30881a56ae0f962936599a6cd266f004b9d04b29d46811483841dc30647f93349b7d8ef61deebe411filenamejqueryfilenamejqueryfileversion1.10.2pkg:javascript/jquery@1.10.2https://ossindex.sonatype.org/component/pkg:javascript/jquery@1.10.2pkg:javascript/jquery@1.10.2https://ossindex.sonatype.org/component/pkg:javascript/jquery@1.10.2CVE-2015-9251MEDIUM4.3NETWORKMEDIUMNONENONENONENONEMEDIUM6.1NETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONEMEDIUMCWE-79jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.BUGTRAQhttps://seclists.org/bugtraq/2019/May/1820190509 dotCMS v5.1.1 VulnerabilitiesMLISThttps://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E[flink-user] 20190811 Apache flink 1.7.2 security issuesMISChttps://github.com/jquery/jquery/issues/2432https://github.com/jquery/jquery/issues/2432MISChttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlinfohttps://nvd.nist.gov/vuln/detail/CVE-2015-9251infoMLISThttps://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E[flink-user] 20190813 Apache flink 1.7.2 security issuesFULLDISChttp://seclists.org/fulldisclosure/2019/May/1120190510 dotCMS v5.1.1 HTML Injection & XSS VulnerabilityMLISThttps://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E[flink-user] 20190813 Re: Apache flink 1.7.2 security issuesMISChttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlinfohttps://github.com/jquery/jquery/issues/2432infoMISChttps://github.com/jquery/jquery/pull/2588https://github.com/jquery/jquery/pull/2588CONFIRMhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlFULLDISChttp://seclists.org/fulldisclosure/2019/May/1020190510 dotCMS v5.1.1 VulnerabilitiesBIDhttp://www.securityfocus.com/bid/105658105658FULLDISChttp://seclists.org/fulldisclosure/2019/May/1320190510 Re: dotCMS v5.1.1 HTML Injection & XSS VulnerabilityMISChttps://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdfhttps://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdfinfohttp://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/infoMISChttps://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2MLISThttps://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire jsMLISThttps://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E[flink-dev] 20190811 Apache flink 1.7.2 security issuesMISChttp://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.htmlhttp://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.htmlMISChttps://snyk.io/vuln/npm:jquery:20150627https://snyk.io/vuln/npm:jquery:20150627infohttp://research.insecurelabs.org/jquery/test/infoCONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlMISChttps://ics-cert.us-cert.gov/advisories/ICSA-18-212-04https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04MISChttp://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.htmlhttp://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.htmlMISChttps://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cchttps://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cccpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*CVE-2019-11358MEDIUM4.3NETWORKMEDIUMNONENONENONENONEMEDIUM6.1NETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONEMEDIUMCWE-79jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.SUSEhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.htmlopenSUSE-SU-2019:1839REDHAThttps://access.redhat.com/errata/RHSA-2019:1456RHSA-2019:1456BUGTRAQhttps://seclists.org/bugtraq/2019/May/1820190509 dotCMS v5.1.1 Vulnerabilitiesinfohttps://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1binfoBIDhttp://www.securityfocus.com/bid/108023108023MISChttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlMISChttps://github.com/jquery/jquery/pull/4333https://github.com/jquery/jquery/pull/4333DEBIANhttps://www.debian.org/security/2019/dsa-4460DSA-4460FULLDISChttp://seclists.org/fulldisclosure/2019/May/1120190510 dotCMS v5.1.1 HTML Injection & XSS VulnerabilityBUGTRAQhttps://seclists.org/bugtraq/2019/Jun/1220190612 [SECURITY] [DSA 4460-1] mediawiki security updateinfohttps://nvd.nist.gov/vuln/detail/CVE-2019-11358infoMLISThttps://lists.debian.org/debian-lts-announce/2019/05/msg00029.html[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security updateFEDORAhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/FEDORA-2019-7eaf0bbe7cFULLDISChttp://seclists.org/fulldisclosure/2019/May/1020190510 dotCMS v5.1.1 VulnerabilitiesFEDORAhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/FEDORA-2019-f563e66380MISChttps://backdropcms.org/security/backdrop-sa-core-2019-009https://backdropcms.org/security/backdrop-sa-core-2019-009FEDORAhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/FEDORA-2019-2a0ce0c58cMISChttps://www.drupal.org/sa-core-2019-006https://www.drupal.org/sa-core-2019-006MISChttps://blog.jquery.com/2019/04/10/jquery-3-4-0-released/https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/FULLDISChttp://seclists.org/fulldisclosure/2019/May/1320190510 Re: dotCMS v5.1.1 HTML Injection & XSS VulnerabilityFEDORAhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/FEDORA-2019-1a3edd7e8aMISChttps://snyk.io/vuln/SNYK-JS-JQUERY-174006https://snyk.io/vuln/SNYK-JS-JQUERY-174006MLISThttps://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358MLISThttps://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358MLISThttps://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire jsFEDORAhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/FEDORA-2019-eba8e44ee6MLISThttp://www.openwall.com/lists/oss-security/2019/06/03/2[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)REDHAThttps://access.redhat.com/errata/RHBA-2019:1570RHBA-2019:1570MISChttps://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/DEBIANhttps://www.debian.org/security/2019/dsa-4434DSA-4434MLISThttps://lists.debian.org/debian-lts-announce/2019/05/msg00006.html[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security updateMLISThttps://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358MISChttp://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.htmlhttp://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.htmlMISChttps://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1bhttps://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1bSUSEhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.htmlopenSUSE-SU-2019:1872MLISThttps://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358infohttps://blog.jquery.com/2019/04/10/jquery-3-4-0-released/infoBUGTRAQhttps://seclists.org/bugtraq/2019/Apr/3220190421 [SECURITY] [DSA 4434-1] drupal7 security updateMISChttp://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.htmlhttp://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.htmlMLISThttps://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358FEDORAhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/FEDORA-2019-a06dffab1ccpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*velocity-engine-core-2.1.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/velocity-engine-core-2.1.jarb10fd2f10542c554d3750c9a2a642c67af23c9cc6eafd771a75ef19c4bcaf89337401c1048bd4f41c118bb5b6805c059c296691a7bfacb8edf4f3a6431778ab1309efbefApache Velocity is a general purpose template engine.https://www.apache.org/licenses/LICENSE-2.0.txtpomparent-artifactidvelocity-engine-parentpomnameApache Velocity - EngineManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"Manifestimplementation-urlhttp://velocity.apache.org/engine/devel/velocity-engine-core/pomgroupidapache.velocityManifestbundle-docurlhttps://www.apache.org/jarpackage nameapachepomparent-groupidorg.apache.velocitypomartifactidvelocity-engine-coreManifestspecification-vendorThe Apache Software FoundationManifestbundle-symbolicnameorg.apache.velocity.engine-coreManifestImplementation-Vendor-Idorg.apache.velocityfilenamevelocity-engine-corejarpackage namevelocityManifestImplementation-VendorThe Apache Software FoundationpomnameApache Velocity - EngineManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"Manifestimplementation-urlhttp://velocity.apache.org/engine/devel/velocity-engine-core/pomgroupidapache.velocityjarpackage namefilterManifestbundle-docurlhttps://www.apache.org/jarpackage nameapacheManifestspecification-titleApache Velocity - Enginepomparent-groupidorg.apache.velocityManifestImplementation-TitleApache Velocity - EngineManifestBundle-NameApache Velocity - Enginejarpackage nametemplateManifestbundle-symbolicnameorg.apache.velocity.engine-corefilenamevelocity-engine-corepomparent-artifactidvelocity-engine-parentpomartifactidvelocity-engine-corejarpackage namevelocitypomversion2.1fileversion2.1ManifestImplementation-Version2.1pkg:maven/org.apache.velocity/velocity-engine-core@2.1https://ossindex.sonatype.org/component/pkg:maven/org.apache.velocity/velocity-engine-core@2.1pkg:maven/org.apache.velocity/velocity-engine-core@2.1https://ossindex.sonatype.org/component/pkg:maven/org.apache.velocity/velocity-engine-core@2.1asm-xml-6.2.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/asm-xml-6.2.jar2e8a919a14c4d621f79006faa37ab33f11cbb555182f8998eb6d7dfef17a22070e627846b0362758957b49cd68f4f8a22235b0f3de74c1c3a217e9ef5bd42c3ed00e91b4XML API of ASM, a very small and fast Java bytecode manipulation frameworkBSD: http://asm.ow2.org/license.html/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/asm-xml-6.2.jarb0362758957b49cd68f4f8a22235b0f3de74c1c3a217e9ef5bd42c3ed00e91b411cbb555182f8998eb6d7dfef17a22070e6278462e8a919a14c4d621f79006faa37ab33fjarpackage nameobjectwebjarpackage namexmlManifestbundle-docurlhttp://asm.ow2.orgpomorganization nameOW2pomurlhttp://asm.ow2.org/pomgroupidow2.asmpomparent-artifactidow2jarpackage nameasmfilenameasm-xmlManifestmodule-requiresorg.objectweb.asm;transitive=true,org.objectweb.asm.util;transitive=truecentralgroupidorg.ow2.asmjarpackage nameobjectwebjarpackage namexmlpomartifactidasm-xmlpomorganization urlhttp://www.ow2.org/pomnameasm-xmlManifestbundle-symbolicnameorg.objectweb.asm.xmljarpackage nameasmManifestbundle-requiredexecutionenvironmentJ2SE-1.5pomparent-groupidorg.ow2jarpackage namexmlManifestImplementation-TitleXML API of ASM, a very small and fast Java bytecode manipulation frameworkManifestbundle-docurlhttp://asm.ow2.orgpomartifactidasm-xmlpomparent-groupidorg.ow2pomorganization nameOW2jarpackage nameasmfilenameasm-xmlManifestmodule-requiresorg.objectweb.asm;transitive=true,org.objectweb.asm.util;transitive=truejarpackage namexmljarpackage nameobjectwebpomurlhttp://asm.ow2.org/ManifestBundle-Nameorg.objectweb.asm.xmlpomorganization urlhttp://www.ow2.org/centralartifactidasm-xmlpomnameasm-xmljarpackage nameasmManifestbundle-symbolicnameorg.objectweb.asm.xmlpomparent-artifactidow2Manifestbundle-requiredexecutionenvironmentJ2SE-1.5pomgroupidow2.asmpomparent-version6.2fileversion6.2pomversion6.2centralversion6.2pkg:maven/org.ow2.asm/asm-xml@6.2https://ossindex.sonatype.org/component/pkg:maven/org.ow2.asm/asm-xml@6.2pkg:maven/org.ow2.asm/asm-xml@6.2https://ossindex.sonatype.org/component/pkg:maven/org.ow2.asm/asm-xml@6.2asm-6.2.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/asm-6.2.jar7abdce94068615d690495f45eb6eb9801b6c4ff09ce03f3052429139c2a68e295cae6604917bda888bc543187325d5fbc1034207eed152574ef78df1734ca0aee40b7fc8ASM, a very small and fast Java bytecode manipulation frameworkBSD: http://asm.ow2.org/license.html/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/asm-6.2.jar917bda888bc543187325d5fbc1034207eed152574ef78df1734ca0aee40b7fc81b6c4ff09ce03f3052429139c2a68e295cae66047abdce94068615d690495f45eb6eb980Manifestbundle-symbolicnameorg.objectweb.asmjarpackage nameobjectwebManifestbundle-docurlhttp://asm.ow2.orgpomorganization nameOW2pomurlhttp://asm.ow2.org/pomnameasmpomgroupidow2.asmpomparent-artifactidow2jarpackage nameasmpomartifactidasmcentralgroupidorg.ow2.asmfilenameasmjarpackage nameobjectwebpomorganization urlhttp://www.ow2.org/jarpackage nameasmManifestbundle-requiredexecutionenvironmentJ2SE-1.5pomparent-groupidorg.ow2Manifestbundle-symbolicnameorg.objectweb.asmManifestbundle-docurlhttp://asm.ow2.orgpomparent-groupidorg.ow2pomorganization nameOW2pomnameasmjarpackage nameasmcentralartifactidasmpomartifactidasmfilenameasmjarpackage nameobjectwebpomurlhttp://asm.ow2.org/pomorganization urlhttp://www.ow2.org/ManifestImplementation-TitleASM, a very small and fast Java bytecode manipulation frameworkjarpackage nameasmManifestBundle-Nameorg.objectweb.asmpomparent-artifactidow2Manifestbundle-requiredexecutionenvironmentJ2SE-1.5pomgroupidow2.asmpomparent-version6.2fileversion6.2pomversion6.2centralversion6.2pkg:maven/org.ow2.asm/asm@6.2https://ossindex.sonatype.org/component/pkg:maven/org.ow2.asm/asm@6.2pkg:maven/org.ow2.asm/asm@6.2https://ossindex.sonatype.org/component/pkg:maven/org.ow2.asm/asm@6.2commons-lang-2.6.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/commons-lang-2.6.jar4d5c1693079575b362edf41500630bbd0ce1edb914c94ebc388f086c6827e8bdeec71ac250f11b09f877c294d56f24463f47d28f929cf5044f648661c0f0cfbae9a2f49c
Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
http://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/commons-lang-2.6.jar50f11b09f877c294d56f24463f47d28f929cf5044f648661c0f0cfbae9a2f49c0ce1edb914c94ebc388f086c6827e8bdeec71ac24d5c1693079575b362edf41500630bbdjarpackage namelangpomparent-artifactidcommons-parentManifestbundle-symbolicnameorg.apache.commons.langfilenamecommons-langpomparent-groupidorg.apache.commonsjarpackage nameapacheManifestImplementation-Vendor-Idorg.apacheManifestbundle-docurlhttp://commons.apache.org/lang/pomurlhttp://commons.apache.org/lang/pomartifactidcommons-langManifestspecification-vendorThe Apache Software Foundationjarpackage namecommonspomnameCommons Langpomgroupidcommons-langManifestImplementation-VendorThe Apache Software Foundationpomartifactidcommons-langpomparent-artifactidcommons-parentjarpackage namelangpomgroupidcommons-langManifestbundle-symbolicnameorg.apache.commons.langfilenamecommons-langpomurlhttp://commons.apache.org/lang/jarpackage nameapacheManifestbundle-docurlhttp://commons.apache.org/lang/ManifestBundle-NameCommons Langjarpackage namecommonsManifestImplementation-TitleCommons Langpomparent-groupidorg.apache.commonspomnameCommons LangManifestspecification-titleCommons Langpomparent-version2.6ManifestImplementation-Version2.6fileversion2.6ManifestBundle-Version2.6pomversion2.6pkg:maven/commons-lang/commons-lang@2.6https://ossindex.sonatype.org/component/pkg:maven/commons-lang/commons-lang@2.6pkg:maven/commons-lang/commons-lang@2.6https://ossindex.sonatype.org/component/pkg:maven/commons-lang/commons-lang@2.6checker-qual-2.8.1.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/checker-qual-2.8.1.jare1c060246b024c4f260c6904e55a62a3eb2e8ab75598548cc8acf9a1ca227e480e01881e9103499008bcecd4e948da29b17864abb64304e15706444ae209d17ebe0575df
Checker Qual is the set of annotations (qualifiers) and supporting classes
used by the Checker Framework to type check Java source code. Please
see artifact:
org.checkerframework:checker
The MIT License: http://opensource.org/licenses/MITjarpackage namecheckerframeworkjarpackage namecheckerManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"Manifestimplementation-urlhttps://checkerframework.orgjarpackage namequalpomartifactidchecker-qualManifestbundle-symbolicnamechecker-qualcentralgroupidorg.checkerframeworkManifestautomatic-module-nameorg.checkerframework.checker.qualpomgroupidcheckerframeworkpomnameChecker Qualjarpackage namecheckerjarpackage namecheckerframeworkpomurlhttps://checkerframework.orgfilenamechecker-qualjarpackage namecheckerframeworkjarpackage namecheckerpomurlhttps://checkerframework.orgpomgroupidcheckerframeworkManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"Manifestimplementation-urlhttps://checkerframework.orgjarpackage namequaljarpackage namequalManifestbundle-symbolicnamechecker-qualManifestautomatic-module-nameorg.checkerframework.checker.qualpomnameChecker Qualjarpackage namecheckerManifestBundle-Namechecker-qualcentralartifactidchecker-qualpomartifactidchecker-qualfilenamechecker-qualManifestImplementation-Version2.8.1ManifestBundle-Version2.8.1pomversion2.8.1fileversion2.8.1centralversion2.8.1pkg:maven/org.checkerframework/checker-qual@2.8.1https://ossindex.sonatype.org/component/pkg:maven/org.checkerframework/checker-qual@2.8.1pkg:maven/org.checkerframework/checker-qual@2.8.1https://ossindex.sonatype.org/component/pkg:maven/org.checkerframework/checker-qual@2.8.1gson-2.8.5.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/gson-2.8.5.jar089104cb90d8b4e1aa00b1f5faef0742f645ed69d595b24d4cf8b3fbb64cc505bede8829233a0149fc365c9f6edbd683cfe266b19bdc773be98eabdaf6b3c924b48e7d81Gson JSON libraryfilenamegsonpomparent-groupidcom.google.code.gsonjarpackage namegooglejarpackage namegsonManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"Manifestbundle-symbolicnamecom.google.gsonpomgroupidgoogle.code.gsonManifestbundle-contactaddresshttps://github.com/google/gsonpomnameGsonpomartifactidgsonpomparent-artifactidgson-parentManifestbundle-requiredexecutionenvironmentJ2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8filenamegsonpomgroupidgoogle.code.gsonjarpackage namegooglejarpackage namegsonManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"Manifestbundle-symbolicnamecom.google.gsonManifestbundle-contactaddresshttps://github.com/google/gsonpomnameGsonManifestBundle-NameGsonManifestbundle-requiredexecutionenvironmentJ2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8pomartifactidgsonpomparent-artifactidgson-parentpomparent-groupidcom.google.code.gsonpomversion2.8.5fileversion2.8.5ManifestBundle-Version2.8.5pkg:maven/com.google.code.gson/gson@2.8.5https://ossindex.sonatype.org/component/pkg:maven/com.google.code.gson/gson@2.8.5pkg:maven/com.google.code.gson/gson@2.8.5https://ossindex.sonatype.org/component/pkg:maven/com.google.code.gson/gson@2.8.5jackson-core-2.9.7.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/jackson-core-2.9.7.jarae90e61fef491afefbc9c225b64977534b7f0e0dc527fab032e9800ed231080fdc3ac0159e5bc0efabd9f0cac5c1fdd9ae35b16332ed22a0ee19a356de370a18a8cb6c84Core Jackson processing abstractions (aka Streaming API), implementation for JSONhttp://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/jackson-core-2.9.7.jar9e5bc0efabd9f0cac5c1fdd9ae35b16332ed22a0ee19a356de370a18a8cb6c844b7f0e0dc527fab032e9800ed231080fdc3ac015ae90e61fef491afefbc9c225b6497753pomurlFasterXML/jackson-corefilenamejackson-coreManifestImplementation-Vendor-Idcom.fasterxml.jackson.coreManifestbundle-docurlhttps://github.com/FasterXML/jackson-coreManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"jarpackage namejsonManifestImplementation-VendorFasterXMLpomparent-groupidcom.fasterxml.jacksonpomnameJackson-corejarpackage namejacksonpomparent-artifactidjackson-baseManifestimplementation-build-date2018-09-19 02:41:39+0000jarpackage namecorejarpackage namebaseManifestspecification-vendorFasterXMLpomgroupidfasterxml.jackson.corepomartifactidjackson-corejarpackage namefasterxmlManifestautomatic-module-namecom.fasterxml.jackson.coreManifestbundle-symbolicnamecom.fasterxml.jackson.core.jackson-corepomparent-groupidcom.fasterxml.jacksonfilenamejackson-coreManifestbundle-docurlhttps://github.com/FasterXML/jackson-coreManifestImplementation-TitleJackson-coreManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"pomgroupidfasterxml.jackson.corejarpackage namejsonManifestBundle-NameJackson-corejarpackage namefilterpomnameJackson-corejarpackage namejacksonpomurlFasterXML/jackson-coreManifestimplementation-build-date2018-09-19 02:41:39+0000jarpackage namecorejarpackage nameversionjarpackage namebasepomartifactidjackson-corepomparent-artifactidjackson-basejarpackage namefasterxmlManifestautomatic-module-namecom.fasterxml.jackson.coreManifestbundle-symbolicnamecom.fasterxml.jackson.core.jackson-coreManifestspecification-titleJackson-coreManifestImplementation-Version2.9.7ManifestBundle-Version2.9.7fileversion2.9.7pomversion2.9.7pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.7https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.7pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.7https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.7dependency-check-core-5.2.1.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/dependency-check-core-5.2.1.jar09f8884f1bcb721259c50d6e763e6e12b44c19dd79cf0ae85ce20c5251527339dc47397f393e7f89621a91f4845e6056025734489dc28ea9280fc982601638b009873303dependency-check-core is the engine and reporting tool used to identify and report if there are any known, publicly disclosed vulnerabilities in the scanned project's dependencies. The engine extracts meta-data from the dependencies and uses this to do fuzzy key-word matching against the Common Platfrom Enumeration (CPE), if any CPE identifiers are found the associated Common Vulnerability and Exposure (CVE) entries are added to the generated report./var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/dependency-check-cli-5.2.1.jar393e7f89621a91f4845e6056025734489dc28ea9280fc982601638b00987330321745e3757eaaad009c6158db9fcf01579d38105606c3bc9577620c35041c37cc07b8eecpkg:maven/org.owasp/dependency-check-cli@5.2.1https://ossindex.sonatype.org/component/pkg:maven/org.owasp/dependency-check-cli@5.2.1/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/dependency-check-utils-5.2.1.jar393e7f89621a91f4845e6056025734489dc28ea9280fc982601638b0098733037ac90a9bc300d11ae3460429cff3fbdb1a0a89c5ffab28d15e169ac88e45fa0d4777a0bfpkg:maven/org.owasp/dependency-check-utils@5.2.1https://ossindex.sonatype.org/component/pkg:maven/org.owasp/dependency-check-utils@5.2.1pomartifactiddependency-check-corepomparent-groupidorg.owaspjarpackage nameowaspjarpackage namedatafilenamedependency-check-corepomnameDependency-Check CorepomgroupidowaspManifestbuild-jdk-spec1.8jarpackage namedependencypomparent-artifactiddependency-check-parentManifestImplementation-VendorOWASPjarpackage namereportingjarpackage nameenginejarpackage nameowaspjarpackage namedatafilenamedependency-check-corepomnameDependency-Check CoreManifestImplementation-TitleDependency-Check CoreManifestbuild-jdk-spec1.8pomgroupidowasppomparent-groupidorg.owaspjarpackage namedependencypomartifactiddependency-check-corepomparent-artifactiddependency-check-parentjarpackage namereportingjarpackage nameenginepomversion5.2.1fileversion5.2.1ManifestImplementation-Version5.2.1pkg:maven/org.owasp/dependency-check-core@5.2.1https://ossindex.sonatype.org/component/pkg:maven/org.owasp/dependency-check-core@5.2.1pkg:maven/org.owasp/dependency-check-core@5.2.1https://ossindex.sonatype.org/component/pkg:maven/org.owasp/dependency-check-core@5.2.1slf4j-api-1.7.5.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/slf4j-api-1.7.5.jar3b1ececad9ebc3fbad2953ccf4a070ca6b262da268f8ad9eff941b25503a9198f0a0ac93fe30825245d2336c859dc38d60c0fc5f3668dbf29cd586828d2b5667ec355b91The slf4j API/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/slf4j-api-1.7.5.jarfe30825245d2336c859dc38d60c0fc5f3668dbf29cd586828d2b5667ec355b916b262da268f8ad9eff941b25503a9198f0a0ac933b1ececad9ebc3fbad2953ccf4a070cafilenameslf4j-apipomurlhttp://www.slf4j.orgManifestbundle-symbolicnameslf4j.apipomnameSLF4J API Modulepomgroupidslf4jpomartifactidslf4j-apipomparent-artifactidslf4j-parentManifestbundle-requiredexecutionenvironmentJ2SE-1.3pomparent-groupidorg.slf4jjarpackage nameslf4jpomnameSLF4J API Modulepomparent-groupidorg.slf4jpomartifactidslf4j-apiManifestBundle-Nameslf4j-apifilenameslf4j-apiManifestbundle-symbolicnameslf4j.apiManifestImplementation-Titleslf4j-apipomparent-artifactidslf4j-parentpomgroupidslf4jpomurlhttp://www.slf4j.orgManifestbundle-requiredexecutionenvironmentJ2SE-1.3jarpackage nameslf4jManifestBundle-Version1.7.5ManifestImplementation-Version1.7.5fileversion1.7.5pomversion1.7.5pkg:maven/org.slf4j/slf4j-api@1.7.5https://ossindex.sonatype.org/component/pkg:maven/org.slf4j/slf4j-api@1.7.5pkg:maven/org.slf4j/slf4j-api@1.7.5https://ossindex.sonatype.org/component/pkg:maven/org.slf4j/slf4j-api@1.7.5jcl-over-slf4j-1.7.15.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/jcl-over-slf4j-1.7.15.jarec012970331eea95119fe69cfc2719c4598ffdd2f61d99a0244d095b96f3cb9c48b0cb8a1faeb66c0b69e7d75369ca48fc1ce4b84c8b66c1f8610b5fd060ad46d53a6e01JCL 1.1.1 implemented over SLF4Jpomurlhttp://www.slf4j.orgfilenamejcl-over-slf4jpomnameJCL 1.1.1 implemented over SLF4JManifestbundle-symbolicnamejcl.over.slf4jpomgroupidslf4jpomartifactidjcl-over-slf4jpomparent-artifactidslf4j-parentpomparent-groupidorg.slf4jManifestbundle-requiredexecutionenvironmentJ2SE-1.5ManifestImplementation-Titlejcl-over-slf4jfilenamejcl-over-slf4jpomnameJCL 1.1.1 implemented over SLF4JManifestbundle-symbolicnamejcl.over.slf4jpomartifactidjcl-over-slf4jpomparent-artifactidslf4j-parentManifestBundle-Namejcl-over-slf4jpomgroupidslf4jpomparent-groupidorg.slf4jpomurlhttp://www.slf4j.orgManifestbundle-requiredexecutionenvironmentJ2SE-1.5fileversion1.7.15pomversion1.7.15ManifestBundle-Version1.7.15ManifestImplementation-Version1.7.15pkg:maven/org.slf4j/jcl-over-slf4j@1.7.15https://ossindex.sonatype.org/component/pkg:maven/org.slf4j/jcl-over-slf4j@1.7.15pkg:maven/org.slf4j/jcl-over-slf4j@1.7.15https://ossindex.sonatype.org/component/pkg:maven/org.slf4j/jcl-over-slf4j@1.7.15price-range.js/var/lib/jenkins/workspace/test@2/target/devsecops/js/price-range.js8565ff5f29372da52f220e2fe23ea7306191abc3f5ee0e4ffdb6c1719face9754d81d12fe8648ac9f0a5b0c8bd6b984e9515f3ba15fe6bc12f5388f31c1bcc317cfebcf4/var/lib/jenkins/workspace/test@2/src/main/webapp/js/price-range.jse8648ac9f0a5b0c8bd6b984e9515f3ba15fe6bc12f5388f31c1bcc317cfebcf46191abc3f5ee0e4ffdb6c1719face9754d81d12f8565ff5f29372da52f220e2fe23ea730/var/lib/jenkins/workspace/test@2/target/devsecops.war/js/price-range.jse8648ac9f0a5b0c8bd6b984e9515f3ba15fe6bc12f5388f31c1bcc317cfebcf46191abc3f5ee0e4ffdb6c1719face9754d81d12f8565ff5f29372da52f220e2fe23ea730main.js/var/lib/jenkins/workspace/test@2/src/main/webapp/js/main.jsc2f31dda690ac650ace679f27c69035570d9cbd75dbd0ab0d7b57a9775d1f743009014b8d5c212e0a4c875acace311a6afb09aeb6a21166afdd777cbdc3de69eb5bf431f/var/lib/jenkins/workspace/test@2/target/devsecops/js/main.jsd5c212e0a4c875acace311a6afb09aeb6a21166afdd777cbdc3de69eb5bf431f70d9cbd75dbd0ab0d7b57a9775d1f743009014b8c2f31dda690ac650ace679f27c690355/var/lib/jenkins/workspace/test@2/target/devsecops.war/js/main.jsd5c212e0a4c875acace311a6afb09aeb6a21166afdd777cbdc3de69eb5bf431f70d9cbd75dbd0ab0d7b57a9775d1f743009014b8c2f31dda690ac650ace679f27c690355tiles-core-2.0.6.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/tiles-core-2.0.6.jar283f1fa1743b357eb17db15b56e1a64c234c747d4b7d70ec505d39d314db7b4fd443269fe4d37aa64ffb8e49ecc9ffd9cab8eae52e6fe553ff332515b3663503ead68d25Tiles Core Library, including basic implementation of the APIs.
/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/tiles-api-2.0.6.jare4d37aa64ffb8e49ecc9ffd9cab8eae52e6fe553ff332515b3663503ead68d25729a464b01317f178fdf5c8d0d97328487a3cb0daa99867384889e44a46ddc68bb940366/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/tiles-jsp-2.0.6.jare4d37aa64ffb8e49ecc9ffd9cab8eae52e6fe553ff332515b3663503ead68d2519b61ced8324efa01f3dd85c0509a6b473e5316813abb2b6712544cea71c342043e85bd4pkg:maven/org.apache.tiles/tiles-jsp@2.0.6https://ossindex.sonatype.org/component/pkg:maven/org.apache.tiles/tiles-jsp@2.0.6/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/tiles-core-2.0.6.jare4d37aa64ffb8e49ecc9ffd9cab8eae52e6fe553ff332515b3663503ead68d25234c747d4b7d70ec505d39d314db7b4fd443269f283f1fa1743b357eb17db15b56e1a64c/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/tiles-api-2.0.6.jare4d37aa64ffb8e49ecc9ffd9cab8eae52e6fe553ff332515b3663503ead68d25729a464b01317f178fdf5c8d0d97328487a3cb0daa99867384889e44a46ddc68bb940366pkg:maven/org.apache.tiles/tiles-api@2.0.6https://ossindex.sonatype.org/component/pkg:maven/org.apache.tiles/tiles-api@2.0.6/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/tiles-jsp-2.0.6.jare4d37aa64ffb8e49ecc9ffd9cab8eae52e6fe553ff332515b3663503ead68d2519b61ced8324efa01f3dd85c0509a6b473e5316813abb2b6712544cea71c342043e85bd4ManifestImplementation-Vendor-Idorg.apachejarpackage nameapacheManifestImplementation-VendorApache Software Foundationpomgroupidapache.tilesfilenametiles-corejarpackage nametilesManifestspecification-vendorApache Software Foundationpomartifactidtiles-corepomparent-artifactidtiles-parentpomnameTiles - Core Librarypomparent-groupidorg.apache.tilesjarpackage nameapachepomgroupidapache.tilesfilenametiles-corejarpackage nametilespomparent-groupidorg.apache.tilesManifestImplementation-TitleTiles - Core Librarypomartifactidtiles-coreManifestspecification-titleTiles - Core Librarypomparent-artifactidtiles-parentpomnameTiles - Core Libraryfileversion2.0.6pomversion2.0.6ManifestImplementation-Version2.0.6pkg:maven/org.apache.tiles/tiles-core@2.0.6https://ossindex.sonatype.org/component/pkg:maven/org.apache.tiles/tiles-core@2.0.6pkg:maven/org.apache.tiles/tiles-core@2.0.6https://ossindex.sonatype.org/component/pkg:maven/org.apache.tiles/tiles-core@2.0.6asm-util-6.2.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/asm-util-6.2.jarcf102ff32c9cef7fda92bd7b2a751ca4a9690730f92cc79eeadc20e400ebb41eccce10b1f2820ea6ef069b83f37d805f5cec58b2872a25650f5f95b4f3cc572156323df0Utilities for ASM, a very small and fast Java bytecode manipulation frameworkBSD: http://asm.ow2.org/license.html/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/asm-util-6.2.jarf2820ea6ef069b83f37d805f5cec58b2872a25650f5f95b4f3cc572156323df0a9690730f92cc79eeadc20e400ebb41eccce10b1cf102ff32c9cef7fda92bd7b2a751ca4jarpackage nameobjectwebjarpackage nameutilManifestbundle-docurlhttp://asm.ow2.orgpomorganization nameOW2pomnameasm-utilManifestbundle-symbolicnameorg.objectweb.asm.utilManifestmodule-requiresorg.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true,org.objectweb.asm.tree.analysis;transitive=truepomurlhttp://asm.ow2.org/pomartifactidasm-utilpomgroupidow2.asmpomparent-artifactidow2jarpackage nameasmcentralgroupidorg.ow2.asmjarpackage nameobjectwebpomorganization urlhttp://www.ow2.org/jarpackage nameutiljarpackage nameasmfilenameasm-utilManifestbundle-requiredexecutionenvironmentJ2SE-1.5pomparent-groupidorg.ow2jarpackage nameutilManifestbundle-docurlhttp://asm.ow2.orgpomnameasm-utilManifestbundle-symbolicnameorg.objectweb.asm.utilManifestmodule-requiresorg.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true,org.objectweb.asm.tree.analysis;transitive=truepomparent-groupidorg.ow2pomorganization nameOW2jarpackage nameasmjarpackage nameobjectwebManifestBundle-Nameorg.objectweb.asm.utilpomurlhttp://asm.ow2.org/ManifestImplementation-TitleUtilities for ASM, a very small and fast Java bytecode manipulation frameworkjarpackage nameutilpomorganization urlhttp://www.ow2.org/jarpackage nameasmcentralartifactidasm-utilpomparent-artifactidow2filenameasm-utilManifestbundle-requiredexecutionenvironmentJ2SE-1.5pomgroupidow2.asmpomartifactidasm-utilpomparent-version6.2fileversion6.2pomversion6.2centralversion6.2pkg:maven/org.ow2.asm/asm-util@6.2https://ossindex.sonatype.org/component/pkg:maven/org.ow2.asm/asm-util@6.2pkg:maven/org.ow2.asm/asm-util@6.2https://ossindex.sonatype.org/component/pkg:maven/org.ow2.asm/asm-util@6.2gmaps.js/var/lib/jenkins/workspace/test@2/target/devsecops/js/gmaps.js75a1b69b80f43aaaf74e3f56ca80e59d8add2c5e4fc37d3723f975f6302e98771febcff35958050960c5d1cf4ff27afaf54acfd6a0a8ea1bbbf09573d74852063704201f/var/lib/jenkins/workspace/test@2/src/main/webapp/js/gmaps.js5958050960c5d1cf4ff27afaf54acfd6a0a8ea1bbbf09573d74852063704201f8add2c5e4fc37d3723f975f6302e98771febcff375a1b69b80f43aaaf74e3f56ca80e59d/var/lib/jenkins/workspace/test@2/target/devsecops.war/js/gmaps.js5958050960c5d1cf4ff27afaf54acfd6a0a8ea1bbbf09573d74852063704201f8add2c5e4fc37d3723f975f6302e98771febcff375a1b69b80f43aaaf74e3f56ca80e59djaxen-1.1.6.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/jaxen-1.1.6.jara140517286b56eea981e188dcc3a13f63f8c36d9a0578e8e98f030c662b69888b1430ac05ac9c74bbb3964b34a886ba6b1b6c0b0dc3ebeebc1dc4a44942a76634490b3ebJaxen is a universal Java XPath engine.http://jaxen.codehaus.org/license.html/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/jaxen-1.1.6.jar5ac9c74bbb3964b34a886ba6b1b6c0b0dc3ebeebc1dc4a44942a76634490b3eb3f8c36d9a0578e8e98f030c662b69888b1430ac0a140517286b56eea981e188dcc3a13f6Manifestbundle-symbolicnamejaxenjarpackage namejaxenpomartifactidjaxenManifestbundle-docurlhttp://codehaus.orgjarpackage namexpathpomorganization urlhttp://codehaus.orgpomorganization nameCodehauspomgroupidjaxenpomurlhttp://jaxen.codehaus.org/pomnamejaxenfilenamejaxenManifestbundle-docurlhttp://codehaus.orgManifestBundle-Namejaxenfilenamejaxenpomorganization urlhttp://codehaus.orgpomartifactidjaxenpomurlhttp://jaxen.codehaus.org/jarpackage namejaxenManifestbundle-symbolicnamejaxenjarpackage namexpathpomgroupidjaxenpomorganization nameCodehauspomnamejaxenpomversion1.1.6fileversion1.1.6ManifestBundle-Version1.1.6pkg:maven/jaxen/jaxen@1.1.6https://ossindex.sonatype.org/component/pkg:maven/jaxen/jaxen@1.1.6pkg:maven/jaxen/jaxen@1.1.6https://ossindex.sonatype.org/component/pkg:maven/jaxen/jaxen@1.1.6spring-core-5.1.2.RELEASE.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/spring-core-5.1.2.RELEASE.jard64dcf8e0f28f8b74cea9868d5a52defb9b00d4075c92761cfd4e527e0bdce1931b4f3dc3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c5Spring CoreApache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/spring-context-5.1.2.RELEASE.jar3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c55c85bc522a5adac9b09b7204fa20708519ab6a114575fc76a4c1974da992abe67d6f43fepkg:maven/org.springframework/spring-context@5.1.2.RELEASEhttps://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-context@5.1.2.RELEASE/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/spring-context-5.1.2.RELEASE.jar3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c55c85bc522a5adac9b09b7204fa20708519ab6a114575fc76a4c1974da992abe67d6f43fe/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/spring-beans-5.1.2.RELEASE.jar3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c55d513701a79c92f0549574f5170a05c4af7c893d8e7e5b97f44fea3e6ff9924be235ac10/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/spring-jcl-5.1.2.RELEASE.jar3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c5f0d7165b6cfb90356da4f25b14a6437fdef1ec8ad24c4517c318640edad0436bf35ee61f/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/spring-aop-5.1.2.RELEASE.jar3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c5bc3cdf3c81bc0a3482cc7f6b9e00ab76847056a788619d03a3e2bdb4c4d51708e124a562/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/spring-beans-5.1.2.RELEASE.jar3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c55d513701a79c92f0549574f5170a05c4af7c893d8e7e5b97f44fea3e6ff9924be235ac10pkg:maven/org.springframework/spring-beans@5.1.2.RELEASEhttps://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-beans@5.1.2.RELEASE/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/spring-web-5.1.2.RELEASE.jar3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c53ff2a93b072da42c3930225e3dceeabb0678eb0b296062cb66d11ba3630c9cc024002f5a/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/spring-expression-5.1.2.RELEASE.jar3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c503c16b062785e4c101db6b754fcb34a77c1e912cac5b30ba1df477476cecafc3eed9a2cfpkg:maven/org.springframework/spring-expression@5.1.2.RELEASEhttps://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-expression@5.1.2.RELEASE/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/spring-expression-5.1.2.RELEASE.jar3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c503c16b062785e4c101db6b754fcb34a77c1e912cac5b30ba1df477476cecafc3eed9a2cf/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/spring-jcl-5.1.2.RELEASE.jar3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c5f0d7165b6cfb90356da4f25b14a6437fdef1ec8ad24c4517c318640edad0436bf35ee61fpkg:maven/org.springframework/spring-jcl@5.1.2.RELEASEhttps://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-jcl@5.1.2.RELEASE/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/spring-aop-5.1.2.RELEASE.jar3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c5bc3cdf3c81bc0a3482cc7f6b9e00ab76847056a788619d03a3e2bdb4c4d51708e124a562pkg:maven/org.springframework/spring-aop@5.1.2.RELEASEhttps://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-aop@5.1.2.RELEASE/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/spring-core-5.1.2.RELEASE.jar3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c5b9b00d4075c92761cfd4e527e0bdce1931b4f3dcd64dcf8e0f28f8b74cea9868d5a52def/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/spring-web-5.1.2.RELEASE.jar3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c53ff2a93b072da42c3930225e3dceeabb0678eb0b296062cb66d11ba3630c9cc024002f5apkg:maven/org.springframework/spring-web@5.1.2.RELEASEhttps://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-web@5.1.2.RELEASEfilenamespring-corehint analyzervendorvmwarepomartifactidspring-corepomgroupidspringframeworkpomurlspring-projects/spring-frameworkhint analyzervendorpivotal softwarepomnameSpring Corejarpackage namecorepomorganization urlhttp://projects.spring.io/spring-frameworkManifestautomatic-module-namespring.corejarpackage namespringframeworkhint analyzervendorSpringSourcepomorganization nameSpring IOjarpackage namecorecentralgroupidorg.springframeworkfilenamespring-corepomorganization urlhttp://projects.spring.io/spring-frameworkpomnameSpring Corejarpackage namecorepomurlspring-projects/spring-frameworkManifestautomatic-module-namespring.corepomorganization nameSpring IOcentralartifactidspring-coreManifestImplementation-Titlespring-corepomgroupidspringframeworkpomartifactidspring-corejarpackage namecorehint analyzerproductspringsource_spring_frameworkManifestImplementation-Version5.1.2.RELEASEcentralversion5.1.2.RELEASEpomversion5.1.2.RELEASEpkg:maven/org.springframework/spring-core@5.1.2.RELEASEhttps://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-core@5.1.2.RELEASEpkg:maven/org.springframework/spring-core@5.1.2.RELEASEhttps://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-core@5.1.2.RELEASEcommons-logging-1.2.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/commons-logging-1.2.jar040b4b4d8eac886f6b4a2a3bd2f31b004bfc12adfe4842bf07b657f0369c4cb522955686daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636Apache Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems.http://www.apache.org/licenses/LICENSE-2.0.txtjarpackage nameloggingpomparent-artifactidcommons-parentpomurlhttp://commons.apache.org/proper/commons-logging/Manifestbundle-symbolicnameorg.apache.commons.loggingpomgroupidcommons-loggingpomartifactidcommons-loggingManifestbundle-docurlhttp://commons.apache.org/proper/commons-logging/pomparent-groupidorg.apache.commonspomnameApache Commons Loggingjarpackage nameapacheManifestImplementation-Vendor-Idorg.apacheManifestimplementation-buildtags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200Manifestspecification-vendorThe Apache Software Foundationjarpackage namecommonsfilenamecommons-loggingManifestImplementation-VendorThe Apache Software Foundationpomparent-artifactidcommons-parentjarpackage nameloggingManifestbundle-symbolicnameorg.apache.commons.loggingManifestspecification-titleApache Commons Loggingpomartifactidcommons-loggingManifestbundle-docurlhttp://commons.apache.org/proper/commons-logging/pomnameApache Commons Loggingjarpackage nameapacheManifestimplementation-buildtags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200jarpackage namecommonspomurlhttp://commons.apache.org/proper/commons-logging/filenamecommons-loggingManifestImplementation-TitleApache Commons Loggingpomparent-groupidorg.apache.commonsManifestBundle-NameApache Commons Loggingpomgroupidcommons-loggingManifestImplementation-Version1.2pomparent-version1.2fileversion1.2pomversion1.2pkg:maven/commons-logging/commons-logging@1.2https://ossindex.sonatype.org/component/pkg:maven/commons-logging/commons-logging@1.2pkg:maven/commons-logging/commons-logging@1.2https://ossindex.sonatype.org/component/pkg:maven/commons-logging/commons-logging@1.2hibernate-core-4.2.6.Final.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/hibernate-core-4.2.6.Final.jar243590d8645131cc10cb4025a04a3345472211fa82a5fffb69f2aa22e7b5e62fe0b521545cd0ac382b5f75fbc83b8d488dfff3e5c7b106b14edd56c96e244cf452cb1146A module of the Hibernate Core projectGNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/hibernate-core-4.2.6.Final.jar5cd0ac382b5f75fbc83b8d488dfff3e5c7b106b14edd56c96e244cf452cb1146472211fa82a5fffb69f2aa22e7b5e62fe0b52154243590d8645131cc10cb4025a04a3345Manifestimplementation-urlhttp://hibernate.orgjarpackage namehibernatepomartifactidhibernate-corecentralgroupidorg.hibernatepomnameA Hibernate Core Modulefilenamehibernate-corejarpackage namehibernateManifestImplementation-VendorHibernate.orgpomurlhttp://hibernate.orgManifestImplementation-Vendor-Idorg.hibernateManifestbundle-symbolicnameorg.hibernate.corepomorganization nameHibernate.orgpomgroupidhibernatepomorganization urlhttp://hibernate.orgManifestimplementation-urlhttp://hibernate.orgManifestBundle-Namehibernate-corejarpackage namehibernatepomorganization urlhttp://hibernate.orgpomnameA Hibernate Core Modulepomgroupidhibernatefilenamehibernate-corecentralartifactidhibernate-corepomartifactidhibernate-coreManifestbundle-symbolicnameorg.hibernate.corepomorganization nameHibernate.orgpomurlhttp://hibernate.orgcentralversion4.2.6.Finalpomversion4.2.6.FinalManifestBundle-Version4.2.6.FinalManifestImplementation-Version4.2.6.Finalpkg:maven/org.hibernate/hibernate-core@4.2.6.Finalhttps://ossindex.sonatype.org/component/pkg:maven/org.hibernate/hibernate-core@4.2.6.Finalpkg:maven/org.hibernate/hibernate-core@4.2.6.Finalhttps://ossindex.sonatype.org/component/pkg:maven/org.hibernate/hibernate-core@4.2.6.Finaljstl-1.2.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/jstl-1.2.jar51e15f798e69358cb893e38c50596b9b74aca283cd4f4b4f3e425f5820cda58f44409547c6273119354a41522877e663582041012b22f8204fe72bba337ed84c7e649b0a/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/jstl-1.2.jarc6273119354a41522877e663582041012b22f8204fe72bba337ed84c7e649b0a74aca283cd4f4b4f3e425f5820cda58f4440954751e15f798e69358cb893e38c50596b9bpomgroupidjstlManifestextension-namejavax.servlet.jsp.jstlpomgroupidjavax.servletpomartifactidjstlcentralgroupidjstlManifestImplementation-VendorSun Microsystems, Inc.jarpackage nameapachejarpackage nametaglibsjarpackage namestandardjarpackage namejstlcentralgroupidjavax.servletjarpackage nameservletManifestImplementation-Vendor-Idorg.apachejarpackage nameapachejarpackage namejavaxfilenamejstlManifestspecification-vendorSun Microsystems, Inc.jarpackage namejspManifestextension-namejavax.servlet.jsp.jstljarpackage nametaglibsManifestspecification-titleJavaServer Pages(TM) Standard Tag Libraryjarpackage namestandardjarpackage namejstljarpackage nametagjarpackage nameservletjarpackage namejavaxcentralartifactidjstlpomgroupidjstlpomgroupidjavax.servletfilenamejstljarpackage namestandardpomartifactidjstljarpackage namejspManifestImplementation-Version1.2fileversion1.2centralversion1.2pomversion1.2pkg:maven/javax.servlet/jstl@1.2https://ossindex.sonatype.org/component/pkg:maven/javax.servlet/jstl@1.2pkg:maven/jstl/jstl@1.2https://ossindex.sonatype.org/component/pkg:maven/jstl/jstl@1.2pkg:maven/javax.servlet/jstl@1.2https://ossindex.sonatype.org/component/pkg:maven/javax.servlet/jstl@1.2pkg:maven/jstl/jstl@1.2https://ossindex.sonatype.org/component/pkg:maven/jstl/jstl@1.2CVE-2015-0254HIGH7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGHNVD-CWE-OtherApache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag. <a href="http://cwe.mitre.org/data/definitions/611.html" target="_blank">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>REDHAThttp://rhn.redhat.com/errata/RHSA-2016-1838.htmlRHSA-2016:1838REDHAThttps://access.redhat.com/errata/RHSA-2016:1376RHSA-2016:1376CONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlSECTRACKhttp://www.securitytracker.com/id/10349341034934MLISThttp://mail-archives.apache.org/mod_mbox/tomcat-taglibs-user/201502.mbox/%3C82207A16-6348-4DEE-877E-F7B87292576A%40apache.org%3E[tomcat-taglibs-user] 20150227 [SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tagsBUGTRAQhttp://www.securityfocus.com/archive/1/534772/100/0/threaded20150227 [SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tagsBIDhttp://www.securityfocus.com/bid/7280972809REDHAThttp://rhn.redhat.com/errata/RHSA-2015-1695.htmlRHSA-2015:1695MLISThttps://lists.apache.org/thread.html/8a20e48acb2a40be5130df91cf9d39d8ad93181989413d4abcaa4914@%3Cdev.tomcat.apache.org%3E[tomcat-dev] 20190319 svn commit: r1855831 [27/30] - in /tomcat/site/trunk: ./ docs/ xdocs/MLISThttps://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/REDHAThttp://rhn.redhat.com/errata/RHSA-2016-1839.htmlRHSA-2016:1839REDHAThttp://rhn.redhat.com/errata/RHSA-2016-1840.htmlRHSA-2016:1840UBUNTUhttp://www.ubuntu.com/usn/USN-2551-1USN-2551-1MISChttp://packetstormsecurity.com/files/130575/Apache-Standard-Taglibs-1.2.1-XXE-Remote-Command-Execution.htmlhttp://packetstormsecurity.com/files/130575/Apache-Standard-Taglibs-1.2.1-XXE-Remote-Command-Execution.htmlOSSINDEXhttps://ossindex.sonatype.org/vuln/3e7cab6b-3859-45e0-877f-e8a5fa6f3f93[CVE-2015-0254] Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrar...SUSEhttp://lists.opensuse.org/opensuse-updates/2015-10/msg00033.htmlopenSUSE-SU-2015:1751REDHAThttp://rhn.redhat.com/errata/RHSA-2016-1841.htmlRHSA-2016:1841cpe:2.3:a:apache:standard_taglibs:*:*:*:*:*:*:*:*spotbugs-annotations-3.1.12.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/spotbugs-annotations-3.1.12.jar3e611c2dfc7976b3732891874d3acc3bba2c77a05091820668987292f245f3b089387bfab0954eeb5fbca69ab648dab24e812e24587ad67638a101d8fd16363431da7cb7Annotations the SpotBugs tool supportsGNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.htmljarpackage namecsfilenamespotbugs-annotationscentralgroupidcom.github.spotbugspomgroupidgithub.spotbugsManifestbundle-symbolicnamespotbugs-annotationspomurlhttps://spotbugs.github.io/Manifestautomatic-module-namecom.github.spotbugs.annotationspomnameSpotBugs Annotationsjarpackage nameedupomartifactidspotbugs-annotationsManifestbundle-requiredexecutionenvironmentJ2SE-1.5jarpackage nameumdjarpackage namecsfilenamespotbugs-annotationsjarpackage namefindbugspomartifactidspotbugs-annotationspomurlhttps://spotbugs.github.io/ManifestBundle-Namespotbugs-annotationsManifestbundle-symbolicnamespotbugs-annotationspomgroupidgithub.spotbugscentralartifactidspotbugs-annotationsManifestautomatic-module-namecom.github.spotbugs.annotationspomnameSpotBugs AnnotationsManifestbundle-requiredexecutionenvironmentJ2SE-1.5jarpackage nameumdpomversion3.1.12ManifestBundle-Version3.1.12fileversion3.1.12centralversion3.1.12pkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.12https://ossindex.sonatype.org/component/pkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.12pkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.12https://ossindex.sonatype.org/component/pkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.12commons-cli-1.4.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/commons-cli-1.4.jarc966d7e03507c834d5b09b848560174ec51c00206bb913cd8612b24abd9fa98ae89719b1fd3c7c9545a9cdb2051d1f9155c4f76b1e4ac5a57304404a6eedb578ffba7328
Apache Commons CLI provides a simple API for presenting, processing and validating a command line interface.
https://www.apache.org/licenses/LICENSE-2.0.txtpomparent-artifactidcommons-parentjarpackage namecliManifestbundle-docurlhttp://commons.apache.org/proper/commons-cli/pomgroupidcommons-clipomnameApache Commons CLIpomparent-groupidorg.apache.commonspomartifactidcommons-clijarpackage nameapacheManifestImplementation-Vendor-Idorg.apachefilenamecommons-cliManifestbundle-symbolicnameorg.apache.commons.cliManifestspecification-vendorThe Apache Software Foundationjarpackage namecommonsManifestimplementation-urlhttp://commons.apache.org/proper/commons-cli/pomurlhttp://commons.apache.org/proper/commons-cli/Manifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))"Manifestimplementation-buildtags/cli-1.4-RC1@r1786159; 2017-03-09 13:01:35+0000ManifestImplementation-VendorThe Apache Software Foundationpomparent-artifactidcommons-parentManifestImplementation-TitleApache Commons CLIpomurlhttp://commons.apache.org/proper/commons-cli/pomartifactidcommons-cliManifestBundle-NameApache Commons CLIjarpackage namecliManifestbundle-docurlhttp://commons.apache.org/proper/commons-cli/pomnameApache Commons CLIManifestspecification-titleApache Commons CLIjarpackage nameapachefilenamecommons-cliManifestbundle-symbolicnameorg.apache.commons.clijarpackage namecommonsManifestimplementation-urlhttp://commons.apache.org/proper/commons-cli/pomparent-groupidorg.apache.commonspomgroupidcommons-cliManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))"Manifestimplementation-buildtags/cli-1.4-RC1@r1786159; 2017-03-09 13:01:35+0000ManifestImplementation-Version1.4pomversion1.4fileversion1.4pomparent-version1.4pkg:maven/commons-cli/commons-cli@1.4https://ossindex.sonatype.org/component/pkg:maven/commons-cli/commons-cli@1.4pkg:maven/commons-cli/commons-cli@1.4https://ossindex.sonatype.org/component/pkg:maven/commons-cli/commons-cli@1.4dom4j-2.1.0.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/dom4j-2.1.0.jardcd0b683599cb29fd0a684d54c38e71d6ad46940de4d721df3d6bbcd297714974209544595b11e251e4f0fdcc5d1b3b984d30452260f65d1b382c7aea1448d2b83e8c222flexible XML framework for JavaBSD 3-clause New License: https://github.com/dom4j/dom4j/blob/master/LICENSE/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/dom4j-2.1.0.jar95b11e251e4f0fdcc5d1b3b984d30452260f65d1b382c7aea1448d2b83e8c2226ad46940de4d721df3d6bbcd2977149742095445dcd0b683599cb29fd0a684d54c38e71dpomgroupiddom4jpomartifactiddom4jpomurlhttp://dom4j.github.io/filenamedom4jjarpackage namedom4jpomnamedom4jcentralgroupidorg.dom4jpomurlhttp://dom4j.github.io/pomartifactiddom4jfilenamedom4jpomnamedom4jcentralartifactiddom4jpomgroupiddom4jpomversion2.1.0fileversion2.1.0centralversion2.1.0pkg:maven/org.dom4j/dom4j@2.1.0https://ossindex.sonatype.org/component/pkg:maven/org.dom4j/dom4j@2.1.0pkg:maven/org.dom4j/dom4j@2.1.0https://ossindex.sonatype.org/component/pkg:maven/org.dom4j/dom4j@2.1.0CVE-2018-1000632HIGH6.4NETWORKLOWNONENONENONEPARTIALMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDNONEHIGHNONEHIGHCWE-91dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.MLISThttps://lists.apache.org/thread.html/9d4c1af6f702c3d6d6f229de57112ddccac8ce44446a01b7937ab9e0@%3Ccommits.maven.apache.org%3E[maven-commits] 20190604 [maven-archetype] branch master updated: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 yearCONFIRMhttps://security.netapp.com/advisory/ntap-20190530-0001/https://security.netapp.com/advisory/ntap-20190530-0001/REDHAThttps://access.redhat.com/errata/RHSA-2019:1161RHSA-2019:1161MLISThttps://lists.apache.org/thread.html/5a020ecaa3c701f408f612f7ba2ee37a021644c4a39da2079ed3ddbc@%3Ccommits.maven.apache.org%3E[maven-commits] 20190531 [maven-archetype] 01/01: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 yearREDHAThttps://access.redhat.com/errata/RHSA-2019:0380RHSA-2019:0380REDHAThttps://access.redhat.com/errata/RHSA-2019:1159RHSA-2019:1159REDHAThttps://access.redhat.com/errata/RHSA-2019:1162RHSA-2019:1162REDHAThttps://access.redhat.com/errata/RHSA-2019:0365RHSA-2019:0365MISChttps://ihacktoprotect.com/post/dom4j-xml-injection/https://ihacktoprotect.com/post/dom4j-xml-injection/REDHAThttps://access.redhat.com/errata/RHSA-2019:0364RHSA-2019:0364MLISThttps://lists.debian.org/debian-lts-announce/2018/09/msg00028.html[debian-lts-announce] 20180924 [SECURITY] [DLA 1517-1] dom4j security updateREDHAThttps://access.redhat.com/errata/RHSA-2019:1160RHSA-2019:1160OSSINDEXhttps://ossindex.sonatype.org/vuln/09883ba9-5094-49df-bd4a-1eaf1d6ba07b[CVE-2018-1000632] XML Injection (aka Blind XPath Injection)CONFIRMhttps://github.com/dom4j/dom4j/issues/48https://github.com/dom4j/dom4j/issues/48MLISThttps://lists.apache.org/thread.html/00571f362a7a2470fba50a31282c65637c40d2e21ebe6ee535a4ed74@%3Ccommits.maven.apache.org%3E[maven-commits] 20190601 [maven-archetype] 01/01: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 yearMLISThttps://lists.apache.org/thread.html/4a77652531d62299a30815cf5f233af183425db8e3c9a824a814e768@%3Cdev.maven.apache.org%3E[maven-dev] 20190531 Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)MLISThttps://lists.apache.org/thread.html/7f6e120e6ed473f4e00dde4c398fc6698eb383bd7857d20513e989ce@%3Cdev.maven.apache.org%3E[maven-dev] 20190531 proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)REDHAThttps://access.redhat.com/errata/RHSA-2019:0362RHSA-2019:0362MLISThttps://lists.apache.org/thread.html/d7d960b2778e35ec9b4d40c8efd468c7ce7163bcf6489b633491c89f@%3Cdev.maven.apache.org%3E[maven-dev] 20190603 Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)MLISThttps://lists.apache.org/thread.html/7e9e78f0e4288fac6591992836d2a80d4df19161e54bd71ab4b8e458@%3Cdev.maven.apache.org%3E[maven-dev] 20190610 Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)CONFIRMhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlCONFIRMhttps://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387cpe:2.3:a:dom4j_project:dom4j:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*logback-core-1.2.3.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/logback-core-1.2.3.jar841fc80c6edff60d947a3872a2db4d45864344400c3d4d92dfeb0a305dc87d953677c03c5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22logback-core modulehttp://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/logback-classic-1.2.3.jar5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f227c4f3c474fb2c041d8028740440937705ebb473a64f7a68f931aed8e5ad8243470440f0bpkg:maven/ch.qos.logback/logback-classic@1.2.3https://ossindex.sonatype.org/component/pkg:maven/ch.qos.logback/logback-classic@1.2.3Manifestbundle-docurlhttp://www.qos.chpomparent-artifactidlogback-parentManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"pomgroupidch.qos.logbackManifestbundle-symbolicnamech.qos.logback.corefilenamelogback-corepomnameLogback Core Modulejarpackage namecorejarpackage namechjarpackage nameqosjarpackage namelogbackManifestoriginally-created-byApache Maven Bundle PluginManifestbundle-requiredexecutionenvironmentJavaSE-1.6pomartifactidlogback-coreManifestbundle-docurlhttp://www.qos.chpomparent-artifactidlogback-parentManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"ManifestBundle-NameLogback Core ModuleManifestbundle-symbolicnamech.qos.logback.corefilenamelogback-corepomnameLogback Core Modulejarpackage namecorejarpackage namechjarpackage nameqospomartifactidlogback-corejarpackage namelogbackManifestoriginally-created-byApache Maven Bundle Pluginpomgroupidch.qos.logbackManifestbundle-requiredexecutionenvironmentJavaSE-1.6ManifestBundle-Version1.2.3pomversion1.2.3fileversion1.2.3pkg:maven/ch.qos.logback/logback-core@1.2.3https://ossindex.sonatype.org/component/pkg:maven/ch.qos.logback/logback-core@1.2.3pkg:maven/ch.qos.logback/logback-core@1.2.3https://ossindex.sonatype.org/component/pkg:maven/ch.qos.logback/logback-core@1.2.3commons-fileupload-1.2.2.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/commons-fileupload-1.2.2.jara0ad9550a7062ddb6528d8725c8230dd1e48256a2341047e7d729217adeec8217f6e3a1a939e5d9a239407f57237b2fb2ad02cefca782905b2ac32f83826a7c4ad083667
The FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
http://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/commons-fileupload-1.2.2.jar939e5d9a239407f57237b2fb2ad02cefca782905b2ac32f83826a7c4ad0836671e48256a2341047e7d729217adeec8217f6e3a1aa0ad9550a7062ddb6528d8725c8230ddManifestbundle-symbolicnameorg.apache.commons.fileuploadpomparent-artifactidcommons-parentfilenamecommons-fileuploadpomnameCommons FileUploadpomparent-groupidorg.apache.commonsjarpackage nameapacheManifestImplementation-Vendor-Idorg.apachepomgroupidcommons-fileuploadjarpackage namefileuploadManifestbundle-docurlhttp://commons.apache.org/fileupload/Manifestspecification-vendorThe Apache Software Foundationjarpackage namecommonspomartifactidcommons-fileuploadpomurlhttp://commons.apache.org/fileupload/ManifestImplementation-VendorThe Apache Software Foundationpomparent-artifactidcommons-parentManifestbundle-symbolicnameorg.apache.commons.fileuploadpomgroupidcommons-fileuploadpomurlhttp://commons.apache.org/fileupload/filenamecommons-fileuploadManifestspecification-titleCommons FileUploadpomnameCommons FileUploadpomartifactidcommons-fileuploadjarpackage nameapachejarpackage namefileuploadManifestbundle-docurlhttp://commons.apache.org/fileupload/jarpackage namecommonspomparent-groupidorg.apache.commonsManifestImplementation-TitleCommons FileUploadManifestBundle-NameCommons FileUploadpomversion1.2.2fileversion1.2.2ManifestImplementation-Version1.2.2ManifestBundle-Version1.2.2pomparent-version1.2.2pkg:maven/commons-fileupload/commons-fileupload@1.2.2https://ossindex.sonatype.org/component/pkg:maven/commons-fileupload/commons-fileupload@1.2.2pkg:maven/commons-fileupload/commons-fileupload@1.2.2https://ossindex.sonatype.org/component/pkg:maven/commons-fileupload/commons-fileupload@1.2.2Arbitrary file upload via deserialization0.0> The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.
>
> -- [redhat.com](https://access.redhat.com/security/cve/CVE-2013-2186)OSSINDEXhttps://ossindex.sonatype.org/vuln/fb810cbf-d8fb-4f30-b79b-82652ae7192aArbitrary file upload via deserializationcpe:2.3:a:commons-fileupload:commons-fileupload:1.2.2:*:*:*:*:*:*:*CVE-2013-0248LOW3.3LOCALMEDIUMNONENONENONEPARTIALLOWCWE-264The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.HPhttp://marc.info/?l=bugtraq&m=144050155601375&w=2HPSBMU03409OSVDBhttp://www.osvdb.org/9090690906OSSINDEXhttps://ossindex.sonatype.org/vuln/88c767c5-36d0-4f1f-afe8-4a595454c436[CVE-2013-0248] Permissions, Privileges, and Access ControlsBUGTRAQhttp://archives.neohapsis.com/archives/bugtraq/2013-03/0035.html20130306 [SECURITY] CVE-2013-0248 Apache Commons FileUpload - Insecure examplesCONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlBIDhttp://www.securityfocus.com/bid/5832658326cpe:2.3:a:apache:commons_fileupload:1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_fileupload:1.2.2:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_fileupload:1.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_fileupload:1.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_fileupload:1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_fileupload:1.1:*:*:*:*:*:*:*CVE-2014-0050HIGH7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGHCWE-264MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. The previous CVSS assessment ( Base Score: 5.0 - AV:N/AC:L/AU:N/C:N/I:N/A:P) was provided at the time of initial analysis based on the best available published information at that time. The score has been updated to reflect the impact to Oracle products per <a href=http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html> Oracle Critical Patch Update Advisory - October 2015 </a>. Other products listed as vulnerable may or may not be similarly impacted.REDHAThttp://rhn.redhat.com/errata/RHSA-2014-0252.htmlRHSA-2014:0252CONFIRMhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917FULLDISChttp://seclists.org/fulldisclosure/2014/Dec/2320141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilitiesSECUNIAhttp://secunia.com/advisories/5950059500SECUNIAhttp://secunia.com/advisories/5807558075CONFIRMhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755JVNhttp://jvn.jp/en/jp/JVN14876762/index.htmlJVN#14876762CONFIRMhttps://bugzilla.redhat.com/show_bug.cgi?id=1062337https://bugzilla.redhat.com/show_bug.cgi?id=1062337SECUNIAhttp://secunia.com/advisories/5923259232CONFIRMhttp://tomcat.apache.org/security-7.htmlhttp://tomcat.apache.org/security-7.htmlCONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21677724http://www-01.ibm.com/support/docview.wss?uid=swg21677724SECUNIAhttp://secunia.com/advisories/5939959399CONFIRMhttp://www.vmware.com/security/advisories/VMSA-2014-0007.htmlhttp://www.vmware.com/security/advisories/VMSA-2014-0007.htmlCONFIRMhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.htmlhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.htmlCONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21676092http://www-01.ibm.com/support/docview.wss?uid=swg21676092SECUNIAhttp://secunia.com/advisories/5918559185SECUNIAhttp://secunia.com/advisories/5918759187DEBIANhttp://www.debian.org/security/2014/dsa-2856DSA-2856UBUNTUhttp://www.ubuntu.com/usn/USN-2130-1USN-2130-1MISChttp://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.htmlhttp://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.htmlCONFIRMhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlCONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21669554http://www-01.ibm.com/support/docview.wss?uid=swg21669554MISChttp://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.htmlhttp://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.htmlSECUNIAhttp://secunia.com/advisories/5918359183CONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21676853http://www-01.ibm.com/support/docview.wss?uid=swg21676853CONFIRMhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlHPhttp://marc.info/?l=bugtraq&m=143136844732487&w=2HPSBGN03329SECUNIAhttp://secunia.com/advisories/5903959039CONFIRMhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722CONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlCONFIRMhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.htmlhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.htmlBIDhttp://www.securityfocus.com/bid/6540065400CONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21681214http://www-01.ibm.com/support/docview.wss?uid=swg21681214CONFIRMhttp://www.vmware.com/security/advisories/VMSA-2014-0012.htmlhttp://www.vmware.com/security/advisories/VMSA-2014-0012.htmlCONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21676410http://www-01.ibm.com/support/docview.wss?uid=swg21676410SECUNIAhttp://secunia.com/advisories/6047560475REDHAThttp://rhn.redhat.com/errata/RHSA-2014-0253.htmlRHSA-2014:0253MLISThttp://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907@apache.org%3E[commons-dev] 20140206 [SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoSCONFIRMhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlREDHAThttp://rhn.redhat.com/errata/RHSA-2014-0400.htmlRHSA-2014:0400CONFIRMhttp://www.vmware.com/security/advisories/VMSA-2014-0008.htmlhttp://www.vmware.com/security/advisories/VMSA-2014-0008.htmlCONFIRMhttp://tomcat.apache.org/security-8.htmlhttp://tomcat.apache.org/security-8.htmlSECUNIAhttp://secunia.com/advisories/5897658976CONFIRMhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.htmlhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.htmlMANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:084MDVSA-2015:084CONFIRMhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlSECUNIAhttp://secunia.com/advisories/5918459184SECUNIAhttp://secunia.com/advisories/5904159041SECUNIAhttp://secunia.com/advisories/5791557915CONFIRMhttp://advisories.mageia.org/MGASA-2014-0110.htmlhttp://advisories.mageia.org/MGASA-2014-0110.htmlCONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21676405http://www-01.ibm.com/support/docview.wss?uid=swg21676405JVNDBhttp://jvndb.jvn.jp/jvndb/JVNDB-2014-000017JVNDB-2014-000017SECUNIAhttp://secunia.com/advisories/5949259492OSSINDEXhttps://ossindex.sonatype.org/vuln/43e6c5a5-b586-4b31-9244-b62b6e36f2d0[CVE-2014-0050] Permissions, Privileges, and Access ControlsCONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21675432http://www-01.ibm.com/support/docview.wss?uid=swg21675432BUGTRAQhttp://www.securityfocus.com/archive/1/532549/100/0/threaded20140625 NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts libraryCONFIRMhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlBUGTRAQhttp://www.securityfocus.com/archive/1/534161/100/0/threaded20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilitiesCONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21677691http://www-01.ibm.com/support/docview.wss?uid=swg21677691CONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21676401http://www-01.ibm.com/support/docview.wss?uid=swg21676401SECUNIAhttp://secunia.com/advisories/6075360753CONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlCONFIRMhttp://svn.apache.org/r1565143http://svn.apache.org/r1565143SECUNIAhttp://secunia.com/advisories/5972559725CONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21676656http://www-01.ibm.com/support/docview.wss?uid=swg21676656CONFIRMhttp://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htmhttp://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htmCONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21676091http://www-01.ibm.com/support/docview.wss?uid=swg21676091CONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21676403http://www-01.ibm.com/support/docview.wss?uid=swg21676403CONFIRMhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlcpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_applications:13.0:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_fileupload:1.2.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_applications:13.3:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_fileupload:1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_applications:14.0:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_applications:12.0:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_fileupload:1.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*cpe:2.3:a:oracle:retail_applications:13.4:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_fileupload:1.2.2:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*cpe:2.3:a:apache:commons_fileupload:1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_fileupload:1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_applications:13.2:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*cpe:2.3:a:oracle:retail_applications:12.0in:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_applications:13.1:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*CVE-2016-1000031CRITICAL7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGH9.8NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGHCRITICALCWE-284Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution Per Apache: "Having reviewed your report we have concluded that it does not represent a valid vulnerability in Apache Commons File Upload. If an application deserializes data from an untrusted source without filtering and/or validation that is an application vulnerability not a vulnerability in the library a potential attacker might leverage."CONFIRMhttps://security.netapp.com/advisory/ntap-20190212-0001/https://security.netapp.com/advisory/ntap-20190212-0001/SUSEhttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00036.htmlopenSUSE-SU-2019:1399MLISThttps://lists.apache.org/thread.html/d66657323fd25e437face5e84899c8ca404ccd187e81c3f2fa8b6080@%3Cannounce.apache.org%3E[announce] 20181105 [SECURITY] Immediately upgrade commons-fileupload to version 1.3.3 when running Struts 2.3.36 or priorBIDhttp://www.securityfocus.com/bid/9360493604MISChttps://www.tenable.com/security/research/tra-2016-30https://www.tenable.com/security/research/tra-2016-30CONFIRMhttps://issues.apache.org/jira/browse/FILEUPLOAD-279https://issues.apache.org/jira/browse/FILEUPLOAD-279CONFIRMhttps://issues.apache.org/jira/browse/WW-4812https://issues.apache.org/jira/browse/WW-4812MISChttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlMISChttps://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlMISChttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlOSSINDEXhttps://ossindex.sonatype.org/vuln/3d5968a4-4e14-4a98-8816-a4e847bc1426[CVE-2016-1000031] Improper Access ControlCONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlCONFIRMhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlMISChttps://www.tenable.com/security/research/tra-2016-12https://www.tenable.com/security/research/tra-2016-12MISChttps://www.tenable.com/security/research/tra-2016-23https://www.tenable.com/security/research/tra-2016-23MISChttp://www.zerodayinitiative.com/advisories/ZDI-16-570/http://www.zerodayinitiative.com/advisories/ZDI-16-570/cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*CVE-2016-3092HIGH7.8NETWORKLOWNONENONENONECOMPLETEHIGH7.5NETWORKLOWNONENONEUNCHANGEDNONENONEHIGHHIGHCWE-20The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.DEBIANhttp://www.debian.org/security/2016/dsa-3609DSA-3609UBUNTUhttp://www.ubuntu.com/usn/USN-3027-1USN-3027-1CONFIRMhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840JVNhttp://jvn.jp/en/jp/JVN89379547/index.htmlJVN#89379547REDHAThttp://rhn.redhat.com/errata/RHSA-2016-2071.htmlRHSA-2016:2071REDHAThttps://access.redhat.com/errata/RHSA-2017:0456RHSA-2017:0456CONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlCONFIRMhttps://security.netapp.com/advisory/ntap-20190212-0001/https://security.netapp.com/advisory/ntap-20190212-0001/REDHAThttp://rhn.redhat.com/errata/RHSA-2016-2068.htmlRHSA-2016:2068CONFIRMhttps://bugzilla.redhat.com/show_bug.cgi?id=1349468https://bugzilla.redhat.com/show_bug.cgi?id=1349468CONFIRMhttp://svn.apache.org/viewvc?view=revision&revision=1743738http://svn.apache.org/viewvc?view=revision&revision=1743738CONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlCONFIRMhttp://svn.apache.org/viewvc?view=revision&revision=1743480http://svn.apache.org/viewvc?view=revision&revision=1743480UBUNTUhttp://www.ubuntu.com/usn/USN-3024-1USN-3024-1CONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlMLISThttps://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/REDHAThttp://rhn.redhat.com/errata/RHSA-2016-2808.htmlRHSA-2016:2808REDHAThttps://access.redhat.com/errata/RHSA-2017:0455RHSA-2017:0455MLISThttp://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E[dev] 20160621 CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerabilitySECTRACKhttp://www.securitytracker.com/id/10364271036427REDHAThttp://rhn.redhat.com/errata/RHSA-2017-0457.htmlRHSA-2017:0457CONFIRMhttp://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlGENTOOhttps://security.gentoo.org/glsa/201705-09GLSA-201705-09REDHAThttp://rhn.redhat.com/errata/RHSA-2016-2070.htmlRHSA-2016:2070SECTRACKhttp://www.securitytracker.com/id/10370291037029MISChttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlCONFIRMhttp://tomcat.apache.org/security-7.htmlhttp://tomcat.apache.org/security-7.htmlDEBIANhttp://www.debian.org/security/2016/dsa-3614DSA-3614CONFIRMhttp://tomcat.apache.org/security-8.htmlhttp://tomcat.apache.org/security-8.htmlCONFIRMhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371CONFIRMhttp://tomcat.apache.org/security-9.htmlhttp://tomcat.apache.org/security-9.htmlCONFIRMhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759REDHAThttp://rhn.redhat.com/errata/RHSA-2016-2069.htmlRHSA-2016:2069SUSEhttp://lists.opensuse.org/opensuse-updates/2016-09/msg00025.htmlopenSUSE-SU-2016:2252BIDhttp://www.securityfocus.com/bid/9145391453SECTRACKhttp://www.securitytracker.com/id/10369001036900CONFIRMhttp://svn.apache.org/viewvc?view=revision&revision=1743722http://svn.apache.org/viewvc?view=revision&revision=1743722JVNDBhttp://jvndb.jvn.jp/jvndb/JVNDB-2016-000121JVNDB-2016-000121CONFIRMhttp://svn.apache.org/viewvc?view=revision&revision=1743742http://svn.apache.org/viewvc?view=revision&revision=1743742DEBIANhttp://www.debian.org/security/2016/dsa-3611DSA-3611MLISThttps://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/REDHAThttp://rhn.redhat.com/errata/RHSA-2016-2072.htmlRHSA-2016:2072SECTRACKhttp://www.securitytracker.com/id/10396061039606REDHAThttp://rhn.redhat.com/errata/RHSA-2016-2807.htmlRHSA-2016:2807CONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlOSSINDEXhttps://ossindex.sonatype.org/vuln/39d74cc8-457a-4e57-89ef-a258420138c5[CVE-2016-3092] Improper Input ValidationREDHAThttp://rhn.redhat.com/errata/RHSA-2016-2599.htmlRHSA-2016:2599cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.35:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.32:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*cpe:2.3:a:hp:icewall_identity_manager:5.0:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:9.0.0:m6:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:9.0.0:m4:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.33:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:9.0.0:m3:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*javassist-3.15.0-GA.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/javassist-3.15.0-GA.jar2fcae06eedcddd3e5b0fe32416f99c1c79907309ca4bb4e5e51d4086cc4179b2611358d7eeec97d5987dc8d525285fab888bab4c68a2ef1412335f73aba2b804f88a6cb5Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
simple. It is a class library for editing bytecodes in Java.
MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses//var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/javassist-3.15.0-GA.jareeec97d5987dc8d525285fab888bab4c68a2ef1412335f73aba2b804f88a6cb579907309ca4bb4e5e51d4086cc4179b2611358d72fcae06eedcddd3e5b0fe32416f99c1cpomartifactidjavassistpomgroupidjavassistjarpackage namejavassistpomnameJavassistpomurlhttp://www.javassist.org/filenamejavassistManifestspecification-vendorShigeru Chibajarpackage namebytecodepomartifactidjavassistjarpackage namejavassistManifestspecification-titleJavassistpomnameJavassistpomurlhttp://www.javassist.org/filenamejavassistjarpackage namebytecodepomgroupidjavassistpomversion3.15.0-GApkg:maven/org.javassist/javassist@3.15.0-GAhttps://ossindex.sonatype.org/component/pkg:maven/org.javassist/javassist@3.15.0-GApkg:maven/org.javassist/javassist@3.15.0-GAhttps://ossindex.sonatype.org/component/pkg:maven/org.javassist/javassist@3.15.0-GAasm-tree-6.2.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/asm-tree-6.2.jare7279981c6764dcd73a99705acf5c9a661570e046111559f38d4e0e580c005f75988c0a602317d9ed739dab470a96f44de712fde51a811362ca26852b34324388e61257cTree API of ASM, a very small and fast Java bytecode manipulation frameworkBSD: http://asm.ow2.org/license.html/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/asm-tree-6.2.jar02317d9ed739dab470a96f44de712fde51a811362ca26852b34324388e61257c61570e046111559f38d4e0e580c005f75988c0a6e7279981c6764dcd73a99705acf5c9a6jarpackage nameobjectwebjarpackage nametreeManifestbundle-docurlhttp://asm.ow2.orgpomorganization nameOW2pomurlhttp://asm.ow2.org/pomnameasm-treepomgroupidow2.asmpomparent-artifactidow2jarpackage nameasmfilenameasm-treecentralgroupidorg.ow2.asmjarpackage nameobjectwebpomartifactidasm-treepomorganization urlhttp://www.ow2.org/Manifestmodule-requiresorg.objectweb.asm;transitive=truejarpackage nametreeManifestbundle-symbolicnameorg.objectweb.asm.treejarpackage nameasmManifestbundle-requiredexecutionenvironmentJ2SE-1.5pomparent-groupidorg.ow2pomartifactidasm-treejarpackage nametreeManifestbundle-docurlhttp://asm.ow2.orgManifestImplementation-TitleTree API of ASM, a very small and fast Java bytecode manipulation frameworkpomparent-groupidorg.ow2pomorganization nameOW2pomnameasm-treeManifestBundle-Nameorg.objectweb.asm.treejarpackage nameasmfilenameasm-treecentralartifactidasm-treejarpackage nameobjectwebpomurlhttp://asm.ow2.org/Manifestmodule-requiresorg.objectweb.asm;transitive=truejarpackage nametreepomorganization urlhttp://www.ow2.org/Manifestbundle-symbolicnameorg.objectweb.asm.treejarpackage nameasmpomparent-artifactidow2Manifestbundle-requiredexecutionenvironmentJ2SE-1.5pomgroupidow2.asmpomparent-version6.2fileversion6.2pomversion6.2centralversion6.2pkg:maven/org.ow2.asm/asm-tree@6.2https://ossindex.sonatype.org/component/pkg:maven/org.ow2.asm/asm-tree@6.2pkg:maven/org.ow2.asm/asm-tree@6.2https://ossindex.sonatype.org/component/pkg:maven/org.ow2.asm/asm-tree@6.2error_prone_annotations-2.3.2.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/error_prone_annotations-2.3.2.jar42c8312a7eb4b6ff612049c4f7b514a6d1a0c5032570e0f64be6b4d9c90cdeb103129029357cd6cfb067c969226c442451502aee13800a24e950fdfde77bcdb4565a668dApache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtpomparent-artifactiderror_prone_parentjarpackage nameerrorpronejarpackage namegooglefilenameerror_prone_annotationsjarpackage nameannotationspomnameerror-prone annotationsjarpackage nameerrorpronepomparent-groupidcom.google.errorpronepomartifactiderror_prone_annotationsjarpackage nameannotationspomgroupidgoogle.errorpronejarpackage namegooglepomparent-groupidcom.google.errorpronejarpackage nameerrorpronepomparent-artifactiderror_prone_parentpomnameerror-prone annotationsjarpackage nameerrorpronejarpackage namegooglefilenameerror_prone_annotationsjarpackage nameannotationsjarpackage nameannotationspomgroupidgoogle.errorpronepomartifactiderror_prone_annotationsfileversion2.3.2pomversion2.3.2pkg:maven/com.google.errorprone/error_prone_annotations@2.3.2https://ossindex.sonatype.org/component/pkg:maven/com.google.errorprone/error_prone_annotations@2.3.2pkg:maven/com.google.errorprone/error_prone_annotations@2.3.2https://ossindex.sonatype.org/component/pkg:maven/com.google.errorprone/error_prone_annotations@2.3.2findsecbugs-plugin-1.8.0.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/findsecbugs-plugin-1.8.0.jar95fd6be78da3682e3e7f1ee5e774fddbb9809c4294b946495c55ff9e90cf07da47fcf38b8aaee6a21a4e448c5beff4785ba7e2f89e78e6934f07621ca9c8702ebe759f77
Core module of the project. It include all the FindBugs detectors.
The resulting jar is the published plugin.
pomparent-artifactidfindsecbugs-root-pompomgroupidh3xstream.findsecbugsfilenamefindsecbugs-plugincentralgroupidcom.h3xstream.findsecbugsjarpackage nameh3xstreampomparent-groupidcom.h3xstream.findsecbugspomartifactidfindsecbugs-pluginjarpackage namefindsecbugspomnameFind Security Bugs Pluginpomgroupidh3xstream.findsecbugsfilenamefindsecbugs-pluginpomartifactidfindsecbugs-pluginpomparent-artifactidfindsecbugs-root-pomcentralartifactidfindsecbugs-pluginpomparent-groupidcom.h3xstream.findsecbugsjarpackage namefindsecbugspomnameFind Security Bugs Pluginpomversion1.8.0fileversion1.8.0centralversion1.8.0pkg:maven/com.h3xstream.findsecbugs/findsecbugs-plugin@1.8.0https://ossindex.sonatype.org/component/pkg:maven/com.h3xstream.findsecbugs/findsecbugs-plugin@1.8.0pkg:maven/com.h3xstream.findsecbugs/findsecbugs-plugin@1.8.0https://ossindex.sonatype.org/component/pkg:maven/com.h3xstream.findsecbugs/findsecbugs-plugin@1.8.0j2objc-annotations-1.3.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/j2objc-annotations-1.3.jar5fa4ec4ec0c5aa70af8a7d4922df1931ba035118bc8bac37d7eff77700720999acd9986d21af30c92267bd6122c0e0b4d20cccb6641a37eaf956c6540ec471d584e64a7b
A set of annotations that provide additional information to the J2ObjC
translator to modify the result of translation.
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtjarpackage namej2objcfilenamej2objc-annotationsjarpackage namej2objcjarpackage namegooglepomurlgoogle/j2objc/jarpackage nameannotationsjarpackage nameannotationspomartifactidj2objc-annotationspomnameJ2ObjC Annotationsjarpackage namegooglepomgroupidgoogle.j2objcjarpackage namej2objcfilenamej2objc-annotationsjarpackage namej2objcjarpackage namegooglepomgroupidgoogle.j2objcpomartifactidj2objc-annotationsjarpackage nameannotationsjarpackage nameannotationspomnameJ2ObjC Annotationspomurlgoogle/j2objc/pomversion1.3fileversion1.3pkg:maven/com.google.j2objc/j2objc-annotations@1.3https://ossindex.sonatype.org/component/pkg:maven/com.google.j2objc/j2objc-annotations@1.3pkg:maven/com.google.j2objc/j2objc-annotations@1.3https://ossindex.sonatype.org/component/pkg:maven/com.google.j2objc/j2objc-annotations@1.3commons-collections-3.2.2.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/commons-collections-3.2.2.jarf54a8510f834a1a57166970bfc982e948ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8Types that extend and augment the Java Collections Framework.http://www.apache.org/licenses/LICENSE-2.0.txtManifestbundle-symbolicnameorg.apache.commons.collectionspomgroupidcommons-collectionspomnameApache Commons Collectionspomartifactidcommons-collectionsManifestimplementation-buildtags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100pomparent-artifactidcommons-parentManifestbundle-docurlhttp://commons.apache.org/collections/pomparent-groupidorg.apache.commonspomurlhttp://commons.apache.org/collections/Manifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))"jarpackage nameapacheManifestImplementation-Vendor-Idorg.apacheManifestspecification-vendorThe Apache Software Foundationjarpackage namecommonsfilenamecommons-collectionsjarpackage namecollectionsManifestimplementation-urlhttp://commons.apache.org/collections/ManifestImplementation-VendorThe Apache Software FoundationManifestbundle-symbolicnameorg.apache.commons.collectionspomparent-artifactidcommons-parentpomnameApache Commons CollectionsManifestimplementation-buildtags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100Manifestbundle-docurlhttp://commons.apache.org/collections/pomgroupidcommons-collectionsManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))"jarpackage nameapacheManifestspecification-titleApache Commons CollectionsManifestImplementation-TitleApache Commons Collectionspomartifactidcommons-collectionsManifestBundle-NameApache Commons Collectionsjarpackage namecommonsfilenamecommons-collectionspomparent-groupidorg.apache.commonspomurlhttp://commons.apache.org/collections/jarpackage namecollectionsManifestimplementation-urlhttp://commons.apache.org/collections/ManifestImplementation-Version3.2.2pomparent-version3.2.2ManifestBundle-Version3.2.2pomversion3.2.2fileversion3.2.2pkg:maven/commons-collections/commons-collections@3.2.2https://ossindex.sonatype.org/component/pkg:maven/commons-collections/commons-collections@3.2.2pkg:maven/commons-collections/commons-collections@3.2.2https://ossindex.sonatype.org/component/pkg:maven/commons-collections/commons-collections@3.2.2dom4j-1.6.1.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/dom4j-1.6.1.jar4d8f51d3fe3900efc6e395be48030d6d5d3ccc056b6f056dbf0dddfdf43894b9065a8f94593552ffea3c5823c6602478b5002a7c525fd904a3c44f1abe4065c22edfac73dom4j: the flexible XML framework for Java/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/dom4j-1.6.1.jar593552ffea3c5823c6602478b5002a7c525fd904a3c44f1abe4065c22edfac735d3ccc056b6f056dbf0dddfdf43894b9065a8f944d8f51d3fe3900efc6e395be48030d6dManifestImplementation-VendorMetaStuff Ltd.Manifestextension-namedom4jpomnameZenframework Z8 Dependencies - Commons - dom4j-1.6.1filenamedom4jcentralgroupidorg.zenframework.z8.dependencies.commonspomorganization nameMetaStuff Ltd.pomorganization urlhttp://sourceforge.net/projects/dom4jpomurlhttp://dom4j.orgcentralgroupiddom4jjarpackage namedom4jpomparent-groupidorg.zenframework.z8.dependenciespomgroupiddom4jpomartifactiddom4j-1.6.1pomartifactiddom4jjarpackage namedom4jpomgroupidzenframework.z8.dependencies.commonspomparent-artifactidz8-dependenciespomnamedom4jManifestspecification-vendorMetaStuff Ltd.pomgroupidzenframework.z8.dependencies.commonscentralartifactiddom4jpomartifactiddom4j-1.6.1centralartifactiddom4j-1.6.1pomurlhttp://dom4j.orgpomartifactiddom4jManifestextension-namedom4jpomnameZenframework Z8 Dependencies - Commons - dom4j-1.6.1filenamedom4jManifestspecification-titledom4j : XML framework for Javapomparent-artifactidz8-dependenciesjarpackage namedom4jpomgroupiddom4jpomparent-groupidorg.zenframework.z8.dependenciespomorganization nameMetaStuff Ltd.pomnamedom4jManifestImplementation-Titleorg.dom4jpomorganization urlhttp://sourceforge.net/projects/dom4jpomversion2.0centralversion2.0pkg:maven/dom4j/dom4j@1.6.1https://ossindex.sonatype.org/component/pkg:maven/dom4j/dom4j@1.6.1pkg:maven/org.zenframework.z8.dependencies.commons/dom4j-1.6.1@2.0https://ossindex.sonatype.org/component/pkg:maven/org.zenframework.z8.dependencies.commons/dom4j-1.6.1@2.0pkg:maven/dom4j/dom4j@1.6.1https://ossindex.sonatype.org/component/pkg:maven/dom4j/dom4j@1.6.1pkg:maven/org.zenframework.z8.dependencies.commons/dom4j-1.6.1@2.0https://ossindex.sonatype.org/component/pkg:maven/org.zenframework.z8.dependencies.commons/dom4j-1.6.1@2.0CVE-2018-1000632HIGH6.4NETWORKLOWNONENONENONEPARTIALMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDNONEHIGHNONEHIGHCWE-91dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.MLISThttps://lists.apache.org/thread.html/9d4c1af6f702c3d6d6f229de57112ddccac8ce44446a01b7937ab9e0@%3Ccommits.maven.apache.org%3E[maven-commits] 20190604 [maven-archetype] branch master updated: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 yearCONFIRMhttps://security.netapp.com/advisory/ntap-20190530-0001/https://security.netapp.com/advisory/ntap-20190530-0001/REDHAThttps://access.redhat.com/errata/RHSA-2019:1161RHSA-2019:1161MLISThttps://lists.apache.org/thread.html/5a020ecaa3c701f408f612f7ba2ee37a021644c4a39da2079ed3ddbc@%3Ccommits.maven.apache.org%3E[maven-commits] 20190531 [maven-archetype] 01/01: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 yearREDHAThttps://access.redhat.com/errata/RHSA-2019:0380RHSA-2019:0380REDHAThttps://access.redhat.com/errata/RHSA-2019:1159RHSA-2019:1159REDHAThttps://access.redhat.com/errata/RHSA-2019:1162RHSA-2019:1162REDHAThttps://access.redhat.com/errata/RHSA-2019:0365RHSA-2019:0365MISChttps://ihacktoprotect.com/post/dom4j-xml-injection/https://ihacktoprotect.com/post/dom4j-xml-injection/REDHAThttps://access.redhat.com/errata/RHSA-2019:0364RHSA-2019:0364MLISThttps://lists.debian.org/debian-lts-announce/2018/09/msg00028.html[debian-lts-announce] 20180924 [SECURITY] [DLA 1517-1] dom4j security updateREDHAThttps://access.redhat.com/errata/RHSA-2019:1160RHSA-2019:1160OSSINDEXhttps://ossindex.sonatype.org/vuln/09883ba9-5094-49df-bd4a-1eaf1d6ba07b[CVE-2018-1000632] XML Injection (aka Blind XPath Injection)CONFIRMhttps://github.com/dom4j/dom4j/issues/48https://github.com/dom4j/dom4j/issues/48MLISThttps://lists.apache.org/thread.html/00571f362a7a2470fba50a31282c65637c40d2e21ebe6ee535a4ed74@%3Ccommits.maven.apache.org%3E[maven-commits] 20190601 [maven-archetype] 01/01: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 yearMLISThttps://lists.apache.org/thread.html/4a77652531d62299a30815cf5f233af183425db8e3c9a824a814e768@%3Cdev.maven.apache.org%3E[maven-dev] 20190531 Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)MLISThttps://lists.apache.org/thread.html/7f6e120e6ed473f4e00dde4c398fc6698eb383bd7857d20513e989ce@%3Cdev.maven.apache.org%3E[maven-dev] 20190531 proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)REDHAThttps://access.redhat.com/errata/RHSA-2019:0362RHSA-2019:0362MLISThttps://lists.apache.org/thread.html/d7d960b2778e35ec9b4d40c8efd468c7ce7163bcf6489b633491c89f@%3Cdev.maven.apache.org%3E[maven-dev] 20190603 Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)MLISThttps://lists.apache.org/thread.html/7e9e78f0e4288fac6591992836d2a80d4df19161e54bd71ab4b8e458@%3Cdev.maven.apache.org%3E[maven-dev] 20190610 Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)CONFIRMhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlCONFIRMhttps://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387cpe:2.3:a:dom4j_project:dom4j:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*slf4j-api-1.7.26.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/slf4j-api-1.7.26.jar60ec8751be37d54a2aa1b6178f87b96877100a62c2e6f04b53977b9f541044d7d722693d6d9e5b86cfd1dd44c676899285b5bb4fa0d371cf583e8164f9c8a0366553242bThe slf4j APIfilenameslf4j-apipomurlhttp://www.slf4j.orgManifestbundle-symbolicnameslf4j.apipomnameSLF4J API Modulepomgroupidslf4jpomartifactidslf4j-apipomparent-artifactidslf4j-parentpomparent-groupidorg.slf4jjarpackage nameslf4jManifestbundle-requiredexecutionenvironmentJ2SE-1.5pomnameSLF4J API Modulepomparent-groupidorg.slf4jpomartifactidslf4j-apiManifestBundle-Nameslf4j-apifilenameslf4j-apiManifestbundle-symbolicnameslf4j.apiManifestImplementation-Titleslf4j-apipomparent-artifactidslf4j-parentpomgroupidslf4jpomurlhttp://www.slf4j.orgjarpackage nameslf4jManifestbundle-requiredexecutionenvironmentJ2SE-1.5fileversion1.7.26pomversion1.7.26ManifestBundle-Version1.7.26ManifestImplementation-Version1.7.26pkg:maven/org.slf4j/slf4j-api@1.7.26https://ossindex.sonatype.org/component/pkg:maven/org.slf4j/slf4j-api@1.7.26pkg:maven/org.slf4j/slf4j-api@1.7.26https://ossindex.sonatype.org/component/pkg:maven/org.slf4j/slf4j-api@1.7.26cpe-parser-2.0.1.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/cpe-parser-2.0.1.jarf5914901fb201b0f555806c0490d0c7ebed94a84a8cea2347e6b5049fc92b52f0af6f91b696233733023bfc1944887a31476cde9c47847f45b0d76b0d8644c0ef3483251A utility for validating and parsing Common Platform Enumeration (CPE) v2.2 and v2.3 as originally defined by MITRE and maintained by NIST.Apache-2.0: http://www.apache.org/licenses/LICENSE-2.0.txtjarpackage namecpejarpackage nameusjarpackage nameparserspomgroupidus.springettpomartifactidcpe-parserpomurlstevespringett/CPE-Parserjarpackage namespringettjarpackage namespringettpomnameCPE Parserfilenamecpe-parserjarpackage nameusjarpackage namecpepomgroupidus.springettjarpackage nameparsersjarpackage namecpejarpackage namespringettjarpackage namespringettpomurlstevespringett/CPE-ParserpomnameCPE Parserfilenamecpe-parserjarpackage nameuspomartifactidcpe-parserpomversion2.0.1fileversion2.0.1pkg:maven/us.springett/cpe-parser@2.0.1https://ossindex.sonatype.org/component/pkg:maven/us.springett/cpe-parser@2.0.1pkg:maven/us.springett/cpe-parser@2.0.1https://ossindex.sonatype.org/component/pkg:maven/us.springett/cpe-parser@2.0.1jboss-transaction-api_1.1_spec-1.0.1.Final.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/jboss-transaction-api_1.1_spec-1.0.1.Final.jar679cd909d6130e6bf467b291031e1e2d18f0e1d42f010a8b53aa447bf274a706d5148852d9ccc72cdcf5450fcb8cc614b4930261d5cc5b40da6b3be783308cebcd100723The Java Transaction 1.1 API classesCommon Development and Distribution License: http://repository.jboss.org/licenses/cddl.txt
GNU General Public License, Version 2 with the Classpath Exception: http://repository.jboss.org/licenses/gpl-2.0-ce.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/jboss-transaction-api_1.1_spec-1.0.1.Final.jard9ccc72cdcf5450fcb8cc614b4930261d5cc5b40da6b3be783308cebcd10072318f0e1d42f010a8b53aa447bf274a706d5148852679cd909d6130e6bf467b291031e1e2djarpackage nametransactionManifestImplementation-VendorJBoss by Red Hatfilenamejboss-transaction-api_1.1_spec-1.0.1.FinalManifestbundle-docurlhttp://www.jboss.orgManifestos-nameLinuxpomparent-artifactidjboss-parentManifestImplementation-Vendor-Idorg.jboss.spec.javax.transactionpomgroupidjboss.spec.javax.transactionjarpackage namejavaxManifestos-archi386pomnameJava Transaction APIpomparent-groupidorg.jbossManifestimplementation-urlhttp://www.jboss.org/jboss-transaction-api_1.1_specManifestjava-vendorSun Microsystems Inc.Manifestbuild-timestampSat, 17 Mar 2012 11:49:45 -0500Manifestbundle-symbolicnameorg.jboss.spec.javax.transaction.jboss-transaction-api_1.1_specpomartifactidjboss-transaction-api_1.1_specpomparent-artifactidjboss-parentjarpackage nametransactionfilenamejboss-transaction-api_1.1_spec-1.0.1.FinalManifestImplementation-TitleJava Transaction APIManifestbundle-docurlhttp://www.jboss.orgManifestos-nameLinuxpomgroupidjboss.spec.javax.transactionManifestspecification-titleJSR 907: Java Transaction API (JTA)jarpackage namejavaxManifestos-archi386pomnameJava Transaction APIpomparent-groupidorg.jbossManifestimplementation-urlhttp://www.jboss.org/jboss-transaction-api_1.1_specManifestBundle-NameJava Transaction APIpomartifactidjboss-transaction-api_1.1_specManifestbuild-timestampSat, 17 Mar 2012 11:49:45 -0500Manifestbundle-symbolicnameorg.jboss.spec.javax.transaction.jboss-transaction-api_1.1_specpomparent-version1.0.1.FinalManifestImplementation-Version1.0.1.FinalManifestBundle-Version1.0.1.Finalpomversion1.0.1.Finalpkg:maven/org.jboss.spec.javax.transaction/jboss-transaction-api_1.1_spec@1.0.1.Finalhttps://ossindex.sonatype.org/component/pkg:maven/org.jboss.spec.javax.transaction/jboss-transaction-api_1.1_spec@1.0.1.Finalpkg:maven/org.jboss.spec.javax.transaction/jboss-transaction-api_1.1_spec@1.0.1.Finalhttps://ossindex.sonatype.org/component/pkg:maven/org.jboss.spec.javax.transaction/jboss-transaction-api_1.1_spec@1.0.1.Finalcommons-compress-1.18.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/commons-compress-1.18.jarbcbecfff4bdb0d3d0cdead3d995da2ef1191f9f2bc0c47a8cce69193feb1ff0a8bcb37d55f2df1e467825e4cac5996d44890c4201c000b43c0b23cffc0782d28a0beb9b0
Apache Commons Compress software defines an API for working with
compression and archive formats. These include: bzip2, gzip, pack200,
lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.
https://www.apache.org/licenses/LICENSE-2.0.txtpomparent-artifactidcommons-parentManifestimplementation-urlhttps://commons.apache.org/proper/commons-compress/Manifestextension-nameorg.apache.commons.compresspomgroupidapache.commonsManifestautomatic-module-nameorg.apache.commons.compresspomartifactidcommons-compressManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"pomparent-groupidorg.apache.commonsjarpackage nameapacheManifestImplementation-Vendor-Idorg.apacheManifestbundle-symbolicnameorg.apache.commons.commons-compressfilenamecommons-compressManifestspecification-vendorThe Apache Software Foundationjarpackage namecommonsManifestbundle-docurlhttps://commons.apache.org/proper/commons-compress/pomnameApache Commons CompressManifestimplementation-buildUNKNOWN@rb95d5cde4c68640f886e3c6802384fae47408a37; 2018-08-13 07:16:03+0000pomurlhttps://commons.apache.org/proper/commons-compress/jarpackage namecompressManifestImplementation-VendorThe Apache Software FoundationManifestBundle-NameApache Commons Compresspomparent-artifactidcommons-parentpomurlhttps://commons.apache.org/proper/commons-compress/Manifestimplementation-urlhttps://commons.apache.org/proper/commons-compress/Manifestextension-nameorg.apache.commons.compressManifestImplementation-TitleApache Commons CompressManifestautomatic-module-nameorg.apache.commons.compressManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"jarpackage nameapacheManifestbundle-symbolicnameorg.apache.commons.commons-compressfilenamecommons-compressjarpackage namecommonspomgroupidapache.commonsManifestbundle-docurlhttps://commons.apache.org/proper/commons-compress/pomartifactidcommons-compresspomparent-groupidorg.apache.commonspomnameApache Commons CompressManifestspecification-titleApache Commons CompressManifestimplementation-buildUNKNOWN@rb95d5cde4c68640f886e3c6802384fae47408a37; 2018-08-13 07:16:03+0000jarpackage namecompressManifestImplementation-Version1.18pomparent-version1.18fileversion1.18pomversion1.18pkg:maven/org.apache.commons/commons-compress@1.18https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-compress@1.18pkg:maven/org.apache.commons/commons-compress@1.18https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-compress@1.18retirejs-core-3.0.1.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/retirejs-core-3.0.1.jaraf51ed61a72671ff8c61942ddc8225cd5aa8c3ee326e382ce9d55cc58e2182852a5b34216e5f2db50efa4f248af753b877858b6cd11bf31c1b7efb064634691a82784ea4filenameretirejs-corepomgroupidh3xstream.retirejsjarpackage nameretirejsjarpackage nameh3xstreampomartifactidretirejs-corepomparent-groupidcom.h3xstream.retirejspomparent-artifactidretirejs-root-pomjarpackage nameh3xstreamjarpackage namerepojarpackage nameretirejsfilenameretirejs-corepomparent-artifactidretirejs-root-pomjarpackage nameretirejspomartifactidretirejs-corepomparent-groupidcom.h3xstream.retirejspomgroupidh3xstream.retirejsjarpackage nameh3xstreamjarpackage namerepojarpackage nameretirejsfileversion3.0.1pomversion3.0.1pkg:maven/com.h3xstream.retirejs/retirejs-core@3.0.1https://ossindex.sonatype.org/component/pkg:maven/com.h3xstream.retirejs/retirejs-core@3.0.1pkg:maven/com.h3xstream.retirejs/retirejs-core@3.0.1https://ossindex.sonatype.org/component/pkg:maven/com.h3xstream.retirejs/retirejs-core@3.0.1commons-logging-api-1.1.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/commons-logging-api-1.1.jar4374238076ab08e60e0d2962344808377d4cf5231d46c8524f9b9ed75bb2d1c69ab9332233a4dd47bb4764e4eb3692d86386d17a0d9827f4f4bb0f70121efab6bc03ba35Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems.The Apache Software License, Version 2.0: /LICENSE.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/commons-logging-api-1.1.jar33a4dd47bb4764e4eb3692d86386d17a0d9827f4f4bb0f70121efab6bc03ba357d4cf5231d46c8524f9b9ed75bb2d1c69ab933224374238076ab08e60e0d296234480837pomnameLoggingjarpackage nameloggingpomorganization urlhttp://jakarta.apache.orgjarpackage nameapachepomgroupidcommons-loggingjarpackage nameloggingjarpackage namecommonspomartifactidcommons-logging-apiManifestImplementation-Vendor-Idorg.apachejarpackage nameapacheManifestImplementation-VendorApache Software FoundationManifestextension-nameorg.apache.commons.loggingfilenamecommons-logging-apicentralgroupidcommons-loggingjarpackage namecommonspomurlhttp://jakarta.apache.org/commons/logging/Manifestspecification-vendorApache Software Foundationpomorganization nameThe Apache Software FoundationpomnameLoggingjarpackage nameloggingManifestspecification-titleJakarta Commons Loggingcentralartifactidcommons-logging-apiManifestImplementation-TitleJakarta Commons Loggingpomurlhttp://jakarta.apache.org/commons/logging/jarpackage nameloggingjarpackage namecommonspomorganization urlhttp://jakarta.apache.orgjarpackage nameimpljarpackage nameapacheManifestextension-nameorg.apache.commons.loggingfilenamecommons-logging-apijarpackage namecommonspomartifactidcommons-logging-apipomorganization nameThe Apache Software Foundationpomgroupidcommons-loggingManifestImplementation-Version1.1fileversion1.1centralversion1.1pomversion1.1pkg:maven/commons-logging/commons-logging-api@1.1https://ossindex.sonatype.org/component/pkg:maven/commons-logging/commons-logging-api@1.1pkg:maven/commons-logging/commons-logging-api@1.1https://ossindex.sonatype.org/component/pkg:maven/commons-logging/commons-logging-api@1.1failureaccess-1.0.1.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/failureaccess-1.0.1.jar091883993ef5bfa91da01dcc8fc522361dcf1de382a0bf95a3d8b0849546c88bac1292c9a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26
Contains
com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
InternalFutures. Most users will never need to use this artifact. Its
classes is conceptually a part of Guava, but they're in this separate
artifact so that Android libraries can use them without pulling in all of
Guava (just as they can use ListenableFuture by depending on the
listenablefuture artifact).
http://www.apache.org/licenses/LICENSE-2.0.txtjarpackage namegooglepomnameGuava InternalFutureFailureAccess and InternalFuturespomparent-groupidcom.google.guavaManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"filenamefailureaccessjarpackage nameconcurrentjarpackage nameutilpomgroupidgoogle.guavapomartifactidfailureaccessManifestbundle-docurlhttps://github.com/google/guava/jarpackage namecommonpomparent-artifactidguava-parentManifestbundle-symbolicnamecom.google.guava.failureaccessjarpackage namegooglepomnameGuava InternalFutureFailureAccess and InternalFuturespomparent-artifactidguava-parentpomartifactidfailureaccesspomparent-groupidcom.google.guavaManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"pomgroupidgoogle.guavafilenamefailureaccessjarpackage nameconcurrentjarpackage nameutilManifestBundle-NameGuava InternalFutureFailureAccess and InternalFuturesjarpackage namecommonManifestbundle-docurlhttps://github.com/google/guava/Manifestbundle-symbolicnamecom.google.guava.failureaccesspomparent-version1.0.1fileversion1.0.1pomversion1.0.1ManifestBundle-Version1.0.1pkg:maven/com.google.guava/failureaccess@1.0.1https://ossindex.sonatype.org/component/pkg:maven/com.google.guava/failureaccess@1.0.1pkg:maven/com.google.guava/failureaccess@1.0.1https://ossindex.sonatype.org/component/pkg:maven/com.google.guava/failureaccess@1.0.1antlr-2.7.7.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/antlr-2.7.7.jarf8f1352c52a4c6a500b597596501fc6483cd2cd674a217ade95a4bb83a8a14f351f48bd088fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c
A framework for constructing recognizers, compilers,
and translators from grammatical descriptions containing
Java, C#, C++, or Python actions.
BSD License: http://www.antlr.org/license.html/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/antlr-2.7.7.jar88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c83cd2cd674a217ade95a4bb83a8a14f351f48bd0f8f1352c52a4c6a500b597596501fc64pomnameAntLR Parser Generatorcentralgroupidantlrpomurlhttp://www.antlr.org/pomartifactidantlrfilenameantlrjarpackage nameantlrpomgroupidantlrpomnameAntLR Parser Generatorpomurlhttp://www.antlr.org/pomgroupidantlrcentralartifactidantlrpomartifactidantlrfilenameantlrfileversion2.7.7centralversion2.7.7pomversion2.7.7pkg:maven/antlr/antlr@2.7.7https://ossindex.sonatype.org/component/pkg:maven/antlr/antlr@2.7.7pkg:maven/antlr/antlr@2.7.7https://ossindex.sonatype.org/component/pkg:maven/antlr/antlr@2.7.7jsr305-3.0.2.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/jsr305-3.0.2.jardd83accb899363c32b07d7a1b2e4ce4025ea2e8b0c338a877313bd4672d3fe056ea78f0d766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7JSR305 Annotations for FindbugsThe Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/jsr305-3.0.2.jar766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c725ea2e8b0c338a877313bd4672d3fe056ea78f0ddd83accb899363c32b07d7a1b2e4ce40/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/jsr305-3.0.2.jar766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c725ea2e8b0c338a877313bd4672d3fe056ea78f0ddd83accb899363c32b07d7a1b2e4ce40pomurlhttp://findbugs.sourceforge.net/pomgroupidgoogle.code.findbugspomnameFindBugs-jsr305pomartifactidjsr305Manifestbundle-symbolicnameorg.jsr-305filenamejsr305pomnameFindBugs-jsr305Manifestbundle-symbolicnameorg.jsr-305pomgroupidgoogle.code.findbugsManifestBundle-NameFindBugs-jsr305pomartifactidjsr305pomurlhttp://findbugs.sourceforge.net/filenamejsr305pomversion3.0.2fileversion3.0.2ManifestBundle-Version3.0.2pkg:maven/com.google.code.findbugs/jsr305@3.0.2https://ossindex.sonatype.org/component/pkg:maven/com.google.code.findbugs/jsr305@3.0.2pkg:maven/com.google.code.findbugs/jsr305@3.0.2https://ossindex.sonatype.org/component/pkg:maven/com.google.code.findbugs/jsr305@3.0.2package-url-java-1.0.1.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/package-url-java-1.0.1.jarc3ad4b16cbc442ae5f0faca7f7a45ec015aa42711e3c142a088818357073f8f85bf42b0827811dedb123d3cd685f301d629627f54275307313b00fcb671ab05a9bb19beaASL2: http://www.apache.org/licenses/LICENSE-2.0.txtpomgroupidsonatype.goodiespomurlhttps://sonatype.github.io/package-url-java/jarpackage namesonatypejarpackage namegoodiespomparent-groupidorg.sonatype.buildsupportManifestimplementation-urlhttps://sonatype.github.io/package-url-java/pomartifactidpackage-url-javaManifestImplementation-Vendor-Idorg.sonatype.goodiespomparent-artifactidpublic-parentManifestImplementation-VendorSonatype, Inc.filenamepackage-url-javapomgroupidsonatype.goodiespomparent-groupidorg.sonatype.buildsupportjarpackage namesonatypejarpackage namegoodiespomurlhttps://sonatype.github.io/package-url-java/ManifestImplementation-Titleorg.sonatype.goodies:package-url-javaManifestimplementation-urlhttps://sonatype.github.io/package-url-java/pomparent-artifactidpublic-parentpomartifactidpackage-url-javaManifestspecification-titleorg.sonatype.goodies:package-url-javafilenamepackage-url-javapomparent-version1.0.1fileversion1.0.1pomversion1.0.1ManifestImplementation-Version1.0.1pkg:maven/org.sonatype.goodies/package-url-java@1.0.1https://ossindex.sonatype.org/component/pkg:maven/org.sonatype.goodies/package-url-java@1.0.1pkg:maven/org.sonatype.goodies/package-url-java@1.0.1https://ossindex.sonatype.org/component/pkg:maven/org.sonatype.goodies/package-url-java@1.0.1spotbugs-annotations-3.1.5.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/spotbugs-annotations-3.1.5.jarb95dcad8c0cf00c399b5c24b161ffbd84e2e5448fba7b4aa298d4eb9af25a9ba707bcb0ec32907af3441aaeb2948825ef30d70d34ca938be832910df73a46aa20554aecfAnnotations the SpotBugs tool supportsGNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/spotbugs-annotations-3.1.5.jarc32907af3441aaeb2948825ef30d70d34ca938be832910df73a46aa20554aecf4e2e5448fba7b4aa298d4eb9af25a9ba707bcb0eb95dcad8c0cf00c399b5c24b161ffbd8jarpackage namecsfilenamespotbugs-annotationscentralgroupidcom.github.spotbugspomgroupidgithub.spotbugsManifestbundle-symbolicnamespotbugs-annotationspomurlhttps://spotbugs.github.io/Manifestautomatic-module-namecom.github.spotbugs.annotationspomnameSpotBugs Annotationsjarpackage nameedupomartifactidspotbugs-annotationsManifestbundle-requiredexecutionenvironmentJ2SE-1.5jarpackage nameumdjarpackage namecsfilenamespotbugs-annotationsjarpackage namefindbugspomartifactidspotbugs-annotationspomurlhttps://spotbugs.github.io/ManifestBundle-Namespotbugs-annotationsManifestbundle-symbolicnamespotbugs-annotationspomgroupidgithub.spotbugscentralartifactidspotbugs-annotationsManifestautomatic-module-namecom.github.spotbugs.annotationspomnameSpotBugs AnnotationsManifestbundle-requiredexecutionenvironmentJ2SE-1.5jarpackage nameumdManifestBundle-Version3.1.5fileversion3.1.5centralversion3.1.5pomversion3.1.5pkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.5https://ossindex.sonatype.org/component/pkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.5pkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.5https://ossindex.sonatype.org/component/pkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.5minlog-1.3.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/minlog-1.3.jarb4e9b84eaea9750fe58ac3e196c7ed9b8d2b87348c82b82e69ac2039ddbbc9d36dc69c9a12d586cbfc6fab0063fc4ff56a93cc7094ae020d6b368f53025727b2e8ca02d7Minimal overhead Java loggingNew BSD License: http://www.opensource.org/licenses/bsd-license.phpManifestImplementation-Vendor-Idcom.esotericsoftwarejarpackage nameminlogpomartifactidminlogpomgroupidesotericsoftwarepomurlEsotericSoftware/minlogpomnameMinLogfilenameminlogjarpackage nameesotericsoftwarejarpackage nameminlogManifestspecification-titleMinLogpomurlEsotericSoftware/minlogpomnameMinLogfilenameminlogpomartifactidminlogManifestImplementation-TitleMinLogpomgroupidesotericsoftwarejarpackage nameesotericsoftwareManifestImplementation-Version1.3pomversion1.3fileversion1.3pkg:maven/com.esotericsoftware/minlog@1.3https://ossindex.sonatype.org/component/pkg:maven/com.esotericsoftware/minlog@1.3pkg:maven/com.esotericsoftware/minlog@1.3https://ossindex.sonatype.org/component/pkg:maven/com.esotericsoftware/minlog@1.3struts2-tiles-plugin-2.3.16.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/struts2-tiles-plugin-2.3.16.jarbf0c91600c512941ae9aafe17ed77da108516d4707f21d4ea115e6cd08ef0e0c116a1286a6037033d7ac6994bc0aa7661889b47cb1860c3dffcbd31780137045afc0b97cApache Struts 2http://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/struts2-tiles-plugin-2.3.16.jara6037033d7ac6994bc0aa7661889b47cb1860c3dffcbd31780137045afc0b97c08516d4707f21d4ea115e6cd08ef0e0c116a1286bf0c91600c512941ae9aafe17ed77da1Manifestbundle-symbolicnameorg.apache.struts.2-tiles-pluginManifestbundle-docurlhttp://www.apache.orgpomartifactidstruts2-tiles-pluginManifestImplementation-Vendor-Idorg.apache.strutsjarpackage namestruts2pomnameStruts 2 Tiles Pluginjarpackage nameapacheManifestImplementation-VendorApache Software Foundationfilenamestruts2-tiles-pluginjarpackage nametilespomgroupidapache.strutsManifestspecification-vendorApache Software Foundationpomparent-artifactidstruts2-pluginspomparent-groupidorg.apache.strutsManifestbundle-symbolicnameorg.apache.struts.2-tiles-pluginManifestbundle-docurlhttp://www.apache.orgpomartifactidstruts2-tiles-pluginpomparent-artifactidstruts2-pluginsjarpackage namestruts2Manifestspecification-titleStruts 2 Tiles PluginpomnameStruts 2 Tiles Pluginjarpackage nameapacheManifestImplementation-TitleStruts 2 Tiles Pluginfilenamestruts2-tiles-pluginjarpackage nametilespomparent-groupidorg.apache.strutsManifestBundle-NameStruts 2 Tiles Pluginpomgroupidapache.strutsManifestBundle-Version2.3.16ManifestImplementation-Version2.3.16fileversion2.3.16pomversion2.3.16pkg:maven/org.apache.struts/struts2-tiles-plugin@2.3.16https://ossindex.sonatype.org/component/pkg:maven/org.apache.struts/struts2-tiles-plugin@2.3.16pkg:maven/org.apache.struts/struts2-tiles-plugin@2.3.16https://ossindex.sonatype.org/component/pkg:maven/org.apache.struts/struts2-tiles-plugin@2.3.16CVE-2014-0094MEDIUM5.0NETWORKLOWNONENONENONENONEMEDIUMNVD-CWE-noinfoThe ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.CONFIRMhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlBUGTRAQhttp://www.securityfocus.com/archive/1/532549/100/0/threaded20140625 NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts librarySECUNIAhttp://secunia.com/advisories/5644056440CONFIRMhttp://struts.apache.org/release/2.3.x/docs/s2-020.htmlhttp://struts.apache.org/release/2.3.x/docs/s2-020.htmlBUGTRAQhttp://www.securityfocus.com/archive/1/531362/100/0/threaded20140306 [ANN] Struts 2.3.16.1 GA release available - security fixJVNDBhttp://jvndb.jvn.jp/jvndb/JVNDB-2014-000045JVNDB-2014-000045MISChttp://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.htmlhttp://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.htmlSECUNIAhttp://secunia.com/advisories/5917859178CONFIRMhttp://www.konakart.com/downloads/ver-7-3-0-0-whats-newhttp://www.konakart.com/downloads/ver-7-3-0-0-whats-newSECTRACKhttp://www.securitytracker.com/id/10298761029876BIDhttp://www.securityfocus.com/bid/6599965999CONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21676706http://www-01.ibm.com/support/docview.wss?uid=swg21676706JVNhttp://jvn.jp/en/jp/JVN19294237/index.htmlJVN#19294237CONFIRMhttp://www.vmware.com/security/advisories/VMSA-2014-0007.htmlhttp://www.vmware.com/security/advisories/VMSA-2014-0007.htmlCONFIRMhttp://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htmhttp://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htmcpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2014-0112HIGH7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGHCWE-264ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.CONFIRMhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlCONFIRMhttps://bugzilla.redhat.com/show_bug.cgi?id=1091939https://bugzilla.redhat.com/show_bug.cgi?id=1091939BIDhttp://www.securityfocus.com/bid/6706467064SECUNIAhttp://secunia.com/advisories/5950059500CONFIRMhttps://cwiki.apache.org/confluence/display/WW/S2-021https://cwiki.apache.org/confluence/display/WW/S2-021BUGTRAQhttp://www.securityfocus.com/archive/1/531952/100/0/threaded20140426 [ANN] Struts 2.3.16.2 GA release available - security fixBUGTRAQhttp://www.securityfocus.com/archive/1/532549/100/0/threaded20140625 NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts libraryREDHAThttps://access.redhat.com/errata/RHSA-2019:0910RHSA-2019:0910JVNDBhttp://jvndb.jvn.jp/jvndb/JVNDB-2014-000045JVNDB-2014-000045MISChttp://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.htmlhttp://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.htmlSECUNIAhttp://secunia.com/advisories/5917859178CONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21676706http://www-01.ibm.com/support/docview.wss?uid=swg21676706JVNhttp://jvn.jp/en/jp/JVN19294237/index.htmlJVN#19294237CONFIRMhttp://www.vmware.com/security/advisories/VMSA-2014-0007.htmlhttp://www.vmware.com/security/advisories/VMSA-2014-0007.htmlcpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2014-0113HIGH7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGHCWE-264CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.CONFIRMhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlSECUNIAhttp://secunia.com/advisories/5917859178CONFIRMhttps://cwiki.apache.org/confluence/display/WW/S2-021https://cwiki.apache.org/confluence/display/WW/S2-021BUGTRAQhttp://www.securityfocus.com/archive/1/531952/100/0/threaded20140426 [ANN] Struts 2.3.16.2 GA release available - security fixCONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21676706http://www-01.ibm.com/support/docview.wss?uid=swg21676706cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2014-0116MEDIUM5.8NETWORKMEDIUMNONENONENONEPARTIALMEDIUMCWE-264CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113.CONFIRMhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlBIDhttp://www.securityfocus.com/bid/6721867218SECUNIAhttp://secunia.com/advisories/5981659816CONFIRMhttp://struts.apache.org/release/2.3.x/docs/s2-022.htmlhttp://struts.apache.org/release/2.3.x/docs/s2-022.htmlCONFIRMhttp://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htmhttp://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htmcpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2014-7809MEDIUM6.8NETWORKMEDIUMNONEPARTIALPARTIALPARTIALMEDIUMCWE-352Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism.MISChttp://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.htmlhttp://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.htmlCONFIRMhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlCONFIRMhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlBIDhttp://www.securityfocus.com/bid/7154871548CONFIRMhttp://struts.apache.org/docs/s2-023.htmlhttp://struts.apache.org/docs/s2-023.htmlCONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlSECTRACKhttp://www.securitytracker.com/id/10313091031309BUGTRAQhttp://www.securityfocus.com/archive/1/534175/100/0/threaded20141208 [ANN] Apache Struts 2.3.20 GA release available with security fixcpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2015-5169MEDIUM4.3NETWORKMEDIUMNONENONENONENONEMEDIUM6.1NETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONEMEDIUMCWE-79Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.CONFIRMhttps://bugzilla.redhat.com/show_bug.cgi?id=1260087https://bugzilla.redhat.com/show_bug.cgi?id=1260087CONFIRMhttps://struts.apache.org/docs/s2-025.htmlhttps://struts.apache.org/docs/s2-025.htmlJVNDBhttp://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.htmlJVNDB-2015-000125BIDhttp://www.securityfocus.com/bid/7662576625CONFIRMhttps://security.netapp.com/advisory/ntap-20180629-0003/https://security.netapp.com/advisory/ntap-20180629-0003/JVNhttp://jvn.jp/en/jp/JVN95989300/index.htmlJVN#95989300cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2015-5209HIGH5.0NETWORKLOWNONENONENONENONEMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDNONEHIGHNONEHIGHCWE-20Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.CONFIRMhttps://security.netapp.com/advisory/ntap-20180629-0002/https://security.netapp.com/advisory/ntap-20180629-0002/BIDhttp://www.securityfocus.com/bid/8255082550SECTRACKhttp://www.securitytracker.com/id/10339081033908CONFIRMhttps://struts.apache.org/docs/s2-026.htmlhttps://struts.apache.org/docs/s2-026.htmlcpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-0785HIGH9.0NETWORKLOWSINGLECOMPLETECOMPLETECOMPLETEHIGH8.8NETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGHHIGHCWE-20Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.CONFIRMhttp://struts.apache.org/docs/s2-029.htmlhttp://struts.apache.org/docs/s2-029.htmlSECTRACKhttp://www.securitytracker.com/id/10352711035271BIDhttp://www.securityfocus.com/bid/8506685066cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2016-2162MEDIUM4.3NETWORKMEDIUMNONENONENONENONEMEDIUM6.1NETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONEMEDIUMCWE-79Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.SECTRACKhttp://www.securitytracker.com/id/10352721035272CONFIRMhttp://struts.apache.org/docs/s2-030.htmlhttp://struts.apache.org/docs/s2-030.htmlBIDhttp://www.securityfocus.com/bid/8507085070cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2_beta:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-3081HIGH9.3NETWORKMEDIUMNONECOMPLETECOMPLETECOMPLETEHIGH8.1NETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGHHIGHCWE-77Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.CONFIRMhttps://struts.apache.org/docs/s2-032.htmlhttps://struts.apache.org/docs/s2-032.htmlBIDhttp://www.securityfocus.com/bid/8732787327MISChttp://www.rapid7.com/db/modules/exploit/multi/http/struts_dmi_exechttp://www.rapid7.com/db/modules/exploit/multi/http/struts_dmi_execCONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlCONFIRMhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160527-01-struts2-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160527-01-struts2-enCONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlMISChttp://packetstormsecurity.com/files/136856/Apache-Struts-2.3.28-Dynamic-Method-Invocation-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/136856/Apache-Struts-2.3.28-Dynamic-Method-Invocation-Remote-Code-Execution.htmlMISChttp://www.rapid7.com/db/modules/exploit/linux/http/struts_dmi_exechttp://www.rapid7.com/db/modules/exploit/linux/http/struts_dmi_execSECTRACKhttp://www.securitytracker.com/id/10356651035665EXPLOIT-DBhttps://www.exploit-db.com/exploits/39756/39756BIDhttp://www.securityfocus.com/bid/9178791787cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:oracle:siebel_e-billing:7.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-3082CRITICAL10.0NETWORKLOWNONECOMPLETECOMPLETECOMPLETEHIGH9.8NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGHCRITICALCWE-20XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.SECTRACKhttp://www.securitytracker.com/id/10356641035664CONFIRMhttp://struts.apache.org/docs/s2-031.htmlhttp://struts.apache.org/docs/s2-031.htmlBIDhttp://www.securityfocus.com/bid/8882688826cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-3090HIGH6.5NETWORKLOWSINGLEPARTIALPARTIALPARTIALMEDIUM8.8NETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGHHIGHCWE-20The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.CONFIRMhttps://struts.apache.org/docs/s2-027.htmlhttps://struts.apache.org/docs/s2-027.htmlCONFIRMhttps://security.netapp.com/advisory/ntap-20180629-0005/https://security.netapp.com/advisory/ntap-20180629-0005/BIDhttp://www.securityfocus.com/bid/8513185131SECTRACKhttps://www.securitytracker.com/id/10352671035267cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-3093MEDIUM5.0NETWORKLOWNONENONENONEPARTIALMEDIUM5.3NETWORKLOWNONENONEUNCHANGEDNONENONELOWMEDIUMCWE-20Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.CONFIRMhttp://struts.apache.org/docs/s2-034.htmlhttp://struts.apache.org/docs/s2-034.htmlCONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21987854http://www-01.ibm.com/support/docview.wss?uid=swg21987854SECTRACKhttp://www.securitytracker.com/id/10360181036018BIDhttp://www.securityfocus.com/bid/9096190961cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:ognl_project:ognl:*:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-4003MEDIUM4.3NETWORKMEDIUMNONENONENONENONEMEDIUM6.1NETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONEMEDIUMCWE-79Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter.BIDhttp://www.securityfocus.com/bid/8631186311CONFIRMhttp://struts.apache.org/docs/s2-028.htmlhttp://struts.apache.org/docs/s2-028.htmlSECTRACKhttp://www.securitytracker.com/id/10352681035268CONFIRMhttps://issues.apache.org/jira/browse/WW-4507https://issues.apache.org/jira/browse/WW-4507cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2016-4436CRITICAL7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGH9.8NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGHCRITICALNVD-CWE-noinfoApache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.BIDhttp://www.securityfocus.com/bid/9128091280CONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282CONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlCONFIRMhttps://struts.apache.org/docs/s2-035.htmlhttps://struts.apache.org/docs/s2-035.htmlCONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg21987854http://www-01.ibm.com/support/docview.wss?uid=swg21987854cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-4461HIGH9.0NETWORKLOWSINGLECOMPLETECOMPLETECOMPLETEHIGH8.8NETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGHHIGHCWE-20Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.BIDhttp://www.securityfocus.com/bid/9127791277CONFIRMhttps://struts.apache.org/docs/s2-036.htmlhttps://struts.apache.org/docs/s2-036.htmlCONFIRMhttps://security.netapp.com/advisory/ntap-20180629-0004/https://security.netapp.com/advisory/ntap-20180629-0004/cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*CVE-2017-12611CRITICAL7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGH9.8NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGHCRITICALCWE-20In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.BIDhttp://www.securityfocus.com/bid/100829100829CONFIRMhttps://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001CONFIRMhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlCONFIRMhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txthttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txtCONFIRMhttps://struts.apache.org/docs/s2-053.htmlhttps://struts.apache.org/docs/s2-053.htmlcpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2017-5638CRITICAL10.0NETWORKLOWNONECOMPLETECOMPLETECOMPLETEHIGH10.0NETWORKLOWNONENONECHANGEDHIGHHIGHHIGHCRITICALCWE-20The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.MISChttp://blog.talosintelligence.com/2017/03/apache-0-day-exploited.htmlhttp://blog.talosintelligence.com/2017/03/apache-0-day-exploited.htmlMISChttps://twitter.com/theog150/status/841146956135124993https://twitter.com/theog150/status/841146956135124993EXPLOIT-DBhttps://exploit-db.com/exploits/4157041570CONFIRMhttps://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519ahttps://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519aCONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlCONFIRMhttps://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228SECTRACKhttp://www.securitytracker.com/id/10379731037973EXPLOIT-DBhttps://www.exploit-db.com/exploits/41614/41614CONFIRMhttps://www.symantec.com/security-center/network-protection-security-advisories/SA145https://www.symantec.com/security-center/network-protection-security-advisories/SA145CONFIRMhttps://support.lenovo.com/us/en/product_security/len-14200https://support.lenovo.com/us/en/product_security/len-14200CONFIRMhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txthttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txtCONFIRMhttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_usCONFIRMhttps://cwiki.apache.org/confluence/display/WW/S2-045https://cwiki.apache.org/confluence/display/WW/S2-045BIDhttp://www.securityfocus.com/bid/9672996729CONFIRMhttps://cwiki.apache.org/confluence/display/WW/S2-046https://cwiki.apache.org/confluence/display/WW/S2-046MISChttps://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/MISChttps://github.com/rapid7/metasploit-framework/issues/8064https://github.com/rapid7/metasploit-framework/issues/8064CONFIRMhttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_usCERT-VNhttps://www.kb.cert.org/vuls/id/834067VU#834067MISChttps://packetstormsecurity.com/files/141494/S2-45-poc.py.txthttps://packetstormsecurity.com/files/141494/S2-45-poc.py.txtMISChttps://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.htmlhttps://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.htmlMISChttps://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/CONFIRMhttps://security.netapp.com/advisory/ntap-20170310-0001/https://security.netapp.com/advisory/ntap-20170310-0001/MISChttp://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/MISChttps://isc.sans.edu/diary/22169https://isc.sans.edu/diary/22169CONFIRMhttps://struts.apache.org/docs/s2-046.htmlhttps://struts.apache.org/docs/s2-046.htmlMISChttps://github.com/mazen160/struts-pwnhttps://github.com/mazen160/struts-pwnMISChttp://www.eweek.com/security/apache-struts-vulnerability-under-attack.htmlhttp://www.eweek.com/security/apache-struts-vulnerability-under-attack.htmlCONFIRMhttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_usCONFIRMhttps://struts.apache.org/docs/s2-045.htmlhttps://struts.apache.org/docs/s2-045.htmlcpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2017-9787HIGH5.0NETWORKLOWNONENONENONEPARTIALMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDNONENONEHIGHHIGHCWE-284When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.BIDhttp://www.securityfocus.com/bid/9956299562SECTRACKhttp://www.securitytracker.com/id/10391151039115CONFIRMhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlMLISThttps://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E[announcements] 20170713 Apache Struts 2.5.12 GA with Security Fixes ReleaseCONFIRMhttps://security.netapp.com/advisory/ntap-20180706-0002/https://security.netapp.com/advisory/ntap-20180706-0002/MLISThttps://lists.apache.org/thread.html/de3d325f0433cd3b42258b6a302c0d7a72b69eedc1480ed561d3b065@%3Cannouncements.struts.apache.org%3E[announcements] 20170810 [ANN] Apache Struts: S2-049 Security Bulletin updateCONFIRMhttp://struts.apache.org/docs/s2-049.htmlhttp://struts.apache.org/docs/s2-049.htmlcpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2017-9791CRITICAL7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGH9.8NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGHCRITICALCWE-20The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.BIDhttp://www.securityfocus.com/bid/9948499484SECTRACKhttp://www.securitytracker.com/id/10388381038838EXPLOIT-DBhttps://www.exploit-db.com/exploits/42324/42324CONFIRMhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlCONFIRMhttps://security.netapp.com/advisory/ntap-20180706-0002/https://security.netapp.com/advisory/ntap-20180706-0002/EXPLOIT-DBhttps://www.exploit-db.com/exploits/44643/44643CONFIRMhttp://struts.apache.org/docs/s2-048.htmlhttp://struts.apache.org/docs/s2-048.htmlcpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2017-9793HIGH5.0NETWORKLOWNONENONENONEPARTIALMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDNONENONEHIGHHIGHCWE-20The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.BIDhttp://www.securityfocus.com/bid/100611100611SECTRACKhttp://www.securitytracker.com/id/10392621039262CONFIRMhttp://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htmhttp://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htmCONFIRMhttps://security.netapp.com/advisory/ntap-20180629-0001/https://security.netapp.com/advisory/ntap-20180629-0001/CISCOhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts220170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017CONFIRMhttps://struts.apache.org/docs/s2-051.htmlhttps://struts.apache.org/docs/s2-051.htmlCONFIRMhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlcpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2017-9804HIGH5.0NETWORKLOWNONENONENONEPARTIALMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDNONENONEHIGHHIGHCWE-399In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672.SECTRACKhttp://www.securitytracker.com/id/10392611039261CONFIRMhttps://security.netapp.com/advisory/ntap-20180629-0001/https://security.netapp.com/advisory/ntap-20180629-0001/CISCOhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts220170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017CONFIRMhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlBIDhttp://www.securityfocus.com/bid/100612100612CONFIRMhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txthttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txtCONFIRMhttps://struts.apache.org/docs/s2-050.htmlhttps://struts.apache.org/docs/s2-050.htmlcpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2017-9805HIGH6.8NETWORKMEDIUMNONEPARTIALPARTIALPARTIALMEDIUM8.1NETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGHHIGHCWE-502The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.CONFIRMhttps://cwiki.apache.org/confluence/display/WW/S2-052https://cwiki.apache.org/confluence/display/WW/S2-052MISChttps://lgtm.com/blog/apache_struts_CVE-2017-9805https://lgtm.com/blog/apache_struts_CVE-2017-9805CONFIRMhttps://bugzilla.redhat.com/show_bug.cgi?id=1488482https://bugzilla.redhat.com/show_bug.cgi?id=1488482CONFIRMhttps://security.netapp.com/advisory/ntap-20170907-0001/https://security.netapp.com/advisory/ntap-20170907-0001/EXPLOIT-DBhttps://www.exploit-db.com/exploits/42627/42627CONFIRMhttps://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifaxhttps://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifaxCISCOhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts220170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017CERT-VNhttps://www.kb.cert.org/vuls/id/112992VU#112992CONFIRMhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlCONFIRMhttps://struts.apache.org/docs/s2-052.htmlhttps://struts.apache.org/docs/s2-052.htmlBIDhttp://www.securityfocus.com/bid/100609100609SECTRACKhttp://www.securitytracker.com/id/10392631039263cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2018-11776HIGH9.3NETWORKMEDIUMNONECOMPLETECOMPLETECOMPLETEHIGH8.1NETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGHHIGHCWE-20Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.SECTRACKhttp://www.securitytracker.com/id/10415471041547EXPLOIT-DBhttps://www.exploit-db.com/exploits/45262/45262CONFIRMhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012BIDhttp://www.securityfocus.com/bid/105125105125SECTRACKhttp://www.securitytracker.com/id/10418881041888CONFIRMhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.htmlCONFIRMhttps://security.netapp.com/advisory/ntap-20181018-0002/https://security.netapp.com/advisory/ntap-20181018-0002/EXPLOIT-DBhttps://www.exploit-db.com/exploits/45367/45367CONFIRMhttps://cwiki.apache.org/confluence/display/WW/S2-057https://cwiki.apache.org/confluence/display/WW/S2-057MISChttps://github.com/hook-s3c/CVE-2018-11776-Python-PoChttps://github.com/hook-s3c/CVE-2018-11776-Python-PoCCONFIRMhttps://security.netapp.com/advisory/ntap-20180822-0001/https://security.netapp.com/advisory/ntap-20180822-0001/CONFIRMhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txthttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txtCONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlCONFIRMhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlMISChttps://lgtm.com/blog/apache_struts_CVE-2018-11776https://lgtm.com/blog/apache_struts_CVE-2018-11776EXPLOIT-DBhttps://www.exploit-db.com/exploits/45260/45260cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2018-1327HIGH5.0NETWORKLOWNONENONENONEPARTIALMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDNONENONEHIGHHIGHCWE-20The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16.SECTRACKhttp://www.securitytracker.com/id/10405751040575MISChttps://cwiki.apache.org/confluence/display/WW/S2-056https://cwiki.apache.org/confluence/display/WW/S2-056CONFIRMhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlCONFIRMhttps://security.netapp.com/advisory/ntap-20180330-0001/https://security.netapp.com/advisory/ntap-20180330-0001/BIDhttp://www.securityfocus.com/bid/103516103516cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*javax.json-1.0.4.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/javax.json-1.0.4.jar569870f975deeeb6691fcb9bc02a95553178f73569fd7a1e5ffc464e680f7a8cc784b85a0e1dec40a1ede965941251eda968aeee052cc4f50378bc316cc48e8159bdbeb4Default provider for JSR 353:Java API for Processing JSONhttps://glassfish.java.net/public/CDDL+GPL_1_1.htmlpomgroupidglassfishpomartifactidjavax.jsonManifestbundle-docurlhttp://www.oracle.compomparent-groupidorg.glassfishjarpackage nameapijarpackage namejsonpomparent-artifactidjsonjarpackage namejavaxjarpackage nameglassfishpomurlhttp://jsonp.java.netManifestextension-namejavax.jsonManifestbundle-symbolicnameorg.glassfish.javax.jsonfilenamejavax.jsonpomnameJSR 353 (JSON Processing) Default Providerpomurlhttp://jsonp.java.netManifestbundle-docurlhttp://www.oracle.comManifestBundle-NameJSR 353 (JSON Processing) Default Providerjarpackage nameapijarpackage namejsonpomparent-groupidorg.glassfishjarpackage namejavaxjarpackage nameglassfishpomparent-artifactidjsonpomgroupidglassfishManifestextension-namejavax.jsonpomartifactidjavax.jsonManifestbundle-symbolicnameorg.glassfish.javax.jsonfilenamejavax.jsonpomnameJSR 353 (JSON Processing) Default ProviderManifestBundle-Version1.0.4ManifestImplementation-Version1.0.4pomversion1.0.4fileversion1.0.4pkg:maven/org.glassfish/javax.json@1.0.4https://ossindex.sonatype.org/component/pkg:maven/org.glassfish/javax.json@1.0.4pkg:maven/org.glassfish/javax.json@1.0.4https://ossindex.sonatype.org/component/pkg:maven/org.glassfish/javax.json@1.0.4hibernate-commons-annotations-4.0.2.Final.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/hibernate-commons-annotations-4.0.2.Final.jar916d4ddfb26db16da75ee8f973fd08ad0094edcc5572efb02e123cc9ef7ad7d0fa5f76cfae6b6708a03a144265ac7bf1def64b18def3b6576a8a52d7a6787d9cf00aa0ecCommon reflection code used in support of annotation processingGNU LESSER GENERAL PUBLIC LICENSE: http://www.gnu.org/licenses/lgpl-2.1.html/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/hibernate-commons-annotations-4.0.2.Final.jarae6b6708a03a144265ac7bf1def64b18def3b6576a8a52d7a6787d9cf00aa0ec0094edcc5572efb02e123cc9ef7ad7d0fa5f76cf916d4ddfb26db16da75ee8f973fd08adManifestimplementation-urlhttp://hibernate.orgManifestImplementation-Vendor-Idhibernate.orgpomartifactidhibernate-commons-annotationsjarpackage namehibernatejarpackage namereflectionManifestImplementation-Vendorhibernate.orgpomgroupidhibernate.commonpomurlhttp://hibernate.orgManifestbundle-symbolicnameorg.hibernate.common.hibernate-commons-annotationsManifestbundle-docurlhttp://hibernate.orgpomnameHibernate Commons Annotationspomorganization nameHibernate.orgjarpackage nameannotationsManifestoriginally-created-byApache Maven Bundle Pluginfilenamehibernate-commons-annotationsjarpackage namecommonpomorganization urlhttp://hibernate.orgManifestimplementation-urlhttp://hibernate.orgjarpackage namehibernatejarpackage namereflectionManifestImplementation-TitleHibernate Commons Annotationspomorganization urlhttp://hibernate.orgManifestBundle-NameHibernate Commons Annotationspomartifactidhibernate-commons-annotationsManifestbundle-symbolicnameorg.hibernate.common.hibernate-commons-annotationsManifestbundle-docurlhttp://hibernate.orgpomnameHibernate Commons Annotationspomorganization nameHibernate.orgpomgroupidhibernate.commonjarpackage nameannotationsManifestoriginally-created-byApache Maven Bundle Pluginfilenamehibernate-commons-annotationsjarpackage namecommonpomurlhttp://hibernate.orgManifestBundle-Version4.0.2.FinalManifestImplementation-Version4.0.2.Finalpomversion4.0.2.Finalpkg:maven/org.hibernate.common/hibernate-commons-annotations@4.0.2.Finalhttps://ossindex.sonatype.org/component/pkg:maven/org.hibernate.common/hibernate-commons-annotations@4.0.2.Finalpkg:maven/org.hibernate.common/hibernate-commons-annotations@4.0.2.Finalhttps://ossindex.sonatype.org/component/pkg:maven/org.hibernate.common/hibernate-commons-annotations@4.0.2.Finalcommons-jcs-core-2.2.1.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/commons-jcs-core-2.2.1.jarfd41b509c3853faf088e5c340402d6093ffac1956b0d88fff8adefdf1e68d69cfe2961917f98edf1e69b32137a2181722dadd1220f61d184414df17061a0e10e40535a2dApache Commons JCS is a distributed, versatile caching system.https://www.apache.org/licenses/LICENSE-2.0.txtpomparent-artifactidcommons-jcspomnameApache Commons JCS :: CoreManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"pomgroupidapache.commonsManifestbundle-docurlhttp://commons.apache.org/proper/commons-jcs/commons-jcs-core/pomparent-groupidorg.apache.commonspomartifactidcommons-jcs-corejarpackage nameapacheManifestImplementation-Vendor-Idorg.apacheManifestspecification-vendorThe Apache Software Foundationfilenamecommons-jcs-coreManifestbundle-symbolicnameorg.apache.commons.commons-jcs-corejarpackage namecommonsManifestimplementation-buildtags/commons-jcs-2.2.1-RC4/commons-jcs-core@r1838701; 2018-08-23 08:44:59+0000jarpackage namejcsManifestimplementation-urlhttp://commons.apache.org/proper/commons-jcs/commons-jcs-core/ManifestImplementation-VendorThe Apache Software FoundationpomnameApache Commons JCS :: CoreManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"Manifestbundle-docurlhttp://commons.apache.org/proper/commons-jcs/commons-jcs-core/jarpackage nameapacheManifestBundle-NameApache Commons JCS :: CoreManifestImplementation-TitleApache Commons JCS :: Corepomartifactidcommons-jcs-coreManifestspecification-titleApache Commons JCS :: Corefilenamecommons-jcs-coreManifestbundle-symbolicnameorg.apache.commons.commons-jcs-corejarpackage namecommonspomgroupidapache.commonsManifestimplementation-buildtags/commons-jcs-2.2.1-RC4/commons-jcs-core@r1838701; 2018-08-23 08:44:59+0000pomparent-groupidorg.apache.commonsjarpackage namejcspomparent-artifactidcommons-jcsManifestimplementation-urlhttp://commons.apache.org/proper/commons-jcs/commons-jcs-core/ManifestBundle-Version2.2.1ManifestImplementation-Version2.2.1fileversion2.2.1pomversion2.2.1pkg:maven/org.apache.commons/commons-jcs-core@2.2.1https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-jcs-core@2.2.1pkg:maven/org.apache.commons/commons-jcs-core@2.2.1https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-jcs-core@2.2.1freemarker-2.3.19.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/freemarker-2.3.19.jar03358fb59a2260a0c37f063e2ba58436a251045e5fadd02824d17f1aa8c412accf1aa1c9c26923394f3f1cf0427f515ee3bb6be66d1a7f4261e6d6f0504fdec63ab85da8
FreeMarker is a "template engine"; a generic tool to generate text output based on templates.
BSD-style license: http://freemarker.org/LICENSE.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/freemarker-2.3.19.jarc26923394f3f1cf0427f515ee3bb6be66d1a7f4261e6d6f0504fdec63ab85da8a251045e5fadd02824d17f1aa8c412accf1aa1c903358fb59a2260a0c37f063e2ba58436pomurlhttp://freemarker.orgfilenamefreemarkerManifestextension-nameFreeMarkerjarpackage namefreemarkercentralgroupidorg.freemarkerpomartifactidfreemarkerpomnameFreeMarkerManifestspecification-vendorVisigoth Software Societyjarpackage namefreemarkerpomgroupidfreemarkerManifestImplementation-VendorVisigoth Software Societyfilenamefreemarkerjarpackage namefreemarkerManifestextension-nameFreeMarkerManifestImplementation-TitleVSS Java FreeMarkerpomnameFreeMarkerManifestspecification-titleFreeMarkerpomgroupidfreemarkercentralartifactidfreemarkerpomurlhttp://freemarker.orgpomartifactidfreemarkerManifestImplementation-Version2.3.19fileversion2.3.19centralversion2.3.19pomversion2.3.19pkg:maven/org.freemarker/freemarker@2.3.19https://ossindex.sonatype.org/component/pkg:maven/org.freemarker/freemarker@2.3.19pkg:maven/org.freemarker/freemarker@2.3.19https://ossindex.sonatype.org/component/pkg:maven/org.freemarker/freemarker@2.3.19animal-sniffer-annotations-1.17.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/animal-sniffer-annotations-1.17.jar7ca108b790cf6ab5dbf5422cc79f0d89f97ce6decaea32b36101e37979f8b647f00681fb92654f493ecfec52082e76354f0ebf87648dc3d5cec2e3c3cdb947c016747a53jarpackage nameanimal_snifferpomartifactidanimal-sniffer-annotationsjarpackage namecodehausjarpackage namemojojarpackage namemojopomparent-groupidorg.codehaus.mojopomgroupidcodehaus.mojopomnameAnimal Sniffer Annotationspomparent-artifactidanimal-sniffer-parentfilenameanimal-sniffer-annotationsjarpackage namecodehauspomartifactidanimal-sniffer-annotationsjarpackage nameanimal_snifferpomparent-artifactidanimal-sniffer-parentjarpackage nameignorejrerequirementpomgroupidcodehaus.mojojarpackage namecodehausjarpackage namemojojarpackage namemojopomparent-groupidorg.codehaus.mojopomnameAnimal Sniffer Annotationsfilenameanimal-sniffer-annotationspomversion1.17fileversion1.17pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.17https://ossindex.sonatype.org/component/pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.17pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.17https://ossindex.sonatype.org/component/pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.17bcel-6.2.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/bcel-6.2.jarf0b8a17310c039ee51d265228ed89d1c2c1499b28bf2638cbdb5fa94350d41a46d2bd4e0d6aff83c840646b922b3658d57898bb5314af4a02d70ebf0f7db8bc46203d72eApache Commons Bytecode Engineering LibraryApache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/bcel-6.2.jard6aff83c840646b922b3658d57898bb5314af4a02d70ebf0f7db8bc46203d72e2c1499b28bf2638cbdb5fa94350d41a46d2bd4e0f0b8a17310c039ee51d265228ed89d1cpomparent-artifactidcommons-parentjarpackage namebcelpomorganization urlhttp://www.apache.org/Manifestimplementation-urlhttp://commons.apache.org/proper/commons-bcelManifestbundle-docurlhttp://commons.apache.org/proper/commons-bcelManifestImplementation-Vendor-Idorg.apache.bcelManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"pomparent-groupidorg.apache.commonsjarpackage nameapacheManifestautomatic-module-nameorg.apache.bcelManifestspecification-vendorThe Apache Software Foundationpomgroupidapache.bcelpomartifactidbcelManifestbundle-symbolicnameorg.apache.bcelpomorganization nameThe Apache Software Foundationpomurlhttp://commons.apache.org/proper/commons-bcelpomnameApache Commons BCELfilenamebcelManifestImplementation-VendorThe Apache Software Foundationpomparent-artifactidcommons-parentpomgroupidapache.bceljarpackage namebcelManifestimplementation-urlhttp://commons.apache.org/proper/commons-bcelManifestbundle-docurlhttp://commons.apache.org/proper/commons-bcelpomurlhttp://commons.apache.org/proper/commons-bcelpomorganization urlhttp://www.apache.org/Manifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"ManifestBundle-NameApache Commons BCELjarpackage nameapacheManifestspecification-titleApache Commons BCELManifestImplementation-TitleApache Commons BCELManifestautomatic-module-nameorg.apache.bcelpomparent-groupidorg.apache.commonspomorganization nameThe Apache Software FoundationManifestbundle-symbolicnameorg.apache.bcelpomartifactidbcelpomnameApache Commons BCELfilenamebcelManifestImplementation-Version6.2pomparent-version6.2fileversion6.2pomversion6.2pkg:maven/org.apache.bcel/bcel@6.2https://ossindex.sonatype.org/component/pkg:maven/org.apache.bcel/bcel@6.2pkg:maven/org.apache.bcel/bcel@6.2https://ossindex.sonatype.org/component/pkg:maven/org.apache.bcel/bcel@6.2annotations-17.0.0.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/annotations-17.0.0.jar7b06437ed47fa7b4a8ec8909f4fb90228ceead41f4e71821919dbdb7a9847608f1a938cb195fb0da046d55bb042e91543484cf1da68b02bb7afbfe031f229e45ac84b3f2A set of annotations used for code inspection support and code documentation.The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txtfilenameannotationsManifestautomatic-module-nameorg.jetbrains.annotationspomgroupidjetbrainsjarpackage nameintellijjarpackage nameannotationsjarpackage namelangpomnameJetBrains Java AnnotationspomurlJetBrains/java-annotationspomartifactidannotationsjarpackage nameannotationscentralgroupidorg.jetbrainsjarpackage namejetbrainsfilenameannotationsManifestautomatic-module-nameorg.jetbrains.annotationspomnameJetBrains Java Annotationsjarpackage nameannotationscentralartifactidannotationsjarpackage nameannotationsjarpackage namelangpomgroupidjetbrainspomurlJetBrains/java-annotationsjarpackage namejetbrainspomartifactidannotationspomversion17.0.0centralversion17.0.0fileversion17.0.0pkg:maven/org.jetbrains/annotations@17.0.0https://ossindex.sonatype.org/component/pkg:maven/org.jetbrains/annotations@17.0.0pkg:maven/org.jetbrains/annotations@17.0.0https://ossindex.sonatype.org/component/pkg:maven/org.jetbrains/annotations@17.0.0contact.js/var/lib/jenkins/workspace/test@2/src/main/webapp/js/contact.js520d4b62598ca9e60024a4e6a0db24fd71f32466e5e5da2c08f97b2ea85e1282c9805a8409a9a9eaf863d4942d45c25ea6c5ff145ab46c380d3ed32286c51a6ad8d84cf4/var/lib/jenkins/workspace/test@2/target/devsecops.war/js/contact.js09a9a9eaf863d4942d45c25ea6c5ff145ab46c380d3ed32286c51a6ad8d84cf471f32466e5e5da2c08f97b2ea85e1282c9805a84520d4b62598ca9e60024a4e6a0db24fd/var/lib/jenkins/workspace/test@2/target/devsecops/js/contact.js09a9a9eaf863d4942d45c25ea6c5ff145ab46c380d3ed32286c51a6ad8d84cf471f32466e5e5da2c08f97b2ea85e1282c9805a84520d4b62598ca9e60024a4e6a0db24fdcommons-lang3-3.1.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/commons-lang3-3.1.jar71b48e6b3e1b1dc73fe705604b9c7584905075e6c80f206bbe6cf1e809d2caa69f420c76131f0519a8e4602e47cf024bfd7e0834bcf5592a7207f9a2fdb711d4f5afc166
Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
http://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/commons-lang3-3.1.jar131f0519a8e4602e47cf024bfd7e0834bcf5592a7207f9a2fdb711d4f5afc166905075e6c80f206bbe6cf1e809d2caa69f420c7671b48e6b3e1b1dc73fe705604b9c7584filenamecommons-lang3pomparent-artifactidcommons-parentpomartifactidcommons-lang3pomgroupidapache.commonspomparent-groupidorg.apache.commonsjarpackage nameapacheManifestImplementation-Vendor-Idorg.apacheManifestbundle-docurlhttp://commons.apache.org/lang/pomurlhttp://commons.apache.org/lang/Manifestspecification-vendorThe Apache Software Foundationjarpackage namecommonspomnameCommons Langjarpackage namelang3Manifestbundle-symbolicnameorg.apache.commons.lang3ManifestImplementation-VendorThe Apache Software FoundationManifestimplementation-buildUNKNOWN_BRANCH@r??????; 2011-11-09 22:58:07-0800pomparent-artifactidcommons-parentfilenamecommons-lang3pomurlhttp://commons.apache.org/lang/jarpackage nameapacheManifestbundle-docurlhttp://commons.apache.org/lang/ManifestBundle-NameCommons Langjarpackage namecommonspomgroupidapache.commonsManifestImplementation-TitleCommons Langpomparent-groupidorg.apache.commonspomnameCommons Langpomartifactidcommons-lang3jarpackage namelang3Manifestspecification-titleCommons LangManifestbundle-symbolicnameorg.apache.commons.lang3Manifestimplementation-buildUNKNOWN_BRANCH@r??????; 2011-11-09 22:58:07-0800pomparent-version3.1fileversion3.1pomversion3.1ManifestImplementation-Version3.1pkg:maven/org.apache.commons/commons-lang3@3.1https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-lang3@3.1pkg:maven/org.apache.commons/commons-lang3@3.1https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-lang3@3.1joda-time-2.9.9.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/joda-time-2.9.9.jareca438c8cc2b1de38e28d884b7f15dbcf7b520c458572890807d143670c9b24f4de90897b049a43c1057942e6acfbece008e4949b2e35d1658d0c8e06f4485397e2fa4e7Date and time library to replace JDK date handlingApache 2: http://www.apache.org/licenses/LICENSE-2.0.txtManifestbundle-docurlhttp://www.joda.org/joda-time/pomurlhttp://www.joda.org/joda-time/Manifestspecification-vendorJoda.orgpomartifactidjoda-timepomorganization urlhttp://www.joda.orgManifestextension-namejoda-timepomorganization nameJoda.orgfilenamejoda-timejarpackage nametimeManifestImplementation-Vendor-Idorg.jodaManifestImplementation-VendorJoda.orgpomnameJoda-TimeManifestimplementation-urlhttp://www.joda.org/joda-time/jarpackage namejodapomgroupidjoda-timeManifestbundle-symbolicnamejoda-timeManifestspecification-titleJoda-TimeManifestbundle-docurlhttp://www.joda.org/joda-time/Manifestextension-namejoda-timepomorganization nameJoda.orgfilenamejoda-timeManifestBundle-NameJoda-Timejarpackage nametimeManifestImplementation-Titleorg.joda.timepomartifactidjoda-timepomurlhttp://www.joda.org/joda-time/pomnameJoda-Timepomorganization urlhttp://www.joda.orgManifestimplementation-urlhttp://www.joda.org/joda-time/pomgroupidjoda-timejarpackage namejodaManifestbundle-symbolicnamejoda-timefileversion2.9.9pomversion2.9.9ManifestBundle-Version2.9.9ManifestImplementation-Version2.9.9pkg:maven/joda-time/joda-time@2.9.9https://ossindex.sonatype.org/component/pkg:maven/joda-time/joda-time@2.9.9pkg:maven/joda-time/joda-time@2.9.9https://ossindex.sonatype.org/component/pkg:maven/joda-time/joda-time@2.9.9mailapi-1.6.2.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/mailapi-1.6.2.jarb89a9ff8ac681f01dfd06798a008f0af208b6439dfbe6713c384ebf54ecd62cd4423cc50d37c0f88efa5973ccb4100f4cc49aee3510cd01ab25012d1f085b1b798ae2ebbJavaMail API (no providers)https://javaee.github.io/javamail/LICENSEManifest (hint)Implementation-Vendorsunpomparent-artifactidallpomgroupidsun.mailManifestbundle-docurlhttp://www.oracle.comfilenamemailapijarpackage namemailpomartifactidmailapijar (hint)package nameoracleManifestImplementation-Vendor-Idcom.sunManifestspecification-vendorOracleManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"jarpackage namejavaxManifestextension-namecom.sun.mail.mailapiManifestautomatic-module-namejava.mailManifest (hint)specification-vendorsunpomnameJavaMail API (no providers)Manifestoriginally-created-byApache Maven Bundle PluginManifestImplementation-VendorOracleManifestprobe-provider-xml-file-namesManifestbundle-symbolicnamejavax.mail.apijarpackage namesunpomparent-groupidcom.sun.mailpomparent-artifactidallManifestbundle-docurlhttp://www.oracle.comfilenamemailapijarpackage namemailManifestImplementation-Titlecom.sun.mail.mailapiManifestrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"jarpackage namejavaxjarpackage nameversionpomparent-groupidcom.sun.mailpomartifactidmailapiManifestextension-namecom.sun.mail.mailapiManifestautomatic-module-namejava.mailManifestspecification-titlecom.sun.mail.mailapipomnameJavaMail API (no providers)Manifestoriginally-created-byApache Maven Bundle PluginManifestBundle-NameJavaMail API (no providers)Manifestprobe-provider-xml-file-namesManifestbundle-symbolicnamejavax.mail.apijarpackage namesunpomgroupidsun.mailfileversion1.6.2ManifestBundle-Version1.6.2ManifestImplementation-Version1.6.2pomversion1.6.2pkg:maven/com.sun.mail/mailapi@1.6.2https://ossindex.sonatype.org/component/pkg:maven/com.sun.mail/mailapi@1.6.2pkg:maven/com.sun.mail/mailapi@1.6.2https://ossindex.sonatype.org/component/pkg:maven/com.sun.mail/mailapi@1.6.2h2-1.4.196.jar: data.zip: table.js/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/h2-1.4.196.jar/org/h2/util/data.zip/org/h2/server/web/res/table.jsa914a66de53dcdeb39684f1ce8ce8527c41ef5fb193ac25622f4e129470339aec24d731a8c5b079b38e94718bb58a71b0e310bad6c1004670a19c1bc0f63b32fdd81134ah2-1.4.196.jar: data.zip: tree.js/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/h2-1.4.196.jar/org/h2/util/data.zip/org/h2/server/web/res/tree.js495277155635a72b0c69f987d938b6e1446cad47e33a62baf330ee5200646b5ccb9c0df914c797bd700570c38e8af1aa50ecea205a385be466ec9431e46dbe586ce7a61cstruts2-core-2.3.8.jar: validation.js/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/struts2-core-2.3.8.jar/template/css_xhtml/validation.js37ed34e2e84c52abfbce27316c5aa5ab18ad7aa804605489e17b8d32b799005e3887e6d5513b90f5c49bd6b2296f4bf3484e621d5bf13895ce33eb18fde229c02f332010/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/struts2-core-2.3.8.jar/template/css_xhtml/validation.js513b90f5c49bd6b2296f4bf3484e621d5bf13895ce33eb18fde229c02f33201018ad7aa804605489e17b8d32b799005e3887e6d537ed34e2e84c52abfbce27316c5aa5abstruts2-core-2.3.8.jar: validation.js/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/struts2-core-2.3.8.jar/template/xhtml/validation.js5cd9d63907b5b68b3f87c16e30215f96d1894e98d8f67796dcf1c43940204d044a2e8a53db3db93404b56482cf98eb6b379f57b154c832ba3f73b1a261e4830951c6d2b3/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/struts2-core-2.3.8.jar/template/xhtml/validation.jsdb3db93404b56482cf98eb6b379f57b154c832ba3f73b1a261e4830951c6d2b3d1894e98d8f67796dcf1c43940204d044a2e8a535cd9d63907b5b68b3f87c16e30215f96struts2-core-2.3.8.jar: webconsole.js/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/struts2-core-2.3.8.jar/org/apache/struts2/interceptor/debugging/webconsole.jsd917c7e3dcaadafd7a985de498c4d7ecc6bf9311b8f57ee82d23916e3393f78d608a43c2b85caebe4fe7f089e0abb0cedfdaeacfce178ba70e13811e09f73e36bd4897ed/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/struts2-core-2.3.8.jar/org/apache/struts2/interceptor/debugging/webconsole.jsb85caebe4fe7f089e0abb0cedfdaeacfce178ba70e13811e09f73e36bd4897edc6bf9311b8f57ee82d23916e3393f78d608a43c2d917c7e3dcaadafd7a985de498c4d7ecstruts2-core-2.3.8.jar: utils.js/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/struts2-core-2.3.8.jar/org/apache/struts2/static/utils.js3c198bb745496d1069014c2f354a76dcc4a636bba8a83b9b3545e631afb8214a28f3d5f98a2ddd072cdc7e97d57427ba55b4aba71d7a01925dac2020d2618a2dcedad99c/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/struts2-core-2.3.8.jar/org/apache/struts2/static/utils.js8a2ddd072cdc7e97d57427ba55b4aba71d7a01925dac2020d2618a2dcedad99cc4a636bba8a83b9b3545e631afb8214a28f3d5f93c198bb745496d1069014c2f354a76dcstruts2-core-2.3.8.jar: domTT.js/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/struts2-core-2.3.8.jar/org/apache/struts2/static/domTT.js44ed51154c7fa928005f39bbbed7d01a5584aa1028220f041ff7d89c48e9e8ffeaa0525660c72fad5a9688fc6a143176d84814b9ea2c4c9c882b4799921b950c415b961e/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/struts2-core-2.3.8.jar/org/apache/struts2/static/domTT.js60c72fad5a9688fc6a143176d84814b9ea2c4c9c882b4799921b950c415b961e5584aa1028220f041ff7d89c48e9e8ffeaa0525644ed51154c7fa928005f39bbbed7d01astruts2-core-2.3.8.jar: optiontransferselect.js/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/struts2-core-2.3.8.jar/org/apache/struts2/static/optiontransferselect.jsde5f040192eb49fadbfd0f46ab7573df1c57bcc13707d9d04e244a7caf3b1cc32d4e6998c437d3f691f467d25225e4d710b3a7508b8bd4e194607baf8301da306450b02b/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/struts2-core-2.3.8.jar/org/apache/struts2/static/optiontransferselect.jsc437d3f691f467d25225e4d710b3a7508b8bd4e194607baf8301da306450b02b1c57bcc13707d9d04e244a7caf3b1cc32d4e6998de5f040192eb49fadbfd0f46ab7573dfstruts2-core-2.3.8.jar: inputtransferselect.js/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/struts2-core-2.3.8.jar/org/apache/struts2/static/inputtransferselect.jscb108ba1100f77a6ef02e9e051333508c6dfa1f3664578a6f65c620ce172bc731d1224e453f55339da9ef84edba21df53bd55a975e955e742b24440efc0583447682b0b8/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/struts2-core-2.3.8.jar/org/apache/struts2/static/inputtransferselect.js53f55339da9ef84edba21df53bd55a975e955e742b24440efc0583447682b0b8c6dfa1f3664578a6f65c620ce172bc731d1224e4cb108ba1100f77a6ef02e9e051333508dependency-check-core-5.2.1.jar: jquery-3.4.1.min.js/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/dependency-check-core-5.2.1.jar/templates/scripts/jquery-3.4.1.min.js220afd743d9e9643852e31a135a9f3ae88523924351bac0b5d560fe0c5781e2556e7693d0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089adependency-check-core-5.2.1.jar: GrokAssembly.zip: System.Reflection.Metadata.dll/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/dependency-check-core-5.2.1.jar/GrokAssembly.zip/System.Reflection.Metadata.dll5e6125aa4a7c0ca54f73a9e6833ef404303d712269ebbaac476f8b6db4472bd2464bd3ce2e180767f1415cb5bbed14450e1d4003cf56a9da6aeaf91ce969a4b9d2a54314filenameSystem.Reflection.MetadatafilenameSystem.Reflection.Metadatadependency-check-core-5.2.1.jar: GrokAssembly.zip: GrokAssembly.dll/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/dependency-check-core-5.2.1.jar/GrokAssembly.zip/GrokAssembly.dll3436d483f09388fe16d1c559dd33157431acefe2e2ae79bdea3622385c6af63ae2de18ed662b0c74b1a87c2ac5861f238a47f08a7c1d2e6ab79ea104baec8680110aba1dfilenameGrokAssemblyfilenameGrokAssemblydependency-check-core-5.2.1.jar: GrokAssembly.zip: System.Collections.Immutable.dll/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/dependency-check-core-5.2.1.jar/GrokAssembly.zip/System.Collections.Immutable.dlld8203aedaabeac1e606cd0e2af397d01eef943e4369166a039dee90f2d81504613d49ca02f05a2c489c2d30a6cca346d4ce184323d70eb4f5afa6bed34d5800274444e57filenameSystem.Collections.ImmutablefilenameSystem.Collections.Immutable