5.2.1NVD CVE Checked2019-08-22T22:02:44NVD CVE Modified2019-08-22T21:33:49VersionCheckOn2019-08-22T22:02:44Devsecops2019-08-24T07:41:56.905ZThis report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community.javax.inject-1.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/javax.inject-1.jar289075e48b909e9e74e6c915b3631d2e6975da39a7040257bd51d21a231b76c915872d3891c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ffThe javax.inject APIThe Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtgroupidjavax.injectnamejavax.injectpackage nameinjectgroupidjavax.injectpackage namejavaxurlhttp://code.google.com/p/atinject/artifactidjavax.injectnamejavax.inject-1urlhttp://code.google.com/p/atinject/namejavax.injectpackage nameinjectartifactidjavax.injectartifactidjavax.injectnamejavax.inject-1groupidjavax.injectversion1version1version1pkg:maven/javax.inject/javax.inject@1https://ossindex.sonatype.org/component/pkg:maven/javax.inject/javax.inject@1pkg:maven/javax.inject/javax.inject@1https://ossindex.sonatype.org/component/pkg:maven/javax.inject/javax.inject@1commons-text-1.7.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/commons-text-1.7.jarb621c9817128bb34db92a04c6137379d4d7d6dc210f80d0bff18645cc534a0c45324d0d68434bbfb887e7a0f3dfef92ac84e783f847bc0f0f43b8cc9e026646b137b6065Apache Commons Text is a library focused on algorithms working on strings.https://www.apache.org/licenses/LICENSE-2.0.txtbundle-symbolicnameorg.apache.commons.commons-textImplementation-Vendor-Idorg.apache.commonsnameApache Commons Textparent-artifactidcommons-parentrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"groupidapache.commonsimplementation-urlhttp://commons.apache.org/proper/commons-textparent-groupidorg.apache.commonspackage nameapacheautomatic-module-nameorg.apache.commons.textnamecommons-textspecification-vendorThe Apache Software Foundationpackage namecommonsurlhttp://commons.apache.org/proper/commons-textpackage nametextbundle-docurlhttp://commons.apache.org/proper/commons-textartifactidcommons-textImplementation-VendorThe Apache Software Foundationbundle-symbolicnameorg.apache.commons.commons-textparent-artifactidcommons-parentnameApache Commons Textrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"artifactidcommons-textimplementation-urlhttp://commons.apache.org/proper/commons-textpackage nameapachespecification-titleApache Commons TextImplementation-TitleApache Commons Textautomatic-module-nameorg.apache.commons.textnamecommons-texturlhttp://commons.apache.org/proper/commons-textpackage namecommonsgroupidapache.commonsparent-groupidorg.apache.commonspackage nametextbundle-docurlhttp://commons.apache.org/proper/commons-textBundle-NameApache Commons Textversion1.7version1.7parent-version1.7Implementation-Version1.7pkg:maven/org.apache.commons/commons-text@1.7https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-text@1.7pkg:maven/org.apache.commons/commons-text@1.7https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-text@1.7h2-1.4.196.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/h2-1.4.196.jar4ce376a2466f5b29573fc3e40606af6bdd0034398d593aa3588c6773faac429bbd9aea0e0a05f4a0d5b85840148aadce63a423b5d3c36ef44756389b4faad08d2733faf5H2 Database EngineMPL 2.0 or EPL 1.0: http://h2database.com/html/license.htmlprovide-capabilityosgi.service;objectClass:List=org.osgi.service.jdbc.DataSourceFactoryurlhttp://www.h2database.comnameh2package nameh2groupidcom.h2databasepackage nameh2implementation-urlhttp://www.h2database.comnameH2 Database Enginebundle-symbolicnameorg.h2groupidh2databaseartifactidh2bundle-categoryjdbcprovide-capabilityosgi.service;objectClass:List=org.osgi.service.jdbc.DataSourceFactorynameh2artifactidh2Implementation-TitleH2 Database Enginepackage nameh2package nameserviceimplementation-urlhttp://www.h2database.comBundle-NameH2 Database Engineartifactidh2nameH2 Database Engineurlhttp://www.h2database.combundle-symbolicnameorg.h2package nameenginegroupidh2databasepackage namedatabasebundle-categoryjdbcpackage namejdbcImplementation-Version1.4.196Bundle-Version1.4.196version1.4.196version1.4.196version1.4.196pkg:maven/com.h2database/h2@1.4.196https://ossindex.sonatype.org/component/pkg:maven/com.h2database/h2@1.4.196pkg:maven/com.h2database/h2@1.4.196https://ossindex.sonatype.org/component/pkg:maven/com.h2database/h2@1.4.196jcip-annotations-1.0.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/jcip-annotations-1.0.jar9d5272954896c5a5d234f66b7372b17aafba4942caaeaf46aab0b976afd57cc7c181467ebe5805392060c71474bf6c9a67a099471274d30b83eef84bfc4e0889a4f1dcc0/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/jcip-annotations-1.0.jarbe5805392060c71474bf6c9a67a099471274d30b83eef84bfc4e0889a4f1dcc0afba4942caaeaf46aab0b976afd57cc7c181467e9d5272954896c5a5d234f66b7372b17anamejcip-annotationsurlhttp://jcip.net/groupidnet.jcippackage namenetgroupidnet.jcippackage nameannotationsartifactidjcip-annotationsname"Java Concurrency in Practice" book annotationspackage namejcipnamejcip-annotationsurlhttp://jcip.net/artifactidjcip-annotationsartifactidjcip-annotationspackage nameannotationsname"Java Concurrency in Practice" book annotationsgroupidnet.jcippackage namejcipversion1.0version1.0version1.0pkg:maven/net.jcip/jcip-annotations@1.0https://ossindex.sonatype.org/component/pkg:maven/net.jcip/jcip-annotations@1.0pkg:maven/net.jcip/jcip-annotations@1.0https://ossindex.sonatype.org/component/pkg:maven/net.jcip/jcip-annotations@1.0jboss-logging-3.1.0.GA.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/jboss-logging-3.1.0.GA.jar735bcea3e47fd715900cfb95ec68b50fc71f2856e7b60efe485db39b37a31811e6c84365dea2fe7895033bdbbe2c1688ad08a0588d9d9b0f17d53349081cc20dda31353eThe JBoss Logging FrameworkGNU Lesser General Public License, version 2.1: http://www.gnu.org/licenses/lgpl-2.1.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/jboss-logging-3.1.0.GA.jardea2fe7895033bdbbe2c1688ad08a0588d9d9b0f17d53349081cc20dda31353ec71f2856e7b60efe485db39b37a31811e6c84365735bcea3e47fd715900cfb95ec68b50furlhttp://www.jboss.orgnamejboss-loggingpackage nameloggingImplementation-VendorJBoss by Red Hatbundle-docurlhttp://www.jboss.orgparent-artifactidjboss-parentbundle-symbolicnameorg.jboss.logging.jboss-loggingnameJBoss Logging 3package namejbossspecification-vendorJBoss by Red Hatimplementation-urlhttp://www.jboss.orggroupidjboss.loggingparent-groupidorg.jbossImplementation-Vendor-Idorg.jboss.loggingartifactidjboss-loggingparent-artifactidjboss-parentnamejboss-loggingpackage nameloggingbundle-docurlhttp://www.jboss.orgbundle-symbolicnameorg.jboss.logging.jboss-loggingnameJBoss Logging 3urlhttp://www.jboss.orgpackage namejbossgroupidjboss.loggingimplementation-urlhttp://www.jboss.orgparent-groupidorg.jbossspecification-titleJBoss Logging 3artifactidjboss-loggingBundle-NameJBoss Logging 3Implementation-TitleJBoss Logging 3version3.1.0.GABundle-Version3.1.0.GAparent-version3.1.0.GAImplementation-Version3.1.0.GApkg:maven/org.jboss.logging/jboss-logging@3.1.0.GAhttps://ossindex.sonatype.org/component/pkg:maven/org.jboss.logging/jboss-logging@3.1.0.GApkg:maven/org.jboss.logging/jboss-logging@3.1.0.GAhttps://ossindex.sonatype.org/component/pkg:maven/org.jboss.logging/jboss-logging@3.1.0.GAguava-28.0-jre.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/guava-28.0-jre.jar6eb33b6c6d29d7f6cfece0543f13fad354fed371b4b8a8cce1e94a9abd9620982d3aa54b73e4d6ae5f0e8f9d292a4db83a2479b5468f83d972ac1ff36d6d0b43943b4f91
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
http://www.apache.org/licenses/LICENSE-2.0.txtpackage namegooglenameGuava: Google Core Libraries for Javarequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"bundle-symbolicnamecom.google.guavaparent-groupidcom.google.guavaautomatic-module-namecom.google.commonnameguavagroupidgoogle.guavaartifactidguavapackage namecommonbundle-docurlhttps://github.com/google/guava/parent-artifactidguava-parentpackage namegooglenameGuava: Google Core Libraries for Javarequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"parent-artifactidguava-parentartifactidguavabundle-symbolicnamecom.google.guavaparent-groupidcom.google.guavaautomatic-module-namecom.google.commongroupidgoogle.guavanameguavaBundle-NameGuava: Google Core Libraries for Javapackage namecommonbundle-docurlhttps://github.com/google/guava/version28.0-jrepkg:maven/com.google.guava/guava@28.0-jrehttps://ossindex.sonatype.org/component/pkg:maven/com.google.guava/guava@28.0-jrepkg:maven/com.google.guava/guava@28.0-jrehttps://ossindex.sonatype.org/component/pkg:maven/com.google.guava/guava@28.0-jrejquery.scrollUp.min.js/var/lib/jenkins/workspace/test@2/src/main/webapp/js/jquery.scrollUp.min.jscbe4344d551f7c153fb3b84c44f2db8d4c88929519b25690084dd3a91df86dab3c6316a9d2c96e4da11d59d025a80d8f5abc2d6a375e3f18f67ddd5051244234f50c2cf6/var/lib/jenkins/workspace/test@2/target/devsecops/js/jquery.scrollUp.min.jsd2c96e4da11d59d025a80d8f5abc2d6a375e3f18f67ddd5051244234f50c2cf64c88929519b25690084dd3a91df86dab3c6316a9cbe4344d551f7c153fb3b84c44f2db8d/var/lib/jenkins/workspace/test@2/target/devsecops.war/js/jquery.scrollUp.min.jsd2c96e4da11d59d025a80d8f5abc2d6a375e3f18f67ddd5051244234f50c2cf64c88929519b25690084dd3a91df86dab3c6316a9cbe4344d551f7c153fb3b84c44f2db8dasm-commons-3.3.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/asm-commons-3.3.jar47d6178194c38fc70d4e27db08ae5d103630d2095238beee3f94670af3d9a9dc115ce8871cc6e5bcfab550397289875ac133d86562d4ec2f3875afa7c5c033d1f0ee96af/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/asm-commons-3.3.jar1cc6e5bcfab550397289875ac133d86562d4ec2f3875afa7c5c033d1f0ee96af3630d2095238beee3f94670af3d9a9dc115ce88747d6178194c38fc70d4e27db08ae5d10package nameobjectwebparent-artifactidasm-parentartifactidasm-commonsImplementation-VendorFrance Telecom R&Dnameasm-commonsgroupidasmpackage nameasmnameASM Commonsgroupidasmpackage namecommonsartifactidasm-commonsartifactidasm-commonsparent-artifactidasm-parentnameasm-commonspackage namecommonsImplementation-TitleASM commonspackage nameasmpackage nameasmnameASM Commonsgroupidasmpackage namecommonsImplementation-Version3.3version3.3version3.3version3.3pkg:maven/asm/asm-commons@3.3https://ossindex.sonatype.org/component/pkg:maven/asm/asm-commons@3.3pkg:maven/asm/asm-commons@3.3https://ossindex.sonatype.org/component/pkg:maven/asm/asm-commons@3.3lucene-core-8.2.0.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/lucene-core-8.2.0.jar38017372e81035c484ad5cf94d88d8eaf6da40436d3633de272810fae1e339c237adfcf625564b27cebe18a5f0e988b5aeee342e1dd163b2dfca888eb1cea4dcadb32dd2Apache Lucene Java Core/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/lucene-queryparser-8.2.0.jar25564b27cebe18a5f0e988b5aeee342e1dd163b2dfca888eb1cea4dcadb32dd28925df7b104e78e308e236ff0740a064dd93cadd26da5109a008179e59c6f3c39b46a5dapkg:maven/org.apache.lucene/lucene-queryparser@8.2.0https://ossindex.sonatype.org/component/pkg:maven/org.apache.lucene/lucene-queryparser@8.2.0/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/lucene-queries-8.2.0.jar25564b27cebe18a5f0e988b5aeee342e1dd163b2dfca888eb1cea4dcadb32dd25da383678cb0a35a07ccb03487ba00cf184d1d71e9fae556c8d24a4273d8600b851b33e7pkg:maven/org.apache.lucene/lucene-queries@8.2.0https://ossindex.sonatype.org/component/pkg:maven/org.apache.lucene/lucene-queries@8.2.0/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/lucene-sandbox-8.2.0.jar25564b27cebe18a5f0e988b5aeee342e1dd163b2dfca888eb1cea4dcadb32dd2f50931f1db40cdcc31e5044439d4e5522a23f6c11de8e63c42e6db085d15d82ee5628921pkg:maven/org.apache.lucene/lucene-sandbox@8.2.0https://ossindex.sonatype.org/component/pkg:maven/org.apache.lucene/lucene-sandbox@8.2.0/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/lucene-analyzers-common-8.2.0.jar25564b27cebe18a5f0e988b5aeee342e1dd163b2dfca888eb1cea4dcadb32dd28e8abc90572ed74b110c75b546c675153aecc57067e169936aefc775697cdf759794e31bpkg:maven/org.apache.lucene/lucene-analyzers-common@8.2.0https://ossindex.sonatype.org/component/pkg:maven/org.apache.lucene/lucene-analyzers-common@8.2.0groupidorg.apache.luceneextension-nameorg.apache.luceneparent-groupidorg.apache.lucenepackage nameapacheartifactidlucene-corenamelucene-corepackage namelucenepackage namelucenepackage nameorgpackage nameapachespecification-vendorThe Apache Software Foundationparent-artifactidlucene-parentgroupidapache.lucenemulti-releasetruenameLucene CoreImplementation-VendorThe Apache Software Foundationspecification-titleLucene Search Engine: coreartifactidlucene-coreextension-nameorg.apache.lucenegroupidapache.lucenenamelucene-corepackage namelucenepackage nameluceneartifactidlucene-corepackage nameorgpackage nameapachepackage namesearchparent-groupidorg.apache.luceneImplementation-Titleorg.apache.luceneparent-artifactidlucene-parentmulti-releasetruenameLucene Coreversion8.2.0version8.2.0version8.2.0pkg:maven/org.apache.lucene/lucene-core@8.2.0https://ossindex.sonatype.org/component/pkg:maven/org.apache.lucene/lucene-core@8.2.0pkg:maven/org.apache.lucene/lucene-core@8.2.0https://ossindex.sonatype.org/component/pkg:maven/org.apache.lucene/lucene-core@8.2.0packageurl-java-1.1.0.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/packageurl-java-1.1.0.jar261fa48c4d0c6a302e2b8ecc65ce3431e8969ecdafc70aad1b66521fcb5b8b252c1836b05b67a1b886af568ec31a630ee960635c3b01a6adc363d863d9d1f48843beac05The official Java implementation of the PackageURL specification. PackageURL (purl) is a minimal
specification for describing a package via a "mostly universal" URL.
MIT: https://opensource.org/licenses/MITartifactidpackageurl-javagroupidgithub.package-urlnamepackageurl-javapackage namepackageurlnamePackage URLurlpackage-url/packageurl-javapackage namegithubpackage namegithubpackage namepackageurlartifactidpackageurl-javagroupidgithub.package-urlnamepackageurl-javapackage namepackageurlnamePackage URLpackage namegithuburlpackage-url/packageurl-javapackage namepackageurlversion1.1.0version1.1.0pkg:maven/com.github.package-url/packageurl-java@1.1.0https://ossindex.sonatype.org/component/pkg:maven/com.github.package-url/packageurl-java@1.1.0pkg:maven/com.github.package-url/packageurl-java@1.1.0https://ossindex.sonatype.org/component/pkg:maven/com.github.package-url/packageurl-java@1.1.0findsecbugs-plugin-1.9.0.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/findsecbugs-plugin-1.9.0.jar835db1e3bea68fbec6d8ab3b78a43faff8b7b42c7008ad126ac12b5ee4ade33ca9ef56a10e2fcbdd15e6c333b6450c63e2f4ee89f0f3d4f85862e41c0b1d3e5de9a566c9
Core module of the project. It include all the FindBugs detectors.
The resulting jar is the published plugin.
parent-artifactidfindsecbugs-root-pomgroupidh3xstream.findsecbugsnamefindsecbugs-plugingroupidcom.h3xstream.findsecbugspackage nameh3xstreamparent-groupidcom.h3xstream.findsecbugsartifactidfindsecbugs-pluginpackage namefindsecbugsnameFind Security Bugs Plugingroupidh3xstream.findsecbugsnamefindsecbugs-pluginartifactidfindsecbugs-pluginparent-artifactidfindsecbugs-root-pomartifactidfindsecbugs-pluginparent-groupidcom.h3xstream.findsecbugspackage namefindsecbugsnameFind Security Bugs Pluginversion1.9.0version1.9.0version1.9.0pkg:maven/com.h3xstream.findsecbugs/findsecbugs-plugin@1.9.0https://ossindex.sonatype.org/component/pkg:maven/com.h3xstream.findsecbugs/findsecbugs-plugin@1.9.0pkg:maven/com.h3xstream.findsecbugs/findsecbugs-plugin@1.9.0https://ossindex.sonatype.org/component/pkg:maven/com.h3xstream.findsecbugs/findsecbugs-plugin@1.9.0javassist-3.11.0.GA.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/javassist-3.11.0.GA.jarcb8f91e65864b85c8c6f87164e3252a52c00105734a57e9ee4f27e4b17cd43200e5f0ff8aa8c27fc46be68c58c25eab15bf3073587945e009455385da78439dea684ef58Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
simple. It is a class library for editing bytecodes in Java.
/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/javassist-3.11.0.GA.jaraa8c27fc46be68c58c25eab15bf3073587945e009455385da78439dea684ef582c00105734a57e9ee4f27e4b17cd43200e5f0ff8cb8f91e65864b85c8c6f87164e3252a5package namejavassistartifactidjavassistspecification-vendorShigeru Chiba, Tokyo Institute of TechnologygroupidjavassistnameJavassisturlhttp://www.javassist.org/namejavassistgroupidjavassistartifactidjavassistpackage namejavassistspecification-titleJavassistnameJavassisturlhttp://www.javassist.org/namejavassistgroupidjavassistartifactidjavassistversion3.11.0.GAspecification-version3.11.0.GAversion3.11.0.GApkg:maven/javassist/javassist@3.11.0.GAhttps://ossindex.sonatype.org/component/pkg:maven/javassist/javassist@3.11.0.GApkg:maven/javassist/javassist@3.11.0.GAhttps://ossindex.sonatype.org/component/pkg:maven/javassist/javassist@3.11.0.GAjquery.prettyPhoto.js/var/lib/jenkins/workspace/test@2/target/devsecops/js/jquery.prettyPhoto.js51d2c2977e3dbb58e8ee5a5f52673aa081e3ee36772fe61b742073a973be1fb840a5cafa7d4adb5e9401f2d3c71467d1c2ab1a153e5b65fdc1d9f90ba7504fd700d7fac6/var/lib/jenkins/workspace/test@2/src/main/webapp/js/jquery.prettyPhoto.js7d4adb5e9401f2d3c71467d1c2ab1a153e5b65fdc1d9f90ba7504fd700d7fac681e3ee36772fe61b742073a973be1fb840a5cafa51d2c2977e3dbb58e8ee5a5f52673aa0/var/lib/jenkins/workspace/test@2/target/devsecops.war/js/jquery.prettyPhoto.js7d4adb5e9401f2d3c71467d1c2ab1a153e5b65fdc1d9f90ba7504fd700d7fac681e3ee36772fe61b742073a973be1fb840a5cafa51d2c2977e3dbb58e8ee5a5f52673aa0namejquery.prettyPhotonamejquery.prettyPhotoversion3.1.5pkg:javascript/jquery.prettyPhoto@3.1.5https://ossindex.sonatype.org/component/pkg:javascript/jquery.prettyPhoto@3.1.5pkg:javascript/jquery.prettyPhoto@3.1.5https://ossindex.sonatype.org/component/pkg:javascript/jquery.prettyPhoto@3.1.5Vulnerability in jquery.prettyPhotohighhttps://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphotoinfohttps://github.com/scaron/prettyphoto/issues/149infospring-vault-core-2.1.1.RELEASE.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/spring-vault-core-2.1.1.RELEASE.jar7c0a62fa72e6dfc1d57aef0a34294fc1ab5e3c0c6c40eac30993260cf4a0912499991a7137cb59f9a16901414b1debeeb7aed013d1ec631a3d5a5963222e7119fdfbb881Spring Vault Core Components/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/spring-vault-core-2.1.1.RELEASE.jar37cb59f9a16901414b1debeeb7aed013d1ec631a3d5a5963222e7119fdfbb881ab5e3c0c6c40eac30993260cf4a0912499991a717c0a62fa72e6dfc1d57aef0a34294fc1artifactidspring-vault-corepackage namecoregroupidspringframework.vaultpackage namespringframeworknameSpring Vault Corepackage namevaultparent-artifactidspring-vault-parentnamespring-vault-coreparent-groupidorg.springframework.vaultautomatic-module-namespring.vault.coreartifactidspring-vault-corepackage namecoreparent-groupidorg.springframework.vaultImplementation-TitleSpring Vault Corepackage namespringframeworkparent-artifactidspring-vault-parentnameSpring Vault Corepackage namevaultnamespring-vault-coregroupidspringframework.vaultautomatic-module-namespring.vault.coreImplementation-Version2.1.1.RELEASEversion2.1.1.RELEASEpkg:maven/org.springframework.vault/spring-vault-core@2.1.1.RELEASEhttps://ossindex.sonatype.org/component/pkg:maven/org.springframework.vault/spring-vault-core@2.1.1.RELEASEpkg:maven/org.springframework.vault/spring-vault-core@2.1.1.RELEASEhttps://ossindex.sonatype.org/component/pkg:maven/org.springframework.vault/spring-vault-core@2.1.1.RELEASEbootstrap.min.js/var/lib/jenkins/workspace/test@2/target/devsecops/js/bootstrap.min.js903657654e9be147571c1b0c4a657fc41261cc1e82c337ffd44b2b576c8685f7d77d51397f02a98976eb67a5f01fcb8d4f3220a5d7a8a757d9a41352b4d20f89036923dc/var/lib/jenkins/workspace/test@2/target/devsecops.war/js/bootstrap.min.js7f02a98976eb67a5f01fcb8d4f3220a5d7a8a757d9a41352b4d20f89036923dc1261cc1e82c337ffd44b2b576c8685f7d77d5139903657654e9be147571c1b0c4a657fc4/var/lib/jenkins/workspace/test@2/src/main/webapp/js/bootstrap.min.js7f02a98976eb67a5f01fcb8d4f3220a5d7a8a757d9a41352b4d20f89036923dc1261cc1e82c337ffd44b2b576c8685f7d77d5139903657654e9be147571c1b0c4a657fc4namebootstrapnamebootstrapversion3.0.3pkg:javascript/bootstrap@3.0.3https://ossindex.sonatype.org/component/pkg:javascript/bootstrap@3.0.3pkg:javascript/bootstrap@3.0.3https://ossindex.sonatype.org/component/pkg:javascript/bootstrap@3.0.3CVE-2018-14040MEDIUM4.3NETWORKMEDIUMNONENONENONENONEMEDIUM6.1NETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONEMEDIUMCWE-79In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.https://github.com/twbs/bootstrap/issues/26423https://github.com/twbs/bootstrap/issues/26423https://github.com/twbs/bootstrap/issues/20184infohttps://seclists.org/bugtraq/2019/May/1820190509 dotCMS v5.1.1 Vulnerabilitieshttp://seclists.org/fulldisclosure/2019/May/1320190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerabilityhttp://seclists.org/fulldisclosure/2019/May/1120190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerabilityhttps://github.com/twbs/bootstrap/pull/26630https://github.com/twbs/bootstrap/pull/26630https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/https://github.com/twbs/bootstrap/issues/26625https://github.com/twbs/bootstrap/issues/26625https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html[debian-lts-announce] 20180827 [SECURITY] [DLA 1479-1] twitter-bootstrap3 security updatehttp://seclists.org/fulldisclosure/2019/May/1020190510 dotCMS v5.1.1 Vulnerabilitieshttp://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.htmlhttp://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.htmlcpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*CVE-2018-14041MEDIUM4.3NETWORKMEDIUMNONENONENONENONEMEDIUM6.1NETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONEMEDIUMCWE-79In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.https://github.com/twbs/bootstrap/issues/26423https://github.com/twbs/bootstrap/issues/26423https://github.com/twbs/bootstrap/issues/20184infohttps://access.redhat.com/errata/RHSA-2019:1456RHSA-2019:1456https://seclists.org/bugtraq/2019/May/1820190509 dotCMS v5.1.1 Vulnerabilitieshttp://seclists.org/fulldisclosure/2019/May/1320190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerabilityhttp://seclists.org/fulldisclosure/2019/May/1120190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerabilityhttps://github.com/twbs/bootstrap/pull/26630https://github.com/twbs/bootstrap/pull/26630https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/http://seclists.org/fulldisclosure/2019/May/1020190510 dotCMS v5.1.1 Vulnerabilitieshttp://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.htmlhttp://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.htmlhttps://github.com/twbs/bootstrap/issues/26627https://github.com/twbs/bootstrap/issues/26627cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*CVE-2018-14042MEDIUM4.3NETWORKMEDIUMNONENONENONENONEMEDIUM6.1NETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONEMEDIUMCWE-79In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.https://github.com/twbs/bootstrap/issues/26423https://github.com/twbs/bootstrap/issues/26423https://github.com/twbs/bootstrap/issues/20184infohttps://seclists.org/bugtraq/2019/May/1820190509 dotCMS v5.1.1 Vulnerabilitieshttp://seclists.org/fulldisclosure/2019/May/1320190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerabilityhttp://seclists.org/fulldisclosure/2019/May/1120190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerabilityhttps://github.com/twbs/bootstrap/pull/26630https://github.com/twbs/bootstrap/pull/26630https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/https://github.com/twbs/bootstrap/issues/26628https://github.com/twbs/bootstrap/issues/26628http://seclists.org/fulldisclosure/2019/May/1020190510 dotCMS v5.1.1 Vulnerabilitiescpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*CVE-2019-8331MEDIUM4.3NETWORKMEDIUMNONENONENONENONEMEDIUM6.1NETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONEMEDIUMCWE-79In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.https://access.redhat.com/errata/RHSA-2019:1456RHSA-2019:1456https://seclists.org/bugtraq/2019/May/1820190509 dotCMS v5.1.1 Vulnerabilitieshttp://seclists.org/fulldisclosure/2019/May/1320190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerabilityhttps://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/https://github.com/twbs/bootstrap/issues/28236infohttps://github.com/twbs/bootstrap/pull/28236https://github.com/twbs/bootstrap/pull/28236http://www.securityfocus.com/bid/107375107375https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E[flink-dev] 20190811 Apache flink 1.7.2 security issueshttps://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E[flink-user] 20190811 Apache flink 1.7.2 security issueshttps://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E[flink-user] 20190813 Apache flink 1.7.2 security issueshttp://seclists.org/fulldisclosure/2019/May/1120190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerabilityhttps://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E[flink-user] 20190813 Re: Apache flink 1.7.2 security issueshttps://support.f5.com/csp/article/K24383845https://support.f5.com/csp/article/K24383845https://github.com/twbs/bootstrap/releases/tag/v4.3.1https://github.com/twbs/bootstrap/releases/tag/v4.3.1http://seclists.org/fulldisclosure/2019/May/1020190510 dotCMS v5.1.1 Vulnerabilitieshttps://github.com/twbs/bootstrap/releases/tag/v3.4.1https://github.com/twbs/bootstrap/releases/tag/v3.4.1cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*jackson-annotations-2.9.0.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/jackson-annotations-2.9.0.jarc09faa1b063681cf45706c6df50685b607c10d545325e3a6e72e06381afe469fd40eb70145d32ac61ef8a744b464c54c2b3414be571016dd46bfc2bec226761cf7ae457aCore annotations used for value types, used by Jackson data binding package.
http://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/jackson-annotations-2.9.0.jar45d32ac61ef8a744b464c54c2b3414be571016dd46bfc2bec226761cf7ae457a07c10d545325e3a6e72e06381afe469fd40eb701c09faa1b063681cf45706c6df50685b6/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/jackson-annotations-2.9.0.jar45d32ac61ef8a744b464c54c2b3414be571016dd46bfc2bec226761cf7ae457a07c10d545325e3a6e72e06381afe469fd40eb701c09faa1b063681cf45706c6df50685b6parent-artifactidjackson-parentImplementation-Vendor-Idcom.fasterxml.jackson.corenameJackson-annotationsrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"artifactidjackson-annotationsImplementation-VendorFasterXMLparent-groupidcom.fasterxml.jacksonpackage namejacksonbundle-docurlhttp://github.com/FasterXML/jacksonnamejackson-annotationsspecification-vendorFasterXMLurlhttp://github.com/FasterXML/jacksonimplementation-build-date2017-07-30 03:53:23+0000groupidfasterxml.jackson.corebundle-symbolicnamecom.fasterxml.jackson.core.jackson-annotationspackage namefasterxmlparent-groupidcom.fasterxml.jacksonnameJackson-annotationsBundle-NameJackson-annotationsurlhttp://github.com/FasterXML/jacksonrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"groupidfasterxml.jackson.corespecification-titleJackson-annotationsImplementation-TitleJackson-annotationsartifactidjackson-annotationspackage namejacksonbundle-docurlhttp://github.com/FasterXML/jacksonnamejackson-annotationsimplementation-build-date2017-07-30 03:53:23+0000bundle-symbolicnamecom.fasterxml.jackson.core.jackson-annotationsparent-artifactidjackson-parentpackage namefasterxmlImplementation-Version2.9.0Bundle-Version2.9.0version2.9.0version2.9.0pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.0https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.0pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.0https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.0listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jard094c22570d65e132c19cea5d352e381b421526c5f297295adef1c886e5246c39d4ac629b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99
An empty artifact that Guava depends on to signal that it is providing
ListenableFuture -- but is also available in a second "version" that
contains com.google.common.util.concurrent.ListenableFuture class, without
any other Guava classes. The idea is:
- If users want only ListenableFuture, they depend on listenablefuture-1.0.
- If users want all of Guava, they depend on guava, which, as of Guava
27.0, depends on
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-...
version number is enough for some build systems (notably, Gradle) to select
that empty artifact over the "real" listenablefuture-1.0 -- avoiding a
conflict with the copy of ListenableFuture in guava itself. If users are
using an older version of Guava or a build system other than Gradle, they
may see class conflicts. If so, they can solve them by manually excluding
the listenablefuture artifact or manually forcing their build systems to
use 9999.0-....
artifactidlistenablefuturegroupidgoogle.guavanameGuava ListenableFuture onlyparent-groupidcom.google.guavaparent-artifactidguava-parentnamelistenablefutureparent-artifactidguava-parentnameGuava ListenableFuture onlyparent-groupidcom.google.guavaartifactidlistenablefuturegroupidgoogle.guavanamelistenablefutureparent-version9999.0-empty-to-avoid-conflict-with-guavaversion9999.0-empty-to-avoid-conflict-with-guavapkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guavahttps://ossindex.sonatype.org/component/pkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guavapkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guavahttps://ossindex.sonatype.org/component/pkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guavaognl-3.0.19.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/ognl-3.0.19.jar06c9faa866cd2c8b3ff307d7f4c04ed5b15af43375b38289cee867649125d5417adede817aa3897a57727a74519878862827cc6ff55bb1f19bd582c9c69f0e0e7887cb0dOGNL - Object Graph Navigation LibraryThe Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/ognl-3.0.19.jar7aa3897a57727a74519878862827cc6ff55bb1f19bd582c9c69f0e0e7887cb0db15af43375b38289cee867649125d5417adede8106c9faa866cd2c8b3ff307d7f4c04ed5nameognlpackage nameognlartifactidognlorganization nameOpenSymphonypackage nameognlurlhttp://ognl.orgnameOGNL - Object Graph Navigation Libraryorganization urlhttp://www.opensymphony.comgroupidognlnameognlorganization urlhttp://www.opensymphony.comgroupidognlurlhttp://ognl.orgpackage nameognlorganization nameOpenSymphonynameOGNL - Object Graph Navigation Libraryartifactidognlversion3.0.19version3.0.19pkg:maven/ognl/ognl@3.0.19https://ossindex.sonatype.org/component/pkg:maven/ognl/ognl@3.0.19pkg:maven/ognl/ognl@3.0.19https://ossindex.sonatype.org/component/pkg:maven/ognl/ognl@3.0.19json-20140107.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/json-20140107.jar8ca2437d3dbbaa2e76195adedfd901f4d1ffca6e2482b002702c6a576166fd685e3370e38e5aa0a368bee60347b5a4ad861d9f68c7793f60deeea89efd449eb70d5ae622
JSON is a light-weight, language independent, data interchange format.
See http://www.JSON.org/
The files in this package implement JSON encoders/decoders in Java.
It also includes the capability to convert between JSON and XML, HTTP
headers, Cookies, and CDL.
This is a reference implementation. There is a large number of JSON packages
in Java. Perhaps someday the Java community will standardize on one. Until
then, choose carefully.
The license includes this restriction: "The software shall be used for good,
not evil." If your conscience cannot live with that, then choose a different
package.
The package compiles on Java 1.2 thru Java 1.4.
The JSON License: http://json.org/license.htmlpackage namexmlpackage namecdlpackage namehttpnamejson-20140107groupidjsonpackage namejsonpackage namejsonartifactidjsonurldouglascrockford/JSON-javanameJSON in Javapackage namexmlpackage namecdlpackage namehttpgroupidjsonnamejson-20140107package namejsonartifactidjsonurldouglascrockford/JSON-javanameJSON in Javaversion20140107version20140107pkg:maven/org.json/json@20140107https://ossindex.sonatype.org/component/pkg:maven/org.json/json@20140107pkg:maven/org.json/json@20140107https://ossindex.sonatype.org/component/pkg:maven/org.json/json@20140107toml4j-0.7.2.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/toml4j-0.7.2.jarefaec2fac998dce5bc118362bf7245270a03337911d0bd2c40932aca3946edb30d0e7d0cf5475e63e7e89e5db62223489aec7a56bd303543772077a17c2cb54c19ca3a20A parser for TOMLThe MIT License: http://www.opensource.org/licenses/mit-license.phppackage namemoandjiezananametoml4jpackage namemoandjiezanaurlhttp://moandjiezana.com/toml/toml4jartifactidtoml4jpackage nametomlgroupidmoandjiezana.tomlpackage nametomlnametoml4jurlhttp://moandjiezana.com/toml/toml4jpackage namemoandjiezananametoml4jgroupidmoandjiezana.tomlartifactidtoml4jpackage nametomlpackage nametomlnametoml4jversion0.7.2version0.7.2pkg:maven/com.moandjiezana.toml/toml4j@0.7.2https://ossindex.sonatype.org/component/pkg:maven/com.moandjiezana.toml/toml4j@0.7.2pkg:maven/com.moandjiezana.toml/toml4j@0.7.2https://ossindex.sonatype.org/component/pkg:maven/com.moandjiezana.toml/toml4j@0.7.2html5shiv.js/var/lib/jenkins/workspace/test@2/target/devsecops/js/html5shiv.js0663c0c5da0bc9c27ac7e4a8e732552e857ce461a7c72af1851531a1b4b5a1cd4794cea0c01f0b67bea0acdf53dc73dd03c99adfcece8ca8d26dc1d7bfd18ba19b38ec5b/var/lib/jenkins/workspace/test@2/src/main/webapp/js/html5shiv.jsc01f0b67bea0acdf53dc73dd03c99adfcece8ca8d26dc1d7bfd18ba19b38ec5b857ce461a7c72af1851531a1b4b5a1cd4794cea00663c0c5da0bc9c27ac7e4a8e732552e/var/lib/jenkins/workspace/test@2/target/devsecops.war/js/html5shiv.jsc01f0b67bea0acdf53dc73dd03c99adfcece8ca8d26dc1d7bfd18ba19b38ec5b857ce461a7c72af1851531a1b4b5a1cd4794cea00663c0c5da0bc9c27ac7e4a8e732552eslf4j-log4j12-1.7.5.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/slf4j-log4j12-1.7.5.jar371e35747d6bd35e3800034bdac4150e6edffc576ce104ec769d954618764f39f0f0f10de3393b87604eeab24d72d71d0bfceb3436658ab0593f48f16523ad90f270c88fSLF4J LOG4J-12 Binding/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/slf4j-log4j12-1.7.5.jare3393b87604eeab24d72d71d0bfceb3436658ab0593f48f16523ad90f270c88f6edffc576ce104ec769d954618764f39f0f0f10d371e35747d6bd35e3800034bdac4150eurlhttp://www.slf4j.orgnameslf4j-log4j12groupidslf4jartifactidslf4j-log4j12bundle-symbolicnameslf4j.log4j12parent-artifactidslf4j-parentnameSLF4J LOG4J-12 Bindingbundle-requiredexecutionenvironmentJ2SE-1.3parent-groupidorg.slf4jpackage nameslf4jartifactidslf4j-log4j12Bundle-Nameslf4j-log4j12parent-groupidorg.slf4jnameSLF4J LOG4J-12 Bindingnameslf4j-log4j12Implementation-Titleslf4j-log4j12parent-artifactidslf4j-parentbundle-symbolicnameslf4j.log4j12groupidslf4jurlhttp://www.slf4j.orgbundle-requiredexecutionenvironmentJ2SE-1.3package nameslf4jBundle-Version1.7.5Implementation-Version1.7.5version1.7.5version1.7.5pkg:maven/org.slf4j/slf4j-log4j12@1.7.5https://ossindex.sonatype.org/component/pkg:maven/org.slf4j/slf4j-log4j12@1.7.5pkg:maven/org.slf4j/slf4j-log4j12@1.7.5https://ossindex.sonatype.org/component/pkg:maven/org.slf4j/slf4j-log4j12@1.7.5xwork-core-2.3.8.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/xwork-core-2.3.8.jar5b8f8d7a2a23c2d3412131380ed1a216ac2a11eaa83c3b112ed3da9360bdf9ee4b80ce09664d6b8be7da4bdbc566e68cf054517779c028b84430e5b5eafafa94e960d4f7Apache Struts 2http://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/xwork-core-2.3.8.jar664d6b8be7da4bdbc566e68cf054517779c028b84430e5b5eafafa94e960d4f7ac2a11eaa83c3b112ed3da9360bdf9ee4b80ce095b8f8d7a2a23c2d3412131380ed1a216namexwork-corebundle-docurlhttp://www.apache.orgbundle-symbolicnameorg.apache.struts.xwork.coreoriginally-created-by1.6.0_37 (Apple Inc.)Implementation-Vendor-Idorg.apache.struts.xworkartifactidxwork-coreparent-artifactidstruts2-parentImplementation-VendorApache Software FoundationnameXWork: Corespecification-vendorApache Software Foundationpackage namexworkgroupidapache.struts.xworkparent-groupidorg.apache.strutsspecification-titleXWork: CoreImplementation-TitleXWork: Corenamexwork-coreBundle-NameXWork: Corebundle-docurlhttp://www.apache.orgbundle-symbolicnameorg.apache.struts.xwork.coreoriginally-created-by1.6.0_37 (Apple Inc.)parent-groupidorg.apache.strutsartifactidxwork-coreparent-artifactidstruts2-parentgroupidapache.struts.xworknameXWork: Corepackage namexworkBundle-Version2.3.8Implementation-Version2.3.8version2.3.8version2.3.8pkg:maven/org.apache.struts.xwork/xwork-core@2.3.8https://ossindex.sonatype.org/component/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.8pkg:maven/org.apache.struts.xwork/xwork-core@2.3.8https://ossindex.sonatype.org/component/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.8CVE-2013-1966HIGH9.3NMNCCCHIGHApache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.https://ossindex.sonatype.org/vuln/64959e54-560d-4c85-b1ba-bae91251f948[CVE-2013-1966] Improper Control of Generation of Code ("Code Injection")cpe:2.3:a:org.apache.struts.xwork:xwork-core:2.3.8:*:*:*:*:*:*:*CVE-2013-2135HIGH9.3NMNCCCHIGHApache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.https://ossindex.sonatype.org/vuln/35c24ffb-ba83-44a8-95a7-008281c53ec9[CVE-2013-2135] Improper Control of Generation of Code ("Code Injection")cpe:2.3:a:org.apache.struts.xwork:xwork-core:2.3.8:*:*:*:*:*:*:*CVE-2014-0112HIGH7.5NLNPPPHIGHParametersInterceptor in Apache Struts before 2.3.16.2 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.https://ossindex.sonatype.org/vuln/434eada7-81e4-4e5b-854c-a4ea6eedab39[CVE-2014-0112] Permissions, Privileges, and Access Controlscpe:2.3:a:org.apache.struts.xwork:xwork-core:2.3.8:*:*:*:*:*:*:*CVE-2016-0785HIGH8.8NLLNUHHHHIGHApache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.https://ossindex.sonatype.org/vuln/5684f0fd-6580-461f-a0f6-eda4176de9bb[CVE-2016-0785] Improper Input Validationcpe:2.3:a:org.apache.struts.xwork:xwork-core:2.3.8:*:*:*:*:*:*:*CVE-2016-2162MEDIUM6.1NLNRCLLNMEDIUMApache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.https://ossindex.sonatype.org/vuln/4fa8ad37-bc1f-4136-a277-c1974de7242a[CVE-2016-2162] Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")cpe:2.3:a:org.apache.struts.xwork:xwork-core:2.3.8:*:*:*:*:*:*:*CVE-2016-3093MEDIUM5.3NLNNUNNLMEDIUMApache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.https://ossindex.sonatype.org/vuln/74cddd35-3e8e-4460-bb8f-03eef3b4d382[CVE-2016-3093] Improper Input Validationcpe:2.3:a:org.apache.struts.xwork:xwork-core:2.3.8:*:*:*:*:*:*:*jFormatString-3.0.0.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/jFormatString-3.0.0.jar22a6baee6cada23d5f4eab91acd81f44d3995f9be450813bc2ccee8f0774c1a3033a0f304c0c5bbe29cf76fb59b23e821178e3e22c72380b2453cc952dc67324baad7f53jFormatString for FindbugsGNU Lesser Public License: http://www.gnu.org/licenses/lgpl.html/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/jFormatString-3.0.0.jar4c0c5bbe29cf76fb59b23e821178e3e22c72380b2453cc952dc67324baad7f53d3995f9be450813bc2ccee8f0774c1a3033a0f3022a6baee6cada23d5f4eab91acd81f44package namecsurlhttp://findbugs.sourceforge.net/namejFormatStringgroupidgoogle.code.findbugsnameFindBugs-jFormatStringgroupidcom.google.code.findbugsartifactidjFormatStringpackage nameedupackage nameumdpackage namecsnamejFormatStringartifactidjFormatStringnameFindBugs-jFormatStringpackage namefindbugsartifactidjFormatStringgroupidgoogle.code.findbugsurlhttp://findbugs.sourceforge.net/package nameumdversion3.0.0version3.0.0version3.0.0pkg:maven/com.google.code.findbugs/jFormatString@3.0.0https://ossindex.sonatype.org/component/pkg:maven/com.google.code.findbugs/jFormatString@3.0.0pkg:maven/com.google.code.findbugs/jFormatString@3.0.0https://ossindex.sonatype.org/component/pkg:maven/com.google.code.findbugs/jFormatString@3.0.0mysql-connector-java-5.1.18.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/mysql-connector-java-5.1.18.jar78467fb2adf7f02bcfbff3ad022bc4e985dfedad243dc0303ad7ae3a323c39421d2206905ce7735be853c1a6deaf88b6ea7659fb0f4aff2beb717430bd28efae3de35695MySQL JDBC Type 4 driverThe GNU General Public License, Version 2: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/mysql-connector-java-5.1.18.jar5ce7735be853c1a6deaf88b6ea7659fb0f4aff2beb717430bd28efae3de3569585dfedad243dc0303ad7ae3a323c39421d22069078467fb2adf7f02bcfbff3ad022bc4e9vendorsunImplementation-VendorOraclebundle-symbolicnamecom.mysql.jdbcgroupidmysqlgroupidmysqlartifactidmysql-connector-javavendororacleImplementation-Vendorsunpackage namemysqlorganization urlhttp://www.oracle.comurlhttp://dev.mysql.com/doc/connector-j/en/namemysql-connector-javapackage namejdbcnameMySQL Connector/Jpackage namemysqlpackage namejdbcorganization nameOracle Corporationartifactidmysql-connector-javaurlhttp://dev.mysql.com/doc/connector-j/en/bundle-symbolicnamecom.mysql.jdbcImplementation-TitleMySQL Connector/Jproductmysql_connectorsSpecification-TitleJDBCorganization urlhttp://www.oracle.comproductmysql_connector/jpackage namemysqlartifactidmysql-connector-javanamemysql-connector-javapackage namejdbcgroupidmysqlproductmysql_connector_jBundle-NameSun Microsystems' JDBC Driver for MySQLnameMySQL Connector/Jpackage namejdbcpackage namedriverorganization nameOracle Corporationversion5.1.18Implementation-Version5.1.18version5.1.18version5.1.18Bundle-Version5.1.18pkg:maven/mysql/mysql-connector-java@5.1.18https://ossindex.sonatype.org/component/pkg:maven/mysql/mysql-connector-java@5.1.18pkg:maven/mysql/mysql-connector-java@5.1.18https://ossindex.sonatype.org/component/pkg:maven/mysql/mysql-connector-java@5.1.18CVE-2017-3523HIGH6.0NETWORKMEDIUMSINGLEPARTIALPARTIALPARTIALMEDIUM8.5NETWORKHIGHLOWNONECHANGEDHIGHHIGHHIGHHIGHCWE-284Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.htmlhttp://www.securityfocus.com/bid/9798297982http://www.debian.org/security/2017/dsa-3840DSA-3840cpe:2.3:a:oracle:connector\/j:*:*:*:*:*:*:*:*CVE-2017-3589LOW2.1LOCALLOWNONENONENONENONELOW3.3LOCALLOWLOWNONEUNCHANGEDNONELOWNONELOWCWE-284Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.htmlhttp://www.securityfocus.com/bid/9783697836http://www.debian.org/security/2017/dsa-3857DSA-3857http://www.securitytracker.com/id/10382871038287cpe:2.3:a:oracle:connector\/j:*:*:*:*:*:*:*:*CVE-2018-3258HIGH6.5NETWORKLOWSINGLEPARTIALPARTIALPARTIALMEDIUM8.8NETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGHHIGHCWE-284Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).http://www.securityfocus.com/bid/105589105589http://www.securitytracker.com/id/10418881041888http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttps://security.netapp.com/advisory/ntap-20181018-0002/https://security.netapp.com/advisory/ntap-20181018-0002/https://access.redhat.com/errata/RHSA-2019:1545RHSA-2019:1545cpe:2.3:a:oracle:connector\/j:*:*:*:*:*:*:*:*CVE-2019-2692MEDIUM3.5LOCALHIGHSINGLEPARTIALPARTIALPARTIALLOW6.3LOCALHIGHHIGHREQUIREDUNCHANGEDHIGHHIGHHIGHMEDIUMCWE-20Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlcpe:2.3:a:oracle:mysql_connector\/j:*:*:*:*:*:*:*:*ossindex-service-client-1.2.0.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/ossindex-service-client-1.2.0.jar201dbfb49f0b22a006243a5841a7dafc802db8efdc5377ec4798324885e88f13bc4b2d2aaa4d40d0d3a5cefa5d2dd908ddde15106f0b66cc2d0e3aaaf74b609e0b6e335aparent-groupidorg.sonatype.ossindexnameossindex-service-clientparent-artifactidossindex-servicepackage nameservicegroupidsonatype.ossindexImplementation-Vendor-Idorg.sonatype.ossindexpackage namesonatypepackage nameossindeximplementation-urlhttps://sonatype.github.io/ossindex-public/ossindex-service-client/artifactidossindex-service-clientpackage nameclientImplementation-VendorSonatype, Inc.nameossindex-service-clientgroupidsonatype.ossindexparent-groupidorg.sonatype.ossindexpackage nameserviceparent-artifactidossindex-servicespecification-titleorg.sonatype.ossindex:ossindex-service-clientImplementation-Titleorg.sonatype.ossindex:ossindex-service-clientpackage namesonatypepackage nameossindeximplementation-urlhttps://sonatype.github.io/ossindex-public/ossindex-service-client/package nameclientartifactidossindex-service-clientversion1.2.0version1.2.0Implementation-Version1.2.0pkg:maven/org.sonatype.ossindex/ossindex-service-client@1.2.0https://ossindex.sonatype.org/component/pkg:maven/org.sonatype.ossindex/ossindex-service-client@1.2.0pkg:maven/org.sonatype.ossindex/ossindex-service-client@1.2.0https://ossindex.sonatype.org/component/pkg:maven/org.sonatype.ossindex/ossindex-service-client@1.2.0asm-commons-6.2.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/asm-commons-6.2.jara031c9a32770c02c2f91d2bcbeceabcdf0df1c69e34a0463679d7c8db36ddb4312836e7615545913db06c987aa404f028e33501d9f27f8ced612f73727e3547ac4de878cUsefull class adapters based on ASM, a very small and fast Java bytecode manipulation frameworkBSD: http://asm.ow2.org/license.html/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/asm-commons-6.2.jar15545913db06c987aa404f028e33501d9f27f8ced612f73727e3547ac4de878cf0df1c69e34a0463679d7c8db36ddb4312836e76a031c9a32770c02c2f91d2bcbeceabcdpackage nameobjectwebartifactidasm-commonsbundle-docurlhttp://asm.ow2.orgorganization nameOW2module-requiresorg.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true,org.objectweb.asm.tree.analysis;transitive=trueurlhttp://asm.ow2.org/nameasm-commonsgroupidow2.asmparent-artifactidow2bundle-symbolicnameorg.objectweb.asm.commonspackage nameasmpackage namecommonsgroupidorg.ow2.asmpackage nameobjectweborganization urlhttp://www.ow2.org/nameasm-commonspackage namecommonspackage nameasmbundle-requiredexecutionenvironmentJ2SE-1.5parent-groupidorg.ow2artifactidasm-commonsBundle-Nameorg.objectweb.asm.commonsbundle-docurlhttp://asm.ow2.orgmodule-requiresorg.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true,org.objectweb.asm.tree.analysis;transitive=truenameasm-commonsparent-groupidorg.ow2organization nameOW2bundle-symbolicnameorg.objectweb.asm.commonspackage nameasmpackage namecommonspackage nameobjectwebartifactidasm-commonsurlhttp://asm.ow2.org/organization urlhttp://www.ow2.org/nameasm-commonsImplementation-TitleUsefull class adapters based on ASM, a very small and fast Java bytecode manipulation frameworkpackage namecommonspackage nameasmparent-artifactidow2bundle-requiredexecutionenvironmentJ2SE-1.5groupidow2.asmparent-version6.2version6.2version6.2version6.2pkg:maven/org.ow2.asm/asm-commons@6.2https://ossindex.sonatype.org/component/pkg:maven/org.ow2.asm/asm-commons@6.2pkg:maven/org.ow2.asm/asm-commons@6.2https://ossindex.sonatype.org/component/pkg:maven/org.ow2.asm/asm-commons@6.2jackson-databind-2.9.7.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/jackson-databind-2.9.7.jar2916db8b36f4078f07dd9580bccec6c2e6faad47abd3179666e89068485a1b88a195ceb7675376decfc070b039d2be773a97002f1ee1e1346d95bd99feee0d56683a92bfGeneral data-binding functionality for Jackson: works on core streaming APIhttp://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/jackson-databind-2.9.7.jar675376decfc070b039d2be773a97002f1ee1e1346d95bd99feee0d56683a92bfe6faad47abd3179666e89068485a1b88a195ceb72916db8b36f4078f07dd9580bccec6c2namejackson-databindImplementation-Vendor-Idcom.fasterxml.jackson.coreImplementation-VendorFasterXMLrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"parent-groupidcom.fasterxml.jacksonimplementation-build-date2018-09-19 02:48:44+0000namejackson-databindpackage namedatabindpackage namejacksonparent-artifactidjackson-basebundle-docurlhttp://github.com/FasterXML/jacksonbundle-symbolicnamecom.fasterxml.jackson.core.jackson-databindspecification-vendorFasterXMLurlhttp://github.com/FasterXML/jacksonartifactidjackson-databindgroupidfasterxml.jackson.coreautomatic-module-namecom.fasterxml.jackson.databindpackage namefasterxmlparent-groupidcom.fasterxml.jacksonnamejackson-databindartifactidjackson-databindurlhttp://github.com/FasterXML/jacksonBundle-Namejackson-databindgroupidfasterxml.jackson.corerequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"implementation-build-date2018-09-19 02:48:44+0000namejackson-databindpackage namedatabindpackage namejacksonbundle-docurlhttp://github.com/FasterXML/jacksonImplementation-Titlejackson-databindbundle-symbolicnamecom.fasterxml.jackson.core.jackson-databindautomatic-module-namecom.fasterxml.jackson.databindparent-artifactidjackson-basespecification-titlejackson-databindpackage namefasterxmlImplementation-Version2.9.7Bundle-Version2.9.7version2.9.7version2.9.7pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7CVE-2018-1000873MEDIUM4.3NETWORKMEDIUMNONENONENONEPARTIALMEDIUM6.5NETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGHMEDIUMCWE-20Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.https://github.com/FasterXML/jackson-modules-java8/issues/90https://github.com/FasterXML/jackson-modules-java8/issues/90https://bugzilla.redhat.com/show_bug.cgi?id=1665601https://bugzilla.redhat.com/show_bug.cgi?id=1665601https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1https://github.com/FasterXML/jackson-modules-java8/pull/87https://github.com/FasterXML/jackson-modules-java8/pull/87https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://ossindex.sonatype.org/vuln/292c11e9-cf66-4d76-aaf7-b63a091f8891[CVE-2018-1000873] Improper Input Validationcpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*CVE-2018-19360CRITICAL7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGH9.8NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGHCRITICALCWE-502FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilitieshttps://lists.debian.org/debian-lts-announce/2019/03/msg00005.html[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security updatehttps://ossindex.sonatype.org/vuln/dc5c85aa-ec0c-42b9-a11b-935184041ee7[CVE-2018-19360] Deserialization of Untrusted Datahttps://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1http://www.securityfocus.com/bid/107985107985https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilitieshttps://access.redhat.com/errata/RHSA-2019:1822RHSA-2019:1822https://access.redhat.com/errata/RHSA-2019:1782RHSA-2019:1782https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://access.redhat.com/errata/RHSA-2019:1823RHSA-2019:1823https://seclists.org/bugtraq/2019/May/6820190527 [SECURITY] [DSA 4452-1] jackson-databind security updatehttps://access.redhat.com/errata/RHSA-2019:0877RHSA-2019:0877https://access.redhat.com/errata/RHBA-2019:0959RHBA-2019:0959https://access.redhat.com/errata/RHSA-2019:0782RHSA-2019:0782https://issues.apache.org/jira/browse/TINKERPOP-2121https://issues.apache.org/jira/browse/TINKERPOP-2121https://github.com/FasterXML/jackson-databind/issues/2186https://github.com/FasterXML/jackson-databind/issues/2186https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2bhttps://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2bhttps://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8https://security.netapp.com/advisory/ntap-20190530-0003/https://security.netapp.com/advisory/ntap-20190530-0003/https://access.redhat.com/errata/RHSA-2019:1797RHSA-2019:1797https://www.debian.org/security/2019/dsa-4452DSA-4452cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*cpe:2.3:a:redhat:jboss_bpm_suite:6.4.11:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:redhat:automation_manager:7.3.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9.0.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*cpe:2.3:a:redhat:decision_manager:7.3.1:*:*:*:*:*:*:*cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:redhat:jboss_brms:6.4.10:*:*:*:*:*:*:*cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*CVE-2018-19361CRITICAL7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGH9.8NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGHCRITICALCWE-502FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilitieshttps://lists.debian.org/debian-lts-announce/2019/03/msg00005.html[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security updatehttps://ossindex.sonatype.org/vuln/5a041483-5b69-47f8-b8a9-e631830ceaf9[CVE-2018-19361] Deserialization of Untrusted Datahttps://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1http://www.securityfocus.com/bid/107985107985https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilitieshttps://access.redhat.com/errata/RHSA-2019:1822RHSA-2019:1822https://access.redhat.com/errata/RHSA-2019:1782RHSA-2019:1782https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://access.redhat.com/errata/RHSA-2019:1823RHSA-2019:1823https://seclists.org/bugtraq/2019/May/6820190527 [SECURITY] [DSA 4452-1] jackson-databind security updatehttps://access.redhat.com/errata/RHSA-2019:0877RHSA-2019:0877https://access.redhat.com/errata/RHBA-2019:0959RHBA-2019:0959https://access.redhat.com/errata/RHSA-2019:0782RHSA-2019:0782https://issues.apache.org/jira/browse/TINKERPOP-2121https://issues.apache.org/jira/browse/TINKERPOP-2121https://github.com/FasterXML/jackson-databind/issues/2186https://github.com/FasterXML/jackson-databind/issues/2186https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2bhttps://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2bhttps://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8https://security.netapp.com/advisory/ntap-20190530-0003/https://security.netapp.com/advisory/ntap-20190530-0003/https://access.redhat.com/errata/RHSA-2019:1797RHSA-2019:1797https://www.debian.org/security/2019/dsa-4452DSA-4452cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*cpe:2.3:a:redhat:jboss_bpm_suite:6.4.11:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:redhat:automation_manager:7.3.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9.0.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*cpe:2.3:a:redhat:decision_manager:7.3.1:*:*:*:*:*:*:*cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:redhat:jboss_brms:6.4.10:*:*:*:*:*:*:*cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*CVE-2018-19362CRITICAL7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGH9.8NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGHCRITICALCWE-502FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilitieshttps://lists.debian.org/debian-lts-announce/2019/03/msg00005.html[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security updatehttps://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1http://www.securityfocus.com/bid/107985107985https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilitieshttps://access.redhat.com/errata/RHSA-2019:1822RHSA-2019:1822https://access.redhat.com/errata/RHSA-2019:1782RHSA-2019:1782https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://access.redhat.com/errata/RHSA-2019:1823RHSA-2019:1823https://seclists.org/bugtraq/2019/May/6820190527 [SECURITY] [DSA 4452-1] jackson-databind security updatehttps://access.redhat.com/errata/RHSA-2019:0877RHSA-2019:0877https://access.redhat.com/errata/RHBA-2019:0959RHBA-2019:0959https://access.redhat.com/errata/RHSA-2019:0782RHSA-2019:0782https://issues.apache.org/jira/browse/TINKERPOP-2121https://issues.apache.org/jira/browse/TINKERPOP-2121https://github.com/FasterXML/jackson-databind/issues/2186https://github.com/FasterXML/jackson-databind/issues/2186https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2bhttps://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2bhttps://ossindex.sonatype.org/vuln/5afe3c10-61cc-4ca0-99ae-c6ba8f330b45[CVE-2018-19362] Deserialization of Untrusted Datahttps://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8https://security.netapp.com/advisory/ntap-20190530-0003/https://security.netapp.com/advisory/ntap-20190530-0003/https://access.redhat.com/errata/RHSA-2019:1797RHSA-2019:1797https://www.debian.org/security/2019/dsa-4452DSA-4452cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*cpe:2.3:a:redhat:jboss_bpm_suite:6.4.11:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:redhat:automation_manager:7.3.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9.0.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*cpe:2.3:a:redhat:decision_manager:7.3.1:*:*:*:*:*:*:*cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:redhat:jboss_brms:6.4.10:*:*:*:*:*:*:*cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*CVE-2019-12086HIGH5.0NETWORKLOWNONEPARTIALPARTIALNONEMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDHIGHNONENONEHIGHCWE-200A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062https://ossindex.sonatype.org/vuln/5bbadb96-496f-4534-a513-7a6396f54029[CVE-2019-12086] Information Exposurehttps://lists.debian.org/debian-lts-announce/2019/05/msg00030.html[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security updatehttp://russiansecurity.expert/2016/04/20/mysql-connect-file-read/http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/https://security.netapp.com/advisory/ntap-20190530-0003/https://security.netapp.com/advisory/ntap-20190530-0003/https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttp://www.securityfocus.com/bid/109227109227https://github.com/FasterXML/jackson-databind/issues/2326https://github.com/FasterXML/jackson-databind/issues/2326https://seclists.org/bugtraq/2019/May/6820190527 [SECURITY] [DSA 4452-1] jackson-databind security updatehttps://www.debian.org/security/2019/dsa-4452DSA-4452https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*CVE-2019-12384MEDIUM4.3NETWORKMEDIUMNONEPARTIALPARTIALNONEMEDIUM5.9NETWORKHIGHNONENONEUNCHANGEDHIGHNONENONEMEDIUMCWE-502FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.https://access.redhat.com/errata/RHSA-2019:1820RHSA-2019:1820https://doyensec.com/research.htmlhttps://doyensec.com/research.htmlhttps://ossindex.sonatype.org/vuln/33d59f1d-83ff-4527-9707-c3f1507b6125[CVE-2019-12384] Deserialization of Untrusted Datahttps://lists.debian.org/debian-lts-announce/2019/06/msg00019.htmlhttps://lists.debian.org/debian-lts-announce/2019/06/msg00019.htmlhttps://security.netapp.com/advisory/ntap-20190703-0002/https://security.netapp.com/advisory/ntap-20190703-0002/https://blog.doyensec.com/2019/07/22/jackson-gadgets.htmlhttps://blog.doyensec.com/2019/07/22/jackson-gadgets.htmlhttps://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aadhttps://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aadcpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*CVE-2019-12814MEDIUM4.3NETWORKMEDIUMNONEPARTIALPARTIALNONEMEDIUM5.9NETWORKHIGHNONENONEUNCHANGEDHIGHNONENONEMEDIUMCWE-200A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1@%3Cissues.zookeeper.apache.org%3E[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3@%3Cissues.zookeeper.apache.org%3E[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814https://security.netapp.com/advisory/ntap-20190625-0006/https://security.netapp.com/advisory/ntap-20190625-0006/https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560@%3Cissues.zookeeper.apache.org%3E[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814https://ossindex.sonatype.org/vuln/3e008100-e0d4-45bf-afd2-9d5e9b13efa7[CVE-2019-12814] Information Exposurehttps://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731@%3Cdev.zookeeper.apache.org%3E[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682@%3Cnotifications.zookeeper.apache.org%3E[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c@%3Cissues.zookeeper.apache.org%3E[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209@%3Cissues.zookeeper.apache.org%3E[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4@%3Cnotifications.zookeeper.apache.org%3E[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2@%3Cnotifications.zookeeper.apache.org%3E[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security updatehttps://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324@%3Cnotifications.zookeeper.apache.org%3E[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f@%3Cissues.zookeeper.apache.org%3E[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957@%3Cissues.zookeeper.apache.org%3E[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0@%3Cnotifications.zookeeper.apache.org%3E[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd@%3Ccommits.accumulo.apache.org%3E[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1https://github.com/FasterXML/jackson-databind/issues/2341https://github.com/FasterXML/jackson-databind/issues/2341cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*CVE-2019-14379CRITICAL7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGH9.8NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGHCRITICALCWE-20SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used, leading to remote code execution.https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security updatehttps://security.netapp.com/advisory/ntap-20190814-0001/https://security.netapp.com/advisory/ntap-20190814-0001/https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f@%3Ccommits.ambari.apache.org%3E[ambari-commits] 20190813 [ambari] branch branch-2.7 updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379 (#3066)https://ossindex.sonatype.org/vuln/e5794172-1257-4372-9baf-7b87307a3cc9[CVE-2019-14379] SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles de...https://github.com/FasterXML/jackson-databind/issues/2387https://github.com/FasterXML/jackson-databind/issues/2387https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a@%3Ccommits.ambari.apache.org%3E[ambari-commits] 20190813 [ambari] branch trunk updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379(trunk) (#3067)https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb@%3Ccommits.pulsar.apache.org%3E[pulsar-commits] 20190822 [GitHub] [pulsar] massakam opened a new pull request #5011: [security] Upgrade jackson-databindhttps://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*CVE-2019-14439HIGH5.0NETWORKLOWNONEPARTIALPARTIALNONEMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDHIGHNONENONEHIGHCWE-200A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.https://github.com/FasterXML/jackson-databind/issues/2389https://github.com/FasterXML/jackson-databind/issues/2389https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security updatehttps://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125bhttps://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125bhttps://security.netapp.com/advisory/ntap-20190814-0001/https://security.netapp.com/advisory/ntap-20190814-0001/https://ossindex.sonatype.org/vuln/ac9dce23-7b35-4691-b05e-a68f58d48b8c[CVE-2019-14439] A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x befo...https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*devsecops.war/var/lib/jenkins/workspace/test@2/target/devsecops.war982a1d844cc0246c765dc2c5463194b5c5422e071104c0cbb50e62d75c576a0af93fd5778bb458535f6e79fa915e63a44a9198c2c995d1ee097d07f941906bd09d44d93fpackage nameweb-infurlhttp://maven.apache.orggroupidnotsosecurepackage namecompackage namenotsosecureartifactiddevsecopspackage nameclassesnamedevsecopsnamedevsecopsgroupidnotsosecureurlhttp://maven.apache.orgpackage namecomartifactiddevsecopspackage namenotsosecurepackage namenotsosecurepackage nameclassesnamedevsecopsnamedevsecopsversion0.0.1-SNAPSHOTpkg:maven/com.notsosecure/devsecops@0.0.1-SNAPSHOThttps://ossindex.sonatype.org/component/pkg:maven/com.notsosecure/devsecops@0.0.1-SNAPSHOTpkg:maven/com.notsosecure/devsecops@0.0.1-SNAPSHOThttps://ossindex.sonatype.org/component/pkg:maven/com.notsosecure/devsecops@0.0.1-SNAPSHOTasm-tree-3.3.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/asm-tree-3.3.jar3eeafc985d3ca624abf2d3ad549180d033c13070f194e1f0385877ec9306a24e983b00e3d0d8a92d855a015db402675af123c8f39010501ba1d34a5072301ce6caf137ea/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/asm-tree-3.3.jard0d8a92d855a015db402675af123c8f39010501ba1d34a5072301ce6caf137ea33c13070f194e1f0385877ec9306a24e983b00e33eeafc985d3ca624abf2d3ad549180d0artifactidasm-treepackage nameobjectwebparent-artifactidasm-parentImplementation-VendorFrance Telecom R&Dpackage nametreegroupidasmpackage nameasmnameasm-treegroupidasmnameASM Treeartifactidasm-treeImplementation-TitleASM Tree class visitorparent-artifactidasm-parentpackage nametreepackage nametreepackage nameasmpackage nameasmnameasm-treenameASM Treegroupidasmartifactidasm-treeImplementation-Version3.3version3.3version3.3version3.3pkg:maven/asm/asm-tree@3.3https://ossindex.sonatype.org/component/pkg:maven/asm/asm-tree@3.3pkg:maven/asm/asm-tree@3.3https://ossindex.sonatype.org/component/pkg:maven/asm/asm-tree@3.3commons-io-2.6.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/commons-io-2.6.jar467c2a1f64319c99b5faf03fc78572af815893df5f31da2ece4040fe0a12fd44b577afaff877d304660ac2a142f3865badfc971dec7ed73c747c7f8d5d2f5139ca736513
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
https://www.apache.org/licenses/LICENSE-2.0.txtautomatic-module-nameorg.apache.commons.iourlhttp://commons.apache.org/proper/commons-io/parent-artifactidcommons-parentpackage nameiorequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"parent-groupidorg.apache.commonspackage nameapacheimplementation-urlhttp://commons.apache.org/proper/commons-io/Implementation-Vendor-Idcommons-iogroupidcommons-iospecification-vendorThe Apache Software Foundationartifactidcommons-iopackage namecommonsbundle-symbolicnameorg.apache.commons.ionameApache Commons IOnamecommons-iobundle-docurlhttp://commons.apache.org/proper/commons-io/Implementation-VendorThe Apache Software Foundationparent-artifactidcommons-parentautomatic-module-nameorg.apache.commons.iogroupidcommons-ioBundle-NameApache Commons IOpackage nameiourlhttp://commons.apache.org/proper/commons-io/require-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"package nameapacheimplementation-urlhttp://commons.apache.org/proper/commons-io/package namecommonsspecification-titleApache Commons IOImplementation-TitleApache Commons IOparent-groupidorg.apache.commonsbundle-symbolicnameorg.apache.commons.ionameApache Commons IOnamecommons-ioartifactidcommons-iobundle-docurlhttp://commons.apache.org/proper/commons-io/parent-version2.6Implementation-Version2.6version2.6version2.6pkg:maven/commons-io/commons-io@2.6https://ossindex.sonatype.org/component/pkg:maven/commons-io/commons-io@2.6pkg:maven/commons-io/commons-io@2.6https://ossindex.sonatype.org/component/pkg:maven/commons-io/commons-io@2.6hibernate-entitymanager-4.2.6.Final.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/hibernate-entitymanager-4.2.6.Final.jar3ba0c05dc44a2858535bdfa57defc71c31d70c201eacd2e19e9feafdf42523527a08b85bea8b7731d1b77db42054194a4013c565d92306f404c8f436fc4dca522174fc99A module of the Hibernate Core projectGNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/hibernate-entitymanager-4.2.6.Final.jarea8b7731d1b77db42054194a4013c565d92306f404c8f436fc4dca522174fc9931d70c201eacd2e19e9feafdf42523527a08b85b3ba0c05dc44a2858535bdfa57defc71cimplementation-urlhttp://hibernate.orgpackage namehibernatepackage nameejbgroupidorg.hibernatenameA Hibernate Core Modulepackage namehibernatebundle-symbolicnameorg.hibernate.entitymanagerImplementation-VendorHibernate.orgurlhttp://hibernate.orgnamehibernate-entitymanagerImplementation-Vendor-Idorg.hibernateorganization nameHibernate.orggroupidhibernateartifactidhibernate-entitymanagerorganization urlhttp://hibernate.orgimplementation-urlhttp://hibernate.orgpackage namehibernateBundle-Namehibernate-entitymanagerorganization urlhttp://hibernate.orgpackage nameejbartifactidhibernate-entitymanagernameA Hibernate Core Modulegroupidhibernateartifactidhibernate-entitymanagerbundle-symbolicnameorg.hibernate.entitymanagernamehibernate-entitymanagerorganization nameHibernate.orgurlhttp://hibernate.orgversion4.2.6.Finalversion4.2.6.FinalBundle-Version4.2.6.FinalImplementation-Version4.2.6.Finalpkg:maven/org.hibernate/hibernate-entitymanager@4.2.6.Finalhttps://ossindex.sonatype.org/component/pkg:maven/org.hibernate/hibernate-entitymanager@4.2.6.Finalpkg:maven/org.hibernate/hibernate-entitymanager@4.2.6.Finalhttps://ossindex.sonatype.org/component/pkg:maven/org.hibernate/hibernate-entitymanager@4.2.6.Finallog4j-1.2.17.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/log4j-1.2.17.jar04a41f0a068986f0f73485cf507c0f405af35056b4d257e4b64b9e8069c0746e8b08629f1d31696445697720527091754369082a6651bd49781b6005deb94e56753406f9Apache Log4j 1.2The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/log4j-1.2.17.jar1d31696445697720527091754369082a6651bd49781b6005deb94e56753406f95af35056b4d257e4b64b9e8069c0746e8b08629f04a41f0a068986f0f73485cf507c0f40urlhttp://logging.apache.org/log4j/1.2/Implementation-Vendor"Apache Software Foundation"package namelog4jbundle-docurlhttp://logging.apache.org/log4j/1.2organization nameApache Software Foundationbundle-symbolicnamelog4jpackage nameapachegroupidlog4jorganization urlhttp://www.apache.orgartifactidlog4jnamelog4jnameApache Log4jgroupidlog4jImplementation-Titlelog4jpackage namelog4jBundle-NameApache Log4jbundle-docurlhttp://logging.apache.org/log4j/1.2organization nameApache Software Foundationbundle-symbolicnamelog4jpackage nameapacheorganization urlhttp://www.apache.orgurlhttp://logging.apache.org/log4j/1.2/namelog4jartifactidlog4jnameApache Log4jversion1.2.17version1.2.17Bundle-Version1.2.17Implementation-Version1.2.17pkg:maven/log4j/log4j@1.2.17https://ossindex.sonatype.org/component/pkg:maven/log4j/log4j@1.2.17pkg:maven/log4j/log4j@1.2.17https://ossindex.sonatype.org/component/pkg:maven/log4j/log4j@1.2.17asm-3.3.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/asm-3.3.jar968575ef15e4024d205fa6ecddec67a9fb0f302a91a376fd5cfe23167c419375e8fc9b8f07e685c385c652a3d2c4a08312004f653ba508e325d70ff3d9e8687d1ac6a8da/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/asm-3.3.jar07e685c385c652a3d2c4a08312004f653ba508e325d70ff3d9e8687d1ac6a8dafb0f302a91a376fd5cfe23167c419375e8fc9b8f968575ef15e4024d205fa6ecddec67a9nameasmpackage nameobjectwebparent-artifactidasm-parentImplementation-VendorFrance Telecom R&Dgroupidasmpackage nameasmartifactidasmnameASM Coregroupidasmnameasmparent-artifactidasm-parentImplementation-TitleASMpackage nameasmnameASM Corepackage nameasmartifactidasmartifactidasmgroupidasmImplementation-Version3.3version3.3version3.3version3.3pkg:maven/asm/asm@3.3https://ossindex.sonatype.org/component/pkg:maven/asm/asm@3.3pkg:maven/asm/asm@3.3https://ossindex.sonatype.org/component/pkg:maven/asm/asm@3.3spotbugs-3.1.5.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/spotbugs-3.1.5.jarfcf3dd502f5be304413eec3f706b8ad039b5e21aa02e007a5347dd3e4d5d9421e2f1aa4698ec84eb0a4dc0502773aca061750d655b9f398f8efc2ebf88d5540106d43e4eSpotBugs: Because it's easy!GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/spotbugs-3.1.5.jar98ec84eb0a4dc0502773aca061750d655b9f398f8efc2ebf88d5540106d43e4e39b5e21aa02e007a5347dd3e4d5d9421e2f1aa46fcf3dd502f5be304413eec3f706b8ad0namespotbugspackage namecsnameSpotBugsgroupidgithub.spotbugsautomatic-module-namecom.github.spotbugs.spotbugsartifactidspotbugsurlhttps://spotbugs.github.io/groupidcom.github.spotbugspackage nameedupackage nameumdnamespotbugspackage namecsnameSpotBugspackage namefindbugsartifactidspotbugsartifactidspotbugsgroupidgithub.spotbugsautomatic-module-namecom.github.spotbugs.spotbugsurlhttps://spotbugs.github.io/package nameumdBundle-Version3.1.5version3.1.5version3.1.5version3.1.5pkg:maven/com.github.spotbugs/spotbugs@3.1.5https://ossindex.sonatype.org/component/pkg:maven/com.github.spotbugs/spotbugs@3.1.5pkg:maven/com.github.spotbugs/spotbugs@3.1.5https://ossindex.sonatype.org/component/pkg:maven/com.github.spotbugs/spotbugs@3.1.5commons-collections4-4.0.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/commons-collections4-4.0.jara18f2d0153b5607dff8c5becbdd76dd1da217367fd25e88df52ba79e47658d4cf928b0d193f8dfcd20831a28d092427723f696bceb70b28e7fb89d7914f14d5ea492ce5aThe Apache Commons Collections package contains types that extend and augment the Java Collections Framework.http://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/commons-collections4-4.0.jar93f8dfcd20831a28d092427723f696bceb70b28e7fb89d7914f14d5ea492ce5ada217367fd25e88df52ba79e47658d4cf928b0d1a18f2d0153b5607dff8c5becbdd76dd1implementation-buildtags/COLLECTIONS_4_0_RC5@r1543977; 2013-11-20 23:44:45+0100nameApache Commons Collectionsurlhttp://commons.apache.org/proper/commons-collections/bundle-docurlhttp://commons.apache.org/proper/commons-collections/parent-artifactidcommons-parentbundle-symbolicnameorg.apache.commons.collections4groupidapache.commonsnamecommons-collections4parent-groupidorg.apache.commonspackage nameapacheImplementation-Vendor-Idorg.apachespecification-vendorThe Apache Software Foundationpackage namecommonsartifactidcommons-collections4package namecollections4Implementation-VendorThe Apache Software Foundationparent-artifactidcommons-parentimplementation-buildtags/COLLECTIONS_4_0_RC5@r1543977; 2013-11-20 23:44:45+0100nameApache Commons Collectionsbundle-docurlhttp://commons.apache.org/proper/commons-collections/bundle-symbolicnameorg.apache.commons.collections4namecommons-collections4artifactidcommons-collections4package nameapachespecification-titleApache Commons CollectionsImplementation-TitleApache Commons CollectionsBundle-NameApache Commons Collectionspackage namecommonsgroupidapache.commonsparent-groupidorg.apache.commonsurlhttp://commons.apache.org/proper/commons-collections/package namecollections4Implementation-Version4.0version4.0version4.0parent-version4.0pkg:maven/org.apache.commons/commons-collections4@4.0https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-collections4@4.0pkg:maven/org.apache.commons/commons-collections4@4.0https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-collections4@4.0CVE-2015-6420HIGH7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGHCWE-502Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917http://www.securityfocus.com/bid/7887278872http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization20151209 Vulnerability in Java Deserialization Affecting Cisco Productshttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722https://www.tenable.com/security/research/tra-2017-14https://www.tenable.com/security/research/tra-2017-14https://www.kb.cert.org/vuls/id/581311VU#581311https://www.kb.cert.org/vuls/id/576313https://www.kb.cert.org/vuls/id/576313https://ossindex.sonatype.org/vuln/ac157388-2d0e-4c78-b3f4-033572d19286[CVE-2015-6420] Serialized-object interfaces in certain Cisco Collaboration and Social Media; En...https://www.tenable.com/security/research/tra-2017-23https://www.tenable.com/security/research/tra-2017-23cpe:2.3:a:apache:commons_collections:4.0:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_collections:*:*:*:*:*:*:*:*javax.ws.rs-api-2.0.1.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/javax.ws.rs-api-2.0.1.jaredcd111cf4d3ba8ac8e1f326efc37a17104e9c2b5583cfcfeac0402316221648d6d8ea6b38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466dJava API for RESTful Web Services (JAX-RS)CDDL 1.1: http://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: http://glassfish.java.net/public/CDDL+GPL_1_1.htmlgroupidjavax.ws.rspackage namewsartifactidjavax.ws.rs-apirequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"namejavax.ws.rs-apinamejavax.ws.rs-apiparent-artifactidjvnet-parentbundle-docurlhttp://www.oracle.com/parent-groupidnet.javapackage namerspackage namejavaxbundle-symbolicnamejavax.ws.rs-apispecification-vendorOracle Corporationextension-namejavax.ws.rsurlhttp://jax-rs-spec.java.netorganization urlhttp://www.oracle.com/organization nameOracle CorporationBundle-Namejavax.ws.rs-apiorganization urlhttp://www.oracle.com/package namewsurlhttp://jax-rs-spec.java.netparent-artifactidjvnet-parentrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"namejavax.ws.rs-apinamejavax.ws.rs-apibundle-docurlhttp://www.oracle.com/package namerspackage namejavaxgroupidjavax.ws.rsartifactidjavax.ws.rs-apibundle-symbolicnamejavax.ws.rs-apiextension-namejavax.ws.rsparent-groupidnet.javaorganization nameOracle CorporationImplementation-Version2.0.1Bundle-Version2.0.1version2.0.1version2.0.1parent-version2.0.1pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1https://ossindex.sonatype.org/component/pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1https://ossindex.sonatype.org/component/pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1struts2-core-2.3.8.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/struts2-core-2.3.8.jar6eec4c966b11d3288216917c1781d503b6f740a8626b1531b65701bd31fd80e066df7c8e180feca55fc93f6c882546ed299493cb761bae062031b867d46e7af213259ccbApache Struts 2http://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/struts2-core-2.3.8.jar180feca55fc93f6c882546ed299493cb761bae062031b867d46e7af213259ccbb6f740a8626b1531b65701bd31fd80e066df7c8e6eec4c966b11d3288216917c1781d503bundle-symbolicnameorg.apache.struts.2-corebundle-docurlhttp://www.apache.orgoriginally-created-by1.6.0_37 (Apple Inc.)Implementation-Vendor-Idorg.apache.strutspackage namestruts2parent-artifactidstruts2-parentartifactidstruts2-corepackage nameapacheImplementation-VendorApache Software Foundationnamestruts2-coregroupidapache.strutsspecification-vendorApache Software FoundationnameStruts 2 Coreparent-groupidorg.apache.strutsartifactidstruts2-corespecification-titleStruts 2 Corebundle-symbolicnameorg.apache.struts.2-corebundle-docurlhttp://www.apache.orgoriginally-created-by1.6.0_37 (Apple Inc.)Implementation-TitleStruts 2 Corepackage namestruts2Bundle-NameStruts 2 Corepackage nameapacheparent-groupidorg.apache.strutsnamestruts2-coreparent-artifactidstruts2-parentnameStruts 2 Coregroupidapache.strutsBundle-Version2.3.8Implementation-Version2.3.8version2.3.8version2.3.8pkg:maven/org.apache.struts/struts2-core@2.3.8https://ossindex.sonatype.org/component/pkg:maven/org.apache.struts/struts2-core@2.3.8pkg:maven/org.apache.struts/struts2-core@2.3.8https://ossindex.sonatype.org/component/pkg:maven/org.apache.struts/struts2-core@2.3.8CVE-2013-1965HIGH9.3NETWORKMEDIUMNONECOMPLETECOMPLETECOMPLETEHIGHCWE-94Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.http://www.securityfocus.com/bid/6008260082https://bugzilla.redhat.com/show_bug.cgi?id=967655https://bugzilla.redhat.com/show_bug.cgi?id=967655http://struts.apache.org/development/2.x/docs/s2-012.htmlhttp://struts.apache.org/development/2.x/docs/s2-012.htmlhttps://ossindex.sonatype.org/vuln/7aa02cd2-5370-4f43-b202-d30665527d05[CVE-2013-1965] Improper Control of Generation of Code ("Code Injection")cpe:2.3:a:apache:struts2-showcase:*:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2013-1966HIGH9.3NETWORKMEDIUMNONECOMPLETECOMPLETECOMPLETEHIGHCWE-94Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.http://www.securityfocus.com/bid/6016660166https://bugzilla.redhat.com/show_bug.cgi?id=967656https://bugzilla.redhat.com/show_bug.cgi?id=967656http://struts.apache.org/development/2.x/docs/s2-013.htmlhttp://struts.apache.org/development/2.x/docs/s2-013.htmlhttps://ossindex.sonatype.org/vuln/64959e54-560d-4c85-b1ba-bae91251f948[CVE-2013-1966] Improper Control of Generation of Code ("Code Injection")https://cwiki.apache.org/confluence/display/WW/S2-013https://cwiki.apache.org/confluence/display/WW/S2-013cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2013-2115HIGH9.3NETWORKMEDIUMNONECOMPLETECOMPLETECOMPLETEHIGHCWE-94Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.https://bugzilla.redhat.com/show_bug.cgi?id=967656https://bugzilla.redhat.com/show_bug.cgi?id=967656https://ossindex.sonatype.org/vuln/a902e7ce-8d2b-4de9-a3a4-e717c9ebea3e[CVE-2013-2115] Improper Control of Generation of Code ("Code Injection")http://www.securityfocus.com/bid/6016760167http://struts.apache.org/development/2.x/docs/s2-014.htmlhttp://struts.apache.org/development/2.x/docs/s2-014.htmlhttps://cwiki.apache.org/confluence/display/WW/S2-014https://cwiki.apache.org/confluence/display/WW/S2-014cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*CVE-2013-2134HIGH9.3NETWORKMEDIUMNONECOMPLETECOMPLETECOMPLETEHIGHCWE-94Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.http://www.securityfocus.com/bid/6475864758http://security.gentoo.org/glsa/glsa-201409-04.xmlGLSA-201409-04http://www.securityfocus.com/bid/6034660346http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.htmlhttps://cwiki.apache.org/confluence/display/WW/S2-015https://cwiki.apache.org/confluence/display/WW/S2-015http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://struts.apache.org/development/2.x/docs/s2-015.htmlhttp://struts.apache.org/development/2.x/docs/s2-015.htmlhttps://ossindex.sonatype.org/vuln/5caecd83-b961-48ca-b29e-f39b8f302d08[CVE-2013-2134] Improper Control of Generation of Code ("Code Injection")cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2013-2135HIGH9.3NETWORKMEDIUMNONECOMPLETECOMPLETECOMPLETEHIGHCWE-94Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.http://www.securityfocus.com/bid/6475864758http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.htmlhttps://ossindex.sonatype.org/vuln/35c24ffb-ba83-44a8-95a7-008281c53ec9[CVE-2013-2135] Improper Control of Generation of Code ("Code Injection")https://cwiki.apache.org/confluence/display/WW/S2-015https://cwiki.apache.org/confluence/display/WW/S2-015http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://struts.apache.org/development/2.x/docs/s2-015.htmlhttp://struts.apache.org/development/2.x/docs/s2-015.htmlcpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2013-2248MEDIUM5.8NETWORKMEDIUMNONEPARTIALPARTIALNONEMEDIUMCWE-20Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.http://www.securityfocus.com/bid/6475864758http://www.securityfocus.com/bid/6119661196https://ossindex.sonatype.org/vuln/c9390e41-5b7a-44fb-a710-7b90ad7d184d[CVE-2013-2248] Improper Input Validationhttp://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.htmlhttp://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.htmlhttp://struts.apache.org/release/2.3.x/docs/s2-017.htmlhttp://struts.apache.org/release/2.3.x/docs/s2-017.htmlcpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*CVE-2013-2251HIGH9.3NETWORKMEDIUMNONECOMPLETECOMPLETECOMPLETEHIGHCWE-20Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.http://seclists.org/fulldisclosure/2013/Oct/9620131013 Apache Software Foundation A Subsite Remote command executionhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts220131023 Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Productshttp://www.securityfocus.com/bid/6118961189http://struts.apache.org/release/2.3.x/docs/s2-016.htmlhttp://struts.apache.org/release/2.3.x/docs/s2-016.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.securitytracker.com/id/10291841029184http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.securityfocus.com/bid/6475864758http://seclists.org/oss-sec/2014/q1/89[oss-security] 20140114 Re: CVE Request: Apache Archiva Remote Command Execution 0dayhttp://osvdb.org/9844598445http://www.securitytracker.com/id/10329161032916http://cxsecurity.com/issue/WLB-2014010087http://cxsecurity.com/issue/WLB-2014010087http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.htmlhttp://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.htmlhttp://archiva.apache.org/security.htmlhttp://archiva.apache.org/security.htmlhttps://ossindex.sonatype.org/vuln/65c550a7-b490-400a-9858-dd19c74a8a76[CVE-2013-2251] Improper Input Validationhttps://exchange.xforce.ibmcloud.com/vulnerabilities/90392apache-archiva-ognl-command-exec(90392)cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*CVE-2013-4310MEDIUM5.8NETWORKMEDIUMNONEPARTIALPARTIALNONEMEDIUMCWE-264Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix.http://www.securityfocus.com/bid/6475864758http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html20130921 [ANN] Struts 2.3.15.2 GA release available - security fixhttp://secunia.com/advisories/5491954919http://secunia.com/advisories/5649256492http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://struts.apache.org/release/2.3.x/docs/s2-018.htmlhttp://struts.apache.org/release/2.3.x/docs/s2-018.htmlhttp://archives.neohapsis.com/archives/bugtraq/2013-10/0083.html20131017 [ANN] Struts 2.3.15.3 GA release available - security fixhttps://ossindex.sonatype.org/vuln/5a506927-e6fa-4857-b80f-0c04f3d31a86[CVE-2013-4310] Permissions, Privileges, and Access Controlshttp://www.securitytracker.com/id/10290771029077http://secunia.com/advisories/5648356483cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*CVE-2013-4316HIGH10.0NETWORKLOWNONECOMPLETECOMPLETECOMPLETEHIGHCWE-284NVD-CWE-noinfoCWE-16Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.http://www.securityfocus.com/bid/6475864758http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html20130921 [ANN] Struts 2.3.15.2 GA release available - security fixhttps://ossindex.sonatype.org/vuln/9da89f99-d083-43d3-a74c-b20fd6cb2da7[CVE-2013-4316] Improper Access Controlhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.securitytracker.com/id/10290781029078http://struts.apache.org/release/2.3.x/docs/s2-019.htmlhttp://struts.apache.org/release/2.3.x/docs/s2-019.htmlcpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_private_banking:2.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_private_banking:1.7:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_private_banking:12.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_private_banking:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_private_banking:3.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_private_banking:12.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:webcenter_sites:11.1.1.6.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_private_banking:2.2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*CVE-2014-0094MEDIUM5.0NETWORKLOWNONENONENONENONEMEDIUMNVD-CWE-noinfoThe ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttps://ossindex.sonatype.org/vuln/46502110-4592-408e-836b-331e9ee41e6b[CVE-2014-0094] The ParametersInterceptor in Apache Struts before 2.3.16.1 allows remote attacke...http://www.securityfocus.com/archive/1/532549/100/0/threaded20140625 NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts libraryhttp://secunia.com/advisories/5644056440http://struts.apache.org/release/2.3.x/docs/s2-020.htmlhttp://struts.apache.org/release/2.3.x/docs/s2-020.htmlhttp://www.securityfocus.com/archive/1/531362/100/0/threaded20140306 [ANN] Struts 2.3.16.1 GA release available - security fixhttp://jvndb.jvn.jp/jvndb/JVNDB-2014-000045JVNDB-2014-000045http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.htmlhttp://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.htmlhttp://secunia.com/advisories/5917859178http://www.konakart.com/downloads/ver-7-3-0-0-whats-newhttp://www.konakart.com/downloads/ver-7-3-0-0-whats-newhttp://www.securitytracker.com/id/10298761029876http://www.securityfocus.com/bid/6599965999http://www-01.ibm.com/support/docview.wss?uid=swg21676706http://www-01.ibm.com/support/docview.wss?uid=swg21676706http://jvn.jp/en/jp/JVN19294237/index.htmlJVN#19294237http://www.vmware.com/security/advisories/VMSA-2014-0007.htmlhttp://www.vmware.com/security/advisories/VMSA-2014-0007.htmlhttp://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htmhttp://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htmcpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2014-0112HIGH7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGHCWE-264ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1091939https://bugzilla.redhat.com/show_bug.cgi?id=1091939http://www.securityfocus.com/bid/6706467064http://secunia.com/advisories/5950059500https://cwiki.apache.org/confluence/display/WW/S2-021https://cwiki.apache.org/confluence/display/WW/S2-021http://www.securityfocus.com/archive/1/531952/100/0/threaded20140426 [ANN] Struts 2.3.16.2 GA release available - security fixhttps://ossindex.sonatype.org/vuln/434eada7-81e4-4e5b-854c-a4ea6eedab39[CVE-2014-0112] Permissions, Privileges, and Access Controlshttp://www.securityfocus.com/archive/1/532549/100/0/threaded20140625 NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts libraryhttps://access.redhat.com/errata/RHSA-2019:0910RHSA-2019:0910http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045JVNDB-2014-000045http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.htmlhttp://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.htmlhttp://secunia.com/advisories/5917859178http://www-01.ibm.com/support/docview.wss?uid=swg21676706http://www-01.ibm.com/support/docview.wss?uid=swg21676706http://jvn.jp/en/jp/JVN19294237/index.htmlJVN#19294237http://www.vmware.com/security/advisories/VMSA-2014-0007.htmlhttp://www.vmware.com/security/advisories/VMSA-2014-0007.htmlcpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2014-0113HIGH7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGHCWE-264CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.https://ossindex.sonatype.org/vuln/ff890408-a4b8-4e3f-a892-ee7e72b2c8e3[CVE-2014-0113] Permissions, Privileges, and Access Controlshttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://secunia.com/advisories/5917859178https://cwiki.apache.org/confluence/display/WW/S2-021https://cwiki.apache.org/confluence/display/WW/S2-021http://www.securityfocus.com/archive/1/531952/100/0/threaded20140426 [ANN] Struts 2.3.16.2 GA release available - security fixhttp://www-01.ibm.com/support/docview.wss?uid=swg21676706http://www-01.ibm.com/support/docview.wss?uid=swg21676706cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2014-0116MEDIUM5.8NETWORKMEDIUMNONENONENONEPARTIALMEDIUMCWE-264CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113.http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.securityfocus.com/bid/6721867218https://ossindex.sonatype.org/vuln/4fe47992-e6ac-4907-9255-dc29ce47c288[CVE-2014-0116] Permissions, Privileges, and Access Controlshttp://secunia.com/advisories/5981659816http://struts.apache.org/release/2.3.x/docs/s2-022.htmlhttp://struts.apache.org/release/2.3.x/docs/s2-022.htmlhttp://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htmhttp://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htmcpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2014-7809MEDIUM6.8NETWORKMEDIUMNONEPARTIALPARTIALPARTIALMEDIUMCWE-352Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism.http://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.htmlhttp://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttps://ossindex.sonatype.org/vuln/5649009f-ed2c-4307-b48a-77ba1fd80ac1[CVE-2014-7809] Cross-Site Request Forgery (CSRF)http://www.securityfocus.com/bid/7154871548http://struts.apache.org/docs/s2-023.htmlhttp://struts.apache.org/docs/s2-023.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.securitytracker.com/id/10313091031309http://www.securityfocus.com/archive/1/534175/100/0/threaded20141208 [ANN] Apache Struts 2.3.20 GA release available with security fixcpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2015-5169MEDIUM4.3NETWORKMEDIUMNONENONENONENONEMEDIUM6.1NETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONEMEDIUMCWE-79Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.https://bugzilla.redhat.com/show_bug.cgi?id=1260087https://bugzilla.redhat.com/show_bug.cgi?id=1260087https://struts.apache.org/docs/s2-025.htmlhttps://struts.apache.org/docs/s2-025.htmlhttp://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.htmlJVNDB-2015-000125https://ossindex.sonatype.org/vuln/6bd24132-f4fa-4dc0-b479-b69b115bd59f[CVE-2015-5169] Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.http://www.securityfocus.com/bid/7662576625https://security.netapp.com/advisory/ntap-20180629-0003/https://security.netapp.com/advisory/ntap-20180629-0003/http://jvn.jp/en/jp/JVN95989300/index.htmlJVN#95989300cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2015-5209HIGH5.0NETWORKLOWNONENONENONENONEMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDNONEHIGHNONEHIGHCWE-20Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.https://security.netapp.com/advisory/ntap-20180629-0002/https://security.netapp.com/advisory/ntap-20180629-0002/https://ossindex.sonatype.org/vuln/d8c9a55c-b6f6-4b1c-a675-947ac1c64ec7[CVE-2015-5209] Improper Input Validationhttp://www.securityfocus.com/bid/8255082550http://www.securitytracker.com/id/10339081033908https://struts.apache.org/docs/s2-026.htmlhttps://struts.apache.org/docs/s2-026.htmlcpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-0785HIGH9.0NETWORKLOWSINGLECOMPLETECOMPLETECOMPLETEHIGH8.8NETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGHHIGHCWE-20Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.http://struts.apache.org/docs/s2-029.htmlhttp://struts.apache.org/docs/s2-029.htmlhttp://www.securitytracker.com/id/10352711035271http://www.securityfocus.com/bid/8506685066https://ossindex.sonatype.org/vuln/5684f0fd-6580-461f-a0f6-eda4176de9bb[CVE-2016-0785] Improper Input Validationcpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2016-2162MEDIUM4.3NETWORKMEDIUMNONENONENONENONEMEDIUM6.1NETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONEMEDIUMCWE-79Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.http://www.securitytracker.com/id/10352721035272http://struts.apache.org/docs/s2-030.htmlhttp://struts.apache.org/docs/s2-030.htmlhttp://www.securityfocus.com/bid/8507085070https://ossindex.sonatype.org/vuln/4fa8ad37-bc1f-4136-a277-c1974de7242a[CVE-2016-2162] Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2_beta:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-3081HIGH9.3NETWORKMEDIUMNONECOMPLETECOMPLETECOMPLETEHIGH8.1NETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGHHIGHCWE-77Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.https://struts.apache.org/docs/s2-032.htmlhttps://struts.apache.org/docs/s2-032.htmlhttp://www.securityfocus.com/bid/8732787327http://www.rapid7.com/db/modules/exploit/multi/http/struts_dmi_exechttp://www.rapid7.com/db/modules/exploit/multi/http/struts_dmi_exechttps://ossindex.sonatype.org/vuln/fddf085b-72d4-4af0-a0a2-c1c1515e801b[CVE-2016-3081] Improper Neutralization of Special Elements used in a Command (Command Injection)http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160527-01-struts2-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160527-01-struts2-enhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://packetstormsecurity.com/files/136856/Apache-Struts-2.3.28-Dynamic-Method-Invocation-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/136856/Apache-Struts-2.3.28-Dynamic-Method-Invocation-Remote-Code-Execution.htmlhttp://www.rapid7.com/db/modules/exploit/linux/http/struts_dmi_exechttp://www.rapid7.com/db/modules/exploit/linux/http/struts_dmi_exechttp://www.securitytracker.com/id/10356651035665https://www.exploit-db.com/exploits/39756/39756http://www.securityfocus.com/bid/9178791787cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:oracle:siebel_e-billing:7.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-3082CRITICAL10.0NETWORKLOWNONECOMPLETECOMPLETECOMPLETEHIGH9.8NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGHCRITICALCWE-20XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.http://www.securitytracker.com/id/10356641035664http://struts.apache.org/docs/s2-031.htmlhttp://struts.apache.org/docs/s2-031.htmlhttp://www.securityfocus.com/bid/8882688826https://ossindex.sonatype.org/vuln/f996580c-3f8a-48b4-9aac-083e8a576ef6[CVE-2016-3082] Improper Input Validationcpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-3090HIGH6.5NETWORKLOWSINGLEPARTIALPARTIALPARTIALMEDIUM8.8NETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGHHIGHCWE-20The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.https://struts.apache.org/docs/s2-027.htmlhttps://struts.apache.org/docs/s2-027.htmlhttps://security.netapp.com/advisory/ntap-20180629-0005/https://security.netapp.com/advisory/ntap-20180629-0005/http://www.securityfocus.com/bid/8513185131https://www.securitytracker.com/id/10352671035267https://ossindex.sonatype.org/vuln/e5b8e18a-9921-4c6f-9d11-8bc2497571f0[CVE-2016-3090] The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 a...cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-3093MEDIUM5.0NETWORKLOWNONENONENONEPARTIALMEDIUM5.3NETWORKLOWNONENONEUNCHANGEDNONENONELOWMEDIUMCWE-20Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.http://struts.apache.org/docs/s2-034.htmlhttp://struts.apache.org/docs/s2-034.htmlhttps://ossindex.sonatype.org/vuln/74cddd35-3e8e-4460-bb8f-03eef3b4d382[CVE-2016-3093] Improper Input Validationhttp://www-01.ibm.com/support/docview.wss?uid=swg21987854http://www-01.ibm.com/support/docview.wss?uid=swg21987854http://www.securitytracker.com/id/10360181036018http://www.securityfocus.com/bid/9096190961cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:ognl_project:ognl:*:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-4003MEDIUM4.3NETWORKMEDIUMNONENONENONENONEMEDIUM6.1NETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONEMEDIUMCWE-79Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter.http://www.securityfocus.com/bid/8631186311http://struts.apache.org/docs/s2-028.htmlhttp://struts.apache.org/docs/s2-028.htmlhttp://www.securitytracker.com/id/10352681035268https://issues.apache.org/jira/browse/WW-4507https://issues.apache.org/jira/browse/WW-4507https://ossindex.sonatype.org/vuln/0081c46d-8e5f-4553-9937-d25f3399d130[CVE-2016-4003] Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2016-4436CRITICAL7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGH9.8NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGHCRITICALNVD-CWE-noinfoApache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.http://www.securityfocus.com/bid/9128091280https://ossindex.sonatype.org/vuln/63b9193d-7f44-46d5-8779-4a757d7bf37f[CVE-2016-4436] Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have uns...http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttps://struts.apache.org/docs/s2-035.htmlhttps://struts.apache.org/docs/s2-035.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21987854http://www-01.ibm.com/support/docview.wss?uid=swg21987854cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-4461HIGH9.0NETWORKLOWSINGLECOMPLETECOMPLETECOMPLETEHIGH8.8NETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGHHIGHCWE-20Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.https://ossindex.sonatype.org/vuln/12d9b800-934d-4726-94e9-7b83a650d274[CVE-2016-4461] Improper Input Validationhttp://www.securityfocus.com/bid/9127791277https://struts.apache.org/docs/s2-036.htmlhttps://struts.apache.org/docs/s2-036.htmlhttps://security.netapp.com/advisory/ntap-20180629-0004/https://security.netapp.com/advisory/ntap-20180629-0004/cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*CVE-2017-12611CRITICAL7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGH9.8NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGHCRITICALCWE-20In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.http://www.securityfocus.com/bid/100829100829https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001https://ossindex.sonatype.org/vuln/dc3edaf8-51de-40d2-9ad1-725d1040aad2[CVE-2017-12611] In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10, using an unintenti...http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txthttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txthttps://struts.apache.org/docs/s2-053.htmlhttps://struts.apache.org/docs/s2-053.htmlcpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2017-5638CRITICAL10.0NETWORKLOWNONECOMPLETECOMPLETECOMPLETEHIGH10.0NETWORKLOWNONENONECHANGEDHIGHHIGHHIGHCRITICALCWE-20The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.htmlhttp://blog.talosintelligence.com/2017/03/apache-0-day-exploited.htmlhttps://twitter.com/theog150/status/841146956135124993https://twitter.com/theog150/status/841146956135124993https://exploit-db.com/exploits/4157041570https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519ahttps://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519ahttps://ossindex.sonatype.org/vuln/6fb3b58b-cf18-450e-ba0d-74432bc5ecff[CVE-2017-5638] Improper Input Validationhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttps://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228http://www.securitytracker.com/id/10379731037973https://www.exploit-db.com/exploits/41614/41614https://www.symantec.com/security-center/network-protection-security-advisories/SA145https://www.symantec.com/security-center/network-protection-security-advisories/SA145https://support.lenovo.com/us/en/product_security/len-14200https://support.lenovo.com/us/en/product_security/len-14200http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txthttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txthttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_ushttps://cwiki.apache.org/confluence/display/WW/S2-045https://cwiki.apache.org/confluence/display/WW/S2-045http://www.securityfocus.com/bid/9672996729https://cwiki.apache.org/confluence/display/WW/S2-046https://cwiki.apache.org/confluence/display/WW/S2-046https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/https://github.com/rapid7/metasploit-framework/issues/8064https://github.com/rapid7/metasploit-framework/issues/8064https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_ushttps://www.kb.cert.org/vuls/id/834067VU#834067https://packetstormsecurity.com/files/141494/S2-45-poc.py.txthttps://packetstormsecurity.com/files/141494/S2-45-poc.py.txthttps://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.htmlhttps://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.htmlhttps://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/https://security.netapp.com/advisory/ntap-20170310-0001/https://security.netapp.com/advisory/ntap-20170310-0001/http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/https://isc.sans.edu/diary/22169https://isc.sans.edu/diary/22169https://struts.apache.org/docs/s2-046.htmlhttps://struts.apache.org/docs/s2-046.htmlhttps://github.com/mazen160/struts-pwnhttps://github.com/mazen160/struts-pwnhttp://www.eweek.com/security/apache-struts-vulnerability-under-attack.htmlhttp://www.eweek.com/security/apache-struts-vulnerability-under-attack.htmlhttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_ushttps://struts.apache.org/docs/s2-045.htmlhttps://struts.apache.org/docs/s2-045.htmlcpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2017-9787HIGH5.0NETWORKLOWNONENONENONEPARTIALMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDNONENONEHIGHHIGHCWE-284When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.http://www.securityfocus.com/bid/9956299562https://ossindex.sonatype.org/vuln/e2ebe514-dc44-474a-82ab-d20bd81bfc4c[CVE-2017-9787] Improper Access Controlhttp://www.securitytracker.com/id/10391151039115http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttps://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E[announcements] 20170713 Apache Struts 2.5.12 GA with Security Fixes Releasehttps://security.netapp.com/advisory/ntap-20180706-0002/https://security.netapp.com/advisory/ntap-20180706-0002/https://lists.apache.org/thread.html/de3d325f0433cd3b42258b6a302c0d7a72b69eedc1480ed561d3b065@%3Cannouncements.struts.apache.org%3E[announcements] 20170810 [ANN] Apache Struts: S2-049 Security Bulletin updatehttp://struts.apache.org/docs/s2-049.htmlhttp://struts.apache.org/docs/s2-049.htmlcpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2017-9791CRITICAL7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGH9.8NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGHCRITICALCWE-20The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.http://www.securityfocus.com/bid/9948499484http://www.securitytracker.com/id/10388381038838https://www.exploit-db.com/exploits/42324/42324http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttps://security.netapp.com/advisory/ntap-20180706-0002/https://security.netapp.com/advisory/ntap-20180706-0002/https://www.exploit-db.com/exploits/44643/44643http://struts.apache.org/docs/s2-048.htmlhttp://struts.apache.org/docs/s2-048.htmlhttps://ossindex.sonatype.org/vuln/f2eb9ab7-09aa-4599-a351-7ebbd11ff11b[CVE-2017-9791] Improper Input Validationcpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2017-9793HIGH5.0NETWORKLOWNONENONENONEPARTIALMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDNONENONEHIGHHIGHCWE-20The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.http://www.securityfocus.com/bid/100611100611http://www.securitytracker.com/id/10392621039262https://ossindex.sonatype.org/vuln/bf32e61b-04ce-4d34-b884-d775b7acf109[CVE-2017-9793] The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is ...http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htmhttp://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htmhttps://security.netapp.com/advisory/ntap-20180629-0001/https://security.netapp.com/advisory/ntap-20180629-0001/https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts220170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017https://struts.apache.org/docs/s2-051.htmlhttps://struts.apache.org/docs/s2-051.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlcpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2017-9804HIGH5.0NETWORKLOWNONENONENONEPARTIALMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDNONENONEHIGHHIGHCWE-399In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672.http://www.securitytracker.com/id/10392611039261https://security.netapp.com/advisory/ntap-20180629-0001/https://security.netapp.com/advisory/ntap-20180629-0001/https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts220170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017https://ossindex.sonatype.org/vuln/57ce5eee-b4a2-4054-9648-393b287cd86f[CVE-2017-9804] In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application ...http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.securityfocus.com/bid/100612100612http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txthttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txthttps://struts.apache.org/docs/s2-050.htmlhttps://struts.apache.org/docs/s2-050.htmlcpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2017-9805HIGH6.8NETWORKMEDIUMNONEPARTIALPARTIALPARTIALMEDIUM8.1NETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGHHIGHCWE-502The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.https://cwiki.apache.org/confluence/display/WW/S2-052https://cwiki.apache.org/confluence/display/WW/S2-052https://www.exploit-db.com/exploits/42627/42627https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts220170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017https://www.kb.cert.org/vuls/id/112992VU#112992http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttps://ossindex.sonatype.org/vuln/3c254119-620e-4d3a-b456-f150d179e2c1[CVE-2017-9805] Deserialization of Untrusted Datahttp://www.securityfocus.com/bid/100609100609https://lgtm.com/blog/apache_struts_CVE-2017-9805https://lgtm.com/blog/apache_struts_CVE-2017-9805https://bugzilla.redhat.com/show_bug.cgi?id=1488482https://bugzilla.redhat.com/show_bug.cgi?id=1488482https://security.netapp.com/advisory/ntap-20170907-0001/https://security.netapp.com/advisory/ntap-20170907-0001/https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifaxhttps://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifaxhttps://struts.apache.org/docs/s2-052.htmlhttps://struts.apache.org/docs/s2-052.htmlhttp://www.securitytracker.com/id/10392631039263cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2018-11776HIGH9.3NETWORKMEDIUMNONECOMPLETECOMPLETECOMPLETEHIGH8.1NETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGHHIGHCWE-20Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.http://www.securitytracker.com/id/10415471041547https://www.exploit-db.com/exploits/45262/45262https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012http://www.securityfocus.com/bid/105125105125http://www.securitytracker.com/id/10418881041888http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.htmlhttps://security.netapp.com/advisory/ntap-20181018-0002/https://security.netapp.com/advisory/ntap-20181018-0002/https://www.exploit-db.com/exploits/45367/45367https://ossindex.sonatype.org/vuln/aea7ad84-58a9-4883-a9ef-f69fae4dcd9c[CVE-2018-11776] Improper Input Validationhttps://cwiki.apache.org/confluence/display/WW/S2-057https://cwiki.apache.org/confluence/display/WW/S2-057https://github.com/hook-s3c/CVE-2018-11776-Python-PoChttps://github.com/hook-s3c/CVE-2018-11776-Python-PoChttps://security.netapp.com/advisory/ntap-20180822-0001/https://security.netapp.com/advisory/ntap-20180822-0001/http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txthttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txthttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://lgtm.com/blog/apache_struts_CVE-2018-11776https://lgtm.com/blog/apache_struts_CVE-2018-11776https://www.exploit-db.com/exploits/45260/45260cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2018-1327HIGH5.0NETWORKLOWNONENONENONEPARTIALMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDNONENONEHIGHHIGHCWE-20The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16.http://www.securitytracker.com/id/10405751040575https://ossindex.sonatype.org/vuln/9b82d7bc-5262-43b8-bd0d-50ede8e76e56[CVE-2018-1327] Improper Input Validationhttps://cwiki.apache.org/confluence/display/WW/S2-056https://cwiki.apache.org/confluence/display/WW/S2-056http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttps://security.netapp.com/advisory/ntap-20180330-0001/https://security.netapp.com/advisory/ntap-20180330-0001/http://www.securityfocus.com/bid/103516103516cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')MEDIUM6.1NLNRCLLNMEDIUMCWE-79The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.https://ossindex.sonatype.org/vuln/69f81156-32f8-4ad5-b58a-ec60e2a7fde6CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')cpe:2.3:a:org.apache.struts:struts2-core:2.3.8:*:*:*:*:*:*:*Manipulation of Struts' internals0.0> ValueStack defines special top object which represents root of execution context. It can be used to manipulate Struts' internals or can be used to affect container's settings
>
> -- [apache.org](https://struts.apache.org/docs/s2-026.html)https://ossindex.sonatype.org/vuln/d8afbd24-c683-4aec-b28f-218fbe5ad76bManipulation of Struts' internalscpe:2.3:a:org.apache.struts:struts2-core:2.3.8:*:*:*:*:*:*:*semver4j-2.2.0.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/semver4j-2.2.0.jar3b731d492b1f97c77d7b3c44228fe17e2846945cb3bd65b65abf49a809f6cb907bbdb745795d67b6e5854edb70d0925bd3dfc9595dd2a6862f9e0227ec9fc4d76d571f5eSemantic versioning for Java apps.The MIT License: http://www.opensource.org/licenses/mit-license.phppackage namesemver4jartifactidsemver4jnamesemver4jnamesemver4jgroupidvdurmonturlvdurmont/semver4jpackage namesemver4jpackage namevdurmontpackage namevdurmontartifactidsemver4jpackage namesemver4jnamesemver4jnamesemver4jpackage namesemver4jurlvdurmont/semver4jgroupidvdurmontpackage namevdurmontversion2.2.0version2.2.0pkg:maven/com.vdurmont/semver4j@2.2.0https://ossindex.sonatype.org/component/pkg:maven/com.vdurmont/semver4j@2.2.0pkg:maven/com.vdurmont/semver4j@2.2.0https://ossindex.sonatype.org/component/pkg:maven/com.vdurmont/semver4j@2.2.0spring-hashcorp-vault-tomcat.jar/var/lib/jenkins/workspace/test@2/infrastructure/production/tomcat/files/spring-hashcorp-vault-tomcat.jar1a2c28d892cf726d93f2fd73ae93e07dc5055bb00a86c86bd14b7cba9b66e8d9a9ab26ccdea548c8db12e1c0023006a9345acee9d21a6b279bfbe370d2b7cb4b67f3d347package nametomcatnamespring-hashcorp-vault-tomcatgroupidrohitsalechapackage namespringframeworkpackage namevaultartifactidspring-hashcorp-vault-tomcatpackage namerohitsalechaartifactidspring-hashcorp-vault-tomcatpackage nametomcatnamespring-hashcorp-vault-tomcatpackage namevaultgroupidrohitsalechapackage namerohitsalechaversion0.0.1-SNAPSHOTpkg:maven/com.rohitsalecha/spring-hashcorp-vault-tomcat@0.0.1-SNAPSHOThttps://ossindex.sonatype.org/component/pkg:maven/com.rohitsalecha/spring-hashcorp-vault-tomcat@0.0.1-SNAPSHOTpkg:maven/com.rohitsalecha/spring-hashcorp-vault-tomcat@0.0.1-SNAPSHOThttps://ossindex.sonatype.org/component/pkg:maven/com.rohitsalecha/spring-hashcorp-vault-tomcat@0.0.1-SNAPSHOTossindex-service-api-1.2.0.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/ossindex-service-api-1.2.0.jar9348df420e1023fe344a429452bebeefc83599f23ad778277fbf6766e0052da3923d1633d6b70dfcc8931dc953170bd14532417f5bacde906222d98f3db1810a1af81479parent-groupidorg.sonatype.ossindexartifactidossindex-service-apiparent-artifactidossindex-servicepackage nameapinameossindex-service-apiimplementation-urlhttps://sonatype.github.io/ossindex-public/ossindex-service-api/package nameservicegroupidsonatype.ossindexImplementation-Vendor-Idorg.sonatype.ossindexpackage namesonatypepackage nameossindexImplementation-VendorSonatype, Inc.package nameapispecification-titleorg.sonatype.ossindex:ossindex-service-apigroupidsonatype.ossindexparent-groupidorg.sonatype.ossindexnameossindex-service-apipackage nameserviceimplementation-urlhttps://sonatype.github.io/ossindex-public/ossindex-service-api/artifactidossindex-service-apiparent-artifactidossindex-servicepackage namesonatypepackage nameossindexImplementation-Titleorg.sonatype.ossindex:ossindex-service-apiversion1.2.0version1.2.0Implementation-Version1.2.0pkg:maven/org.sonatype.ossindex/ossindex-service-api@1.2.0https://ossindex.sonatype.org/component/pkg:maven/org.sonatype.ossindex/ossindex-service-api@1.2.0pkg:maven/org.sonatype.ossindex/ossindex-service-api@1.2.0https://ossindex.sonatype.org/component/pkg:maven/org.sonatype.ossindex/ossindex-service-api@1.2.0compiler-0.8.17.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/compiler-0.8.17.jare0e52f6ea100529dfb5f1e6ea54e72b450a290cf88e5981653796573c97fba1e0071ef072b1ece537f09457a459a256d3ddd434beec8077c19db9842e7f079acf8e7dd51Implementation of mustache.js for JavaApache License 2.0: http://www.apache.org/licenses/LICENSE-2.0parent-artifactidmustache.javapackage namemustacheartifactidcompilernamecompilerparent-groupidcom.github.spullara.mustache.javaurlhttp://github.com/spullara/mustache.javapackage namegithubpackage namemustachejavapackage namegithubnamecompilergroupidgithub.spullara.mustache.javaartifactidcompilerpackage namemustacheparent-artifactidmustache.javanamecompilergroupidgithub.spullara.mustache.javaurlhttp://github.com/spullara/mustache.javapackage namemustachejavapackage namegithubnamecompilerparent-groupidcom.github.spullara.mustache.javaversion0.8.17version0.8.17pkg:maven/com.github.spullara.mustache.java/compiler@0.8.17https://ossindex.sonatype.org/component/pkg:maven/com.github.spullara.mustache.java/compiler@0.8.17pkg:maven/com.github.spullara.mustache.java/compiler@0.8.17https://ossindex.sonatype.org/component/pkg:maven/com.github.spullara.mustache.java/compiler@0.8.17commons-lang3-3.4.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/commons-lang3-3.4.jar8667a442ee77e509fbe8176b94726eb25fe28b9518e58819180a43a850fbc0dd24b7c050734c8356420cc8e30c795d64fd1fcd5d44ea9d90342a2cc3262c5158fbc6d98b
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
http://www.apache.org/licenses/LICENSE-2.0.txtnamecommons-lang3parent-artifactidcommons-parentnameApache Commons Langrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"artifactidcommons-lang3groupidapache.commonsparent-groupidorg.apache.commonspackage nameapacheImplementation-Vendor-Idorg.apacheimplementation-buildtags/LANG_3_4_RC2@r1671054; 2015-04-03 12:30:21+0000bundle-docurlhttp://commons.apache.org/proper/commons-lang/specification-vendorThe Apache Software Foundationpackage namecommonspackage namelang3urlhttp://commons.apache.org/proper/commons-lang/bundle-symbolicnameorg.apache.commons.lang3Implementation-VendorThe Apache Software Foundationurlhttp://commons.apache.org/proper/commons-lang/parent-artifactidcommons-parentnamecommons-lang3nameApache Commons Langrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"package nameapacheimplementation-buildtags/LANG_3_4_RC2@r1671054; 2015-04-03 12:30:21+0000Bundle-NameApache Commons Langbundle-docurlhttp://commons.apache.org/proper/commons-lang/package namecommonsgroupidapache.commonsspecification-titleApache Commons Langparent-groupidorg.apache.commonsartifactidcommons-lang3package namelang3Implementation-TitleApache Commons Langbundle-symbolicnameorg.apache.commons.lang3Implementation-Version3.4parent-version3.4version3.4version3.4pkg:maven/org.apache.commons/commons-lang3@3.4https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-lang3@3.4pkg:maven/org.apache.commons/commons-lang3@3.4https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-lang3@3.4jsoup-1.12.1.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/jsoup-1.12.1.jar79bb9e9e8b50ef80a18bd46426befc5a55819a28fc834c2f2bcf4dcdb278524dc3cf088f4f961f68e47740dd7576c9685774a7b25b92f1017af24e2f707b30e893abade3jsoup is a Java library for working with real-world HTML. It provides a very convenient API for extracting and manipulating data, using the best of DOM, CSS, and jquery-like methods. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do.The MIT License: https://jsoup.org/licensepackage nameparsernamejsoupbundle-docurlhttps://jsoup.org/automatic-module-nameorg.jsouporganization nameJonathan Hedleynamejsoup Java HTML Parserrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"groupidjsoupartifactidjsouporganization urlhttps://jhy.io/urlhttps://jsoup.org/package namejsoupbundle-symbolicnameorg.jsoupgroupidjsoupBundle-Namejsoup Java HTML Parserpackage nameparsernamejsoupbundle-docurlhttps://jsoup.org/automatic-module-nameorg.jsouporganization nameJonathan Hedleynamejsoup Java HTML Parserartifactidjsouprequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"organization urlhttps://jhy.io/urlhttps://jsoup.org/package namejsoupbundle-symbolicnameorg.jsoupversion1.12.1version1.12.1Bundle-Version1.12.1pkg:maven/org.jsoup/jsoup@1.12.1https://ossindex.sonatype.org/component/pkg:maven/org.jsoup/jsoup@1.12.1pkg:maven/org.jsoup/jsoup@1.12.1https://ossindex.sonatype.org/component/pkg:maven/org.jsoup/jsoup@1.12.1commons-beanutils-1.7.0.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/commons-beanutils-1.7.0.jar0f18acf5fa857f9959675e14d901a7ce5675fd96b29656504b86029551973d60fb41339b24bcaa20ccbdc7c856ce0c0aea144566943403e2e9f27bd9779cda1d76823ef4/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/commons-beanutils-1.7.0.jar24bcaa20ccbdc7c856ce0c0aea144566943403e2e9f27bd9779cda1d76823ef45675fd96b29656504b86029551973d60fb41339b0f18acf5fa857f9959675e14d901a7cegroupidcommons-beanutilsextension-nameorg.apache.commons.beanutilspackage namebeanutilspackage nameapachepackage namecommonspackage nameapacheImplementation-VendorApache Software Foundationgroupidcommons-beanutilspackage namebeanutilsartifactidcommons-beanutilspackage namecommonsspecification-vendorApache Software Foundationnamecommons-beanutilsextension-nameorg.apache.commons.beanutilspackage namebeanutilsgroupidcommons-beanutilsImplementation-Titleorg.apache.commons.beanutilspackage namecommonspackage nameapachepackage namebeanutilsspecification-titleJakarta Commons Beanutilsartifactidcommons-beanutilspackage namecommonsartifactidcommons-beanutilsnamecommons-beanutilsversion1.7.0version1.7.0version1.7.0pkg:maven/commons-beanutils/commons-beanutils@1.7.0https://ossindex.sonatype.org/component/pkg:maven/commons-beanutils/commons-beanutils@1.7.0pkg:maven/commons-beanutils/commons-beanutils@1.7.0https://ossindex.sonatype.org/component/pkg:maven/commons-beanutils/commons-beanutils@1.7.0CVE-2014-0114HIGH7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGHCWE-20Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5@%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5@%3Cissues.commons.apache.org%3Ehttp://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html[apache-ignite-developers] 20180601 [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd@%3Ccommits.commons.apache.org%3E[commons-commits] 20190528 [commons-beanutils] branch master updated: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesBeanIntrospector.SUPPRESS_CLASS by default. (#7)http://advisories.mageia.org/MGASA-2014-0219.htmlhttp://advisories.mageia.org/MGASA-2014-0219.htmlhttps://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f@%3Cissues.commons.apache.org%3E[commons-issues] 20190522 [jira] [Commented] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883@%3Cissues.commons.apache.org%3E[commons-issues] 20190528 [jira] [Closed] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114https://security.gentoo.org/glsa/201607-09GLSA-201607-09http://secunia.com/advisories/5943059430http://www-01.ibm.com/support/docview.wss?uid=swg21675972http://www-01.ibm.com/support/docview.wss?uid=swg21675972http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.htmlFEDORA-2014-9380http://secunia.com/advisories/5924559245http://www-01.ibm.com/support/docview.wss?uid=swg21676110http://www-01.ibm.com/support/docview.wss?uid=swg21676110http://www.debian.org/security/2014/dsa-2940DSA-2940https://access.redhat.com/solutions/869353https://access.redhat.com/solutions/869353http://www-01.ibm.com/support/docview.wss?uid=swg21674812http://www-01.ibm.com/support/docview.wss?uid=swg21674812http://www-01.ibm.com/support/docview.wss?uid=swg21674128http://www-01.ibm.com/support/docview.wss?uid=swg21674128https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86@%3Cdev.commons.apache.org%3E[commons-dev] 20190605 Re: [beanutils] Towards 1.10http://www-01.ibm.com/support/docview.wss?uid=swg27042296http://www-01.ibm.com/support/docview.wss?uid=swg27042296http://www-01.ibm.com/support/docview.wss?uid=swg21675387http://www-01.ibm.com/support/docview.wss?uid=swg21675387http://www-01.ibm.com/support/docview.wss?uid=swg21675266http://www-01.ibm.com/support/docview.wss?uid=swg21675266http://secunia.com/advisories/5970459704http://www-01.ibm.com/support/docview.wss?uid=swg21676303http://www-01.ibm.com/support/docview.wss?uid=swg21676303https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0@%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0@%3Cissues.commons.apache.org%3Ehttps://ossindex.sonatype.org/vuln/cc1835c0-63c3-4b0a-baa5-a3891271bf60[CVE-2014-0114] Improper Input Validationhttp://secunia.com/advisories/5948059480https://issues.apache.org/jira/browse/BEANUTILS-463https://issues.apache.org/jira/browse/BEANUTILS-463https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64@%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64@%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilitieshttp://secunia.com/advisories/5947959479http://marc.info/?l=bugtraq&m=141451023707502&w=2HPSBST03160http://www-01.ibm.com/support/docview.wss?uid=swg21676375http://www-01.ibm.com/support/docview.wss?uid=swg21676375https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f@%3Cuser.commons.apache.org%3E[commons-user] 20190814 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttps://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25@%3Cdev.commons.apache.org%3E[commons-dev] 20190814 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.http://marc.info/?l=bugtraq&m=140801096002766&w=2HPSBMU03090http://secunia.com/advisories/5922859228https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21675898http://www-01.ibm.com/support/docview.wss?uid=swg21675898https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttp://secunia.com/advisories/5924659246https://bugzilla.redhat.com/show_bug.cgi?id=1091938https://bugzilla.redhat.com/show_bug.cgi?id=1091938http://openwall.com/lists/oss-security/2014/07/08/1[oss-security] 20140707 Re: CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCEhttps://security.netapp.com/advisory/ntap-20140911-0001/https://security.netapp.com/advisory/ntap-20140911-0001/http://secunia.com/advisories/5885158851http://secunia.com/advisories/5971859718http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1116665https://bugzilla.redhat.com/show_bug.cgi?id=1116665https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859@%3Cdev.commons.apache.org%3E[commons-dev] 20190525 Re: [beanutils2] CVE-2014-0114 Pull Requesthttps://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639@%3Ccommits.commons.apache.org%3E[commons-commits] 20190528 [commons-beanutils] branch master updated: [BEANUTILS-520] BeanUtils2 mitigate CVE-2014-0114.https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb@%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb@%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f@%3Cnotifications.commons.apache.org%3E[commons-notifications] 20190528 Build failed in Jenkins: commons-beanutils #75http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21677110http://www-01.ibm.com/support/docview.wss?uid=swg21677110http://marc.info/?l=bugtraq&m=140119284401582&w=2HPSBGN03041http://seclists.org/fulldisclosure/2014/Dec/2320141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilitieshttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://secunia.com/advisories/5747757477https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a@%3Cissues.commons.apache.org%3E[commons-issues] 20190521 [jira] [Created] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b@%3Cannounce.apache.org%3E[announce] 20190814 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.http://secunia.com/advisories/6017760177https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6@%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6@%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8@%3Cissues.commons.apache.org%3E[commons-issues] 20190615 [jira] [Reopened] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3@%3Cissues.commons.apache.org%3E[commons-issues] 20190522 [jira] [Work logged] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114http://secunia.com/advisories/5901459014https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3@%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3@%3Cissues.commons.apache.org%3Ehttp://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txthttp://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txthttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttps://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478@%3Cissues.commons.apache.org%3E[commons-issues] 20190818 [jira] [Commented] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263@%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263@%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilitieshttp://secunia.com/advisories/6070360703http://secunia.com/advisories/5894758947http://www.vmware.com/security/advisories/VMSA-2014-0012.htmlhttp://www.vmware.com/security/advisories/VMSA-2014-0012.htmlhttp://secunia.com/advisories/5911859118https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f@%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f@%3Cissues.commons.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20180629-0006/https://security.netapp.com/advisory/ntap-20180629-0006/http://secunia.com/advisories/5946459464https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0@%3Cissues.commons.apache.org%3E[commons-issues] 20190615 [jira] [Resolved] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114http://www.ibm.com/support/docview.wss?uid=swg21675496http://www.ibm.com/support/docview.wss?uid=swg21675496http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlhttp://www.vmware.com/security/advisories/VMSA-2014-0008.htmlhttp://www.vmware.com/security/advisories/VMSA-2014-0008.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21675689http://www-01.ibm.com/support/docview.wss?uid=swg21675689https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e@%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e@%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346@%3Cissues.commons.apache.org%3E[commons-issues] 20190528 [jira] [Work logged] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2014:095MDVSA-2014:095http://secunia.com/advisories/5871058710http://www.securityfocus.com/bid/6712167121https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1@%3Cdev.commons.apache.org%3E[commons-dev] 20190522 [beanutils2] CVE-2014-0114 Pull Requesthttps://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a@%3Cissues.commons.apache.org%3E[commons-issues] 20190615 [jira] [Updated] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114http://www-01.ibm.com/support/docview.wss?uid=swg21676931http://www-01.ibm.com/support/docview.wss?uid=swg21676931http://www.securityfocus.com/archive/1/534161/100/0/threaded20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilitieshttps://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3@%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3@%3Cissues.commons.apache.org%3Ehttp://openwall.com/lists/oss-security/2014/06/15/10[oss-security] 20140616 CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCEhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttps://access.redhat.com/errata/RHSA-2018:2669RHSA-2018:2669https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3@%3Cnotifications.commons.apache.org%3E[commons-notifications] 20190528 Build failed in Jenkins: commons-beanutils #74http://www-01.ibm.com/support/docview.wss?uid=swg21676091http://www-01.ibm.com/support/docview.wss?uid=swg21676091cpe:2.3:a:apache:struts:1.1:b2:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.1:rc1:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.2.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.1:rc2:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.2.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.1:b3:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.3.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.2.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.2.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.1:b1:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.2.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.2.8:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_beanutils:*:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:1.0:*:*:*:*:*:*:*commons-io-2.0.1.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/commons-io-2.0.1.jaredb9481c6eee07f4feaa61502af855da7ffdb02f95af1c1a208544e076cea5b8e66e731a2a3f5a206480863aae9dff03f53c930c3add6912f8785498d59442c7ebb98c5c
Commons-IO contains utility classes, stream implementations, file filters, file comparators and endian classes.
http://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/commons-io-2.0.1.jar2a3f5a206480863aae9dff03f53c930c3add6912f8785498d59442c7ebb98c5c7ffdb02f95af1c1a208544e076cea5b8e66e731aedb9481c6eee07f4feaa61502af855daparent-artifactidcommons-parentpackage nameionameCommons IOparent-groupidorg.apache.commonspackage nameapacheImplementation-Vendor-Idorg.apachegroupidcommons-iospecification-vendorThe Apache Software Foundationartifactidcommons-iopackage namecommonsurlhttp://commons.apache.org/io/bundle-symbolicnameorg.apache.commons.iobundle-docurlhttp://commons.apache.org/io/namecommons-ioImplementation-VendorThe Apache Software Foundationparent-artifactidcommons-parentgroupidcommons-iourlhttp://commons.apache.org/io/package nameionameCommons IOspecification-titleCommons IOpackage nameapacheBundle-NameCommons IOpackage namecommonsImplementation-TitleCommons IOparent-groupidorg.apache.commonsbundle-symbolicnameorg.apache.commons.iobundle-docurlhttp://commons.apache.org/io/namecommons-ioartifactidcommons-ioImplementation-Version2.0.1Bundle-Version2.0.1version2.0.1version2.0.1parent-version2.0.1pkg:maven/commons-io/commons-io@2.0.1https://ossindex.sonatype.org/component/pkg:maven/commons-io/commons-io@2.0.1pkg:maven/commons-io/commons-io@2.0.1https://ossindex.sonatype.org/component/pkg:maven/commons-io/commons-io@2.0.1asm-analysis-6.2.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/asm-analysis-6.2.jarbc8eb8c23002b2dd68672a5ed25acbbdc7d9a90d221cbb977848d2c777eb3aa7637e89df62b2c0d818fde5c52cf6404aa10836dbb170a2c3fa8466e656f0f991732fa01fStatic code analysis API of ASM, a very small and fast Java bytecode manipulation frameworkBSD: http://asm.ow2.org/license.html/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/asm-analysis-6.2.jar62b2c0d818fde5c52cf6404aa10836dbb170a2c3fa8466e656f0f991732fa01fc7d9a90d221cbb977848d2c777eb3aa7637e89dfbc8eb8c23002b2dd68672a5ed25acbbdpackage nameobjectwebbundle-symbolicnameorg.objectweb.asm.tree.analysispackage nametreepackage nameanalysisbundle-docurlhttp://asm.ow2.orgorganization nameOW2urlhttp://asm.ow2.org/groupidow2.asmparent-artifactidow2package nameasmartifactidasm-analysisgroupidorg.ow2.asmpackage nameobjectweborganization urlhttp://www.ow2.org/nameasm-analysispackage nametreemodule-requiresorg.objectweb.asm.tree;transitive=truepackage nameasmnameasm-analysisbundle-requiredexecutionenvironmentJ2SE-1.5parent-groupidorg.ow2bundle-symbolicnameorg.objectweb.asm.tree.analysispackage nametreepackage nameanalysisbundle-docurlhttp://asm.ow2.orgparent-groupidorg.ow2organization nameOW2package nameasmpackage nameobjectweburlhttp://asm.ow2.org/nameasm-analysispackage nametreeorganization urlhttp://www.ow2.org/module-requiresorg.objectweb.asm.tree;transitive=trueartifactidasm-analysispackage nameasmartifactidasm-analysisBundle-Nameorg.objectweb.asm.tree.analysisparent-artifactidow2Implementation-TitleStatic code analysis API of ASM, a very small and fast Java bytecode manipulation frameworknameasm-analysisbundle-requiredexecutionenvironmentJ2SE-1.5package nameanalysisgroupidow2.asmparent-version6.2version6.2version6.2version6.2pkg:maven/org.ow2.asm/asm-analysis@6.2https://ossindex.sonatype.org/component/pkg:maven/org.ow2.asm/asm-analysis@6.2pkg:maven/org.ow2.asm/asm-analysis@6.2https://ossindex.sonatype.org/component/pkg:maven/org.ow2.asm/asm-analysis@6.2hibernate-jpa-2.0-api-1.0.1.Final.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/hibernate-jpa-2.0-api-1.0.1.Final.jard7e7d8f60fc44a127ba702d43e71abec3306a165afa81938fc3d8a0948e891de9f6b192bbacfb6460317d421aa2906d9e63c293b69dc1a5dac480d0f6416df50796a4bb3
Hibernate definition of the Java Persistence 2.0 (JSR 317) API.
license.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/hibernate-jpa-2.0-api-1.0.1.Final.jarbacfb6460317d421aa2906d9e63c293b69dc1a5dac480d0f6416df50796a4bb33306a165afa81938fc3d8a0948e891de9f6b192bd7e7d8f60fc44a127ba702d43e71abecpackage namejavaxgroupidhibernate.javax.persistencenamehibernate-jpa-2.0-api-1.0.1.Finalorganization nameHibernate.orgpackage namepersistencespecification-vendorSun Microsystems, Inc.artifactidhibernate-jpa-2.0-apiImplementation-Vendorhibernate.orgorganization urlhttp://hibernate.orgnameJPA 2.0 APIurlhttp://hibernate.orgImplementation-TitleJPA APIorganization urlhttp://hibernate.orgnamehibernate-jpa-2.0-api-1.0.1.Finalartifactidhibernate-jpa-2.0-apipackage namepersistencegroupidhibernate.javax.persistencenameJPA 2.0 APIpackage namejavaxpackage nameversionorganization nameHibernate.orgspecification-titleJava Persistence API, Version 2.0urlhttp://hibernate.orgImplementation-Version1.0.1.Finalversion1.0.1.Finalpkg:maven/org.hibernate.javax.persistence/hibernate-jpa-2.0-api@1.0.1.Finalhttps://ossindex.sonatype.org/component/pkg:maven/org.hibernate.javax.persistence/hibernate-jpa-2.0-api@1.0.1.Finalpkg:maven/org.hibernate.javax.persistence/hibernate-jpa-2.0-api@1.0.1.Finalhttps://ossindex.sonatype.org/component/pkg:maven/org.hibernate.javax.persistence/hibernate-jpa-2.0-api@1.0.1.Finalant-1.9.9.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/ant-1.9.9.jar03bbb3ac9cef4cea901c11ab10ea1b1a9dc55233d8c0809e57b2ec7f78376da3f32872bdd81254bcb2e170c9ea16cd418050f3340da1736380a02415c8ddda9a0a0b8a1burlhttp://ant.apache.org/nameantpackage nameapacheImplementation-VendorApache Software Foundationgroupidapache.antparent-groupidorg.apache.antpackage nameapachepackage nameantgroupidorg.apache.antparent-artifactidant-parentpackage nametoolsnameApache Ant Coreartifactidantnameantartifactidantgroupidapache.antpackage nametoolsparent-artifactidant-parentSpecification-TitleApache Antpackage nameantpackage nameapacheurlhttp://ant.apache.org/artifactidantpackage nameantImplementation-Titleorg.apache.tools.antpackage nametoolsnameApache Ant Coreparent-groupidorg.apache.antImplementation-Version1.9.9version1.9.9version1.9.9version1.9.9pkg:maven/org.apache.ant/ant@1.9.9https://ossindex.sonatype.org/component/pkg:maven/org.apache.ant/ant@1.9.9pkg:maven/org.apache.ant/ant@1.9.9https://ossindex.sonatype.org/component/pkg:maven/org.apache.ant/ant@1.9.9commons-digester-1.8.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/commons-digester-1.8.jarcf89c593f0378e9509a06fce7030aebadc6a73fdbd1fa3f0944e8497c6c872fa21dca37e05662373044f3dff112567b7bb5dfa1174e91e074c0c727b4412788013f49d56The Digester package lets you configure an XML->Java object mapping module
which triggers certain actions called rules whenever a particular
pattern of nested XML elements is recognized.The Apache Software License, Version 2.0: /LICENSE.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/commons-digester-1.8.jar05662373044f3dff112567b7bb5dfa1174e91e074c0c727b4412788013f49d56dc6a73fdbd1fa3f0944e8497c6c872fa21dca37ecf89c593f0378e9509a06fce7030aebaorganization urlhttp://jakarta.apache.orgpackage nameapacheartifactidcommons-digesterpackage namecommonsgroupidcommons-digesternameDigesterImplementation-Vendor-Idorg.apachepackage nameapacheurlhttp://jakarta.apache.org/commons/digester/groupidcommons-digesterspecification-vendorThe Apache Software Foundationpackage namecommonspackage namedigesterorganization nameThe Apache Software Foundationpackage namedigesternamecommons-digesterextension-namecommons-digesterImplementation-VendorThe Apache Software Foundationpackage nameruleurlhttp://jakarta.apache.org/commons/digester/Implementation-Titleorg.apache.commons.digesterpackage namecommonsorganization urlhttp://jakarta.apache.orgnameDigesterpackage nameapachepackage namecommonspackage namedigestergroupidcommons-digesterorganization nameThe Apache Software Foundationartifactidcommons-digesterartifactidcommons-digesterspecification-titleRule based XML->Java object mapping modulepackage namedigesternamecommons-digesterextension-namecommons-digesterversion1.8version1.8version1.8Implementation-Version1.8pkg:maven/commons-digester/commons-digester@1.8https://ossindex.sonatype.org/component/pkg:maven/commons-digester/commons-digester@1.8pkg:maven/commons-digester/commons-digester@1.8https://ossindex.sonatype.org/component/pkg:maven/commons-digester/commons-digester@1.8jquery.js/var/lib/jenkins/workspace/test@2/target/devsecops/js/jquery.js841dc30647f93349b7d8ef61deebe411e0f962936599a6cd266f004b9d04b29d46811483c3a7b608ebfa8d1dfe658bc119e6236a6aaf878a779e7c560aa11dd30881a56a/var/lib/jenkins/workspace/test@2/src/main/webapp/js/jquery.jsc3a7b608ebfa8d1dfe658bc119e6236a6aaf878a779e7c560aa11dd30881a56ae0f962936599a6cd266f004b9d04b29d46811483841dc30647f93349b7d8ef61deebe411/var/lib/jenkins/workspace/test@2/target/devsecops.war/js/jquery.jsc3a7b608ebfa8d1dfe658bc119e6236a6aaf878a779e7c560aa11dd30881a56ae0f962936599a6cd266f004b9d04b29d46811483841dc30647f93349b7d8ef61deebe411namejquerynamejqueryversion1.10.2pkg:javascript/jquery@1.10.2https://ossindex.sonatype.org/component/pkg:javascript/jquery@1.10.2pkg:javascript/jquery@1.10.2https://ossindex.sonatype.org/component/pkg:javascript/jquery@1.10.2CVE-2015-9251MEDIUM4.3NETWORKMEDIUMNONENONENONENONEMEDIUM6.1NETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONEMEDIUMCWE-79jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.https://seclists.org/bugtraq/2019/May/1820190509 dotCMS v5.1.1 Vulnerabilitieshttps://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E[flink-user] 20190811 Apache flink 1.7.2 security issueshttps://github.com/jquery/jquery/issues/2432https://github.com/jquery/jquery/issues/2432https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://nvd.nist.gov/vuln/detail/CVE-2015-9251infohttps://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E[flink-user] 20190813 Apache flink 1.7.2 security issueshttp://seclists.org/fulldisclosure/2019/May/1120190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerabilityhttps://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E[flink-user] 20190813 Re: Apache flink 1.7.2 security issueshttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://github.com/jquery/jquery/issues/2432infohttps://github.com/jquery/jquery/pull/2588https://github.com/jquery/jquery/pull/2588https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttp://seclists.org/fulldisclosure/2019/May/1020190510 dotCMS v5.1.1 Vulnerabilitieshttp://www.securityfocus.com/bid/105658105658http://seclists.org/fulldisclosure/2019/May/1320190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerabilityhttps://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdfhttps://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdfhttp://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/infohttps://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire jshttps://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E[flink-dev] 20190811 Apache flink 1.7.2 security issueshttp://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.htmlhttp://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.htmlhttps://snyk.io/vuln/npm:jquery:20150627https://snyk.io/vuln/npm:jquery:20150627http://research.insecurelabs.org/jquery/test/infohttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttps://ics-cert.us-cert.gov/advisories/ICSA-18-212-04https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.htmlhttp://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.htmlhttps://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cchttps://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cccpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*CVE-2019-11358MEDIUM4.3NETWORKMEDIUMNONENONENONENONEMEDIUM6.1NETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONEMEDIUMCWE-79jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.htmlopenSUSE-SU-2019:1839https://access.redhat.com/errata/RHSA-2019:1456RHSA-2019:1456https://seclists.org/bugtraq/2019/May/1820190509 dotCMS v5.1.1 Vulnerabilitieshttps://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1binfohttp://www.securityfocus.com/bid/108023108023https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://github.com/jquery/jquery/pull/4333https://github.com/jquery/jquery/pull/4333https://www.debian.org/security/2019/dsa-4460DSA-4460http://seclists.org/fulldisclosure/2019/May/1120190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerabilityhttps://seclists.org/bugtraq/2019/Jun/1220190612 [SECURITY] [DSA 4460-1] mediawiki security updatehttps://nvd.nist.gov/vuln/detail/CVE-2019-11358infohttps://lists.debian.org/debian-lts-announce/2019/05/msg00029.html[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security updatehttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/FEDORA-2019-7eaf0bbe7chttp://seclists.org/fulldisclosure/2019/May/1020190510 dotCMS v5.1.1 Vulnerabilitieshttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/FEDORA-2019-f563e66380https://backdropcms.org/security/backdrop-sa-core-2019-009https://backdropcms.org/security/backdrop-sa-core-2019-009https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/FEDORA-2019-2a0ce0c58chttps://www.drupal.org/sa-core-2019-006https://www.drupal.org/sa-core-2019-006https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/http://seclists.org/fulldisclosure/2019/May/1320190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerabilityhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/FEDORA-2019-1a3edd7e8ahttps://snyk.io/vuln/SNYK-JS-JQUERY-174006https://snyk.io/vuln/SNYK-JS-JQUERY-174006https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire jshttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/FEDORA-2019-eba8e44ee6http://www.openwall.com/lists/oss-security/2019/06/03/2[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)https://access.redhat.com/errata/RHBA-2019:1570RHBA-2019:1570https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/https://www.debian.org/security/2019/dsa-4434DSA-4434https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security updatehttps://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.htmlhttp://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.htmlhttps://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1bhttps://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1bhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.htmlopenSUSE-SU-2019:1872https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/infohttps://seclists.org/bugtraq/2019/Apr/3220190421 [SECURITY] [DSA 4434-1] drupal7 security updatehttp://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.htmlhttp://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.htmlhttps://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/FEDORA-2019-a06dffab1ccpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*velocity-engine-core-2.1.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/velocity-engine-core-2.1.jarb10fd2f10542c554d3750c9a2a642c67af23c9cc6eafd771a75ef19c4bcaf89337401c1048bd4f41c118bb5b6805c059c296691a7bfacb8edf4f3a6431778ab1309efbefApache Velocity is a general purpose template engine.https://www.apache.org/licenses/LICENSE-2.0.txtparent-artifactidvelocity-engine-parentnameApache Velocity - Enginerequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"implementation-urlhttp://velocity.apache.org/engine/devel/velocity-engine-core/groupidapache.velocitybundle-docurlhttps://www.apache.org/package nameapacheparent-groupidorg.apache.velocityartifactidvelocity-engine-corespecification-vendorThe Apache Software Foundationbundle-symbolicnameorg.apache.velocity.engine-coreImplementation-Vendor-Idorg.apache.velocitynamevelocity-engine-corepackage namevelocityImplementation-VendorThe Apache Software FoundationnameApache Velocity - Enginerequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"implementation-urlhttp://velocity.apache.org/engine/devel/velocity-engine-core/groupidapache.velocitypackage namefilterbundle-docurlhttps://www.apache.org/package nameapachespecification-titleApache Velocity - Engineparent-groupidorg.apache.velocityImplementation-TitleApache Velocity - EngineBundle-NameApache Velocity - Enginepackage nametemplatebundle-symbolicnameorg.apache.velocity.engine-corenamevelocity-engine-coreparent-artifactidvelocity-engine-parentartifactidvelocity-engine-corepackage namevelocityversion2.1version2.1Implementation-Version2.1pkg:maven/org.apache.velocity/velocity-engine-core@2.1https://ossindex.sonatype.org/component/pkg:maven/org.apache.velocity/velocity-engine-core@2.1pkg:maven/org.apache.velocity/velocity-engine-core@2.1https://ossindex.sonatype.org/component/pkg:maven/org.apache.velocity/velocity-engine-core@2.1asm-xml-6.2.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/asm-xml-6.2.jar2e8a919a14c4d621f79006faa37ab33f11cbb555182f8998eb6d7dfef17a22070e627846b0362758957b49cd68f4f8a22235b0f3de74c1c3a217e9ef5bd42c3ed00e91b4XML API of ASM, a very small and fast Java bytecode manipulation frameworkBSD: http://asm.ow2.org/license.html/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/asm-xml-6.2.jarb0362758957b49cd68f4f8a22235b0f3de74c1c3a217e9ef5bd42c3ed00e91b411cbb555182f8998eb6d7dfef17a22070e6278462e8a919a14c4d621f79006faa37ab33fpackage nameobjectwebpackage namexmlbundle-docurlhttp://asm.ow2.orgorganization nameOW2urlhttp://asm.ow2.org/groupidow2.asmparent-artifactidow2package nameasmnameasm-xmlmodule-requiresorg.objectweb.asm;transitive=true,org.objectweb.asm.util;transitive=truegroupidorg.ow2.asmpackage nameobjectwebpackage namexmlartifactidasm-xmlorganization urlhttp://www.ow2.org/nameasm-xmlbundle-symbolicnameorg.objectweb.asm.xmlpackage nameasmbundle-requiredexecutionenvironmentJ2SE-1.5parent-groupidorg.ow2package namexmlImplementation-TitleXML API of ASM, a very small and fast Java bytecode manipulation frameworkbundle-docurlhttp://asm.ow2.orgartifactidasm-xmlparent-groupidorg.ow2organization nameOW2package nameasmnameasm-xmlmodule-requiresorg.objectweb.asm;transitive=true,org.objectweb.asm.util;transitive=truepackage namexmlpackage nameobjectweburlhttp://asm.ow2.org/Bundle-Nameorg.objectweb.asm.xmlorganization urlhttp://www.ow2.org/artifactidasm-xmlnameasm-xmlpackage nameasmbundle-symbolicnameorg.objectweb.asm.xmlparent-artifactidow2bundle-requiredexecutionenvironmentJ2SE-1.5groupidow2.asmparent-version6.2version6.2version6.2version6.2pkg:maven/org.ow2.asm/asm-xml@6.2https://ossindex.sonatype.org/component/pkg:maven/org.ow2.asm/asm-xml@6.2pkg:maven/org.ow2.asm/asm-xml@6.2https://ossindex.sonatype.org/component/pkg:maven/org.ow2.asm/asm-xml@6.2asm-6.2.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/asm-6.2.jar7abdce94068615d690495f45eb6eb9801b6c4ff09ce03f3052429139c2a68e295cae6604917bda888bc543187325d5fbc1034207eed152574ef78df1734ca0aee40b7fc8ASM, a very small and fast Java bytecode manipulation frameworkBSD: http://asm.ow2.org/license.html/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/asm-6.2.jar917bda888bc543187325d5fbc1034207eed152574ef78df1734ca0aee40b7fc81b6c4ff09ce03f3052429139c2a68e295cae66047abdce94068615d690495f45eb6eb980bundle-symbolicnameorg.objectweb.asmpackage nameobjectwebbundle-docurlhttp://asm.ow2.orgorganization nameOW2urlhttp://asm.ow2.org/nameasmgroupidow2.asmparent-artifactidow2package nameasmartifactidasmgroupidorg.ow2.asmnameasmpackage nameobjectweborganization urlhttp://www.ow2.org/package nameasmbundle-requiredexecutionenvironmentJ2SE-1.5parent-groupidorg.ow2bundle-symbolicnameorg.objectweb.asmbundle-docurlhttp://asm.ow2.orgparent-groupidorg.ow2organization nameOW2nameasmpackage nameasmartifactidasmartifactidasmnameasmpackage nameobjectweburlhttp://asm.ow2.org/organization urlhttp://www.ow2.org/Implementation-TitleASM, a very small and fast Java bytecode manipulation frameworkpackage nameasmBundle-Nameorg.objectweb.asmparent-artifactidow2bundle-requiredexecutionenvironmentJ2SE-1.5groupidow2.asmparent-version6.2version6.2version6.2version6.2pkg:maven/org.ow2.asm/asm@6.2https://ossindex.sonatype.org/component/pkg:maven/org.ow2.asm/asm@6.2pkg:maven/org.ow2.asm/asm@6.2https://ossindex.sonatype.org/component/pkg:maven/org.ow2.asm/asm@6.2commons-lang-2.6.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/commons-lang-2.6.jar4d5c1693079575b362edf41500630bbd0ce1edb914c94ebc388f086c6827e8bdeec71ac250f11b09f877c294d56f24463f47d28f929cf5044f648661c0f0cfbae9a2f49c
Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
http://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/commons-lang-2.6.jar50f11b09f877c294d56f24463f47d28f929cf5044f648661c0f0cfbae9a2f49c0ce1edb914c94ebc388f086c6827e8bdeec71ac24d5c1693079575b362edf41500630bbdpackage namelangparent-artifactidcommons-parentbundle-symbolicnameorg.apache.commons.langnamecommons-langparent-groupidorg.apache.commonspackage nameapacheImplementation-Vendor-Idorg.apachebundle-docurlhttp://commons.apache.org/lang/urlhttp://commons.apache.org/lang/artifactidcommons-langspecification-vendorThe Apache Software Foundationpackage namecommonsnameCommons Langgroupidcommons-langImplementation-VendorThe Apache Software Foundationartifactidcommons-langparent-artifactidcommons-parentpackage namelanggroupidcommons-langbundle-symbolicnameorg.apache.commons.langnamecommons-langurlhttp://commons.apache.org/lang/package nameapachebundle-docurlhttp://commons.apache.org/lang/Bundle-NameCommons Langpackage namecommonsImplementation-TitleCommons Langparent-groupidorg.apache.commonsnameCommons Langspecification-titleCommons Langparent-version2.6Implementation-Version2.6version2.6Bundle-Version2.6version2.6pkg:maven/commons-lang/commons-lang@2.6https://ossindex.sonatype.org/component/pkg:maven/commons-lang/commons-lang@2.6pkg:maven/commons-lang/commons-lang@2.6https://ossindex.sonatype.org/component/pkg:maven/commons-lang/commons-lang@2.6checker-qual-2.8.1.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/checker-qual-2.8.1.jare1c060246b024c4f260c6904e55a62a3eb2e8ab75598548cc8acf9a1ca227e480e01881e9103499008bcecd4e948da29b17864abb64304e15706444ae209d17ebe0575df
Checker Qual is the set of annotations (qualifiers) and supporting classes
used by the Checker Framework to type check Java source code. Please
see artifact:
org.checkerframework:checker
The MIT License: http://opensource.org/licenses/MITpackage namecheckerframeworkpackage namecheckerrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"implementation-urlhttps://checkerframework.orgpackage namequalartifactidchecker-qualbundle-symbolicnamechecker-qualgroupidorg.checkerframeworkautomatic-module-nameorg.checkerframework.checker.qualgroupidcheckerframeworknameChecker Qualpackage namecheckerpackage namecheckerframeworkurlhttps://checkerframework.orgnamechecker-qualpackage namecheckerframeworkpackage namecheckerurlhttps://checkerframework.orggroupidcheckerframeworkrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"implementation-urlhttps://checkerframework.orgpackage namequalpackage namequalbundle-symbolicnamechecker-qualautomatic-module-nameorg.checkerframework.checker.qualnameChecker Qualpackage namecheckerBundle-Namechecker-qualartifactidchecker-qualartifactidchecker-qualnamechecker-qualImplementation-Version2.8.1Bundle-Version2.8.1version2.8.1version2.8.1version2.8.1pkg:maven/org.checkerframework/checker-qual@2.8.1https://ossindex.sonatype.org/component/pkg:maven/org.checkerframework/checker-qual@2.8.1pkg:maven/org.checkerframework/checker-qual@2.8.1https://ossindex.sonatype.org/component/pkg:maven/org.checkerframework/checker-qual@2.8.1gson-2.8.5.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/gson-2.8.5.jar089104cb90d8b4e1aa00b1f5faef0742f645ed69d595b24d4cf8b3fbb64cc505bede8829233a0149fc365c9f6edbd683cfe266b19bdc773be98eabdaf6b3c924b48e7d81Gson JSON librarynamegsonparent-groupidcom.google.code.gsonpackage namegooglepackage namegsonrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"bundle-symbolicnamecom.google.gsongroupidgoogle.code.gsonbundle-contactaddresshttps://github.com/google/gsonnameGsonartifactidgsonparent-artifactidgson-parentbundle-requiredexecutionenvironmentJ2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8namegsongroupidgoogle.code.gsonpackage namegooglepackage namegsonrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"bundle-symbolicnamecom.google.gsonbundle-contactaddresshttps://github.com/google/gsonnameGsonBundle-NameGsonbundle-requiredexecutionenvironmentJ2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8artifactidgsonparent-artifactidgson-parentparent-groupidcom.google.code.gsonversion2.8.5version2.8.5Bundle-Version2.8.5pkg:maven/com.google.code.gson/gson@2.8.5https://ossindex.sonatype.org/component/pkg:maven/com.google.code.gson/gson@2.8.5pkg:maven/com.google.code.gson/gson@2.8.5https://ossindex.sonatype.org/component/pkg:maven/com.google.code.gson/gson@2.8.5jackson-core-2.9.7.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/jackson-core-2.9.7.jarae90e61fef491afefbc9c225b64977534b7f0e0dc527fab032e9800ed231080fdc3ac0159e5bc0efabd9f0cac5c1fdd9ae35b16332ed22a0ee19a356de370a18a8cb6c84Core Jackson processing abstractions (aka Streaming API), implementation for JSONhttp://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/jackson-core-2.9.7.jar9e5bc0efabd9f0cac5c1fdd9ae35b16332ed22a0ee19a356de370a18a8cb6c844b7f0e0dc527fab032e9800ed231080fdc3ac015ae90e61fef491afefbc9c225b6497753urlFasterXML/jackson-corenamejackson-coreImplementation-Vendor-Idcom.fasterxml.jackson.corebundle-docurlhttps://github.com/FasterXML/jackson-corerequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"package namejsonImplementation-VendorFasterXMLparent-groupidcom.fasterxml.jacksonnameJackson-corepackage namejacksonparent-artifactidjackson-baseimplementation-build-date2018-09-19 02:41:39+0000package namecorepackage namebasespecification-vendorFasterXMLgroupidfasterxml.jackson.coreartifactidjackson-corepackage namefasterxmlautomatic-module-namecom.fasterxml.jackson.corebundle-symbolicnamecom.fasterxml.jackson.core.jackson-coreparent-groupidcom.fasterxml.jacksonnamejackson-corebundle-docurlhttps://github.com/FasterXML/jackson-coreImplementation-TitleJackson-corerequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"groupidfasterxml.jackson.corepackage namejsonBundle-NameJackson-corepackage namefilternameJackson-corepackage namejacksonurlFasterXML/jackson-coreimplementation-build-date2018-09-19 02:41:39+0000package namecorepackage nameversionpackage namebaseartifactidjackson-coreparent-artifactidjackson-basepackage namefasterxmlautomatic-module-namecom.fasterxml.jackson.corebundle-symbolicnamecom.fasterxml.jackson.core.jackson-corespecification-titleJackson-coreImplementation-Version2.9.7Bundle-Version2.9.7version2.9.7version2.9.7pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.7https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.7pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.7https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.7dependency-check-core-5.2.1.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/dependency-check-core-5.2.1.jar09f8884f1bcb721259c50d6e763e6e12b44c19dd79cf0ae85ce20c5251527339dc47397f393e7f89621a91f4845e6056025734489dc28ea9280fc982601638b009873303dependency-check-core is the engine and reporting tool used to identify and report if there are any known, publicly disclosed vulnerabilities in the scanned project's dependencies. The engine extracts meta-data from the dependencies and uses this to do fuzzy key-word matching against the Common Platfrom Enumeration (CPE), if any CPE identifiers are found the associated Common Vulnerability and Exposure (CVE) entries are added to the generated report./var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/dependency-check-cli-5.2.1.jar393e7f89621a91f4845e6056025734489dc28ea9280fc982601638b00987330321745e3757eaaad009c6158db9fcf01579d38105606c3bc9577620c35041c37cc07b8eecpkg:maven/org.owasp/dependency-check-cli@5.2.1https://ossindex.sonatype.org/component/pkg:maven/org.owasp/dependency-check-cli@5.2.1/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/dependency-check-utils-5.2.1.jar393e7f89621a91f4845e6056025734489dc28ea9280fc982601638b0098733037ac90a9bc300d11ae3460429cff3fbdb1a0a89c5ffab28d15e169ac88e45fa0d4777a0bfpkg:maven/org.owasp/dependency-check-utils@5.2.1https://ossindex.sonatype.org/component/pkg:maven/org.owasp/dependency-check-utils@5.2.1artifactiddependency-check-coreparent-groupidorg.owasppackage nameowasppackage namedatanamedependency-check-corenameDependency-Check Coregroupidowaspbuild-jdk-spec1.8package namedependencyparent-artifactiddependency-check-parentImplementation-VendorOWASPpackage namereportingpackage nameenginepackage nameowasppackage namedatanamedependency-check-corenameDependency-Check CoreImplementation-TitleDependency-Check Corebuild-jdk-spec1.8groupidowaspparent-groupidorg.owasppackage namedependencyartifactiddependency-check-coreparent-artifactiddependency-check-parentpackage namereportingpackage nameengineversion5.2.1version5.2.1Implementation-Version5.2.1pkg:maven/org.owasp/dependency-check-core@5.2.1https://ossindex.sonatype.org/component/pkg:maven/org.owasp/dependency-check-core@5.2.1pkg:maven/org.owasp/dependency-check-core@5.2.1https://ossindex.sonatype.org/component/pkg:maven/org.owasp/dependency-check-core@5.2.1slf4j-api-1.7.5.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/slf4j-api-1.7.5.jar3b1ececad9ebc3fbad2953ccf4a070ca6b262da268f8ad9eff941b25503a9198f0a0ac93fe30825245d2336c859dc38d60c0fc5f3668dbf29cd586828d2b5667ec355b91The slf4j API/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/slf4j-api-1.7.5.jarfe30825245d2336c859dc38d60c0fc5f3668dbf29cd586828d2b5667ec355b916b262da268f8ad9eff941b25503a9198f0a0ac933b1ececad9ebc3fbad2953ccf4a070canameslf4j-apiurlhttp://www.slf4j.orgbundle-symbolicnameslf4j.apinameSLF4J API Modulegroupidslf4jartifactidslf4j-apiparent-artifactidslf4j-parentbundle-requiredexecutionenvironmentJ2SE-1.3parent-groupidorg.slf4jpackage nameslf4jnameSLF4J API Moduleparent-groupidorg.slf4jartifactidslf4j-apiBundle-Nameslf4j-apinameslf4j-apibundle-symbolicnameslf4j.apiImplementation-Titleslf4j-apiparent-artifactidslf4j-parentgroupidslf4jurlhttp://www.slf4j.orgbundle-requiredexecutionenvironmentJ2SE-1.3package nameslf4jBundle-Version1.7.5Implementation-Version1.7.5version1.7.5version1.7.5pkg:maven/org.slf4j/slf4j-api@1.7.5https://ossindex.sonatype.org/component/pkg:maven/org.slf4j/slf4j-api@1.7.5pkg:maven/org.slf4j/slf4j-api@1.7.5https://ossindex.sonatype.org/component/pkg:maven/org.slf4j/slf4j-api@1.7.5jcl-over-slf4j-1.7.15.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/jcl-over-slf4j-1.7.15.jarec012970331eea95119fe69cfc2719c4598ffdd2f61d99a0244d095b96f3cb9c48b0cb8a1faeb66c0b69e7d75369ca48fc1ce4b84c8b66c1f8610b5fd060ad46d53a6e01JCL 1.1.1 implemented over SLF4Jurlhttp://www.slf4j.orgnamejcl-over-slf4jnameJCL 1.1.1 implemented over SLF4Jbundle-symbolicnamejcl.over.slf4jgroupidslf4jartifactidjcl-over-slf4jparent-artifactidslf4j-parentparent-groupidorg.slf4jbundle-requiredexecutionenvironmentJ2SE-1.5Implementation-Titlejcl-over-slf4jnamejcl-over-slf4jnameJCL 1.1.1 implemented over SLF4Jbundle-symbolicnamejcl.over.slf4jartifactidjcl-over-slf4jparent-artifactidslf4j-parentBundle-Namejcl-over-slf4jgroupidslf4jparent-groupidorg.slf4jurlhttp://www.slf4j.orgbundle-requiredexecutionenvironmentJ2SE-1.5version1.7.15version1.7.15Bundle-Version1.7.15Implementation-Version1.7.15pkg:maven/org.slf4j/jcl-over-slf4j@1.7.15https://ossindex.sonatype.org/component/pkg:maven/org.slf4j/jcl-over-slf4j@1.7.15pkg:maven/org.slf4j/jcl-over-slf4j@1.7.15https://ossindex.sonatype.org/component/pkg:maven/org.slf4j/jcl-over-slf4j@1.7.15price-range.js/var/lib/jenkins/workspace/test@2/target/devsecops/js/price-range.js8565ff5f29372da52f220e2fe23ea7306191abc3f5ee0e4ffdb6c1719face9754d81d12fe8648ac9f0a5b0c8bd6b984e9515f3ba15fe6bc12f5388f31c1bcc317cfebcf4/var/lib/jenkins/workspace/test@2/src/main/webapp/js/price-range.jse8648ac9f0a5b0c8bd6b984e9515f3ba15fe6bc12f5388f31c1bcc317cfebcf46191abc3f5ee0e4ffdb6c1719face9754d81d12f8565ff5f29372da52f220e2fe23ea730/var/lib/jenkins/workspace/test@2/target/devsecops.war/js/price-range.jse8648ac9f0a5b0c8bd6b984e9515f3ba15fe6bc12f5388f31c1bcc317cfebcf46191abc3f5ee0e4ffdb6c1719face9754d81d12f8565ff5f29372da52f220e2fe23ea730main.js/var/lib/jenkins/workspace/test@2/src/main/webapp/js/main.jsc2f31dda690ac650ace679f27c69035570d9cbd75dbd0ab0d7b57a9775d1f743009014b8d5c212e0a4c875acace311a6afb09aeb6a21166afdd777cbdc3de69eb5bf431f/var/lib/jenkins/workspace/test@2/target/devsecops/js/main.jsd5c212e0a4c875acace311a6afb09aeb6a21166afdd777cbdc3de69eb5bf431f70d9cbd75dbd0ab0d7b57a9775d1f743009014b8c2f31dda690ac650ace679f27c690355/var/lib/jenkins/workspace/test@2/target/devsecops.war/js/main.jsd5c212e0a4c875acace311a6afb09aeb6a21166afdd777cbdc3de69eb5bf431f70d9cbd75dbd0ab0d7b57a9775d1f743009014b8c2f31dda690ac650ace679f27c690355tiles-core-2.0.6.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/tiles-core-2.0.6.jar283f1fa1743b357eb17db15b56e1a64c234c747d4b7d70ec505d39d314db7b4fd443269fe4d37aa64ffb8e49ecc9ffd9cab8eae52e6fe553ff332515b3663503ead68d25Tiles Core Library, including basic implementation of the APIs.
/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/tiles-api-2.0.6.jare4d37aa64ffb8e49ecc9ffd9cab8eae52e6fe553ff332515b3663503ead68d25729a464b01317f178fdf5c8d0d97328487a3cb0daa99867384889e44a46ddc68bb940366/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/tiles-jsp-2.0.6.jare4d37aa64ffb8e49ecc9ffd9cab8eae52e6fe553ff332515b3663503ead68d2519b61ced8324efa01f3dd85c0509a6b473e5316813abb2b6712544cea71c342043e85bd4pkg:maven/org.apache.tiles/tiles-jsp@2.0.6https://ossindex.sonatype.org/component/pkg:maven/org.apache.tiles/tiles-jsp@2.0.6/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/tiles-core-2.0.6.jare4d37aa64ffb8e49ecc9ffd9cab8eae52e6fe553ff332515b3663503ead68d25234c747d4b7d70ec505d39d314db7b4fd443269f283f1fa1743b357eb17db15b56e1a64c/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/tiles-api-2.0.6.jare4d37aa64ffb8e49ecc9ffd9cab8eae52e6fe553ff332515b3663503ead68d25729a464b01317f178fdf5c8d0d97328487a3cb0daa99867384889e44a46ddc68bb940366pkg:maven/org.apache.tiles/tiles-api@2.0.6https://ossindex.sonatype.org/component/pkg:maven/org.apache.tiles/tiles-api@2.0.6/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/tiles-jsp-2.0.6.jare4d37aa64ffb8e49ecc9ffd9cab8eae52e6fe553ff332515b3663503ead68d2519b61ced8324efa01f3dd85c0509a6b473e5316813abb2b6712544cea71c342043e85bd4Implementation-Vendor-Idorg.apachepackage nameapacheImplementation-VendorApache Software Foundationgroupidapache.tilesnametiles-corepackage nametilesspecification-vendorApache Software Foundationartifactidtiles-coreparent-artifactidtiles-parentnameTiles - Core Libraryparent-groupidorg.apache.tilespackage nameapachegroupidapache.tilesnametiles-corepackage nametilesparent-groupidorg.apache.tilesImplementation-TitleTiles - Core Libraryartifactidtiles-corespecification-titleTiles - Core Libraryparent-artifactidtiles-parentnameTiles - Core Libraryversion2.0.6version2.0.6Implementation-Version2.0.6pkg:maven/org.apache.tiles/tiles-core@2.0.6https://ossindex.sonatype.org/component/pkg:maven/org.apache.tiles/tiles-core@2.0.6pkg:maven/org.apache.tiles/tiles-core@2.0.6https://ossindex.sonatype.org/component/pkg:maven/org.apache.tiles/tiles-core@2.0.6asm-util-6.2.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/asm-util-6.2.jarcf102ff32c9cef7fda92bd7b2a751ca4a9690730f92cc79eeadc20e400ebb41eccce10b1f2820ea6ef069b83f37d805f5cec58b2872a25650f5f95b4f3cc572156323df0Utilities for ASM, a very small and fast Java bytecode manipulation frameworkBSD: http://asm.ow2.org/license.html/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/asm-util-6.2.jarf2820ea6ef069b83f37d805f5cec58b2872a25650f5f95b4f3cc572156323df0a9690730f92cc79eeadc20e400ebb41eccce10b1cf102ff32c9cef7fda92bd7b2a751ca4package nameobjectwebpackage nameutilbundle-docurlhttp://asm.ow2.orgorganization nameOW2nameasm-utilbundle-symbolicnameorg.objectweb.asm.utilmodule-requiresorg.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true,org.objectweb.asm.tree.analysis;transitive=trueurlhttp://asm.ow2.org/artifactidasm-utilgroupidow2.asmparent-artifactidow2package nameasmgroupidorg.ow2.asmpackage nameobjectweborganization urlhttp://www.ow2.org/package nameutilpackage nameasmnameasm-utilbundle-requiredexecutionenvironmentJ2SE-1.5parent-groupidorg.ow2package nameutilbundle-docurlhttp://asm.ow2.orgnameasm-utilbundle-symbolicnameorg.objectweb.asm.utilmodule-requiresorg.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true,org.objectweb.asm.tree.analysis;transitive=trueparent-groupidorg.ow2organization nameOW2package nameasmpackage nameobjectwebBundle-Nameorg.objectweb.asm.utilurlhttp://asm.ow2.org/Implementation-TitleUtilities for ASM, a very small and fast Java bytecode manipulation frameworkpackage nameutilorganization urlhttp://www.ow2.org/package nameasmartifactidasm-utilparent-artifactidow2nameasm-utilbundle-requiredexecutionenvironmentJ2SE-1.5groupidow2.asmartifactidasm-utilparent-version6.2version6.2version6.2version6.2pkg:maven/org.ow2.asm/asm-util@6.2https://ossindex.sonatype.org/component/pkg:maven/org.ow2.asm/asm-util@6.2pkg:maven/org.ow2.asm/asm-util@6.2https://ossindex.sonatype.org/component/pkg:maven/org.ow2.asm/asm-util@6.2gmaps.js/var/lib/jenkins/workspace/test@2/target/devsecops/js/gmaps.js75a1b69b80f43aaaf74e3f56ca80e59d8add2c5e4fc37d3723f975f6302e98771febcff35958050960c5d1cf4ff27afaf54acfd6a0a8ea1bbbf09573d74852063704201f/var/lib/jenkins/workspace/test@2/src/main/webapp/js/gmaps.js5958050960c5d1cf4ff27afaf54acfd6a0a8ea1bbbf09573d74852063704201f8add2c5e4fc37d3723f975f6302e98771febcff375a1b69b80f43aaaf74e3f56ca80e59d/var/lib/jenkins/workspace/test@2/target/devsecops.war/js/gmaps.js5958050960c5d1cf4ff27afaf54acfd6a0a8ea1bbbf09573d74852063704201f8add2c5e4fc37d3723f975f6302e98771febcff375a1b69b80f43aaaf74e3f56ca80e59djaxen-1.1.6.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/jaxen-1.1.6.jara140517286b56eea981e188dcc3a13f63f8c36d9a0578e8e98f030c662b69888b1430ac05ac9c74bbb3964b34a886ba6b1b6c0b0dc3ebeebc1dc4a44942a76634490b3ebJaxen is a universal Java XPath engine.http://jaxen.codehaus.org/license.html/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/jaxen-1.1.6.jar5ac9c74bbb3964b34a886ba6b1b6c0b0dc3ebeebc1dc4a44942a76634490b3eb3f8c36d9a0578e8e98f030c662b69888b1430ac0a140517286b56eea981e188dcc3a13f6bundle-symbolicnamejaxenpackage namejaxenartifactidjaxenbundle-docurlhttp://codehaus.orgpackage namexpathorganization urlhttp://codehaus.orgorganization nameCodehausgroupidjaxenurlhttp://jaxen.codehaus.org/namejaxennamejaxenbundle-docurlhttp://codehaus.orgBundle-Namejaxennamejaxenorganization urlhttp://codehaus.orgartifactidjaxenurlhttp://jaxen.codehaus.org/package namejaxenbundle-symbolicnamejaxenpackage namexpathgroupidjaxenorganization nameCodehausnamejaxenversion1.1.6version1.1.6Bundle-Version1.1.6pkg:maven/jaxen/jaxen@1.1.6https://ossindex.sonatype.org/component/pkg:maven/jaxen/jaxen@1.1.6pkg:maven/jaxen/jaxen@1.1.6https://ossindex.sonatype.org/component/pkg:maven/jaxen/jaxen@1.1.6spring-core-5.1.2.RELEASE.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/spring-core-5.1.2.RELEASE.jard64dcf8e0f28f8b74cea9868d5a52defb9b00d4075c92761cfd4e527e0bdce1931b4f3dc3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c5Spring CoreApache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/spring-context-5.1.2.RELEASE.jar3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c55c85bc522a5adac9b09b7204fa20708519ab6a114575fc76a4c1974da992abe67d6f43fepkg:maven/org.springframework/spring-context@5.1.2.RELEASEhttps://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-context@5.1.2.RELEASE/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/spring-context-5.1.2.RELEASE.jar3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c55c85bc522a5adac9b09b7204fa20708519ab6a114575fc76a4c1974da992abe67d6f43fe/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/spring-beans-5.1.2.RELEASE.jar3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c55d513701a79c92f0549574f5170a05c4af7c893d8e7e5b97f44fea3e6ff9924be235ac10/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/spring-jcl-5.1.2.RELEASE.jar3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c5f0d7165b6cfb90356da4f25b14a6437fdef1ec8ad24c4517c318640edad0436bf35ee61f/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/spring-aop-5.1.2.RELEASE.jar3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c5bc3cdf3c81bc0a3482cc7f6b9e00ab76847056a788619d03a3e2bdb4c4d51708e124a562/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/spring-beans-5.1.2.RELEASE.jar3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c55d513701a79c92f0549574f5170a05c4af7c893d8e7e5b97f44fea3e6ff9924be235ac10pkg:maven/org.springframework/spring-beans@5.1.2.RELEASEhttps://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-beans@5.1.2.RELEASE/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/spring-web-5.1.2.RELEASE.jar3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c53ff2a93b072da42c3930225e3dceeabb0678eb0b296062cb66d11ba3630c9cc024002f5a/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/spring-expression-5.1.2.RELEASE.jar3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c503c16b062785e4c101db6b754fcb34a77c1e912cac5b30ba1df477476cecafc3eed9a2cfpkg:maven/org.springframework/spring-expression@5.1.2.RELEASEhttps://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-expression@5.1.2.RELEASE/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/spring-expression-5.1.2.RELEASE.jar3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c503c16b062785e4c101db6b754fcb34a77c1e912cac5b30ba1df477476cecafc3eed9a2cf/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/spring-jcl-5.1.2.RELEASE.jar3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c5f0d7165b6cfb90356da4f25b14a6437fdef1ec8ad24c4517c318640edad0436bf35ee61fpkg:maven/org.springframework/spring-jcl@5.1.2.RELEASEhttps://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-jcl@5.1.2.RELEASE/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/spring-aop-5.1.2.RELEASE.jar3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c5bc3cdf3c81bc0a3482cc7f6b9e00ab76847056a788619d03a3e2bdb4c4d51708e124a562pkg:maven/org.springframework/spring-aop@5.1.2.RELEASEhttps://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-aop@5.1.2.RELEASE/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/spring-core-5.1.2.RELEASE.jar3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c5b9b00d4075c92761cfd4e527e0bdce1931b4f3dcd64dcf8e0f28f8b74cea9868d5a52def/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/spring-web-5.1.2.RELEASE.jar3f646f7a51bd3a32c89241b899f6cc73dc40ea8275cd3233f4699668bfb839c53ff2a93b072da42c3930225e3dceeabb0678eb0b296062cb66d11ba3630c9cc024002f5apkg:maven/org.springframework/spring-web@5.1.2.RELEASEhttps://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-web@5.1.2.RELEASEnamespring-corevendorvmwareartifactidspring-coregroupidspringframeworkurlspring-projects/spring-frameworkvendorpivotal softwarenameSpring Corepackage namecoreorganization urlhttp://projects.spring.io/spring-frameworkautomatic-module-namespring.corepackage namespringframeworkvendorSpringSourceorganization nameSpring IOpackage namecoregroupidorg.springframeworknamespring-coreorganization urlhttp://projects.spring.io/spring-frameworknameSpring Corepackage namecoreurlspring-projects/spring-frameworkautomatic-module-namespring.coreorganization nameSpring IOartifactidspring-coreImplementation-Titlespring-coregroupidspringframeworkartifactidspring-corepackage namecoreproductspringsource_spring_frameworkImplementation-Version5.1.2.RELEASEversion5.1.2.RELEASEversion5.1.2.RELEASEpkg:maven/org.springframework/spring-core@5.1.2.RELEASEhttps://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-core@5.1.2.RELEASEpkg:maven/org.springframework/spring-core@5.1.2.RELEASEhttps://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-core@5.1.2.RELEASEcommons-logging-1.2.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/commons-logging-1.2.jar040b4b4d8eac886f6b4a2a3bd2f31b004bfc12adfe4842bf07b657f0369c4cb522955686daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636Apache Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems.http://www.apache.org/licenses/LICENSE-2.0.txtpackage nameloggingparent-artifactidcommons-parenturlhttp://commons.apache.org/proper/commons-logging/bundle-symbolicnameorg.apache.commons.logginggroupidcommons-loggingartifactidcommons-loggingbundle-docurlhttp://commons.apache.org/proper/commons-logging/parent-groupidorg.apache.commonsnameApache Commons Loggingpackage nameapacheImplementation-Vendor-Idorg.apacheimplementation-buildtags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200specification-vendorThe Apache Software Foundationpackage namecommonsnamecommons-loggingImplementation-VendorThe Apache Software Foundationparent-artifactidcommons-parentpackage nameloggingbundle-symbolicnameorg.apache.commons.loggingspecification-titleApache Commons Loggingartifactidcommons-loggingbundle-docurlhttp://commons.apache.org/proper/commons-logging/nameApache Commons Loggingpackage nameapacheimplementation-buildtags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200package namecommonsurlhttp://commons.apache.org/proper/commons-logging/namecommons-loggingImplementation-TitleApache Commons Loggingparent-groupidorg.apache.commonsBundle-NameApache Commons Logginggroupidcommons-loggingImplementation-Version1.2parent-version1.2version1.2version1.2pkg:maven/commons-logging/commons-logging@1.2https://ossindex.sonatype.org/component/pkg:maven/commons-logging/commons-logging@1.2pkg:maven/commons-logging/commons-logging@1.2https://ossindex.sonatype.org/component/pkg:maven/commons-logging/commons-logging@1.2hibernate-core-4.2.6.Final.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/hibernate-core-4.2.6.Final.jar243590d8645131cc10cb4025a04a3345472211fa82a5fffb69f2aa22e7b5e62fe0b521545cd0ac382b5f75fbc83b8d488dfff3e5c7b106b14edd56c96e244cf452cb1146A module of the Hibernate Core projectGNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/hibernate-core-4.2.6.Final.jar5cd0ac382b5f75fbc83b8d488dfff3e5c7b106b14edd56c96e244cf452cb1146472211fa82a5fffb69f2aa22e7b5e62fe0b52154243590d8645131cc10cb4025a04a3345implementation-urlhttp://hibernate.orgpackage namehibernateartifactidhibernate-coregroupidorg.hibernatenameA Hibernate Core Modulenamehibernate-corepackage namehibernateImplementation-VendorHibernate.orgurlhttp://hibernate.orgImplementation-Vendor-Idorg.hibernatebundle-symbolicnameorg.hibernate.coreorganization nameHibernate.orggroupidhibernateorganization urlhttp://hibernate.orgimplementation-urlhttp://hibernate.orgBundle-Namehibernate-corepackage namehibernateorganization urlhttp://hibernate.orgnameA Hibernate Core Modulegroupidhibernatenamehibernate-coreartifactidhibernate-coreartifactidhibernate-corebundle-symbolicnameorg.hibernate.coreorganization nameHibernate.orgurlhttp://hibernate.orgversion4.2.6.Finalversion4.2.6.FinalBundle-Version4.2.6.FinalImplementation-Version4.2.6.Finalpkg:maven/org.hibernate/hibernate-core@4.2.6.Finalhttps://ossindex.sonatype.org/component/pkg:maven/org.hibernate/hibernate-core@4.2.6.Finalpkg:maven/org.hibernate/hibernate-core@4.2.6.Finalhttps://ossindex.sonatype.org/component/pkg:maven/org.hibernate/hibernate-core@4.2.6.Finaljstl-1.2.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/jstl-1.2.jar51e15f798e69358cb893e38c50596b9b74aca283cd4f4b4f3e425f5820cda58f44409547c6273119354a41522877e663582041012b22f8204fe72bba337ed84c7e649b0a/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/jstl-1.2.jarc6273119354a41522877e663582041012b22f8204fe72bba337ed84c7e649b0a74aca283cd4f4b4f3e425f5820cda58f4440954751e15f798e69358cb893e38c50596b9bgroupidjstlextension-namejavax.servlet.jsp.jstlgroupidjavax.servletartifactidjstlgroupidjstlImplementation-VendorSun Microsystems, Inc.package nameapachepackage nametaglibspackage namestandardpackage namejstlgroupidjavax.servletpackage nameservletImplementation-Vendor-Idorg.apachepackage nameapachepackage namejavaxnamejstlspecification-vendorSun Microsystems, Inc.package namejspextension-namejavax.servlet.jsp.jstlpackage nametaglibsspecification-titleJavaServer Pages(TM) Standard Tag Librarypackage namestandardpackage namejstlpackage nametagpackage nameservletpackage namejavaxartifactidjstlgroupidjstlgroupidjavax.servletnamejstlpackage namestandardartifactidjstlpackage namejspImplementation-Version1.2version1.2version1.2version1.2pkg:maven/javax.servlet/jstl@1.2https://ossindex.sonatype.org/component/pkg:maven/javax.servlet/jstl@1.2pkg:maven/jstl/jstl@1.2https://ossindex.sonatype.org/component/pkg:maven/jstl/jstl@1.2pkg:maven/javax.servlet/jstl@1.2https://ossindex.sonatype.org/component/pkg:maven/javax.servlet/jstl@1.2pkg:maven/jstl/jstl@1.2https://ossindex.sonatype.org/component/pkg:maven/jstl/jstl@1.2CVE-2015-0254HIGH7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGHNVD-CWE-OtherApache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag. <a href="http://cwe.mitre.org/data/definitions/611.html" target="_blank">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>http://rhn.redhat.com/errata/RHSA-2016-1838.htmlRHSA-2016:1838https://access.redhat.com/errata/RHSA-2016:1376RHSA-2016:1376http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.securitytracker.com/id/10349341034934http://mail-archives.apache.org/mod_mbox/tomcat-taglibs-user/201502.mbox/%3C82207A16-6348-4DEE-877E-F7B87292576A%40apache.org%3E[tomcat-taglibs-user] 20150227 [SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tagshttp://www.securityfocus.com/archive/1/534772/100/0/threaded20150227 [SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tagshttp://www.securityfocus.com/bid/7280972809http://rhn.redhat.com/errata/RHSA-2015-1695.htmlRHSA-2015:1695https://lists.apache.org/thread.html/8a20e48acb2a40be5130df91cf9d39d8ad93181989413d4abcaa4914@%3Cdev.tomcat.apache.org%3E[tomcat-dev] 20190319 svn commit: r1855831 [27/30] - in /tomcat/site/trunk: ./ docs/ xdocs/https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/http://rhn.redhat.com/errata/RHSA-2016-1839.htmlRHSA-2016:1839http://rhn.redhat.com/errata/RHSA-2016-1840.htmlRHSA-2016:1840http://www.ubuntu.com/usn/USN-2551-1USN-2551-1http://packetstormsecurity.com/files/130575/Apache-Standard-Taglibs-1.2.1-XXE-Remote-Command-Execution.htmlhttp://packetstormsecurity.com/files/130575/Apache-Standard-Taglibs-1.2.1-XXE-Remote-Command-Execution.htmlhttps://ossindex.sonatype.org/vuln/3e7cab6b-3859-45e0-877f-e8a5fa6f3f93[CVE-2015-0254] Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrar...http://lists.opensuse.org/opensuse-updates/2015-10/msg00033.htmlopenSUSE-SU-2015:1751http://rhn.redhat.com/errata/RHSA-2016-1841.htmlRHSA-2016:1841cpe:2.3:a:apache:standard_taglibs:*:*:*:*:*:*:*:*spotbugs-annotations-3.1.12.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/spotbugs-annotations-3.1.12.jar3e611c2dfc7976b3732891874d3acc3bba2c77a05091820668987292f245f3b089387bfab0954eeb5fbca69ab648dab24e812e24587ad67638a101d8fd16363431da7cb7Annotations the SpotBugs tool supportsGNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.htmlpackage namecsnamespotbugs-annotationsgroupidcom.github.spotbugsgroupidgithub.spotbugsbundle-symbolicnamespotbugs-annotationsurlhttps://spotbugs.github.io/automatic-module-namecom.github.spotbugs.annotationsnameSpotBugs Annotationspackage nameeduartifactidspotbugs-annotationsbundle-requiredexecutionenvironmentJ2SE-1.5package nameumdpackage namecsnamespotbugs-annotationspackage namefindbugsartifactidspotbugs-annotationsurlhttps://spotbugs.github.io/Bundle-Namespotbugs-annotationsbundle-symbolicnamespotbugs-annotationsgroupidgithub.spotbugsartifactidspotbugs-annotationsautomatic-module-namecom.github.spotbugs.annotationsnameSpotBugs Annotationsbundle-requiredexecutionenvironmentJ2SE-1.5package nameumdversion3.1.12Bundle-Version3.1.12version3.1.12version3.1.12pkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.12https://ossindex.sonatype.org/component/pkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.12pkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.12https://ossindex.sonatype.org/component/pkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.12commons-cli-1.4.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/commons-cli-1.4.jarc966d7e03507c834d5b09b848560174ec51c00206bb913cd8612b24abd9fa98ae89719b1fd3c7c9545a9cdb2051d1f9155c4f76b1e4ac5a57304404a6eedb578ffba7328
Apache Commons CLI provides a simple API for presenting, processing and validating a command line interface.
https://www.apache.org/licenses/LICENSE-2.0.txtparent-artifactidcommons-parentpackage nameclibundle-docurlhttp://commons.apache.org/proper/commons-cli/groupidcommons-clinameApache Commons CLIparent-groupidorg.apache.commonsartifactidcommons-clipackage nameapacheImplementation-Vendor-Idorg.apachenamecommons-clibundle-symbolicnameorg.apache.commons.clispecification-vendorThe Apache Software Foundationpackage namecommonsimplementation-urlhttp://commons.apache.org/proper/commons-cli/urlhttp://commons.apache.org/proper/commons-cli/require-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))"implementation-buildtags/cli-1.4-RC1@r1786159; 2017-03-09 13:01:35+0000Implementation-VendorThe Apache Software Foundationparent-artifactidcommons-parentImplementation-TitleApache Commons CLIurlhttp://commons.apache.org/proper/commons-cli/artifactidcommons-cliBundle-NameApache Commons CLIpackage nameclibundle-docurlhttp://commons.apache.org/proper/commons-cli/nameApache Commons CLIspecification-titleApache Commons CLIpackage nameapachenamecommons-clibundle-symbolicnameorg.apache.commons.clipackage namecommonsimplementation-urlhttp://commons.apache.org/proper/commons-cli/parent-groupidorg.apache.commonsgroupidcommons-clirequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))"implementation-buildtags/cli-1.4-RC1@r1786159; 2017-03-09 13:01:35+0000Implementation-Version1.4version1.4version1.4parent-version1.4pkg:maven/commons-cli/commons-cli@1.4https://ossindex.sonatype.org/component/pkg:maven/commons-cli/commons-cli@1.4pkg:maven/commons-cli/commons-cli@1.4https://ossindex.sonatype.org/component/pkg:maven/commons-cli/commons-cli@1.4dom4j-2.1.0.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/dom4j-2.1.0.jardcd0b683599cb29fd0a684d54c38e71d6ad46940de4d721df3d6bbcd297714974209544595b11e251e4f0fdcc5d1b3b984d30452260f65d1b382c7aea1448d2b83e8c222flexible XML framework for JavaBSD 3-clause New License: https://github.com/dom4j/dom4j/blob/master/LICENSE/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/dom4j-2.1.0.jar95b11e251e4f0fdcc5d1b3b984d30452260f65d1b382c7aea1448d2b83e8c2226ad46940de4d721df3d6bbcd2977149742095445dcd0b683599cb29fd0a684d54c38e71dgroupiddom4jartifactiddom4jurlhttp://dom4j.github.io/namedom4jpackage namedom4jnamedom4jgroupidorg.dom4jurlhttp://dom4j.github.io/artifactiddom4jnamedom4jnamedom4jartifactiddom4jgroupiddom4jversion2.1.0version2.1.0version2.1.0pkg:maven/org.dom4j/dom4j@2.1.0https://ossindex.sonatype.org/component/pkg:maven/org.dom4j/dom4j@2.1.0pkg:maven/org.dom4j/dom4j@2.1.0https://ossindex.sonatype.org/component/pkg:maven/org.dom4j/dom4j@2.1.0CVE-2018-1000632HIGH6.4NETWORKLOWNONENONENONEPARTIALMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDNONEHIGHNONEHIGHCWE-91dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.https://lists.apache.org/thread.html/9d4c1af6f702c3d6d6f229de57112ddccac8ce44446a01b7937ab9e0@%3Ccommits.maven.apache.org%3E[maven-commits] 20190604 [maven-archetype] branch master updated: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 yearhttps://security.netapp.com/advisory/ntap-20190530-0001/https://security.netapp.com/advisory/ntap-20190530-0001/https://access.redhat.com/errata/RHSA-2019:1161RHSA-2019:1161https://lists.apache.org/thread.html/5a020ecaa3c701f408f612f7ba2ee37a021644c4a39da2079ed3ddbc@%3Ccommits.maven.apache.org%3E[maven-commits] 20190531 [maven-archetype] 01/01: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 yearhttps://access.redhat.com/errata/RHSA-2019:0380RHSA-2019:0380https://access.redhat.com/errata/RHSA-2019:1159RHSA-2019:1159https://access.redhat.com/errata/RHSA-2019:1162RHSA-2019:1162https://access.redhat.com/errata/RHSA-2019:0365RHSA-2019:0365https://ihacktoprotect.com/post/dom4j-xml-injection/https://ihacktoprotect.com/post/dom4j-xml-injection/https://access.redhat.com/errata/RHSA-2019:0364RHSA-2019:0364https://lists.debian.org/debian-lts-announce/2018/09/msg00028.html[debian-lts-announce] 20180924 [SECURITY] [DLA 1517-1] dom4j security updatehttps://access.redhat.com/errata/RHSA-2019:1160RHSA-2019:1160https://ossindex.sonatype.org/vuln/09883ba9-5094-49df-bd4a-1eaf1d6ba07b[CVE-2018-1000632] XML Injection (aka Blind XPath Injection)https://github.com/dom4j/dom4j/issues/48https://github.com/dom4j/dom4j/issues/48https://lists.apache.org/thread.html/00571f362a7a2470fba50a31282c65637c40d2e21ebe6ee535a4ed74@%3Ccommits.maven.apache.org%3E[maven-commits] 20190601 [maven-archetype] 01/01: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 yearhttps://lists.apache.org/thread.html/4a77652531d62299a30815cf5f233af183425db8e3c9a824a814e768@%3Cdev.maven.apache.org%3E[maven-dev] 20190531 Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)https://lists.apache.org/thread.html/7f6e120e6ed473f4e00dde4c398fc6698eb383bd7857d20513e989ce@%3Cdev.maven.apache.org%3E[maven-dev] 20190531 proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)https://access.redhat.com/errata/RHSA-2019:0362RHSA-2019:0362https://lists.apache.org/thread.html/d7d960b2778e35ec9b4d40c8efd468c7ce7163bcf6489b633491c89f@%3Cdev.maven.apache.org%3E[maven-dev] 20190603 Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)https://lists.apache.org/thread.html/7e9e78f0e4288fac6591992836d2a80d4df19161e54bd71ab4b8e458@%3Cdev.maven.apache.org%3E[maven-dev] 20190610 Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387cpe:2.3:a:dom4j_project:dom4j:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*logback-core-1.2.3.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/logback-core-1.2.3.jar841fc80c6edff60d947a3872a2db4d45864344400c3d4d92dfeb0a305dc87d953677c03c5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22logback-core modulehttp://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/logback-classic-1.2.3.jar5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f227c4f3c474fb2c041d8028740440937705ebb473a64f7a68f931aed8e5ad8243470440f0bpkg:maven/ch.qos.logback/logback-classic@1.2.3https://ossindex.sonatype.org/component/pkg:maven/ch.qos.logback/logback-classic@1.2.3bundle-docurlhttp://www.qos.chparent-artifactidlogback-parentrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"groupidch.qos.logbackbundle-symbolicnamech.qos.logback.corenamelogback-corenameLogback Core Modulepackage namecorepackage namechpackage nameqospackage namelogbackoriginally-created-byApache Maven Bundle Pluginbundle-requiredexecutionenvironmentJavaSE-1.6artifactidlogback-corebundle-docurlhttp://www.qos.chparent-artifactidlogback-parentrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"Bundle-NameLogback Core Modulebundle-symbolicnamech.qos.logback.corenamelogback-corenameLogback Core Modulepackage namecorepackage namechpackage nameqosartifactidlogback-corepackage namelogbackoriginally-created-byApache Maven Bundle Plugingroupidch.qos.logbackbundle-requiredexecutionenvironmentJavaSE-1.6Bundle-Version1.2.3version1.2.3version1.2.3pkg:maven/ch.qos.logback/logback-core@1.2.3https://ossindex.sonatype.org/component/pkg:maven/ch.qos.logback/logback-core@1.2.3pkg:maven/ch.qos.logback/logback-core@1.2.3https://ossindex.sonatype.org/component/pkg:maven/ch.qos.logback/logback-core@1.2.3commons-fileupload-1.2.2.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/commons-fileupload-1.2.2.jara0ad9550a7062ddb6528d8725c8230dd1e48256a2341047e7d729217adeec8217f6e3a1a939e5d9a239407f57237b2fb2ad02cefca782905b2ac32f83826a7c4ad083667
The FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
http://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/commons-fileupload-1.2.2.jar939e5d9a239407f57237b2fb2ad02cefca782905b2ac32f83826a7c4ad0836671e48256a2341047e7d729217adeec8217f6e3a1aa0ad9550a7062ddb6528d8725c8230ddbundle-symbolicnameorg.apache.commons.fileuploadparent-artifactidcommons-parentnamecommons-fileuploadnameCommons FileUploadparent-groupidorg.apache.commonspackage nameapacheImplementation-Vendor-Idorg.apachegroupidcommons-fileuploadpackage namefileuploadbundle-docurlhttp://commons.apache.org/fileupload/specification-vendorThe Apache Software Foundationpackage namecommonsartifactidcommons-fileuploadurlhttp://commons.apache.org/fileupload/Implementation-VendorThe Apache Software Foundationparent-artifactidcommons-parentbundle-symbolicnameorg.apache.commons.fileuploadgroupidcommons-fileuploadurlhttp://commons.apache.org/fileupload/namecommons-fileuploadspecification-titleCommons FileUploadnameCommons FileUploadartifactidcommons-fileuploadpackage nameapachepackage namefileuploadbundle-docurlhttp://commons.apache.org/fileupload/package namecommonsparent-groupidorg.apache.commonsImplementation-TitleCommons FileUploadBundle-NameCommons FileUploadversion1.2.2version1.2.2Implementation-Version1.2.2Bundle-Version1.2.2parent-version1.2.2pkg:maven/commons-fileupload/commons-fileupload@1.2.2https://ossindex.sonatype.org/component/pkg:maven/commons-fileupload/commons-fileupload@1.2.2pkg:maven/commons-fileupload/commons-fileupload@1.2.2https://ossindex.sonatype.org/component/pkg:maven/commons-fileupload/commons-fileupload@1.2.2Arbitrary file upload via deserialization0.0> The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.
>
> -- [redhat.com](https://access.redhat.com/security/cve/CVE-2013-2186)https://ossindex.sonatype.org/vuln/fb810cbf-d8fb-4f30-b79b-82652ae7192aArbitrary file upload via deserializationcpe:2.3:a:commons-fileupload:commons-fileupload:1.2.2:*:*:*:*:*:*:*CVE-2013-0248LOW3.3LOCALMEDIUMNONENONENONEPARTIALLOWCWE-264The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.http://marc.info/?l=bugtraq&m=144050155601375&w=2HPSBMU03409http://www.osvdb.org/9090690906https://ossindex.sonatype.org/vuln/88c767c5-36d0-4f1f-afe8-4a595454c436[CVE-2013-0248] Permissions, Privileges, and Access Controlshttp://archives.neohapsis.com/archives/bugtraq/2013-03/0035.html20130306 [SECURITY] CVE-2013-0248 Apache Commons FileUpload - Insecure exampleshttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.securityfocus.com/bid/5832658326cpe:2.3:a:apache:commons_fileupload:1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_fileupload:1.2.2:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_fileupload:1.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_fileupload:1.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_fileupload:1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_fileupload:1.1:*:*:*:*:*:*:*CVE-2014-0050HIGH7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGHCWE-264MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. The previous CVSS assessment ( Base Score: 5.0 - AV:N/AC:L/AU:N/C:N/I:N/A:P) was provided at the time of initial analysis based on the best available published information at that time. The score has been updated to reflect the impact to Oracle products per <a href=http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html> Oracle Critical Patch Update Advisory - October 2015 </a>. Other products listed as vulnerable may or may not be similarly impacted.http://rhn.redhat.com/errata/RHSA-2014-0252.htmlRHSA-2014:0252https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917http://seclists.org/fulldisclosure/2014/Dec/2320141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilitieshttp://secunia.com/advisories/5950059500http://secunia.com/advisories/5807558075https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755http://jvn.jp/en/jp/JVN14876762/index.htmlJVN#14876762https://bugzilla.redhat.com/show_bug.cgi?id=1062337https://bugzilla.redhat.com/show_bug.cgi?id=1062337http://secunia.com/advisories/5923259232http://tomcat.apache.org/security-7.htmlhttp://tomcat.apache.org/security-7.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21677724http://www-01.ibm.com/support/docview.wss?uid=swg21677724http://secunia.com/advisories/5939959399http://www.vmware.com/security/advisories/VMSA-2014-0007.htmlhttp://www.vmware.com/security/advisories/VMSA-2014-0007.htmlhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.htmlhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21676092http://www-01.ibm.com/support/docview.wss?uid=swg21676092http://secunia.com/advisories/5918559185http://secunia.com/advisories/5918759187http://www.debian.org/security/2014/dsa-2856DSA-2856http://www.ubuntu.com/usn/USN-2130-1USN-2130-1http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.htmlhttp://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21669554http://www-01.ibm.com/support/docview.wss?uid=swg21669554http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.htmlhttp://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.htmlhttp://secunia.com/advisories/5918359183http://www-01.ibm.com/support/docview.wss?uid=swg21676853http://www-01.ibm.com/support/docview.wss?uid=swg21676853http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://marc.info/?l=bugtraq&m=143136844732487&w=2HPSBGN03329http://secunia.com/advisories/5903959039https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.htmlhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.htmlhttp://www.securityfocus.com/bid/6540065400http://www-01.ibm.com/support/docview.wss?uid=swg21681214http://www-01.ibm.com/support/docview.wss?uid=swg21681214http://www.vmware.com/security/advisories/VMSA-2014-0012.htmlhttp://www.vmware.com/security/advisories/VMSA-2014-0012.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21676410http://www-01.ibm.com/support/docview.wss?uid=swg21676410http://secunia.com/advisories/6047560475http://rhn.redhat.com/errata/RHSA-2014-0253.htmlRHSA-2014:0253http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907@apache.org%3E[commons-dev] 20140206 [SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoShttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0400.htmlRHSA-2014:0400http://www.vmware.com/security/advisories/VMSA-2014-0008.htmlhttp://www.vmware.com/security/advisories/VMSA-2014-0008.htmlhttp://tomcat.apache.org/security-8.htmlhttp://tomcat.apache.org/security-8.htmlhttp://secunia.com/advisories/5897658976http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.htmlhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:084MDVSA-2015:084http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttp://secunia.com/advisories/5918459184http://secunia.com/advisories/5904159041http://secunia.com/advisories/5791557915http://advisories.mageia.org/MGASA-2014-0110.htmlhttp://advisories.mageia.org/MGASA-2014-0110.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21676405http://www-01.ibm.com/support/docview.wss?uid=swg21676405http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017JVNDB-2014-000017http://secunia.com/advisories/5949259492https://ossindex.sonatype.org/vuln/43e6c5a5-b586-4b31-9244-b62b6e36f2d0[CVE-2014-0050] Permissions, Privileges, and Access Controlshttp://www-01.ibm.com/support/docview.wss?uid=swg21675432http://www-01.ibm.com/support/docview.wss?uid=swg21675432http://www.securityfocus.com/archive/1/532549/100/0/threaded20140625 NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts libraryhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlhttp://www.securityfocus.com/archive/1/534161/100/0/threaded20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilitieshttp://www-01.ibm.com/support/docview.wss?uid=swg21677691http://www-01.ibm.com/support/docview.wss?uid=swg21677691http://www-01.ibm.com/support/docview.wss?uid=swg21676401http://www-01.ibm.com/support/docview.wss?uid=swg21676401http://secunia.com/advisories/6075360753http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://svn.apache.org/r1565143http://svn.apache.org/r1565143http://secunia.com/advisories/5972559725http://www-01.ibm.com/support/docview.wss?uid=swg21676656http://www-01.ibm.com/support/docview.wss?uid=swg21676656http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htmhttp://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htmhttp://www-01.ibm.com/support/docview.wss?uid=swg21676091http://www-01.ibm.com/support/docview.wss?uid=swg21676091http://www-01.ibm.com/support/docview.wss?uid=swg21676403http://www-01.ibm.com/support/docview.wss?uid=swg21676403http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlcpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_applications:13.0:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_fileupload:1.2.1:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_applications:13.3:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_fileupload:1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_applications:14.0:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_applications:12.0:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_fileupload:1.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*cpe:2.3:a:oracle:retail_applications:13.4:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_fileupload:1.2.2:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*cpe:2.3:a:apache:commons_fileupload:1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_fileupload:1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_applications:13.2:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*cpe:2.3:a:oracle:retail_applications:12.0in:*:*:*:*:*:*:*cpe:2.3:a:oracle:retail_applications:13.1:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*CVE-2016-1000031CRITICAL7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGH9.8NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGHCRITICALCWE-284Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution Per Apache: "Having reviewed your report we have concluded that it does not represent a valid vulnerability in Apache Commons File Upload. If an application deserializes data from an untrusted source without filtering and/or validation that is an application vulnerability not a vulnerability in the library a potential attacker might leverage."https://security.netapp.com/advisory/ntap-20190212-0001/https://security.netapp.com/advisory/ntap-20190212-0001/http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00036.htmlopenSUSE-SU-2019:1399https://lists.apache.org/thread.html/d66657323fd25e437face5e84899c8ca404ccd187e81c3f2fa8b6080@%3Cannounce.apache.org%3E[announce] 20181105 [SECURITY] Immediately upgrade commons-fileupload to version 1.3.3 when running Struts 2.3.36 or priorhttp://www.securityfocus.com/bid/9360493604https://www.tenable.com/security/research/tra-2016-30https://www.tenable.com/security/research/tra-2016-30https://issues.apache.org/jira/browse/FILEUPLOAD-279https://issues.apache.org/jira/browse/FILEUPLOAD-279https://issues.apache.org/jira/browse/WW-4812https://issues.apache.org/jira/browse/WW-4812https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://ossindex.sonatype.org/vuln/3d5968a4-4e14-4a98-8816-a4e847bc1426[CVE-2016-1000031] Improper Access Controlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.tenable.com/security/research/tra-2016-12https://www.tenable.com/security/research/tra-2016-12https://www.tenable.com/security/research/tra-2016-23https://www.tenable.com/security/research/tra-2016-23http://www.zerodayinitiative.com/advisories/ZDI-16-570/http://www.zerodayinitiative.com/advisories/ZDI-16-570/cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*CVE-2016-3092HIGH7.8NETWORKLOWNONENONENONECOMPLETEHIGH7.5NETWORKLOWNONENONEUNCHANGEDNONENONEHIGHHIGHCWE-20The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.http://www.debian.org/security/2016/dsa-3609DSA-3609http://www.ubuntu.com/usn/USN-3027-1USN-3027-1https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840http://jvn.jp/en/jp/JVN89379547/index.htmlJVN#89379547http://rhn.redhat.com/errata/RHSA-2016-2071.htmlRHSA-2016:2071https://access.redhat.com/errata/RHSA-2017:0456RHSA-2017:0456http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttps://security.netapp.com/advisory/ntap-20190212-0001/https://security.netapp.com/advisory/ntap-20190212-0001/http://rhn.redhat.com/errata/RHSA-2016-2068.htmlRHSA-2016:2068https://bugzilla.redhat.com/show_bug.cgi?id=1349468https://bugzilla.redhat.com/show_bug.cgi?id=1349468http://svn.apache.org/viewvc?view=revision&revision=1743738http://svn.apache.org/viewvc?view=revision&revision=1743738http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://svn.apache.org/viewvc?view=revision&revision=1743480http://svn.apache.org/viewvc?view=revision&revision=1743480http://www.ubuntu.com/usn/USN-3024-1USN-3024-1http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlhttps://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/http://rhn.redhat.com/errata/RHSA-2016-2808.htmlRHSA-2016:2808https://access.redhat.com/errata/RHSA-2017:0455RHSA-2017:0455http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E[dev] 20160621 CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerabilityhttp://www.securitytracker.com/id/10364271036427http://rhn.redhat.com/errata/RHSA-2017-0457.htmlRHSA-2017:0457http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlhttps://security.gentoo.org/glsa/201705-09GLSA-201705-09http://rhn.redhat.com/errata/RHSA-2016-2070.htmlRHSA-2016:2070http://www.securitytracker.com/id/10370291037029https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttp://tomcat.apache.org/security-7.htmlhttp://tomcat.apache.org/security-7.htmlhttp://www.debian.org/security/2016/dsa-3614DSA-3614http://tomcat.apache.org/security-8.htmlhttp://tomcat.apache.org/security-8.htmlhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371http://tomcat.apache.org/security-9.htmlhttp://tomcat.apache.org/security-9.htmlhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759http://rhn.redhat.com/errata/RHSA-2016-2069.htmlRHSA-2016:2069http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.htmlopenSUSE-SU-2016:2252http://www.securityfocus.com/bid/9145391453http://www.securitytracker.com/id/10369001036900http://svn.apache.org/viewvc?view=revision&revision=1743722http://svn.apache.org/viewvc?view=revision&revision=1743722http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121JVNDB-2016-000121http://svn.apache.org/viewvc?view=revision&revision=1743742http://svn.apache.org/viewvc?view=revision&revision=1743742http://www.debian.org/security/2016/dsa-3611DSA-3611https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/http://rhn.redhat.com/errata/RHSA-2016-2072.htmlRHSA-2016:2072http://www.securitytracker.com/id/10396061039606http://rhn.redhat.com/errata/RHSA-2016-2807.htmlRHSA-2016:2807http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttps://ossindex.sonatype.org/vuln/39d74cc8-457a-4e57-89ef-a258420138c5[CVE-2016-3092] Improper Input Validationhttp://rhn.redhat.com/errata/RHSA-2016-2599.htmlRHSA-2016:2599cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.35:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.32:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*cpe:2.3:a:hp:icewall_identity_manager:5.0:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:9.0.0:m6:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:9.0.0:m4:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.33:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:9.0.0:m3:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*javassist-3.15.0-GA.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/javassist-3.15.0-GA.jar2fcae06eedcddd3e5b0fe32416f99c1c79907309ca4bb4e5e51d4086cc4179b2611358d7eeec97d5987dc8d525285fab888bab4c68a2ef1412335f73aba2b804f88a6cb5Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
simple. It is a class library for editing bytecodes in Java.
MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses//var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/javassist-3.15.0-GA.jareeec97d5987dc8d525285fab888bab4c68a2ef1412335f73aba2b804f88a6cb579907309ca4bb4e5e51d4086cc4179b2611358d72fcae06eedcddd3e5b0fe32416f99c1cartifactidjavassistgroupidjavassistpackage namejavassistnameJavassisturlhttp://www.javassist.org/namejavassistspecification-vendorShigeru Chibapackage namebytecodeartifactidjavassistpackage namejavassistspecification-titleJavassistnameJavassisturlhttp://www.javassist.org/namejavassistpackage namebytecodegroupidjavassistversion3.15.0-GApkg:maven/org.javassist/javassist@3.15.0-GAhttps://ossindex.sonatype.org/component/pkg:maven/org.javassist/javassist@3.15.0-GApkg:maven/org.javassist/javassist@3.15.0-GAhttps://ossindex.sonatype.org/component/pkg:maven/org.javassist/javassist@3.15.0-GAasm-tree-6.2.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/asm-tree-6.2.jare7279981c6764dcd73a99705acf5c9a661570e046111559f38d4e0e580c005f75988c0a602317d9ed739dab470a96f44de712fde51a811362ca26852b34324388e61257cTree API of ASM, a very small and fast Java bytecode manipulation frameworkBSD: http://asm.ow2.org/license.html/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/asm-tree-6.2.jar02317d9ed739dab470a96f44de712fde51a811362ca26852b34324388e61257c61570e046111559f38d4e0e580c005f75988c0a6e7279981c6764dcd73a99705acf5c9a6package nameobjectwebpackage nametreebundle-docurlhttp://asm.ow2.orgorganization nameOW2urlhttp://asm.ow2.org/nameasm-treegroupidow2.asmparent-artifactidow2package nameasmnameasm-treegroupidorg.ow2.asmpackage nameobjectwebartifactidasm-treeorganization urlhttp://www.ow2.org/module-requiresorg.objectweb.asm;transitive=truepackage nametreebundle-symbolicnameorg.objectweb.asm.treepackage nameasmbundle-requiredexecutionenvironmentJ2SE-1.5parent-groupidorg.ow2artifactidasm-treepackage nametreebundle-docurlhttp://asm.ow2.orgImplementation-TitleTree API of ASM, a very small and fast Java bytecode manipulation frameworkparent-groupidorg.ow2organization nameOW2nameasm-treeBundle-Nameorg.objectweb.asm.treepackage nameasmnameasm-treeartifactidasm-treepackage nameobjectweburlhttp://asm.ow2.org/module-requiresorg.objectweb.asm;transitive=truepackage nametreeorganization urlhttp://www.ow2.org/bundle-symbolicnameorg.objectweb.asm.treepackage nameasmparent-artifactidow2bundle-requiredexecutionenvironmentJ2SE-1.5groupidow2.asmparent-version6.2version6.2version6.2version6.2pkg:maven/org.ow2.asm/asm-tree@6.2https://ossindex.sonatype.org/component/pkg:maven/org.ow2.asm/asm-tree@6.2pkg:maven/org.ow2.asm/asm-tree@6.2https://ossindex.sonatype.org/component/pkg:maven/org.ow2.asm/asm-tree@6.2error_prone_annotations-2.3.2.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/error_prone_annotations-2.3.2.jar42c8312a7eb4b6ff612049c4f7b514a6d1a0c5032570e0f64be6b4d9c90cdeb103129029357cd6cfb067c969226c442451502aee13800a24e950fdfde77bcdb4565a668dApache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtparent-artifactiderror_prone_parentpackage nameerrorpronepackage namegooglenameerror_prone_annotationspackage nameannotationsnameerror-prone annotationspackage nameerrorproneparent-groupidcom.google.errorproneartifactiderror_prone_annotationspackage nameannotationsgroupidgoogle.errorpronepackage namegoogleparent-groupidcom.google.errorpronepackage nameerrorproneparent-artifactiderror_prone_parentnameerror-prone annotationspackage nameerrorpronepackage namegooglenameerror_prone_annotationspackage nameannotationspackage nameannotationsgroupidgoogle.errorproneartifactiderror_prone_annotationsversion2.3.2version2.3.2pkg:maven/com.google.errorprone/error_prone_annotations@2.3.2https://ossindex.sonatype.org/component/pkg:maven/com.google.errorprone/error_prone_annotations@2.3.2pkg:maven/com.google.errorprone/error_prone_annotations@2.3.2https://ossindex.sonatype.org/component/pkg:maven/com.google.errorprone/error_prone_annotations@2.3.2findsecbugs-plugin-1.8.0.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/findsecbugs-plugin-1.8.0.jar95fd6be78da3682e3e7f1ee5e774fddbb9809c4294b946495c55ff9e90cf07da47fcf38b8aaee6a21a4e448c5beff4785ba7e2f89e78e6934f07621ca9c8702ebe759f77
Core module of the project. It include all the FindBugs detectors.
The resulting jar is the published plugin.
parent-artifactidfindsecbugs-root-pomgroupidh3xstream.findsecbugsnamefindsecbugs-plugingroupidcom.h3xstream.findsecbugspackage nameh3xstreamparent-groupidcom.h3xstream.findsecbugsartifactidfindsecbugs-pluginpackage namefindsecbugsnameFind Security Bugs Plugingroupidh3xstream.findsecbugsnamefindsecbugs-pluginartifactidfindsecbugs-pluginparent-artifactidfindsecbugs-root-pomartifactidfindsecbugs-pluginparent-groupidcom.h3xstream.findsecbugspackage namefindsecbugsnameFind Security Bugs Pluginversion1.8.0version1.8.0version1.8.0pkg:maven/com.h3xstream.findsecbugs/findsecbugs-plugin@1.8.0https://ossindex.sonatype.org/component/pkg:maven/com.h3xstream.findsecbugs/findsecbugs-plugin@1.8.0pkg:maven/com.h3xstream.findsecbugs/findsecbugs-plugin@1.8.0https://ossindex.sonatype.org/component/pkg:maven/com.h3xstream.findsecbugs/findsecbugs-plugin@1.8.0j2objc-annotations-1.3.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/j2objc-annotations-1.3.jar5fa4ec4ec0c5aa70af8a7d4922df1931ba035118bc8bac37d7eff77700720999acd9986d21af30c92267bd6122c0e0b4d20cccb6641a37eaf956c6540ec471d584e64a7b
A set of annotations that provide additional information to the J2ObjC
translator to modify the result of translation.
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtpackage namej2objcnamej2objc-annotationspackage namej2objcpackage namegoogleurlgoogle/j2objc/package nameannotationspackage nameannotationsartifactidj2objc-annotationsnameJ2ObjC Annotationspackage namegooglegroupidgoogle.j2objcpackage namej2objcnamej2objc-annotationspackage namej2objcpackage namegooglegroupidgoogle.j2objcartifactidj2objc-annotationspackage nameannotationspackage nameannotationsnameJ2ObjC Annotationsurlgoogle/j2objc/version1.3version1.3pkg:maven/com.google.j2objc/j2objc-annotations@1.3https://ossindex.sonatype.org/component/pkg:maven/com.google.j2objc/j2objc-annotations@1.3pkg:maven/com.google.j2objc/j2objc-annotations@1.3https://ossindex.sonatype.org/component/pkg:maven/com.google.j2objc/j2objc-annotations@1.3commons-collections-3.2.2.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/commons-collections-3.2.2.jarf54a8510f834a1a57166970bfc982e948ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8Types that extend and augment the Java Collections Framework.http://www.apache.org/licenses/LICENSE-2.0.txtbundle-symbolicnameorg.apache.commons.collectionsgroupidcommons-collectionsnameApache Commons Collectionsartifactidcommons-collectionsimplementation-buildtags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100parent-artifactidcommons-parentbundle-docurlhttp://commons.apache.org/collections/parent-groupidorg.apache.commonsurlhttp://commons.apache.org/collections/require-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))"package nameapacheImplementation-Vendor-Idorg.apachespecification-vendorThe Apache Software Foundationpackage namecommonsnamecommons-collectionspackage namecollectionsimplementation-urlhttp://commons.apache.org/collections/Implementation-VendorThe Apache Software Foundationbundle-symbolicnameorg.apache.commons.collectionsparent-artifactidcommons-parentnameApache Commons Collectionsimplementation-buildtags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100bundle-docurlhttp://commons.apache.org/collections/groupidcommons-collectionsrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))"package nameapachespecification-titleApache Commons CollectionsImplementation-TitleApache Commons Collectionsartifactidcommons-collectionsBundle-NameApache Commons Collectionspackage namecommonsnamecommons-collectionsparent-groupidorg.apache.commonsurlhttp://commons.apache.org/collections/package namecollectionsimplementation-urlhttp://commons.apache.org/collections/Implementation-Version3.2.2parent-version3.2.2Bundle-Version3.2.2version3.2.2version3.2.2pkg:maven/commons-collections/commons-collections@3.2.2https://ossindex.sonatype.org/component/pkg:maven/commons-collections/commons-collections@3.2.2pkg:maven/commons-collections/commons-collections@3.2.2https://ossindex.sonatype.org/component/pkg:maven/commons-collections/commons-collections@3.2.2dom4j-1.6.1.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/dom4j-1.6.1.jar4d8f51d3fe3900efc6e395be48030d6d5d3ccc056b6f056dbf0dddfdf43894b9065a8f94593552ffea3c5823c6602478b5002a7c525fd904a3c44f1abe4065c22edfac73dom4j: the flexible XML framework for Java/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/dom4j-1.6.1.jar593552ffea3c5823c6602478b5002a7c525fd904a3c44f1abe4065c22edfac735d3ccc056b6f056dbf0dddfdf43894b9065a8f944d8f51d3fe3900efc6e395be48030d6dImplementation-VendorMetaStuff Ltd.extension-namedom4jnameZenframework Z8 Dependencies - Commons - dom4j-1.6.1namedom4jgroupidorg.zenframework.z8.dependencies.commonsorganization nameMetaStuff Ltd.organization urlhttp://sourceforge.net/projects/dom4jurlhttp://dom4j.orggroupiddom4jpackage namedom4jparent-groupidorg.zenframework.z8.dependenciesgroupiddom4jartifactiddom4j-1.6.1artifactiddom4jpackage namedom4jgroupidzenframework.z8.dependencies.commonsparent-artifactidz8-dependenciesnamedom4jspecification-vendorMetaStuff Ltd.groupidzenframework.z8.dependencies.commonsartifactiddom4jartifactiddom4j-1.6.1artifactiddom4j-1.6.1urlhttp://dom4j.orgartifactiddom4jextension-namedom4jnameZenframework Z8 Dependencies - Commons - dom4j-1.6.1namedom4jspecification-titledom4j : XML framework for Javaparent-artifactidz8-dependenciespackage namedom4jgroupiddom4jparent-groupidorg.zenframework.z8.dependenciesorganization nameMetaStuff Ltd.namedom4jImplementation-Titleorg.dom4jorganization urlhttp://sourceforge.net/projects/dom4jversion2.0version2.0pkg:maven/dom4j/dom4j@1.6.1https://ossindex.sonatype.org/component/pkg:maven/dom4j/dom4j@1.6.1pkg:maven/org.zenframework.z8.dependencies.commons/dom4j-1.6.1@2.0https://ossindex.sonatype.org/component/pkg:maven/org.zenframework.z8.dependencies.commons/dom4j-1.6.1@2.0pkg:maven/dom4j/dom4j@1.6.1https://ossindex.sonatype.org/component/pkg:maven/dom4j/dom4j@1.6.1pkg:maven/org.zenframework.z8.dependencies.commons/dom4j-1.6.1@2.0https://ossindex.sonatype.org/component/pkg:maven/org.zenframework.z8.dependencies.commons/dom4j-1.6.1@2.0CVE-2018-1000632HIGH6.4NETWORKLOWNONENONENONEPARTIALMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDNONEHIGHNONEHIGHCWE-91dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.https://lists.apache.org/thread.html/9d4c1af6f702c3d6d6f229de57112ddccac8ce44446a01b7937ab9e0@%3Ccommits.maven.apache.org%3E[maven-commits] 20190604 [maven-archetype] branch master updated: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 yearhttps://security.netapp.com/advisory/ntap-20190530-0001/https://security.netapp.com/advisory/ntap-20190530-0001/https://access.redhat.com/errata/RHSA-2019:1161RHSA-2019:1161https://lists.apache.org/thread.html/5a020ecaa3c701f408f612f7ba2ee37a021644c4a39da2079ed3ddbc@%3Ccommits.maven.apache.org%3E[maven-commits] 20190531 [maven-archetype] 01/01: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 yearhttps://access.redhat.com/errata/RHSA-2019:0380RHSA-2019:0380https://access.redhat.com/errata/RHSA-2019:1159RHSA-2019:1159https://access.redhat.com/errata/RHSA-2019:1162RHSA-2019:1162https://access.redhat.com/errata/RHSA-2019:0365RHSA-2019:0365https://ihacktoprotect.com/post/dom4j-xml-injection/https://ihacktoprotect.com/post/dom4j-xml-injection/https://access.redhat.com/errata/RHSA-2019:0364RHSA-2019:0364https://lists.debian.org/debian-lts-announce/2018/09/msg00028.html[debian-lts-announce] 20180924 [SECURITY] [DLA 1517-1] dom4j security updatehttps://access.redhat.com/errata/RHSA-2019:1160RHSA-2019:1160https://ossindex.sonatype.org/vuln/09883ba9-5094-49df-bd4a-1eaf1d6ba07b[CVE-2018-1000632] XML Injection (aka Blind XPath Injection)https://github.com/dom4j/dom4j/issues/48https://github.com/dom4j/dom4j/issues/48https://lists.apache.org/thread.html/00571f362a7a2470fba50a31282c65637c40d2e21ebe6ee535a4ed74@%3Ccommits.maven.apache.org%3E[maven-commits] 20190601 [maven-archetype] 01/01: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 yearhttps://lists.apache.org/thread.html/4a77652531d62299a30815cf5f233af183425db8e3c9a824a814e768@%3Cdev.maven.apache.org%3E[maven-dev] 20190531 Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)https://lists.apache.org/thread.html/7f6e120e6ed473f4e00dde4c398fc6698eb383bd7857d20513e989ce@%3Cdev.maven.apache.org%3E[maven-dev] 20190531 proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)https://access.redhat.com/errata/RHSA-2019:0362RHSA-2019:0362https://lists.apache.org/thread.html/d7d960b2778e35ec9b4d40c8efd468c7ce7163bcf6489b633491c89f@%3Cdev.maven.apache.org%3E[maven-dev] 20190603 Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)https://lists.apache.org/thread.html/7e9e78f0e4288fac6591992836d2a80d4df19161e54bd71ab4b8e458@%3Cdev.maven.apache.org%3E[maven-dev] 20190610 Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387cpe:2.3:a:dom4j_project:dom4j:*:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*slf4j-api-1.7.26.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/slf4j-api-1.7.26.jar60ec8751be37d54a2aa1b6178f87b96877100a62c2e6f04b53977b9f541044d7d722693d6d9e5b86cfd1dd44c676899285b5bb4fa0d371cf583e8164f9c8a0366553242bThe slf4j APInameslf4j-apiurlhttp://www.slf4j.orgbundle-symbolicnameslf4j.apinameSLF4J API Modulegroupidslf4jartifactidslf4j-apiparent-artifactidslf4j-parentparent-groupidorg.slf4jpackage nameslf4jbundle-requiredexecutionenvironmentJ2SE-1.5nameSLF4J API Moduleparent-groupidorg.slf4jartifactidslf4j-apiBundle-Nameslf4j-apinameslf4j-apibundle-symbolicnameslf4j.apiImplementation-Titleslf4j-apiparent-artifactidslf4j-parentgroupidslf4jurlhttp://www.slf4j.orgpackage nameslf4jbundle-requiredexecutionenvironmentJ2SE-1.5version1.7.26version1.7.26Bundle-Version1.7.26Implementation-Version1.7.26pkg:maven/org.slf4j/slf4j-api@1.7.26https://ossindex.sonatype.org/component/pkg:maven/org.slf4j/slf4j-api@1.7.26pkg:maven/org.slf4j/slf4j-api@1.7.26https://ossindex.sonatype.org/component/pkg:maven/org.slf4j/slf4j-api@1.7.26cpe-parser-2.0.1.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/cpe-parser-2.0.1.jarf5914901fb201b0f555806c0490d0c7ebed94a84a8cea2347e6b5049fc92b52f0af6f91b696233733023bfc1944887a31476cde9c47847f45b0d76b0d8644c0ef3483251A utility for validating and parsing Common Platform Enumeration (CPE) v2.2 and v2.3 as originally defined by MITRE and maintained by NIST.Apache-2.0: http://www.apache.org/licenses/LICENSE-2.0.txtpackage namecpepackage nameuspackage nameparsersgroupidus.springettartifactidcpe-parserurlstevespringett/CPE-Parserpackage namespringettpackage namespringettnameCPE Parsernamecpe-parserpackage nameuspackage namecpegroupidus.springettpackage nameparserspackage namecpepackage namespringettpackage namespringetturlstevespringett/CPE-ParsernameCPE Parsernamecpe-parserpackage nameusartifactidcpe-parserversion2.0.1version2.0.1pkg:maven/us.springett/cpe-parser@2.0.1https://ossindex.sonatype.org/component/pkg:maven/us.springett/cpe-parser@2.0.1pkg:maven/us.springett/cpe-parser@2.0.1https://ossindex.sonatype.org/component/pkg:maven/us.springett/cpe-parser@2.0.1jboss-transaction-api_1.1_spec-1.0.1.Final.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/jboss-transaction-api_1.1_spec-1.0.1.Final.jar679cd909d6130e6bf467b291031e1e2d18f0e1d42f010a8b53aa447bf274a706d5148852d9ccc72cdcf5450fcb8cc614b4930261d5cc5b40da6b3be783308cebcd100723The Java Transaction 1.1 API classesCommon Development and Distribution License: http://repository.jboss.org/licenses/cddl.txt
GNU General Public License, Version 2 with the Classpath Exception: http://repository.jboss.org/licenses/gpl-2.0-ce.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/jboss-transaction-api_1.1_spec-1.0.1.Final.jard9ccc72cdcf5450fcb8cc614b4930261d5cc5b40da6b3be783308cebcd10072318f0e1d42f010a8b53aa447bf274a706d5148852679cd909d6130e6bf467b291031e1e2dpackage nametransactionImplementation-VendorJBoss by Red Hatnamejboss-transaction-api_1.1_spec-1.0.1.Finalbundle-docurlhttp://www.jboss.orgos-nameLinuxparent-artifactidjboss-parentImplementation-Vendor-Idorg.jboss.spec.javax.transactiongroupidjboss.spec.javax.transactionpackage namejavaxos-archi386nameJava Transaction APIparent-groupidorg.jbossimplementation-urlhttp://www.jboss.org/jboss-transaction-api_1.1_specjava-vendorSun Microsystems Inc.build-timestampSat, 17 Mar 2012 11:49:45 -0500bundle-symbolicnameorg.jboss.spec.javax.transaction.jboss-transaction-api_1.1_specartifactidjboss-transaction-api_1.1_specparent-artifactidjboss-parentpackage nametransactionnamejboss-transaction-api_1.1_spec-1.0.1.FinalImplementation-TitleJava Transaction APIbundle-docurlhttp://www.jboss.orgos-nameLinuxgroupidjboss.spec.javax.transactionspecification-titleJSR 907: Java Transaction API (JTA)package namejavaxos-archi386nameJava Transaction APIparent-groupidorg.jbossimplementation-urlhttp://www.jboss.org/jboss-transaction-api_1.1_specBundle-NameJava Transaction APIartifactidjboss-transaction-api_1.1_specbuild-timestampSat, 17 Mar 2012 11:49:45 -0500bundle-symbolicnameorg.jboss.spec.javax.transaction.jboss-transaction-api_1.1_specparent-version1.0.1.FinalImplementation-Version1.0.1.FinalBundle-Version1.0.1.Finalversion1.0.1.Finalpkg:maven/org.jboss.spec.javax.transaction/jboss-transaction-api_1.1_spec@1.0.1.Finalhttps://ossindex.sonatype.org/component/pkg:maven/org.jboss.spec.javax.transaction/jboss-transaction-api_1.1_spec@1.0.1.Finalpkg:maven/org.jboss.spec.javax.transaction/jboss-transaction-api_1.1_spec@1.0.1.Finalhttps://ossindex.sonatype.org/component/pkg:maven/org.jboss.spec.javax.transaction/jboss-transaction-api_1.1_spec@1.0.1.Finalcommons-compress-1.18.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/commons-compress-1.18.jarbcbecfff4bdb0d3d0cdead3d995da2ef1191f9f2bc0c47a8cce69193feb1ff0a8bcb37d55f2df1e467825e4cac5996d44890c4201c000b43c0b23cffc0782d28a0beb9b0
Apache Commons Compress software defines an API for working with
compression and archive formats. These include: bzip2, gzip, pack200,
lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.
https://www.apache.org/licenses/LICENSE-2.0.txtparent-artifactidcommons-parentimplementation-urlhttps://commons.apache.org/proper/commons-compress/extension-nameorg.apache.commons.compressgroupidapache.commonsautomatic-module-nameorg.apache.commons.compressartifactidcommons-compressrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"parent-groupidorg.apache.commonspackage nameapacheImplementation-Vendor-Idorg.apachebundle-symbolicnameorg.apache.commons.commons-compressnamecommons-compressspecification-vendorThe Apache Software Foundationpackage namecommonsbundle-docurlhttps://commons.apache.org/proper/commons-compress/nameApache Commons Compressimplementation-buildUNKNOWN@rb95d5cde4c68640f886e3c6802384fae47408a37; 2018-08-13 07:16:03+0000urlhttps://commons.apache.org/proper/commons-compress/package namecompressImplementation-VendorThe Apache Software FoundationBundle-NameApache Commons Compressparent-artifactidcommons-parenturlhttps://commons.apache.org/proper/commons-compress/implementation-urlhttps://commons.apache.org/proper/commons-compress/extension-nameorg.apache.commons.compressImplementation-TitleApache Commons Compressautomatic-module-nameorg.apache.commons.compressrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"package nameapachebundle-symbolicnameorg.apache.commons.commons-compressnamecommons-compresspackage namecommonsgroupidapache.commonsbundle-docurlhttps://commons.apache.org/proper/commons-compress/artifactidcommons-compressparent-groupidorg.apache.commonsnameApache Commons Compressspecification-titleApache Commons Compressimplementation-buildUNKNOWN@rb95d5cde4c68640f886e3c6802384fae47408a37; 2018-08-13 07:16:03+0000package namecompressImplementation-Version1.18parent-version1.18version1.18version1.18pkg:maven/org.apache.commons/commons-compress@1.18https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-compress@1.18pkg:maven/org.apache.commons/commons-compress@1.18https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-compress@1.18retirejs-core-3.0.1.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/retirejs-core-3.0.1.jaraf51ed61a72671ff8c61942ddc8225cd5aa8c3ee326e382ce9d55cc58e2182852a5b34216e5f2db50efa4f248af753b877858b6cd11bf31c1b7efb064634691a82784ea4nameretirejs-coregroupidh3xstream.retirejspackage nameretirejspackage nameh3xstreamartifactidretirejs-coreparent-groupidcom.h3xstream.retirejsparent-artifactidretirejs-root-pompackage nameh3xstreampackage namerepopackage nameretirejsnameretirejs-coreparent-artifactidretirejs-root-pompackage nameretirejsartifactidretirejs-coreparent-groupidcom.h3xstream.retirejsgroupidh3xstream.retirejspackage nameh3xstreampackage namerepopackage nameretirejsversion3.0.1version3.0.1pkg:maven/com.h3xstream.retirejs/retirejs-core@3.0.1https://ossindex.sonatype.org/component/pkg:maven/com.h3xstream.retirejs/retirejs-core@3.0.1pkg:maven/com.h3xstream.retirejs/retirejs-core@3.0.1https://ossindex.sonatype.org/component/pkg:maven/com.h3xstream.retirejs/retirejs-core@3.0.1commons-logging-api-1.1.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/commons-logging-api-1.1.jar4374238076ab08e60e0d2962344808377d4cf5231d46c8524f9b9ed75bb2d1c69ab9332233a4dd47bb4764e4eb3692d86386d17a0d9827f4f4bb0f70121efab6bc03ba35Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems.The Apache Software License, Version 2.0: /LICENSE.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/commons-logging-api-1.1.jar33a4dd47bb4764e4eb3692d86386d17a0d9827f4f4bb0f70121efab6bc03ba357d4cf5231d46c8524f9b9ed75bb2d1c69ab933224374238076ab08e60e0d296234480837nameLoggingpackage nameloggingorganization urlhttp://jakarta.apache.orgpackage nameapachegroupidcommons-loggingpackage nameloggingpackage namecommonsartifactidcommons-logging-apiImplementation-Vendor-Idorg.apachepackage nameapacheImplementation-VendorApache Software Foundationextension-nameorg.apache.commons.loggingnamecommons-logging-apigroupidcommons-loggingpackage namecommonsurlhttp://jakarta.apache.org/commons/logging/specification-vendorApache Software Foundationorganization nameThe Apache Software FoundationnameLoggingpackage nameloggingspecification-titleJakarta Commons Loggingartifactidcommons-logging-apiImplementation-TitleJakarta Commons Loggingurlhttp://jakarta.apache.org/commons/logging/package nameloggingpackage namecommonsorganization urlhttp://jakarta.apache.orgpackage nameimplpackage nameapacheextension-nameorg.apache.commons.loggingnamecommons-logging-apipackage namecommonsartifactidcommons-logging-apiorganization nameThe Apache Software Foundationgroupidcommons-loggingImplementation-Version1.1version1.1version1.1version1.1pkg:maven/commons-logging/commons-logging-api@1.1https://ossindex.sonatype.org/component/pkg:maven/commons-logging/commons-logging-api@1.1pkg:maven/commons-logging/commons-logging-api@1.1https://ossindex.sonatype.org/component/pkg:maven/commons-logging/commons-logging-api@1.1failureaccess-1.0.1.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/failureaccess-1.0.1.jar091883993ef5bfa91da01dcc8fc522361dcf1de382a0bf95a3d8b0849546c88bac1292c9a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26
Contains
com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
InternalFutures. Most users will never need to use this artifact. Its
classes is conceptually a part of Guava, but they're in this separate
artifact so that Android libraries can use them without pulling in all of
Guava (just as they can use ListenableFuture by depending on the
listenablefuture artifact).
http://www.apache.org/licenses/LICENSE-2.0.txtpackage namegooglenameGuava InternalFutureFailureAccess and InternalFuturesparent-groupidcom.google.guavarequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"namefailureaccesspackage nameconcurrentpackage nameutilgroupidgoogle.guavaartifactidfailureaccessbundle-docurlhttps://github.com/google/guava/package namecommonparent-artifactidguava-parentbundle-symbolicnamecom.google.guava.failureaccesspackage namegooglenameGuava InternalFutureFailureAccess and InternalFuturesparent-artifactidguava-parentartifactidfailureaccessparent-groupidcom.google.guavarequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"groupidgoogle.guavanamefailureaccesspackage nameconcurrentpackage nameutilBundle-NameGuava InternalFutureFailureAccess and InternalFuturespackage namecommonbundle-docurlhttps://github.com/google/guava/bundle-symbolicnamecom.google.guava.failureaccessparent-version1.0.1version1.0.1version1.0.1Bundle-Version1.0.1pkg:maven/com.google.guava/failureaccess@1.0.1https://ossindex.sonatype.org/component/pkg:maven/com.google.guava/failureaccess@1.0.1pkg:maven/com.google.guava/failureaccess@1.0.1https://ossindex.sonatype.org/component/pkg:maven/com.google.guava/failureaccess@1.0.1antlr-2.7.7.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/antlr-2.7.7.jarf8f1352c52a4c6a500b597596501fc6483cd2cd674a217ade95a4bb83a8a14f351f48bd088fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c
A framework for constructing recognizers, compilers,
and translators from grammatical descriptions containing
Java, C#, C++, or Python actions.
BSD License: http://www.antlr.org/license.html/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/antlr-2.7.7.jar88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c83cd2cd674a217ade95a4bb83a8a14f351f48bd0f8f1352c52a4c6a500b597596501fc64nameAntLR Parser Generatorgroupidantlrurlhttp://www.antlr.org/artifactidantlrnameantlrpackage nameantlrgroupidantlrnameAntLR Parser Generatorurlhttp://www.antlr.org/groupidantlrartifactidantlrartifactidantlrnameantlrversion2.7.7version2.7.7version2.7.7pkg:maven/antlr/antlr@2.7.7https://ossindex.sonatype.org/component/pkg:maven/antlr/antlr@2.7.7pkg:maven/antlr/antlr@2.7.7https://ossindex.sonatype.org/component/pkg:maven/antlr/antlr@2.7.7jsr305-3.0.2.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/jsr305-3.0.2.jardd83accb899363c32b07d7a1b2e4ce4025ea2e8b0c338a877313bd4672d3fe056ea78f0d766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7JSR305 Annotations for FindbugsThe Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/jsr305-3.0.2.jar766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c725ea2e8b0c338a877313bd4672d3fe056ea78f0ddd83accb899363c32b07d7a1b2e4ce40/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/jsr305-3.0.2.jar766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c725ea2e8b0c338a877313bd4672d3fe056ea78f0ddd83accb899363c32b07d7a1b2e4ce40urlhttp://findbugs.sourceforge.net/groupidgoogle.code.findbugsnameFindBugs-jsr305artifactidjsr305bundle-symbolicnameorg.jsr-305namejsr305nameFindBugs-jsr305bundle-symbolicnameorg.jsr-305groupidgoogle.code.findbugsBundle-NameFindBugs-jsr305artifactidjsr305urlhttp://findbugs.sourceforge.net/namejsr305version3.0.2version3.0.2Bundle-Version3.0.2pkg:maven/com.google.code.findbugs/jsr305@3.0.2https://ossindex.sonatype.org/component/pkg:maven/com.google.code.findbugs/jsr305@3.0.2pkg:maven/com.google.code.findbugs/jsr305@3.0.2https://ossindex.sonatype.org/component/pkg:maven/com.google.code.findbugs/jsr305@3.0.2package-url-java-1.0.1.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/package-url-java-1.0.1.jarc3ad4b16cbc442ae5f0faca7f7a45ec015aa42711e3c142a088818357073f8f85bf42b0827811dedb123d3cd685f301d629627f54275307313b00fcb671ab05a9bb19beaASL2: http://www.apache.org/licenses/LICENSE-2.0.txtgroupidsonatype.goodiesurlhttps://sonatype.github.io/package-url-java/package namesonatypepackage namegoodiesparent-groupidorg.sonatype.buildsupportimplementation-urlhttps://sonatype.github.io/package-url-java/artifactidpackage-url-javaImplementation-Vendor-Idorg.sonatype.goodiesparent-artifactidpublic-parentImplementation-VendorSonatype, Inc.namepackage-url-javagroupidsonatype.goodiesparent-groupidorg.sonatype.buildsupportpackage namesonatypepackage namegoodiesurlhttps://sonatype.github.io/package-url-java/Implementation-Titleorg.sonatype.goodies:package-url-javaimplementation-urlhttps://sonatype.github.io/package-url-java/parent-artifactidpublic-parentartifactidpackage-url-javaspecification-titleorg.sonatype.goodies:package-url-javanamepackage-url-javaparent-version1.0.1version1.0.1version1.0.1Implementation-Version1.0.1pkg:maven/org.sonatype.goodies/package-url-java@1.0.1https://ossindex.sonatype.org/component/pkg:maven/org.sonatype.goodies/package-url-java@1.0.1pkg:maven/org.sonatype.goodies/package-url-java@1.0.1https://ossindex.sonatype.org/component/pkg:maven/org.sonatype.goodies/package-url-java@1.0.1spotbugs-annotations-3.1.5.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/spotbugs-annotations-3.1.5.jarb95dcad8c0cf00c399b5c24b161ffbd84e2e5448fba7b4aa298d4eb9af25a9ba707bcb0ec32907af3441aaeb2948825ef30d70d34ca938be832910df73a46aa20554aecfAnnotations the SpotBugs tool supportsGNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/spotbugs-annotations-3.1.5.jarc32907af3441aaeb2948825ef30d70d34ca938be832910df73a46aa20554aecf4e2e5448fba7b4aa298d4eb9af25a9ba707bcb0eb95dcad8c0cf00c399b5c24b161ffbd8package namecsnamespotbugs-annotationsgroupidcom.github.spotbugsgroupidgithub.spotbugsbundle-symbolicnamespotbugs-annotationsurlhttps://spotbugs.github.io/automatic-module-namecom.github.spotbugs.annotationsnameSpotBugs Annotationspackage nameeduartifactidspotbugs-annotationsbundle-requiredexecutionenvironmentJ2SE-1.5package nameumdpackage namecsnamespotbugs-annotationspackage namefindbugsartifactidspotbugs-annotationsurlhttps://spotbugs.github.io/Bundle-Namespotbugs-annotationsbundle-symbolicnamespotbugs-annotationsgroupidgithub.spotbugsartifactidspotbugs-annotationsautomatic-module-namecom.github.spotbugs.annotationsnameSpotBugs Annotationsbundle-requiredexecutionenvironmentJ2SE-1.5package nameumdBundle-Version3.1.5version3.1.5version3.1.5version3.1.5pkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.5https://ossindex.sonatype.org/component/pkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.5pkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.5https://ossindex.sonatype.org/component/pkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.5minlog-1.3.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/minlog-1.3.jarb4e9b84eaea9750fe58ac3e196c7ed9b8d2b87348c82b82e69ac2039ddbbc9d36dc69c9a12d586cbfc6fab0063fc4ff56a93cc7094ae020d6b368f53025727b2e8ca02d7Minimal overhead Java loggingNew BSD License: http://www.opensource.org/licenses/bsd-license.phpImplementation-Vendor-Idcom.esotericsoftwarepackage nameminlogartifactidminloggroupidesotericsoftwareurlEsotericSoftware/minlognameMinLognameminlogpackage nameesotericsoftwarepackage nameminlogspecification-titleMinLogurlEsotericSoftware/minlognameMinLognameminlogartifactidminlogImplementation-TitleMinLoggroupidesotericsoftwarepackage nameesotericsoftwareImplementation-Version1.3version1.3version1.3pkg:maven/com.esotericsoftware/minlog@1.3https://ossindex.sonatype.org/component/pkg:maven/com.esotericsoftware/minlog@1.3pkg:maven/com.esotericsoftware/minlog@1.3https://ossindex.sonatype.org/component/pkg:maven/com.esotericsoftware/minlog@1.3struts2-tiles-plugin-2.3.16.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/struts2-tiles-plugin-2.3.16.jarbf0c91600c512941ae9aafe17ed77da108516d4707f21d4ea115e6cd08ef0e0c116a1286a6037033d7ac6994bc0aa7661889b47cb1860c3dffcbd31780137045afc0b97cApache Struts 2http://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/struts2-tiles-plugin-2.3.16.jara6037033d7ac6994bc0aa7661889b47cb1860c3dffcbd31780137045afc0b97c08516d4707f21d4ea115e6cd08ef0e0c116a1286bf0c91600c512941ae9aafe17ed77da1bundle-symbolicnameorg.apache.struts.2-tiles-pluginbundle-docurlhttp://www.apache.orgartifactidstruts2-tiles-pluginImplementation-Vendor-Idorg.apache.strutspackage namestruts2nameStruts 2 Tiles Pluginpackage nameapacheImplementation-VendorApache Software Foundationnamestruts2-tiles-pluginpackage nametilesgroupidapache.strutsspecification-vendorApache Software Foundationparent-artifactidstruts2-pluginsparent-groupidorg.apache.strutsbundle-symbolicnameorg.apache.struts.2-tiles-pluginbundle-docurlhttp://www.apache.orgartifactidstruts2-tiles-pluginparent-artifactidstruts2-pluginspackage namestruts2specification-titleStruts 2 Tiles PluginnameStruts 2 Tiles Pluginpackage nameapacheImplementation-TitleStruts 2 Tiles Pluginnamestruts2-tiles-pluginpackage nametilesparent-groupidorg.apache.strutsBundle-NameStruts 2 Tiles Plugingroupidapache.strutsBundle-Version2.3.16Implementation-Version2.3.16version2.3.16version2.3.16pkg:maven/org.apache.struts/struts2-tiles-plugin@2.3.16https://ossindex.sonatype.org/component/pkg:maven/org.apache.struts/struts2-tiles-plugin@2.3.16pkg:maven/org.apache.struts/struts2-tiles-plugin@2.3.16https://ossindex.sonatype.org/component/pkg:maven/org.apache.struts/struts2-tiles-plugin@2.3.16CVE-2014-0094MEDIUM5.0NETWORKLOWNONENONENONENONEMEDIUMNVD-CWE-noinfoThe ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.securityfocus.com/archive/1/532549/100/0/threaded20140625 NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts libraryhttp://secunia.com/advisories/5644056440http://struts.apache.org/release/2.3.x/docs/s2-020.htmlhttp://struts.apache.org/release/2.3.x/docs/s2-020.htmlhttp://www.securityfocus.com/archive/1/531362/100/0/threaded20140306 [ANN] Struts 2.3.16.1 GA release available - security fixhttp://jvndb.jvn.jp/jvndb/JVNDB-2014-000045JVNDB-2014-000045http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.htmlhttp://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.htmlhttp://secunia.com/advisories/5917859178http://www.konakart.com/downloads/ver-7-3-0-0-whats-newhttp://www.konakart.com/downloads/ver-7-3-0-0-whats-newhttp://www.securitytracker.com/id/10298761029876http://www.securityfocus.com/bid/6599965999http://www-01.ibm.com/support/docview.wss?uid=swg21676706http://www-01.ibm.com/support/docview.wss?uid=swg21676706http://jvn.jp/en/jp/JVN19294237/index.htmlJVN#19294237http://www.vmware.com/security/advisories/VMSA-2014-0007.htmlhttp://www.vmware.com/security/advisories/VMSA-2014-0007.htmlhttp://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htmhttp://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htmcpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2014-0112HIGH7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGHCWE-264ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1091939https://bugzilla.redhat.com/show_bug.cgi?id=1091939http://www.securityfocus.com/bid/6706467064http://secunia.com/advisories/5950059500https://cwiki.apache.org/confluence/display/WW/S2-021https://cwiki.apache.org/confluence/display/WW/S2-021http://www.securityfocus.com/archive/1/531952/100/0/threaded20140426 [ANN] Struts 2.3.16.2 GA release available - security fixhttp://www.securityfocus.com/archive/1/532549/100/0/threaded20140625 NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts libraryhttps://access.redhat.com/errata/RHSA-2019:0910RHSA-2019:0910http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045JVNDB-2014-000045http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.htmlhttp://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.htmlhttp://secunia.com/advisories/5917859178http://www-01.ibm.com/support/docview.wss?uid=swg21676706http://www-01.ibm.com/support/docview.wss?uid=swg21676706http://jvn.jp/en/jp/JVN19294237/index.htmlJVN#19294237http://www.vmware.com/security/advisories/VMSA-2014-0007.htmlhttp://www.vmware.com/security/advisories/VMSA-2014-0007.htmlcpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2014-0113HIGH7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGHCWE-264CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://secunia.com/advisories/5917859178https://cwiki.apache.org/confluence/display/WW/S2-021https://cwiki.apache.org/confluence/display/WW/S2-021http://www.securityfocus.com/archive/1/531952/100/0/threaded20140426 [ANN] Struts 2.3.16.2 GA release available - security fixhttp://www-01.ibm.com/support/docview.wss?uid=swg21676706http://www-01.ibm.com/support/docview.wss?uid=swg21676706cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2014-0116MEDIUM5.8NETWORKMEDIUMNONENONENONEPARTIALMEDIUMCWE-264CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113.http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.securityfocus.com/bid/6721867218http://secunia.com/advisories/5981659816http://struts.apache.org/release/2.3.x/docs/s2-022.htmlhttp://struts.apache.org/release/2.3.x/docs/s2-022.htmlhttp://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htmhttp://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htmcpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2014-7809MEDIUM6.8NETWORKMEDIUMNONEPARTIALPARTIALPARTIALMEDIUMCWE-352Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism.http://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.htmlhttp://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.securityfocus.com/bid/7154871548http://struts.apache.org/docs/s2-023.htmlhttp://struts.apache.org/docs/s2-023.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.securitytracker.com/id/10313091031309http://www.securityfocus.com/archive/1/534175/100/0/threaded20141208 [ANN] Apache Struts 2.3.20 GA release available with security fixcpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2015-5169MEDIUM4.3NETWORKMEDIUMNONENONENONENONEMEDIUM6.1NETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONEMEDIUMCWE-79Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.https://bugzilla.redhat.com/show_bug.cgi?id=1260087https://bugzilla.redhat.com/show_bug.cgi?id=1260087https://struts.apache.org/docs/s2-025.htmlhttps://struts.apache.org/docs/s2-025.htmlhttp://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.htmlJVNDB-2015-000125http://www.securityfocus.com/bid/7662576625https://security.netapp.com/advisory/ntap-20180629-0003/https://security.netapp.com/advisory/ntap-20180629-0003/http://jvn.jp/en/jp/JVN95989300/index.htmlJVN#95989300cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2015-5209HIGH5.0NETWORKLOWNONENONENONENONEMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDNONEHIGHNONEHIGHCWE-20Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.https://security.netapp.com/advisory/ntap-20180629-0002/https://security.netapp.com/advisory/ntap-20180629-0002/http://www.securityfocus.com/bid/8255082550http://www.securitytracker.com/id/10339081033908https://struts.apache.org/docs/s2-026.htmlhttps://struts.apache.org/docs/s2-026.htmlcpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-0785HIGH9.0NETWORKLOWSINGLECOMPLETECOMPLETECOMPLETEHIGH8.8NETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGHHIGHCWE-20Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.http://struts.apache.org/docs/s2-029.htmlhttp://struts.apache.org/docs/s2-029.htmlhttp://www.securitytracker.com/id/10352711035271http://www.securityfocus.com/bid/8506685066cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2016-2162MEDIUM4.3NETWORKMEDIUMNONENONENONENONEMEDIUM6.1NETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONEMEDIUMCWE-79Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.http://www.securitytracker.com/id/10352721035272http://struts.apache.org/docs/s2-030.htmlhttp://struts.apache.org/docs/s2-030.htmlhttp://www.securityfocus.com/bid/8507085070cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2_beta:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-3081HIGH9.3NETWORKMEDIUMNONECOMPLETECOMPLETECOMPLETEHIGH8.1NETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGHHIGHCWE-77Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.https://struts.apache.org/docs/s2-032.htmlhttps://struts.apache.org/docs/s2-032.htmlhttp://www.securityfocus.com/bid/8732787327http://www.rapid7.com/db/modules/exploit/multi/http/struts_dmi_exechttp://www.rapid7.com/db/modules/exploit/multi/http/struts_dmi_exechttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160527-01-struts2-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160527-01-struts2-enhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://packetstormsecurity.com/files/136856/Apache-Struts-2.3.28-Dynamic-Method-Invocation-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/136856/Apache-Struts-2.3.28-Dynamic-Method-Invocation-Remote-Code-Execution.htmlhttp://www.rapid7.com/db/modules/exploit/linux/http/struts_dmi_exechttp://www.rapid7.com/db/modules/exploit/linux/http/struts_dmi_exechttp://www.securitytracker.com/id/10356651035665https://www.exploit-db.com/exploits/39756/39756http://www.securityfocus.com/bid/9178791787cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:oracle:siebel_e-billing:7.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-3082CRITICAL10.0NETWORKLOWNONECOMPLETECOMPLETECOMPLETEHIGH9.8NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGHCRITICALCWE-20XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.http://www.securitytracker.com/id/10356641035664http://struts.apache.org/docs/s2-031.htmlhttp://struts.apache.org/docs/s2-031.htmlhttp://www.securityfocus.com/bid/8882688826cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-3090HIGH6.5NETWORKLOWSINGLEPARTIALPARTIALPARTIALMEDIUM8.8NETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGHHIGHCWE-20The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.https://struts.apache.org/docs/s2-027.htmlhttps://struts.apache.org/docs/s2-027.htmlhttps://security.netapp.com/advisory/ntap-20180629-0005/https://security.netapp.com/advisory/ntap-20180629-0005/http://www.securityfocus.com/bid/8513185131https://www.securitytracker.com/id/10352671035267cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-3093MEDIUM5.0NETWORKLOWNONENONENONEPARTIALMEDIUM5.3NETWORKLOWNONENONEUNCHANGEDNONENONELOWMEDIUMCWE-20Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.http://struts.apache.org/docs/s2-034.htmlhttp://struts.apache.org/docs/s2-034.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21987854http://www-01.ibm.com/support/docview.wss?uid=swg21987854http://www.securitytracker.com/id/10360181036018http://www.securityfocus.com/bid/9096190961cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:ognl_project:ognl:*:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-4003MEDIUM4.3NETWORKMEDIUMNONENONENONENONEMEDIUM6.1NETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONEMEDIUMCWE-79Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter.http://www.securityfocus.com/bid/8631186311http://struts.apache.org/docs/s2-028.htmlhttp://struts.apache.org/docs/s2-028.htmlhttp://www.securitytracker.com/id/10352681035268https://issues.apache.org/jira/browse/WW-4507https://issues.apache.org/jira/browse/WW-4507cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2016-4436CRITICAL7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGH9.8NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGHCRITICALNVD-CWE-noinfoApache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.http://www.securityfocus.com/bid/9128091280http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttps://struts.apache.org/docs/s2-035.htmlhttps://struts.apache.org/docs/s2-035.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21987854http://www-01.ibm.com/support/docview.wss?uid=swg21987854cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2016-4461HIGH9.0NETWORKLOWSINGLECOMPLETECOMPLETECOMPLETEHIGH8.8NETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGHHIGHCWE-20Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.http://www.securityfocus.com/bid/9127791277https://struts.apache.org/docs/s2-036.htmlhttps://struts.apache.org/docs/s2-036.htmlhttps://security.netapp.com/advisory/ntap-20180629-0004/https://security.netapp.com/advisory/ntap-20180629-0004/cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*CVE-2017-12611CRITICAL7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGH9.8NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGHCRITICALCWE-20In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.http://www.securityfocus.com/bid/100829100829https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txthttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txthttps://struts.apache.org/docs/s2-053.htmlhttps://struts.apache.org/docs/s2-053.htmlcpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2017-5638CRITICAL10.0NETWORKLOWNONECOMPLETECOMPLETECOMPLETEHIGH10.0NETWORKLOWNONENONECHANGEDHIGHHIGHHIGHCRITICALCWE-20The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.htmlhttp://blog.talosintelligence.com/2017/03/apache-0-day-exploited.htmlhttps://twitter.com/theog150/status/841146956135124993https://twitter.com/theog150/status/841146956135124993https://exploit-db.com/exploits/4157041570https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519ahttps://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519ahttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttps://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228http://www.securitytracker.com/id/10379731037973https://www.exploit-db.com/exploits/41614/41614https://www.symantec.com/security-center/network-protection-security-advisories/SA145https://www.symantec.com/security-center/network-protection-security-advisories/SA145https://support.lenovo.com/us/en/product_security/len-14200https://support.lenovo.com/us/en/product_security/len-14200http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txthttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txthttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_ushttps://cwiki.apache.org/confluence/display/WW/S2-045https://cwiki.apache.org/confluence/display/WW/S2-045http://www.securityfocus.com/bid/9672996729https://cwiki.apache.org/confluence/display/WW/S2-046https://cwiki.apache.org/confluence/display/WW/S2-046https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/https://github.com/rapid7/metasploit-framework/issues/8064https://github.com/rapid7/metasploit-framework/issues/8064https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_ushttps://www.kb.cert.org/vuls/id/834067VU#834067https://packetstormsecurity.com/files/141494/S2-45-poc.py.txthttps://packetstormsecurity.com/files/141494/S2-45-poc.py.txthttps://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.htmlhttps://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.htmlhttps://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/https://security.netapp.com/advisory/ntap-20170310-0001/https://security.netapp.com/advisory/ntap-20170310-0001/http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/https://isc.sans.edu/diary/22169https://isc.sans.edu/diary/22169https://struts.apache.org/docs/s2-046.htmlhttps://struts.apache.org/docs/s2-046.htmlhttps://github.com/mazen160/struts-pwnhttps://github.com/mazen160/struts-pwnhttp://www.eweek.com/security/apache-struts-vulnerability-under-attack.htmlhttp://www.eweek.com/security/apache-struts-vulnerability-under-attack.htmlhttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_ushttps://struts.apache.org/docs/s2-045.htmlhttps://struts.apache.org/docs/s2-045.htmlcpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2017-9787HIGH5.0NETWORKLOWNONENONENONEPARTIALMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDNONENONEHIGHHIGHCWE-284When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.http://www.securityfocus.com/bid/9956299562http://www.securitytracker.com/id/10391151039115http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttps://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E[announcements] 20170713 Apache Struts 2.5.12 GA with Security Fixes Releasehttps://security.netapp.com/advisory/ntap-20180706-0002/https://security.netapp.com/advisory/ntap-20180706-0002/https://lists.apache.org/thread.html/de3d325f0433cd3b42258b6a302c0d7a72b69eedc1480ed561d3b065@%3Cannouncements.struts.apache.org%3E[announcements] 20170810 [ANN] Apache Struts: S2-049 Security Bulletin updatehttp://struts.apache.org/docs/s2-049.htmlhttp://struts.apache.org/docs/s2-049.htmlcpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2017-9791CRITICAL7.5NETWORKLOWNONEPARTIALPARTIALPARTIALHIGH9.8NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGHCRITICALCWE-20The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.http://www.securityfocus.com/bid/9948499484http://www.securitytracker.com/id/10388381038838https://www.exploit-db.com/exploits/42324/42324http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttps://security.netapp.com/advisory/ntap-20180706-0002/https://security.netapp.com/advisory/ntap-20180706-0002/https://www.exploit-db.com/exploits/44643/44643http://struts.apache.org/docs/s2-048.htmlhttp://struts.apache.org/docs/s2-048.htmlcpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12.0:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2017-9793HIGH5.0NETWORKLOWNONENONENONEPARTIALMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDNONENONEHIGHHIGHCWE-20The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.http://www.securityfocus.com/bid/100611100611http://www.securitytracker.com/id/10392621039262http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htmhttp://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-429.htmhttps://security.netapp.com/advisory/ntap-20180629-0001/https://security.netapp.com/advisory/ntap-20180629-0001/https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts220170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017https://struts.apache.org/docs/s2-051.htmlhttps://struts.apache.org/docs/s2-051.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlcpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2017-9804HIGH5.0NETWORKLOWNONENONENONEPARTIALMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDNONENONEHIGHHIGHCWE-399In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672.http://www.securitytracker.com/id/10392611039261https://security.netapp.com/advisory/ntap-20180629-0001/https://security.netapp.com/advisory/ntap-20180629-0001/https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts220170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.securityfocus.com/bid/100612100612http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txthttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txthttps://struts.apache.org/docs/s2-050.htmlhttps://struts.apache.org/docs/s2-050.htmlcpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2017-9805HIGH6.8NETWORKMEDIUMNONEPARTIALPARTIALPARTIALMEDIUM8.1NETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGHHIGHCWE-502The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.https://cwiki.apache.org/confluence/display/WW/S2-052https://cwiki.apache.org/confluence/display/WW/S2-052https://lgtm.com/blog/apache_struts_CVE-2017-9805https://lgtm.com/blog/apache_struts_CVE-2017-9805https://bugzilla.redhat.com/show_bug.cgi?id=1488482https://bugzilla.redhat.com/show_bug.cgi?id=1488482https://security.netapp.com/advisory/ntap-20170907-0001/https://security.netapp.com/advisory/ntap-20170907-0001/https://www.exploit-db.com/exploits/42627/42627https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifaxhttps://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifaxhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts220170907 Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017https://www.kb.cert.org/vuls/id/112992VU#112992http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.htmlhttps://struts.apache.org/docs/s2-052.htmlhttps://struts.apache.org/docs/s2-052.htmlhttp://www.securityfocus.com/bid/100609100609http://www.securitytracker.com/id/10392631039263cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.11:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*CVE-2018-11776HIGH9.3NETWORKMEDIUMNONECOMPLETECOMPLETECOMPLETEHIGH8.1NETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGHHIGHCWE-20Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.http://www.securitytracker.com/id/10415471041547https://www.exploit-db.com/exploits/45262/45262https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012http://www.securityfocus.com/bid/105125105125http://www.securitytracker.com/id/10418881041888http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.htmlhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.htmlhttps://security.netapp.com/advisory/ntap-20181018-0002/https://security.netapp.com/advisory/ntap-20181018-0002/https://www.exploit-db.com/exploits/45367/45367https://cwiki.apache.org/confluence/display/WW/S2-057https://cwiki.apache.org/confluence/display/WW/S2-057https://github.com/hook-s3c/CVE-2018-11776-Python-PoChttps://github.com/hook-s3c/CVE-2018-11776-Python-PoChttps://security.netapp.com/advisory/ntap-20180822-0001/https://security.netapp.com/advisory/ntap-20180822-0001/http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txthttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txthttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://lgtm.com/blog/apache_struts_CVE-2018-11776https://lgtm.com/blog/apache_struts_CVE-2018-11776https://www.exploit-db.com/exploits/45260/45260cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*CVE-2018-1327HIGH5.0NETWORKLOWNONENONENONEPARTIALMEDIUM7.5NETWORKLOWNONENONEUNCHANGEDNONENONEHIGHHIGHCWE-20The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16.http://www.securitytracker.com/id/10405751040575https://cwiki.apache.org/confluence/display/WW/S2-056https://cwiki.apache.org/confluence/display/WW/S2-056http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttps://security.netapp.com/advisory/ntap-20180330-0001/https://security.netapp.com/advisory/ntap-20180330-0001/http://www.securityfocus.com/bid/103516103516cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*javax.json-1.0.4.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/javax.json-1.0.4.jar569870f975deeeb6691fcb9bc02a95553178f73569fd7a1e5ffc464e680f7a8cc784b85a0e1dec40a1ede965941251eda968aeee052cc4f50378bc316cc48e8159bdbeb4Default provider for JSR 353:Java API for Processing JSONhttps://glassfish.java.net/public/CDDL+GPL_1_1.htmlgroupidglassfishartifactidjavax.jsonbundle-docurlhttp://www.oracle.comparent-groupidorg.glassfishpackage nameapipackage namejsonparent-artifactidjsonpackage namejavaxpackage nameglassfishurlhttp://jsonp.java.netextension-namejavax.jsonbundle-symbolicnameorg.glassfish.javax.jsonnamejavax.jsonnameJSR 353 (JSON Processing) Default Providerurlhttp://jsonp.java.netbundle-docurlhttp://www.oracle.comBundle-NameJSR 353 (JSON Processing) Default Providerpackage nameapipackage namejsonparent-groupidorg.glassfishpackage namejavaxpackage nameglassfishparent-artifactidjsongroupidglassfishextension-namejavax.jsonartifactidjavax.jsonbundle-symbolicnameorg.glassfish.javax.jsonnamejavax.jsonnameJSR 353 (JSON Processing) Default ProviderBundle-Version1.0.4Implementation-Version1.0.4version1.0.4version1.0.4pkg:maven/org.glassfish/javax.json@1.0.4https://ossindex.sonatype.org/component/pkg:maven/org.glassfish/javax.json@1.0.4pkg:maven/org.glassfish/javax.json@1.0.4https://ossindex.sonatype.org/component/pkg:maven/org.glassfish/javax.json@1.0.4hibernate-commons-annotations-4.0.2.Final.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/hibernate-commons-annotations-4.0.2.Final.jar916d4ddfb26db16da75ee8f973fd08ad0094edcc5572efb02e123cc9ef7ad7d0fa5f76cfae6b6708a03a144265ac7bf1def64b18def3b6576a8a52d7a6787d9cf00aa0ecCommon reflection code used in support of annotation processingGNU LESSER GENERAL PUBLIC LICENSE: http://www.gnu.org/licenses/lgpl-2.1.html/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/hibernate-commons-annotations-4.0.2.Final.jarae6b6708a03a144265ac7bf1def64b18def3b6576a8a52d7a6787d9cf00aa0ec0094edcc5572efb02e123cc9ef7ad7d0fa5f76cf916d4ddfb26db16da75ee8f973fd08adimplementation-urlhttp://hibernate.orgImplementation-Vendor-Idhibernate.orgartifactidhibernate-commons-annotationspackage namehibernatepackage namereflectionImplementation-Vendorhibernate.orggroupidhibernate.commonurlhttp://hibernate.orgbundle-symbolicnameorg.hibernate.common.hibernate-commons-annotationsbundle-docurlhttp://hibernate.orgnameHibernate Commons Annotationsorganization nameHibernate.orgpackage nameannotationsoriginally-created-byApache Maven Bundle Pluginnamehibernate-commons-annotationspackage namecommonorganization urlhttp://hibernate.orgimplementation-urlhttp://hibernate.orgpackage namehibernatepackage namereflectionImplementation-TitleHibernate Commons Annotationsorganization urlhttp://hibernate.orgBundle-NameHibernate Commons Annotationsartifactidhibernate-commons-annotationsbundle-symbolicnameorg.hibernate.common.hibernate-commons-annotationsbundle-docurlhttp://hibernate.orgnameHibernate Commons Annotationsorganization nameHibernate.orggroupidhibernate.commonpackage nameannotationsoriginally-created-byApache Maven Bundle Pluginnamehibernate-commons-annotationspackage namecommonurlhttp://hibernate.orgBundle-Version4.0.2.FinalImplementation-Version4.0.2.Finalversion4.0.2.Finalpkg:maven/org.hibernate.common/hibernate-commons-annotations@4.0.2.Finalhttps://ossindex.sonatype.org/component/pkg:maven/org.hibernate.common/hibernate-commons-annotations@4.0.2.Finalpkg:maven/org.hibernate.common/hibernate-commons-annotations@4.0.2.Finalhttps://ossindex.sonatype.org/component/pkg:maven/org.hibernate.common/hibernate-commons-annotations@4.0.2.Finalcommons-jcs-core-2.2.1.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/commons-jcs-core-2.2.1.jarfd41b509c3853faf088e5c340402d6093ffac1956b0d88fff8adefdf1e68d69cfe2961917f98edf1e69b32137a2181722dadd1220f61d184414df17061a0e10e40535a2dApache Commons JCS is a distributed, versatile caching system.https://www.apache.org/licenses/LICENSE-2.0.txtparent-artifactidcommons-jcsnameApache Commons JCS :: Corerequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"groupidapache.commonsbundle-docurlhttp://commons.apache.org/proper/commons-jcs/commons-jcs-core/parent-groupidorg.apache.commonsartifactidcommons-jcs-corepackage nameapacheImplementation-Vendor-Idorg.apachespecification-vendorThe Apache Software Foundationnamecommons-jcs-corebundle-symbolicnameorg.apache.commons.commons-jcs-corepackage namecommonsimplementation-buildtags/commons-jcs-2.2.1-RC4/commons-jcs-core@r1838701; 2018-08-23 08:44:59+0000package namejcsimplementation-urlhttp://commons.apache.org/proper/commons-jcs/commons-jcs-core/Implementation-VendorThe Apache Software FoundationnameApache Commons JCS :: Corerequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"bundle-docurlhttp://commons.apache.org/proper/commons-jcs/commons-jcs-core/package nameapacheBundle-NameApache Commons JCS :: CoreImplementation-TitleApache Commons JCS :: Coreartifactidcommons-jcs-corespecification-titleApache Commons JCS :: Corenamecommons-jcs-corebundle-symbolicnameorg.apache.commons.commons-jcs-corepackage namecommonsgroupidapache.commonsimplementation-buildtags/commons-jcs-2.2.1-RC4/commons-jcs-core@r1838701; 2018-08-23 08:44:59+0000parent-groupidorg.apache.commonspackage namejcsparent-artifactidcommons-jcsimplementation-urlhttp://commons.apache.org/proper/commons-jcs/commons-jcs-core/Bundle-Version2.2.1Implementation-Version2.2.1version2.2.1version2.2.1pkg:maven/org.apache.commons/commons-jcs-core@2.2.1https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-jcs-core@2.2.1pkg:maven/org.apache.commons/commons-jcs-core@2.2.1https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-jcs-core@2.2.1freemarker-2.3.19.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/freemarker-2.3.19.jar03358fb59a2260a0c37f063e2ba58436a251045e5fadd02824d17f1aa8c412accf1aa1c9c26923394f3f1cf0427f515ee3bb6be66d1a7f4261e6d6f0504fdec63ab85da8
FreeMarker is a "template engine"; a generic tool to generate text output based on templates.
BSD-style license: http://freemarker.org/LICENSE.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/freemarker-2.3.19.jarc26923394f3f1cf0427f515ee3bb6be66d1a7f4261e6d6f0504fdec63ab85da8a251045e5fadd02824d17f1aa8c412accf1aa1c903358fb59a2260a0c37f063e2ba58436urlhttp://freemarker.orgnamefreemarkerextension-nameFreeMarkerpackage namefreemarkergroupidorg.freemarkerartifactidfreemarkernameFreeMarkerspecification-vendorVisigoth Software Societypackage namefreemarkergroupidfreemarkerImplementation-VendorVisigoth Software Societynamefreemarkerpackage namefreemarkerextension-nameFreeMarkerImplementation-TitleVSS Java FreeMarkernameFreeMarkerspecification-titleFreeMarkergroupidfreemarkerartifactidfreemarkerurlhttp://freemarker.orgartifactidfreemarkerImplementation-Version2.3.19version2.3.19version2.3.19version2.3.19pkg:maven/org.freemarker/freemarker@2.3.19https://ossindex.sonatype.org/component/pkg:maven/org.freemarker/freemarker@2.3.19pkg:maven/org.freemarker/freemarker@2.3.19https://ossindex.sonatype.org/component/pkg:maven/org.freemarker/freemarker@2.3.19animal-sniffer-annotations-1.17.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/animal-sniffer-annotations-1.17.jar7ca108b790cf6ab5dbf5422cc79f0d89f97ce6decaea32b36101e37979f8b647f00681fb92654f493ecfec52082e76354f0ebf87648dc3d5cec2e3c3cdb947c016747a53package nameanimal_snifferartifactidanimal-sniffer-annotationspackage namecodehauspackage namemojopackage namemojoparent-groupidorg.codehaus.mojogroupidcodehaus.mojonameAnimal Sniffer Annotationsparent-artifactidanimal-sniffer-parentnameanimal-sniffer-annotationspackage namecodehausartifactidanimal-sniffer-annotationspackage nameanimal_snifferparent-artifactidanimal-sniffer-parentpackage nameignorejrerequirementgroupidcodehaus.mojopackage namecodehauspackage namemojopackage namemojoparent-groupidorg.codehaus.mojonameAnimal Sniffer Annotationsnameanimal-sniffer-annotationsversion1.17version1.17pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.17https://ossindex.sonatype.org/component/pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.17pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.17https://ossindex.sonatype.org/component/pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.17bcel-6.2.jar/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/lib/bcel-6.2.jarf0b8a17310c039ee51d265228ed89d1c2c1499b28bf2638cbdb5fa94350d41a46d2bd4e0d6aff83c840646b922b3658d57898bb5314af4a02d70ebf0f7db8bc46203d72eApache Commons Bytecode Engineering LibraryApache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/infrastructure/findsecbugs/archive/lib/bcel-6.2.jard6aff83c840646b922b3658d57898bb5314af4a02d70ebf0f7db8bc46203d72e2c1499b28bf2638cbdb5fa94350d41a46d2bd4e0f0b8a17310c039ee51d265228ed89d1cparent-artifactidcommons-parentpackage namebcelorganization urlhttp://www.apache.org/implementation-urlhttp://commons.apache.org/proper/commons-bcelbundle-docurlhttp://commons.apache.org/proper/commons-bcelImplementation-Vendor-Idorg.apache.bcelrequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"parent-groupidorg.apache.commonspackage nameapacheautomatic-module-nameorg.apache.bcelspecification-vendorThe Apache Software Foundationgroupidapache.bcelartifactidbcelbundle-symbolicnameorg.apache.bcelorganization nameThe Apache Software Foundationurlhttp://commons.apache.org/proper/commons-bcelnameApache Commons BCELnamebcelImplementation-VendorThe Apache Software Foundationparent-artifactidcommons-parentgroupidapache.bcelpackage namebcelimplementation-urlhttp://commons.apache.org/proper/commons-bcelbundle-docurlhttp://commons.apache.org/proper/commons-bcelurlhttp://commons.apache.org/proper/commons-bcelorganization urlhttp://www.apache.org/require-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"Bundle-NameApache Commons BCELpackage nameapachespecification-titleApache Commons BCELImplementation-TitleApache Commons BCELautomatic-module-nameorg.apache.bcelparent-groupidorg.apache.commonsorganization nameThe Apache Software Foundationbundle-symbolicnameorg.apache.bcelartifactidbcelnameApache Commons BCELnamebcelImplementation-Version6.2parent-version6.2version6.2version6.2pkg:maven/org.apache.bcel/bcel@6.2https://ossindex.sonatype.org/component/pkg:maven/org.apache.bcel/bcel@6.2pkg:maven/org.apache.bcel/bcel@6.2https://ossindex.sonatype.org/component/pkg:maven/org.apache.bcel/bcel@6.2annotations-17.0.0.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/annotations-17.0.0.jar7b06437ed47fa7b4a8ec8909f4fb90228ceead41f4e71821919dbdb7a9847608f1a938cb195fb0da046d55bb042e91543484cf1da68b02bb7afbfe031f229e45ac84b3f2A set of annotations used for code inspection support and code documentation.The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txtnameannotationsautomatic-module-nameorg.jetbrains.annotationsgroupidjetbrainspackage nameintellijpackage nameannotationspackage namelangnameJetBrains Java AnnotationsurlJetBrains/java-annotationsartifactidannotationspackage nameannotationsgroupidorg.jetbrainspackage namejetbrainsnameannotationsautomatic-module-nameorg.jetbrains.annotationsnameJetBrains Java Annotationspackage nameannotationsartifactidannotationspackage nameannotationspackage namelanggroupidjetbrainsurlJetBrains/java-annotationspackage namejetbrainsartifactidannotationsversion17.0.0version17.0.0version17.0.0pkg:maven/org.jetbrains/annotations@17.0.0https://ossindex.sonatype.org/component/pkg:maven/org.jetbrains/annotations@17.0.0pkg:maven/org.jetbrains/annotations@17.0.0https://ossindex.sonatype.org/component/pkg:maven/org.jetbrains/annotations@17.0.0contact.js/var/lib/jenkins/workspace/test@2/src/main/webapp/js/contact.js520d4b62598ca9e60024a4e6a0db24fd71f32466e5e5da2c08f97b2ea85e1282c9805a8409a9a9eaf863d4942d45c25ea6c5ff145ab46c380d3ed32286c51a6ad8d84cf4/var/lib/jenkins/workspace/test@2/target/devsecops.war/js/contact.js09a9a9eaf863d4942d45c25ea6c5ff145ab46c380d3ed32286c51a6ad8d84cf471f32466e5e5da2c08f97b2ea85e1282c9805a84520d4b62598ca9e60024a4e6a0db24fd/var/lib/jenkins/workspace/test@2/target/devsecops/js/contact.js09a9a9eaf863d4942d45c25ea6c5ff145ab46c380d3ed32286c51a6ad8d84cf471f32466e5e5da2c08f97b2ea85e1282c9805a84520d4b62598ca9e60024a4e6a0db24fdcommons-lang3-3.1.jar/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/commons-lang3-3.1.jar71b48e6b3e1b1dc73fe705604b9c7584905075e6c80f206bbe6cf1e809d2caa69f420c76131f0519a8e4602e47cf024bfd7e0834bcf5592a7207f9a2fdb711d4f5afc166
Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
http://www.apache.org/licenses/LICENSE-2.0.txt/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/commons-lang3-3.1.jar131f0519a8e4602e47cf024bfd7e0834bcf5592a7207f9a2fdb711d4f5afc166905075e6c80f206bbe6cf1e809d2caa69f420c7671b48e6b3e1b1dc73fe705604b9c7584namecommons-lang3parent-artifactidcommons-parentartifactidcommons-lang3groupidapache.commonsparent-groupidorg.apache.commonspackage nameapacheImplementation-Vendor-Idorg.apachebundle-docurlhttp://commons.apache.org/lang/urlhttp://commons.apache.org/lang/specification-vendorThe Apache Software Foundationpackage namecommonsnameCommons Langpackage namelang3bundle-symbolicnameorg.apache.commons.lang3Implementation-VendorThe Apache Software Foundationimplementation-buildUNKNOWN_BRANCH@r??????; 2011-11-09 22:58:07-0800parent-artifactidcommons-parentnamecommons-lang3urlhttp://commons.apache.org/lang/package nameapachebundle-docurlhttp://commons.apache.org/lang/Bundle-NameCommons Langpackage namecommonsgroupidapache.commonsImplementation-TitleCommons Langparent-groupidorg.apache.commonsnameCommons Langartifactidcommons-lang3package namelang3specification-titleCommons Langbundle-symbolicnameorg.apache.commons.lang3implementation-buildUNKNOWN_BRANCH@r??????; 2011-11-09 22:58:07-0800parent-version3.1version3.1version3.1Implementation-Version3.1pkg:maven/org.apache.commons/commons-lang3@3.1https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-lang3@3.1pkg:maven/org.apache.commons/commons-lang3@3.1https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-lang3@3.1joda-time-2.9.9.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/joda-time-2.9.9.jareca438c8cc2b1de38e28d884b7f15dbcf7b520c458572890807d143670c9b24f4de90897b049a43c1057942e6acfbece008e4949b2e35d1658d0c8e06f4485397e2fa4e7Date and time library to replace JDK date handlingApache 2: http://www.apache.org/licenses/LICENSE-2.0.txtbundle-docurlhttp://www.joda.org/joda-time/urlhttp://www.joda.org/joda-time/specification-vendorJoda.orgartifactidjoda-timeorganization urlhttp://www.joda.orgextension-namejoda-timeorganization nameJoda.orgnamejoda-timepackage nametimeImplementation-Vendor-Idorg.jodaImplementation-VendorJoda.orgnameJoda-Timeimplementation-urlhttp://www.joda.org/joda-time/package namejodagroupidjoda-timebundle-symbolicnamejoda-timespecification-titleJoda-Timebundle-docurlhttp://www.joda.org/joda-time/extension-namejoda-timeorganization nameJoda.orgnamejoda-timeBundle-NameJoda-Timepackage nametimeImplementation-Titleorg.joda.timeartifactidjoda-timeurlhttp://www.joda.org/joda-time/nameJoda-Timeorganization urlhttp://www.joda.orgimplementation-urlhttp://www.joda.org/joda-time/groupidjoda-timepackage namejodabundle-symbolicnamejoda-timeversion2.9.9version2.9.9Bundle-Version2.9.9Implementation-Version2.9.9pkg:maven/joda-time/joda-time@2.9.9https://ossindex.sonatype.org/component/pkg:maven/joda-time/joda-time@2.9.9pkg:maven/joda-time/joda-time@2.9.9https://ossindex.sonatype.org/component/pkg:maven/joda-time/joda-time@2.9.9mailapi-1.6.2.jar/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/mailapi-1.6.2.jarb89a9ff8ac681f01dfd06798a008f0af208b6439dfbe6713c384ebf54ecd62cd4423cc50d37c0f88efa5973ccb4100f4cc49aee3510cd01ab25012d1f085b1b798ae2ebbJavaMail API (no providers)https://javaee.github.io/javamail/LICENSEImplementation-Vendorsunparent-artifactidallgroupidsun.mailbundle-docurlhttp://www.oracle.comnamemailapipackage namemailartifactidmailapipackage nameoracleImplementation-Vendor-Idcom.sunspecification-vendorOraclerequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"package namejavaxextension-namecom.sun.mail.mailapiautomatic-module-namejava.mailspecification-vendorsunnameJavaMail API (no providers)originally-created-byApache Maven Bundle PluginImplementation-VendorOracleprobe-provider-xml-file-namesbundle-symbolicnamejavax.mail.apipackage namesunparent-groupidcom.sun.mailparent-artifactidallbundle-docurlhttp://www.oracle.comnamemailapipackage namemailImplementation-Titlecom.sun.mail.mailapirequire-capabilityosgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"package namejavaxpackage nameversionparent-groupidcom.sun.mailartifactidmailapiextension-namecom.sun.mail.mailapiautomatic-module-namejava.mailspecification-titlecom.sun.mail.mailapinameJavaMail API (no providers)originally-created-byApache Maven Bundle PluginBundle-NameJavaMail API (no providers)probe-provider-xml-file-namesbundle-symbolicnamejavax.mail.apipackage namesungroupidsun.mailversion1.6.2Bundle-Version1.6.2Implementation-Version1.6.2version1.6.2pkg:maven/com.sun.mail/mailapi@1.6.2https://ossindex.sonatype.org/component/pkg:maven/com.sun.mail/mailapi@1.6.2pkg:maven/com.sun.mail/mailapi@1.6.2https://ossindex.sonatype.org/component/pkg:maven/com.sun.mail/mailapi@1.6.2h2-1.4.196.jar: data.zip: table.js/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/h2-1.4.196.jar/org/h2/util/data.zip/org/h2/server/web/res/table.jsa914a66de53dcdeb39684f1ce8ce8527c41ef5fb193ac25622f4e129470339aec24d731a8c5b079b38e94718bb58a71b0e310bad6c1004670a19c1bc0f63b32fdd81134ah2-1.4.196.jar: data.zip: tree.js/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/h2-1.4.196.jar/org/h2/util/data.zip/org/h2/server/web/res/tree.js495277155635a72b0c69f987d938b6e1446cad47e33a62baf330ee5200646b5ccb9c0df914c797bd700570c38e8af1aa50ecea205a385be466ec9431e46dbe586ce7a61cstruts2-core-2.3.8.jar: validation.js/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/struts2-core-2.3.8.jar/template/css_xhtml/validation.js37ed34e2e84c52abfbce27316c5aa5ab18ad7aa804605489e17b8d32b799005e3887e6d5513b90f5c49bd6b2296f4bf3484e621d5bf13895ce33eb18fde229c02f332010/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/struts2-core-2.3.8.jar/template/css_xhtml/validation.js513b90f5c49bd6b2296f4bf3484e621d5bf13895ce33eb18fde229c02f33201018ad7aa804605489e17b8d32b799005e3887e6d537ed34e2e84c52abfbce27316c5aa5abstruts2-core-2.3.8.jar: validation.js/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/struts2-core-2.3.8.jar/template/xhtml/validation.js5cd9d63907b5b68b3f87c16e30215f96d1894e98d8f67796dcf1c43940204d044a2e8a53db3db93404b56482cf98eb6b379f57b154c832ba3f73b1a261e4830951c6d2b3/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/struts2-core-2.3.8.jar/template/xhtml/validation.jsdb3db93404b56482cf98eb6b379f57b154c832ba3f73b1a261e4830951c6d2b3d1894e98d8f67796dcf1c43940204d044a2e8a535cd9d63907b5b68b3f87c16e30215f96struts2-core-2.3.8.jar: webconsole.js/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/struts2-core-2.3.8.jar/org/apache/struts2/interceptor/debugging/webconsole.jsd917c7e3dcaadafd7a985de498c4d7ecc6bf9311b8f57ee82d23916e3393f78d608a43c2b85caebe4fe7f089e0abb0cedfdaeacfce178ba70e13811e09f73e36bd4897ed/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/struts2-core-2.3.8.jar/org/apache/struts2/interceptor/debugging/webconsole.jsb85caebe4fe7f089e0abb0cedfdaeacfce178ba70e13811e09f73e36bd4897edc6bf9311b8f57ee82d23916e3393f78d608a43c2d917c7e3dcaadafd7a985de498c4d7ecstruts2-core-2.3.8.jar: utils.js/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/struts2-core-2.3.8.jar/org/apache/struts2/static/utils.js3c198bb745496d1069014c2f354a76dcc4a636bba8a83b9b3545e631afb8214a28f3d5f98a2ddd072cdc7e97d57427ba55b4aba71d7a01925dac2020d2618a2dcedad99c/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/struts2-core-2.3.8.jar/org/apache/struts2/static/utils.js8a2ddd072cdc7e97d57427ba55b4aba71d7a01925dac2020d2618a2dcedad99cc4a636bba8a83b9b3545e631afb8214a28f3d5f93c198bb745496d1069014c2f354a76dcstruts2-core-2.3.8.jar: domTT.js/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/struts2-core-2.3.8.jar/org/apache/struts2/static/domTT.js44ed51154c7fa928005f39bbbed7d01a5584aa1028220f041ff7d89c48e9e8ffeaa0525660c72fad5a9688fc6a143176d84814b9ea2c4c9c882b4799921b950c415b961e/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/struts2-core-2.3.8.jar/org/apache/struts2/static/domTT.js60c72fad5a9688fc6a143176d84814b9ea2c4c9c882b4799921b950c415b961e5584aa1028220f041ff7d89c48e9e8ffeaa0525644ed51154c7fa928005f39bbbed7d01astruts2-core-2.3.8.jar: optiontransferselect.js/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/struts2-core-2.3.8.jar/org/apache/struts2/static/optiontransferselect.jsde5f040192eb49fadbfd0f46ab7573df1c57bcc13707d9d04e244a7caf3b1cc32d4e6998c437d3f691f467d25225e4d710b3a7508b8bd4e194607baf8301da306450b02b/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/struts2-core-2.3.8.jar/org/apache/struts2/static/optiontransferselect.jsc437d3f691f467d25225e4d710b3a7508b8bd4e194607baf8301da306450b02b1c57bcc13707d9d04e244a7caf3b1cc32d4e6998de5f040192eb49fadbfd0f46ab7573dfstruts2-core-2.3.8.jar: inputtransferselect.js/var/lib/jenkins/workspace/test@2/target/devsecops/WEB-INF/lib/struts2-core-2.3.8.jar/org/apache/struts2/static/inputtransferselect.jscb108ba1100f77a6ef02e9e051333508c6dfa1f3664578a6f65c620ce172bc731d1224e453f55339da9ef84edba21df53bd55a975e955e742b24440efc0583447682b0b8/var/lib/jenkins/workspace/test@2/target/devsecops.war/WEB-INF/lib/struts2-core-2.3.8.jar/org/apache/struts2/static/inputtransferselect.js53f55339da9ef84edba21df53bd55a975e955e742b24440efc0583447682b0b8c6dfa1f3664578a6f65c620ce172bc731d1224e4cb108ba1100f77a6ef02e9e051333508dependency-check-core-5.2.1.jar: jquery-3.4.1.min.js/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/dependency-check-core-5.2.1.jar/templates/scripts/jquery-3.4.1.min.js220afd743d9e9643852e31a135a9f3ae88523924351bac0b5d560fe0c5781e2556e7693d0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089adependency-check-core-5.2.1.jar: GrokAssembly.zip: System.Reflection.Metadata.dll/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/dependency-check-core-5.2.1.jar/GrokAssembly.zip/System.Reflection.Metadata.dll5e6125aa4a7c0ca54f73a9e6833ef404303d712269ebbaac476f8b6db4472bd2464bd3ce2e180767f1415cb5bbed14450e1d4003cf56a9da6aeaf91ce969a4b9d2a54314nameSystem.Reflection.MetadatanameSystem.Reflection.Metadatadependency-check-core-5.2.1.jar: GrokAssembly.zip: GrokAssembly.dll/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/dependency-check-core-5.2.1.jar/GrokAssembly.zip/GrokAssembly.dll3436d483f09388fe16d1c559dd33157431acefe2e2ae79bdea3622385c6af63ae2de18ed662b0c74b1a87c2ac5861f238a47f08a7c1d2e6ab79ea104baec8680110aba1dnameGrokAssemblynameGrokAssemblydependency-check-core-5.2.1.jar: GrokAssembly.zip: System.Collections.Immutable.dll/var/lib/jenkins/workspace/test@2/infrastructure/dependency-check/lib/dependency-check-core-5.2.1.jar/GrokAssembly.zip/System.Collections.Immutable.dlld8203aedaabeac1e606cd0e2af397d01eef943e4369166a039dee90f2d81504613d49ca02f05a2c489c2d30a6cca346d4ce184323d70eb4f5afa6bed34d5800274444e57nameSystem.Collections.ImmutablenameSystem.Collections.Immutable