Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: Struts 2

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE GAV Highest Severity CVE Count CPE Confidence Evidence Count
jcommander-1.48.jar com.beust:jcommander:1.48    0 23
bsh-2.0b4.jar cpe:/a:beanshell_project:beanshell:2.0.b4 org.beanshell:bsh:2.0b4  Medium 1 Low 25
testng-6.9.10.jar org.testng:testng:6.9.10    0 28
commons-logging-1.1.3.jar commons-logging:commons-logging:1.1.3    0 36
spring-core-4.1.9.RELEASE.jar cpe:/a:springsource:spring_framework:4.1.9
cpe:/a:vmware:springsource_spring_framework:4.1.9
cpe:/a:pivotal:spring_framework:4.1.9
cpe:/a:pivotal_software:spring_framework:4.1.9
org.springframework:spring-core:4.1.9.RELEASE  Medium 1 Highest 27
freemarker-2.3.26-incubating.jar org.freemarker:freemarker:2.3.26-incubating    0 44
javassist-3.20.0-GA.jar org.javassist:javassist:3.20.0-GA    0 27
ognl-3.1.15.jar cpe:/a:ognl_project:ognl:3.1.15 ognl:ognl:3.1.15    0 Low 22
commons-fileupload-1.3.3.jar cpe:/a:apache:commons_fileupload:1.3.3 commons-fileupload:commons-fileupload:1.3.3    0 Low 40
commons-io-2.5.jar commons-io:commons-io:2.5    0 40
commons-lang3-3.6.jar org.apache.commons:commons-lang3:3.6    0 41
struts2-core-2.5.14.1.jar cpe:/a:apache:struts:2.5.14.1 org.apache.struts:struts2-core:2.5.14.1    0 Low 33
jcl-over-slf4j-1.7.6.jar org.slf4j:jcl-over-slf4j:1.7.6    0 31
tiles-core-3.0.7.jar cpe:/a:apache:tiles:3.0.7 org.apache.tiles:tiles-core:3.0.7    0 Low 33
tiles-request-api-1.0.6.jar cpe:/a:apache:tiles:1.0.6 org.apache.tiles:tiles-request-api:1.0.6    0 Low 33
struts2-tiles-plugin-2.5.14.1.jar cpe:/a:apache:struts:2.5.14.1
cpe:/a:apache:tiles:2.5.14.1
org.apache.struts:struts2-tiles-plugin:2.5.14.1    0 Low 33
asm-5.2.jar org.ow2.asm:asm:5.2    0 28
asm-tree-5.2.jar org.ow2.asm:asm-tree:5.2    0 28
asm-commons-5.2.jar org.ow2.asm:asm-commons:5.2    0 28
aopalliance-1.0.jar aopalliance:aopalliance:1.0    0 20
validation-api-1.1.0.Final.jar javax.validation:validation-api:1.1.0.Final    0 22
commons-beanutils-1.9.2.jar cpe:/a:apache:commons_beanutils:1.9.2 commons-beanutils:commons-beanutils:1.9.2    0 Low 36
log4j-core-2.9.1.jar cpe:/a:apache:log4j:2.9.1 org.apache.logging.log4j:log4j-core:2.9.1    0 Low 39
commons-collections-3.2.2.jar cpe:/a:apache:commons_collections:3.2.2 commons-collections:commons-collections:3.2.2    0 Low 40
commons-lang-2.4.jar commons-lang:commons-lang:2.4    0 34
velocity-1.7.jar org.apache.velocity:velocity:1.7    0 33
commons-digester-2.1.jar commons-digester:commons-digester:2.1    0 34
commons-chain-1.1.jar commons-chain:commons-chain:1.1    0 29
commons-validator-1.5.1.jar commons-validator:commons-validator:1.5.1    0 40
dom4j-1.1.jar dom4j:dom4j:1.1    0 17
oro-2.0.8.jar oro:oro:2.0.8    0 14
sslext-1.2-0.jar sslext:sslext:1.2-0    0 20
antlr-2.7.2.jar antlr:antlrall:2.7.2    0 13
struts-core-1.3.8.jar cpe:/a:apache:struts:1.3.8 org.apache.struts:struts-core:1.3.8  High 4 Highest 26
struts-tiles-1.3.8.jar cpe:/a:apache:tiles:1.3.8
cpe:/a:apache:struts:1.3.8
org.apache.struts:struts-tiles:1.3.8  High 4 Highest 26
velocity-tools-2.0.jar org.apache.velocity:velocity-tools:2.0    0 30
sitemesh-2.4.2.jar opensymphony:sitemesh:2.4.2    0 26
dwr-1.1.1.jar cpe:/a:getahead:direct_web_remoting:1.1.1 uk.ltd.getahead:dwr:1.1.1  High 3 Highest 22
jboss-logging-3.1.3.GA.jar org.jboss.logging:jboss-logging:3.1.3.GA    0 44
classmate-1.0.0.jar com.fasterxml:classmate:1.0.0    0 29
hibernate-validator-5.1.3.Final.jar cpe:/a:hibernate:hibernate_validator:5.1.3 org.hibernate:hibernate-validator:5.1.3.Final    0 Low 32
org.mortbay.jetty-5.1.4.jar cpe:/a:jetty:jetty_http_server:5.1.4
cpe:/a:jetty:jetty:5.1.4
cpe:/a:mortbay_jetty:jetty:5.1.4
jetty:org.mortbay.jetty:5.1.4  Medium 1 Low 22
jdtcore-3.1.0.jar eclipse:jdtcore:3.1.0    0 18
ant-1.6.5.jar ant:ant:1.6.5    0 18
jasper-compiler-5.5.12.jar cpe:/a:jasper_project:jasper:5.5.12 tomcat:jasper-compiler:5.5.12    0 Low 16
jasper-runtime-5.5.12.jar cpe:/a:jasper_project:jasper:5.5.12 tomcat:jasper-runtime:5.5.12    0 Low 16
jasper-compiler-jdt-5.5.12.jar cpe:/a:jasper_project:jasper:5.5.12 tomcat:jasper-compiler-jdt:5.5.12    0 Low 17
commons-el-1.0.jar tomcat:commons-el:5.5.23    0 27
slf4j-api-1.7.12.jar org.slf4j:slf4j-api:1.7.12    0 31
tiles-autotag-core-runtime-1.2.jar cpe:/a:apache:tiles:1.2 org.apache.tiles:tiles-autotag-core-runtime:1.2    0 Low 33
javax.el-3.0.0.jar org.glassfish:javax.el:3.0.0    0 36
org.apache.felix.framework-4.0.3.jar org.apache.felix:org.apache.felix.framework:4.0.3    0 26
org.apache.felix.main-4.0.3.jar org.apache.felix:org.apache.felix.main:4.0.3    0 21
org.osgi.core-4.1.0.jar org.papoose.osgi:OSGi_R4_v4.1_core_spec:4.1.0.build-200702212030    0 27
org.osgi.compendium-4.0.0.jar org.osgi:org.osgi.compendium:4.0.0    0 18
org.apache.felix.shell-1.4.3.jar org.apache.felix:org.apache.felix.shell:1.4.3    0 28
org.apache.felix.shell.tui-1.4.1.jar org.apache.felix:org.apache.felix.shell.tui:1.4.1    0 28
hamcrest-core-1.3.jar org.hamcrest:hamcrest-core:1.3    0 25
junit-4.12.jar junit:junit:4.12    0 25
plexus-utils-1.2.jar org.codehaus.plexus:plexus-utils:1.2    0 24
classworlds-1.1.jar classworlds:classworlds:1.1    0 26
plexus-container-default-1.0-alpha-10.jar org.codehaus.plexus:plexus-container-default:1.0-alpha-10    0 25
xmlpull-1.1.3.1.jar xmlpull:xmlpull:1.1.3.1    0 18
xpp3_min-1.1.4c.jar xpp3:xpp3_min:1.1.4c    0 24
xstream-1.4.10.jar cpe:/a:xstream_project:xstream:1.4.10
cpe:/a:x-stream:xstream:1.4.10
com.thoughtworks.xstream:xstream:1.4.10    0 Low 53
jackson-core-2.9.2.jar cpe:/a:fasterxml:jackson:2.9.2 com.fasterxml.jackson.core:jackson-core:2.9.2    0 Low 41
jackson-annotations-2.9.0.jar cpe:/a:fasterxml:jackson:2.9.0 com.fasterxml.jackson.core:jackson-annotations:2.9.0    0 Low 39
jcommander-1.12.jar com.beust:jcommander:1.12    0 23
snakeyaml-1.6.jar org.yaml:snakeyaml:1.6    0 21
testng-5.14.10.jar org.testng:testng:5.14.10    0 23
oval-1.31.jar net.sf.oval:oval:1.31    0 38
juli-6.0.18.jar cpe:/a:apache:tomcat:6.0.18
cpe:/a:apache_software_foundation:tomcat:6.0.18
cpe:/a:apache_tomcat:apache_tomcat:6.0.18
org.apache.tomcat:juli:6.0.18  High 59 Highest 17
google-gxp-0.2.4-beta.jar com.google.gxp:google-gxp:0.2.4-beta    0 25
google-collections-1.0.jar com.google.collections:google-collections:1.0    0 31
commons-lang-2.5.jar commons-lang:commons-lang:2.5    0 34
ezmorph-1.0.6.jar net.sf.ezmorph:ezmorph:1.0.6    0 22
json-lib-2.4-jdk15.jar com.hynnet:json-lib:2.4    0 15
aspectjweaver-1.8.7.jar org.aspectj:aspectjweaver:1.8.7    0 25
cglib-nodep-2.1_3.jar cglib:cglib-nodep:2.1_3    0 20
struts-annotations-1.0.6.jar org.apache.struts:struts-annotations:1.0.6    0 28
slf4j-simple-1.7.12.jar org.slf4j:slf4j-simple:1.7.12    0 31
commons-jci-fam-1.1.jar org.apache.commons:commons-jci-fam:1.1    0 35
jdtcore-3.1.0.jar: jdtCompilerAdapter.jar   0 7

Dependencies

jcommander-1.48.jar

Description: A Java framework to parse command line options with annotations.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/beust/jcommander/1.48/jcommander-1.48.jar
MD5: 7a84fb4b01f46c904bd549e67e6c48a1
SHA1: bfcb96281ea3b59d626704f74bc6d625ff51cbce
Referenced In Project/Scope: Struts 2 TestNG Plugin:compile

Identifiers

bsh-2.0b4.jar

Description: BeanShell

File Path: /home/jenkins/.m2/repository/org/beanshell/bsh/2.0b4/bsh-2.0b4.jar
MD5: a1c60aa83c9c9a6cb2391c1c1b85eb00
SHA1: a05f0a0feefa8d8467ac80e16e7de071489f0d9c
Referenced In Projects/Scopes:

  • Struts 2 TestNG Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 Assembly:compile

Identifiers

  • maven: org.beanshell:bsh:2.0b4    Confidence:Highest
  • cpe: cpe:/a:beanshell_project:beanshell:2.0.b4   Confidence:Low   

CVE-2016-2510  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-19 Data Handling

BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.

Vulnerable Software & Versions:

testng-6.9.10.jar

Description: Testing framework for Java

License:

Apache  Version 2.0, January 2004
File Path: /home/jenkins/.m2/repository/org/testng/testng/6.9.10/testng-6.9.10.jar
MD5: 83e26cb672a81f5bbda139436ef4d8d0
SHA1: 6feb3e964aeb7097aff30c372aac3ec0f8d87ede
Referenced In Project/Scope: Struts 2 TestNG Plugin:compile

Identifiers

commons-logging-1.1.3.jar

Description: Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar
MD5: 92eb5aabc1b47287de53d45c086a435c
SHA1: f6f66e966c70a83ffbdb6f17a0919eaf7c8aca7f
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • DEPRECATED: Struts 2 Sitegraph Plugin:compile
  • Struts 2 JUnit Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 REST Plugin:compile

Identifiers

spring-core-4.1.9.RELEASE.jar

Description: Spring Core

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/springframework/spring-core/4.1.9.RELEASE/spring-core-4.1.9.RELEASE.jar
MD5: 2b1b2a3af329e583f041bf6e8a8a9feb
SHA1: 85a6d6031c4193d873144496e865b649a874cc47
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 Assembly:compile
  • Struts 2 REST Plugin:compile

Identifiers

CVE-2016-5007  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.

Vulnerable Software & Versions: (show all)

freemarker-2.3.26-incubating.jar

Description:  FreeMarker is a "template engine"; a generic tool to generate text output based on templates.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/freemarker/freemarker/2.3.26-incubating/freemarker-2.3.26-incubating.jar
MD5: cbb030d58da59a3c597b65cec837c37e
SHA1: 713237e013f725b72f4f9ec931a49c14b1805359
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Plexus Plugin:compile
  • Struts Plugins:compile
  • Struts OSGi Bundles:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OSGi Plugin:compile
  • DEPRECATED: Struts 2 Sitegraph Plugin:compile
  • Struts 2 JSON Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 Webapps:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 REST Plugin:compile

Identifiers

javassist-3.20.0-GA.jar

Description:  Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/
File Path: /home/jenkins/.m2/repository/org/javassist/javassist/3.20.0-GA/javassist-3.20.0-GA.jar
MD5: a89dd7907d76e061ec2c07e762a74256
SHA1: a9cbcdfb7e9f86fbc74d3afae65f2248bfbf82a0
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Plexus Plugin:compile
  • Struts Plugins:compile
  • Struts OSGi Bundles:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OSGi Plugin:compile
  • DEPRECATED: Struts 2 Sitegraph Plugin:compile
  • Struts 2 JSON Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 Webapps:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 REST Plugin:compile

Identifiers

ognl-3.1.15.jar

Description: OGNL - Object Graph Navigation Library

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/ognl/ognl/3.1.15/ognl-3.1.15.jar
MD5: 47a2f86e8dcd313d606cc5581e202fe6
SHA1: 8ea2a66fafbf9d6f0353c6fac562a1ddb1bedf13
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Plexus Plugin:compile
  • Struts Plugins:compile
  • Struts OSGi Bundles:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OSGi Plugin:compile
  • DEPRECATED: Struts 2 Sitegraph Plugin:compile
  • Struts 2 JSON Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 Webapps:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 REST Plugin:compile

Identifiers

  • maven: ognl:ognl:3.1.15    Confidence:Highest
  • cpe: cpe:/a:ognl_project:ognl:3.1.15   Confidence:Low   

commons-fileupload-1.3.3.jar

Description:  The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-fileupload/commons-fileupload/1.3.3/commons-fileupload-1.3.3.jar
MD5: dd77e787b7b5dc56f6a1cb658716d55d
SHA1: 04ff14d809195b711fd6bcc87e6777f886730ca1
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Plexus Plugin:compile
  • Struts Plugins:compile
  • Struts OSGi Bundles:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OSGi Plugin:compile
  • DEPRECATED: Struts 2 Sitegraph Plugin:compile
  • Struts 2 JSON Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 Webapps:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 REST Plugin:compile

Identifiers

commons-io-2.5.jar

Description:  The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-io/commons-io/2.5/commons-io-2.5.jar
MD5: e2d74794fba570ec2115fb9d5b05dc9b
SHA1: 2852e6e05fbb95076fc091f6d1780f1f8fe35e0f
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Plexus Plugin:compile
  • Struts Plugins:compile
  • Struts OSGi Bundles:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OSGi Plugin:compile
  • DEPRECATED: Struts 2 Sitegraph Plugin:compile
  • Struts 2 JSON Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 Webapps:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 REST Plugin:compile

Identifiers

commons-lang3-3.6.jar

Description:  Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/commons/commons-lang3/3.6/commons-lang3-3.6.jar
MD5: 5d18f68b5122fd398c118df53ab4cf55
SHA1: 9d28a6b23650e8a7e9063c04588ace6cf7012c17
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Plexus Plugin:compile
  • Struts Plugins:compile
  • Struts OSGi Bundles:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OSGi Plugin:compile
  • DEPRECATED: Struts 2 Sitegraph Plugin:compile
  • Struts 2 JSON Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 Webapps:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 REST Plugin:compile

Identifiers

struts2-core-2.5.14.1.jar

Description: Apache Struts 2

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/struts/struts2-core/2.5.14.1/struts2-core-2.5.14.1.jar
MD5: 4f5b5fda13e20991d13a18c75010d49b
SHA1: ef575752783dc8f22fade1a3b13330274e7d7f23
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Plexus Plugin:compile
  • Struts Plugins:compile
  • Struts OSGi Bundles:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OSGi Plugin:compile
  • DEPRECATED: Struts 2 Sitegraph Plugin:compile
  • Struts 2 JSON Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 Webapps:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 REST Plugin:compile

Identifiers

jcl-over-slf4j-1.7.6.jar

Description: JCL 1.1.1 implemented over SLF4J

File Path: /home/jenkins/.m2/repository/org/slf4j/jcl-over-slf4j/1.7.6/jcl-over-slf4j-1.7.6.jar
MD5: 0cebfe147c0ff0b38930db24e576bdd4
SHA1: ab1648fe1dd6f1e5c2ec6d12f394672bb8c1036a
Referenced In Projects/Scopes:

  • Struts 2 Tiles Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile

Identifiers

tiles-core-3.0.7.jar

Description: Tiles Core Library, including basic implementation of the APIs.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/tiles/tiles-core/3.0.7/tiles-core-3.0.7.jar
MD5: 3686bed73b8abc2716b73bb8f86c1963
SHA1: 7dea454df03ef7f736f373252a3b535c5e31f3d9
Referenced In Projects/Scopes:
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile

Identifiers

tiles-request-api-1.0.6.jar

Description: API for the Tiles Request framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/tiles/tiles-request-api/1.0.6/tiles-request-api-1.0.6.jar
MD5: da4b3b42121a597f65406d5dd3530813
SHA1: 159cd498ce20e904516e0cad7f0c2fd9f729e746
Referenced In Projects/Scopes:
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile

Identifiers

struts2-tiles-plugin-2.5.14.1.jar

Description: Apache Struts 2

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/struts/struts2-tiles-plugin/2.5.14.1/struts2-tiles-plugin-2.5.14.1.jar
MD5: 5d91372aebd6be4bf85ce5d9ed68d336
SHA1: dffa1d8542848a3344cb54cc0112016072129dbd
Referenced In Projects/Scopes:
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile

Identifiers

asm-5.2.jar

File Path: /home/jenkins/.m2/repository/org/ow2/asm/asm/5.2/asm-5.2.jar
MD5: 8bb8efe7c0f8488c4a2d6297066632aa
SHA1: 4ce3ecdc7115bcbf9d4ff4e6ec638e60760819df
Referenced In Projects/Scopes:

  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 Assembly:compile

Identifiers

asm-tree-5.2.jar

File Path: /home/jenkins/.m2/repository/org/ow2/asm/asm-tree/5.2/asm-tree-5.2.jar
MD5: f7e33a05a3e40f26bcf20803a74a07d1
SHA1: 733a8d67f6f4174d12142b7bbcfc496a6d99882e
Referenced In Projects/Scopes:

  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 Assembly:compile

Identifiers

asm-commons-5.2.jar

File Path: /home/jenkins/.m2/repository/org/ow2/asm/asm-commons/5.2/asm-commons-5.2.jar
MD5: 17b64c0aeb59138dffe213c319bfc394
SHA1: 2f916f2c20f1d04404276cb1c2e6d5d6793dca3f
Referenced In Projects/Scopes:

  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 Assembly:compile

Identifiers

aopalliance-1.0.jar

Description: AOP Alliance

License:

Public Domain
File Path: /home/jenkins/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 Assembly:compile

Identifiers

validation-api-1.1.0.Final.jar

Description:  Bean Validation API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/javax/validation/validation-api/1.1.0.Final/validation-api-1.1.0.Final.jar
MD5: 4c257f52462860b62ab3cdab45f53082
SHA1: 8613ae82954779d518631e05daa73a6a954817d5
Referenced In Projects/Scopes:
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 Assembly:compile

Identifiers

commons-beanutils-1.9.2.jar

Description: Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar
MD5: 9f298a2d65e68184f9ebaa938bc12106
SHA1: 7a87d845ad3a155297e8f67d9008f4c1e5656b71
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 REST Plugin:compile

Identifiers

log4j-core-2.9.1.jar

Description: The Apache Log4j Implementation

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/logging/log4j/log4j-core/2.9.1/log4j-core-2.9.1.jar
MD5: 942f429eacb8015e18d8f59996cfbee6
SHA1: c041978c686866ee8534f538c6220238db3bb6be
Referenced In Projects/Scopes:
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Rest Showcase Webapp:compile

Identifiers

commons-collections-3.2.2.jar

Description: Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 REST Plugin:compile

Identifiers

commons-lang-2.4.jar

Description:  Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-lang/commons-lang/2.4/commons-lang-2.4.jar
MD5: 237a8e845441bad2e535c57d985c8204
SHA1: 16313e02a793435009f1e458fa4af5d879f6fb11
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Core:compile
  • Struts 2 Assembly:compile

Identifiers

velocity-1.7.jar

Description: Apache Velocity is a general purpose template engine.

File Path: /home/jenkins/.m2/repository/org/apache/velocity/velocity/1.7/velocity-1.7.jar
MD5: 3692dd72f8367cb35fb6280dc2916725
SHA1: 2ceb567b8f3f21118ecdec129fe1271dbc09aa7a
Referenced In Projects/Scopes:

  • Struts 2 OSGi Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Core:compile
  • Struts 2 Assembly:compile

Identifiers

commons-digester-2.1.jar

Description:  The Digester package lets you configure an XML to Java object mapping module which triggers certain actions called rules whenever a particular pattern of nested XML elements is recognized.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-digester/commons-digester/2.1/commons-digester-2.1.jar
MD5: 528445033f22da28f5047b6abcd1c7c9
SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Core:compile
  • Struts 2 Assembly:compile

Identifiers

commons-chain-1.1.jar

Description: An implmentation of the GoF Chain of Responsibility pattern

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: /home/jenkins/.m2/repository/commons-chain/commons-chain/1.1/commons-chain-1.1.jar
MD5: d4ce482153073855e7c6453dc3c725cb
SHA1: 3038bd41dcdb2b63b8c6dcc8c15f0fdf3f389012
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Core:compile

Identifiers

commons-validator-1.5.1.jar

Description:  Apache Commons Validator provides the building blocks for both client side validation and server side data validation. It may be used standalone or with a framework like Struts.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-validator/commons-validator/1.5.1/commons-validator-1.5.1.jar
MD5: 67fad26aa0c1e884a6aa4249a6126a88
SHA1: 86d05a46e8f064b300657f751b5a98c62807e2a0
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile

Identifiers

dom4j-1.1.jar

File Path: /home/jenkins/.m2/repository/dom4j/dom4j/1.1/dom4j-1.1.jar
MD5: f1c39d0d2b2c6f5ffb0046841a34b5c9
SHA1: 0690b3108a502c8f033ea87e7278aec309ffa668
Referenced In Projects/Scopes:

  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Core:compile

Identifiers

oro-2.0.8.jar

File Path: /home/jenkins/.m2/repository/oro/oro/2.0.8/oro-2.0.8.jar
MD5: 42e940d5d2d822f4dc04c65053e630ab
SHA1: 5592374f834645c4ae250f4c9fbb314c9369d698
Referenced In Projects/Scopes:

  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Core:compile

Identifiers

sslext-1.2-0.jar

License:

Apache Software License, Version 1.1: http://www.apache.org/licenses/LICENSE-1.1
File Path: /home/jenkins/.m2/repository/sslext/sslext/1.2-0/sslext-1.2-0.jar
MD5: fda7f2a2f7ac9b017a5de1a4742753fd
SHA1: c86a7db4ac0bc450e675f3d44b3d64cdc934361b
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Core:compile

Identifiers

antlr-2.7.2.jar

File Path: /home/jenkins/.m2/repository/antlr/antlr/2.7.2/antlr-2.7.2.jar
MD5: a73459120df5cadf75eaa98453433a01
SHA1: 546b5220622c4d9b2da45ad1899224b6ce1c8830
Referenced In Projects/Scopes:

  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Core:compile

Identifiers

struts-core-1.3.8.jar

File Path: /home/jenkins/.m2/repository/org/apache/struts/struts-core/1.3.8/struts-core-1.3.8.jar
MD5: 868de456b4d4331d6dcc4e8d3bee884e
SHA1: 66178d4a9279ebb1cd1eb79c10dc204b4199f061
Referenced In Projects/Scopes:

  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Core:compile

Identifiers

CVE-2014-0114  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Vulnerable Software & Versions: (show all)

CVE-2015-0899  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-20 Improper Input Validation

The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.

Vulnerable Software & Versions: (show all)

CVE-2016-1181  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.

Vulnerable Software & Versions: (show all)

CVE-2016-1182  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-20 Improper Input Validation

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.

Vulnerable Software & Versions: (show all)

struts-tiles-1.3.8.jar

File Path: /home/jenkins/.m2/repository/org/apache/struts/struts-tiles/1.3.8/struts-tiles-1.3.8.jar
MD5: f41992ab2729b1cb9c6b4721465aa4e4
SHA1: 6d212f8ea5d908bc9906e669428b7694dff60785
Referenced In Projects/Scopes:

  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Core:compile

Identifiers

CVE-2014-0114  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Vulnerable Software & Versions: (show all)

CVE-2015-0899  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-20 Improper Input Validation

The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.

Vulnerable Software & Versions: (show all)

CVE-2016-1181  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.

Vulnerable Software & Versions: (show all)

CVE-2016-1182  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-20 Improper Input Validation

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.

Vulnerable Software & Versions: (show all)

velocity-tools-2.0.jar

Description:  VelocityTools is an integrated collection of Velocity subprojects with the common goal of creating tools and infrastructure to speed and ease development of both web and non-web applications using the Velocity template engine.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/velocity/velocity-tools/2.0/velocity-tools-2.0.jar
MD5: 51ed2c6c0103cf3fdbeb9aa5170f5288
SHA1: 69936384de86857018b023a8c56ae0635c56b6a0
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Core:compile

Identifiers

sitemesh-2.4.2.jar

Description: SiteMesh is a web-page layout and decoration framework and web- application integration framework to aid in creating large sites consisting of many pages for which a consistent look/feel, navigation and layout scheme is required.

License:

The Apache Software License, Version 1.1: http://www.opensymphony.com/sitemesh/license.action
File Path: /home/jenkins/.m2/repository/opensymphony/sitemesh/2.4.2/sitemesh-2.4.2.jar
MD5: b9cd6bb5c6e34555ae430d9c2f2441ba
SHA1: 4cb3b08c96553b0f4595a80917838ca302f67f3f
Referenced In Projects/Scopes:
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile

Identifiers

dwr-1.1.1.jar

Description: DWR is easy Ajax for Java.

File Path: /home/jenkins/.m2/repository/uk/ltd/getahead/dwr/1.1.1/dwr-1.1.1.jar
MD5: acf4c23760ecb7377ee5047cd89afc90
SHA1: 52fa2a12084cef04a5ce4e99d6dd63ba3fbf1071
Referenced In Projects/Scopes:

  • Struts 2 Showcase Webapp:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 Assembly:compile

Identifiers

CVE-2006-6916  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to cause a denial of service (infinite loop) via unknown vectors related to "crafted input."

Vulnerable Software & Versions:

CVE-2007-0184  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.

Vulnerable Software & Versions: (show all)

CVE-2007-0185  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to cause a denial of service (memory exhaustion and servlet outage) via unknown vectors related to a large number of calls in a batch.

Vulnerable Software & Versions: (show all)

jboss-logging-3.1.3.GA.jar

Description: The JBoss Logging Framework

License:

Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/jboss/logging/jboss-logging/3.1.3.GA/jboss-logging-3.1.3.GA.jar
MD5: 1cb9780e7b361dd456429019b5455b6e
SHA1: 64499e907f19e5e1b3fdc02f81440c1832fe3545
Referenced In Project/Scope: Struts 2 Showcase Webapp:compile

Identifiers

classmate-1.0.0.jar

Description: Library for introspecting types with full generic information including resolving of field and method types.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/fasterxml/classmate/1.0.0/classmate-1.0.0.jar
MD5: 302e84ce2112b147818c62a807c54999
SHA1: 434efef28c81162b17c540e634cffa3bd9b09b4c
Referenced In Project/Scope: Struts 2 Showcase Webapp:compile

Identifiers

hibernate-validator-5.1.3.Final.jar

Description: Hibernate's Bean Validation (JSR-303) reference implementation.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/hibernate/hibernate-validator/5.1.3.Final/hibernate-validator-5.1.3.Final.jar
MD5: 3a399752f68a1b6c04c9487cb8c80cf8
SHA1: 334d46a93cf095160ce06d8382594b904933c808
Referenced In Project/Scope: Struts 2 Showcase Webapp:compile

Identifiers

org.mortbay.jetty-5.1.4.jar

File Path: /home/jenkins/.m2/repository/jetty/org.mortbay.jetty/5.1.4/org.mortbay.jetty-5.1.4.jar
MD5: cc2c559c3dfd419312b89dc938d50532
SHA1: 9f8b9485ef1ac5a3e7549f21287510280f460371
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

  • maven: jetty:org.mortbay.jetty:5.1.4    Confidence:Highest
  • cpe: cpe:/a:jetty:jetty_http_server:5.1.4   Confidence:Low   
  • cpe: cpe:/a:jetty:jetty:5.1.4   Confidence:Low   
  • cpe: cpe:/a:mortbay_jetty:jetty:5.1.4   Confidence:Low   
  • maven: org.mortbay.jetty:org.mortbay.jetty:5.1.4    Confidence:Highest

CVE-2007-5615  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')

CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Vulnerable Software & Versions:

jdtcore-3.1.0.jar

File Path: /home/jenkins/.m2/repository/eclipse/jdtcore/3.1.0/jdtcore-3.1.0.jar
MD5: d1651bf9048165f304e7877f1eaad6dc
SHA1: c5e3e72ae7220118c3da808628ec7016d4d8aef2
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

ant-1.6.5.jar

File Path: /home/jenkins/.m2/repository/ant/ant/1.6.5/ant-1.6.5.jar
MD5: c5c499f1eef9367c657e89bb881c69aa
SHA1: 7d18faf23df1a5c3a43613952e0e8a182664564b
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

jasper-compiler-5.5.12.jar

File Path: /home/jenkins/.m2/repository/tomcat/jasper-compiler/5.5.12/jasper-compiler-5.5.12.jar
MD5: 09f7545f0006619925988d0da8f28960
SHA1: c594866c64565344c0e7bdc9bf4fee70290c4dd5
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

jasper-runtime-5.5.12.jar

File Path: /home/jenkins/.m2/repository/tomcat/jasper-runtime/5.5.12/jasper-runtime-5.5.12.jar
MD5: 00106504f4cb72c3d59f917209cfb6c3
SHA1: f3a50a55414655b9843f5a089923ea83d49dc55e
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

  • maven: tomcat:jasper-runtime:5.5.12    Confidence:Highest
  • cpe: cpe:/a:jasper_project:jasper:5.5.12   Confidence:Low   

jasper-compiler-jdt-5.5.12.jar

File Path: /home/jenkins/.m2/repository/tomcat/jasper-compiler-jdt/5.5.12/jasper-compiler-jdt-5.5.12.jar
MD5: d429ebdb19354363dfffc1a2de7a61a1
SHA1: 3692828e6d920028a56006705e308c10c10b5b24
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

commons-el-1.0.jar

Description: JSP 2.0 Expression Language Interpreter Implementation

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: /home/jenkins/.m2/repository/commons-el/commons-el/1.0/commons-el-1.0.jar
MD5: 7c98594df7c126f33688fa6d93169639
SHA1: 1df2c042b3f2de0124750241ac6c886dbfa2cc2c
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

slf4j-api-1.7.12.jar

Description: The slf4j API

File Path: /home/jenkins/.m2/repository/org/slf4j/slf4j-api/1.7.12/slf4j-api-1.7.12.jar
MD5: 68910bf95dbcf90ce5859128f0f75d1e
SHA1: 8e20852d05222dc286bf1c71d78d0531e177c317
Referenced In Projects/Scopes:

  • Struts 2 Tiles Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 Assembly:compile

Identifiers

tiles-autotag-core-runtime-1.2.jar

Description: Autotag: runtime core classes.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/tiles/tiles-autotag-core-runtime/1.2/tiles-autotag-core-runtime-1.2.jar
MD5: 425009289d5df24ff34eb0bab20a1c36
SHA1: 0100bd3cae1a5debf9afb4ef5c8b36c508d06326
Referenced In Projects/Scopes:
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Assembly:compile

Identifiers

javax.el-3.0.0.jar

Description: Expression Language 3.0 API and Implementation

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /home/jenkins/.m2/repository/org/glassfish/javax.el/3.0.0/javax.el-3.0.0.jar
MD5: 9b413b6b4c57f68cc3e8649f754153f5
SHA1: dd532526e7c8de48e40419e6af1183658a973379
Referenced In Project/Scope: Struts 2 Tiles Plugin:compile

Identifiers

org.apache.felix.framework-4.0.3.jar

Description: OSGi R4 framework implementation.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/felix/org.apache.felix.framework/4.0.3/org.apache.felix.framework-4.0.3.jar
MD5: 9e872449cf44b305a186931592b9bc0f
SHA1: 9791556ac7394b966c965551b97c1123d3d8638a
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Assembly:compile

Identifiers

org.apache.felix.main-4.0.3.jar

Description: OSGi R4 framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/felix/org.apache.felix.main/4.0.3/org.apache.felix.main-4.0.3.jar
MD5: 60214692407e19af64feb331cbd18bd0
SHA1: 3371237ec5b6bf185772e989bc11148f8072a40c
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Assembly:compile

Identifiers

org.osgi.core-4.1.0.jar

Description: OSGi Service Platform Release 4 Core Interface and Classes.

File Path: /home/jenkins/.m2/repository/org/osgi/org.osgi.core/4.1.0/org.osgi.core-4.1.0.jar
MD5: 2f53de1a2939934088d4899e25967697
SHA1: b88cd082b5b6774e9db939e28c0e3dc526c92d89
Referenced In Projects/Scopes:

  • Struts 2 OSGi Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Assembly:compile

Identifiers

org.osgi.compendium-4.0.0.jar

File Path: /home/jenkins/.m2/repository/org/osgi/org.osgi.compendium/4.0.0/org.osgi.compendium-4.0.0.jar
MD5: c8d708edb0a365a4a0ff63b9fcf74e38
SHA1: 70d04381dfa21ddb4f1fd82e1f62623632890b48
Referenced In Projects/Scopes:

  • Struts 2 OSGi Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Assembly:compile

Identifiers

org.apache.felix.shell-1.4.3.jar

Description: A simple OSGi command shell service.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/felix/org.apache.felix.shell/1.4.3/org.apache.felix.shell-1.4.3.jar
MD5: 96087ecf21dd1e9824193439fbe57dff
SHA1: 649b5b55c6c5388654eee75706f1258e1e307ddb
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Assembly:compile

Identifiers

org.apache.felix.shell.tui-1.4.1.jar

Description: A simple textual user interface for Felix' shell service.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/felix/org.apache.felix.shell.tui/1.4.1/org.apache.felix.shell.tui-1.4.1.jar
MD5: bf656be67e35a832a4d07cf88bfeef6b
SHA1: 7184b6c9089ffcfb0da269a2cd50ce386f5dc335
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Assembly:compile

Identifiers

hamcrest-core-1.3.jar

Description:  This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.

File Path: /home/jenkins/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar
MD5: 6393363b47ddcbba82321110c3e07519
SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0
Referenced In Projects/Scopes:

  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 JUnit Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Core:compile
  • Struts 2 Assembly:compile
  • Struts OSGi Bundles:compile