Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: Struts Plugins

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE GAV Highest Severity CVE Count CPE Confidence Evidence Count
freemarker-2.3.26-incubating.jar org.freemarker:freemarker:2.3.26-incubating    0 44
javassist-3.20.0-GA.jar org.javassist:javassist:3.20.0-GA    0 27
ognl-3.1.15.jar cpe:/a:ognl_project:ognl:3.1.15 ognl:ognl:3.1.15    0 Low 22
log4j-api-2.9.1.jar cpe:/a:apache:log4j:2.9.1 org.apache.logging.log4j:log4j-api:2.9.1    0 Low 39
commons-fileupload-1.3.3.jar cpe:/a:apache:commons_fileupload:1.3.3 commons-fileupload:commons-fileupload:1.3.3    0 Low 40
commons-io-2.5.jar commons-io:commons-io:2.5    0 40
commons-lang3-3.6.jar org.apache.commons:commons-lang3:3.6    0 41
struts2-core-2.5.14.1.jar cpe:/a:apache:struts:2.5.14.1 org.apache.struts:struts2-core:2.5.14.1    0 Low 33
jcommander-1.48.jar com.beust:jcommander:1.48    0 23
bsh-2.0b4.jar cpe:/a:beanshell_project:beanshell:2.0.b4 org.beanshell:bsh:2.0b4  Medium 1 Low 25
testng-6.9.10.jar org.testng:testng:6.9.10    0 28
commons-logging-1.1.3.jar commons-logging:commons-logging:1.1.3    0 36
spring-core-4.1.9.RELEASE.jar cpe:/a:springsource:spring_framework:4.1.9
cpe:/a:vmware:springsource_spring_framework:4.1.9
cpe:/a:pivotal:spring_framework:4.1.9
cpe:/a:pivotal_software:spring_framework:4.1.9
org.springframework:spring-core:4.1.9.RELEASE  Medium 1 Highest 27
xmlpull-1.1.3.1.jar xmlpull:xmlpull:1.1.3.1    0 18
xpp3_min-1.1.4c.jar xpp3:xpp3_min:1.1.4c    0 24
xstream-1.4.10.jar cpe:/a:xstream_project:xstream:1.4.10
cpe:/a:x-stream:xstream:1.4.10
com.thoughtworks.xstream:xstream:1.4.10    0 Low 53
commons-beanutils-1.9.2.jar cpe:/a:apache:commons_beanutils:1.9.2 commons-beanutils:commons-beanutils:1.9.2    0 Low 36
commons-collections-3.2.2.jar cpe:/a:apache:commons_collections:3.2.2 commons-collections:commons-collections:3.2.2    0 Low 40
commons-lang-2.5.jar commons-lang:commons-lang:2.5    0 34
ezmorph-1.0.6.jar net.sf.ezmorph:ezmorph:1.0.6    0 22
json-lib-2.4-jdk15.jar com.hynnet:json-lib:2.4    0 15
jackson-core-2.9.2.jar cpe:/a:fasterxml:jackson:2.9.2 com.fasterxml.jackson.core:jackson-core:2.9.2    0 Low 41
jackson-annotations-2.9.0.jar cpe:/a:fasterxml:jackson:2.9.0 com.fasterxml.jackson.core:jackson-annotations:2.9.0    0 Low 39
plexus-utils-1.2.jar org.codehaus.plexus:plexus-utils:1.2    0 24
classworlds-1.1.jar classworlds:classworlds:1.1    0 26
plexus-container-default-1.0-alpha-10.jar org.codehaus.plexus:plexus-container-default:1.0-alpha-10    0 25
sitemesh-2.4.2.jar opensymphony:sitemesh:2.4.2    0 26
commons-lang-2.4.jar commons-lang:commons-lang:2.4    0 34
velocity-1.7.jar org.apache.velocity:velocity:1.7    0 33
commons-digester-2.1.jar commons-digester:commons-digester:2.1    0 34
commons-chain-1.1.jar commons-chain:commons-chain:1.1    0 29
commons-validator-1.5.1.jar commons-validator:commons-validator:1.5.1    0 40
dom4j-1.1.jar dom4j:dom4j:1.1    0 17
oro-2.0.8.jar oro:oro:2.0.8    0 14
sslext-1.2-0.jar sslext:sslext:1.2-0    0 20
antlr-2.7.2.jar antlr:antlrall:2.7.2    0 13
struts-core-1.3.8.jar cpe:/a:apache:struts:1.3.8 org.apache.struts:struts-core:1.3.8  High 4 Highest 26
struts-tiles-1.3.8.jar cpe:/a:apache:tiles:1.3.8
cpe:/a:apache:struts:1.3.8
org.apache.struts:struts-tiles:1.3.8  High 4 Highest 26
velocity-tools-2.0.jar org.apache.velocity:velocity-tools:2.0    0 30
dwr-1.1.1.jar cpe:/a:getahead:direct_web_remoting:1.1.1 uk.ltd.getahead:dwr:1.1.1  High 3 Highest 22
asm-5.2.jar org.ow2.asm:asm:5.2    0 28
asm-tree-5.2.jar org.ow2.asm:asm-tree:5.2    0 28
asm-commons-5.2.jar org.ow2.asm:asm-commons:5.2    0 28
juli-6.0.18.jar cpe:/a:apache:tomcat:6.0.18
cpe:/a:apache_software_foundation:tomcat:6.0.18
cpe:/a:apache_tomcat:apache_tomcat:6.0.18
org.apache.tomcat:juli:6.0.18  High 59 Highest 17
org.apache.felix.framework-4.0.3.jar org.apache.felix:org.apache.felix.framework:4.0.3    0 26
org.apache.felix.main-4.0.3.jar org.apache.felix:org.apache.felix.main:4.0.3    0 21
org.osgi.core-4.1.0.jar org.papoose.osgi:OSGi_R4_v4.1_core_spec:4.1.0.build-200702212030    0 27
org.osgi.compendium-4.0.0.jar org.osgi:org.osgi.compendium:4.0.0    0 18
org.apache.felix.shell-1.4.3.jar org.apache.felix:org.apache.felix.shell:1.4.3    0 28
org.apache.felix.shell.tui-1.4.1.jar org.apache.felix:org.apache.felix.shell.tui:1.4.1    0 28
aopalliance-1.0.jar aopalliance:aopalliance:1.0    0 20
hamcrest-core-1.3.jar org.hamcrest:hamcrest-core:1.3    0 25
junit-4.12.jar junit:junit:4.12    0 25
jcl-over-slf4j-1.7.6.jar org.slf4j:jcl-over-slf4j:1.7.6    0 31
tiles-core-3.0.7.jar cpe:/a:apache:tiles:3.0.7 org.apache.tiles:tiles-core:3.0.7    0 Low 33
tiles-request-api-1.0.6.jar cpe:/a:apache:tiles:1.0.6 org.apache.tiles:tiles-request-api:1.0.6    0 Low 33
struts2-tiles-plugin-2.5.14.1.jar cpe:/a:apache:struts:2.5.14.1
cpe:/a:apache:tiles:2.5.14.1
org.apache.struts:struts2-tiles-plugin:2.5.14.1    0 Low 33
slf4j-api-1.7.12.jar org.slf4j:slf4j-api:1.7.12    0 31
org.mortbay.jetty-5.1.4.jar cpe:/a:jetty:jetty_http_server:5.1.4
cpe:/a:jetty:jetty:5.1.4
cpe:/a:mortbay_jetty:jetty:5.1.4
jetty:org.mortbay.jetty:5.1.4  Medium 1 Low 22
jdtcore-3.1.0.jar eclipse:jdtcore:3.1.0    0 18
ant-1.6.5.jar ant:ant:1.6.5    0 18
jasper-compiler-5.5.12.jar cpe:/a:jasper_project:jasper:5.5.12 tomcat:jasper-compiler:5.5.12    0 Low 16
jasper-runtime-5.5.12.jar cpe:/a:jasper_project:jasper:5.5.12 tomcat:jasper-runtime:5.5.12    0 Low 16
jasper-compiler-jdt-5.5.12.jar cpe:/a:jasper_project:jasper:5.5.12 tomcat:jasper-compiler-jdt:5.5.12    0 Low 17
commons-el-1.0.jar tomcat:commons-el:5.5.23    0 27
commons-jci-fam-1.1.jar org.apache.commons:commons-jci-fam:1.1    0 35
validation-api-1.1.0.Final.jar javax.validation:validation-api:1.1.0.Final    0 22
tiles-autotag-core-runtime-1.2.jar cpe:/a:apache:tiles:1.2 org.apache.tiles:tiles-autotag-core-runtime:1.2    0 Low 33
javax.el-3.0.0.jar org.glassfish:javax.el:3.0.0    0 36
google-gxp-0.2.4-beta.jar com.google.gxp:google-gxp:0.2.4-beta    0 25
google-collections-1.0.jar com.google.collections:google-collections:1.0    0 31
oval-1.31.jar net.sf.oval:oval:1.31    0 38
jdtcore-3.1.0.jar: jdtCompilerAdapter.jar   0 7

Dependencies

freemarker-2.3.26-incubating.jar

Description:  FreeMarker is a "template engine"; a generic tool to generate text output based on templates.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/freemarker/freemarker/2.3.26-incubating/freemarker-2.3.26-incubating.jar
MD5: cbb030d58da59a3c597b65cec837c37e
SHA1: 713237e013f725b72f4f9ec931a49c14b1805359
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Plexus Plugin:compile
  • Struts Plugins:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OSGi Plugin:compile
  • DEPRECATED: Struts 2 Sitegraph Plugin:compile
  • Struts 2 JSON Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 REST Plugin:compile

Identifiers

javassist-3.20.0-GA.jar

Description:  Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/
File Path: /home/jenkins/.m2/repository/org/javassist/javassist/3.20.0-GA/javassist-3.20.0-GA.jar
MD5: a89dd7907d76e061ec2c07e762a74256
SHA1: a9cbcdfb7e9f86fbc74d3afae65f2248bfbf82a0
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Plexus Plugin:compile
  • Struts Plugins:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OSGi Plugin:compile
  • DEPRECATED: Struts 2 Sitegraph Plugin:compile
  • Struts 2 JSON Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 REST Plugin:compile

Identifiers

ognl-3.1.15.jar

Description: OGNL - Object Graph Navigation Library

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/ognl/ognl/3.1.15/ognl-3.1.15.jar
MD5: 47a2f86e8dcd313d606cc5581e202fe6
SHA1: 8ea2a66fafbf9d6f0353c6fac562a1ddb1bedf13
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Plexus Plugin:compile
  • Struts Plugins:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OSGi Plugin:compile
  • DEPRECATED: Struts 2 Sitegraph Plugin:compile
  • Struts 2 JSON Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 REST Plugin:compile

Identifiers

  • maven: ognl:ognl:3.1.15    Confidence:Highest
  • cpe: cpe:/a:ognl_project:ognl:3.1.15   Confidence:Low   

log4j-api-2.9.1.jar

Description: The Apache Log4j API

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/logging/log4j/log4j-api/2.9.1/log4j-api-2.9.1.jar
MD5: 20f0b4e1a16bd2030f0acc2b277cb16f
SHA1: 7a2999229464e7a324aa503c0a52ec0f05efe7bd
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • DEPRECATED: Struts 2 Sitegraph Plugin:compile
  • Struts 2 JUnit Plugin:compile
  • Struts 2 JSON Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Plexus Plugin:compile
  • Struts Plugins:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 REST Plugin:compile

Identifiers

commons-fileupload-1.3.3.jar

Description:  The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-fileupload/commons-fileupload/1.3.3/commons-fileupload-1.3.3.jar
MD5: dd77e787b7b5dc56f6a1cb658716d55d
SHA1: 04ff14d809195b711fd6bcc87e6777f886730ca1
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Plexus Plugin:compile
  • Struts Plugins:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OSGi Plugin:compile
  • DEPRECATED: Struts 2 Sitegraph Plugin:compile
  • Struts 2 JSON Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 REST Plugin:compile

Identifiers

commons-io-2.5.jar

Description:  The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-io/commons-io/2.5/commons-io-2.5.jar
MD5: e2d74794fba570ec2115fb9d5b05dc9b
SHA1: 2852e6e05fbb95076fc091f6d1780f1f8fe35e0f
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Plexus Plugin:compile
  • Struts Plugins:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OSGi Plugin:compile
  • DEPRECATED: Struts 2 Sitegraph Plugin:compile
  • Struts 2 JSON Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 REST Plugin:compile

Identifiers

commons-lang3-3.6.jar

Description:  Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/commons/commons-lang3/3.6/commons-lang3-3.6.jar
MD5: 5d18f68b5122fd398c118df53ab4cf55
SHA1: 9d28a6b23650e8a7e9063c04588ace6cf7012c17
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Plexus Plugin:compile
  • Struts Plugins:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OSGi Plugin:compile
  • DEPRECATED: Struts 2 Sitegraph Plugin:compile
  • Struts 2 JSON Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 REST Plugin:compile

Identifiers

struts2-core-2.5.14.1.jar

Description: Apache Struts 2

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/struts/struts2-core/2.5.14.1/struts2-core-2.5.14.1.jar
MD5: 4f5b5fda13e20991d13a18c75010d49b
SHA1: ef575752783dc8f22fade1a3b13330274e7d7f23
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Plexus Plugin:compile
  • Struts Plugins:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OSGi Plugin:compile
  • DEPRECATED: Struts 2 Sitegraph Plugin:compile
  • Struts 2 JSON Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 REST Plugin:compile

Identifiers

jcommander-1.48.jar

Description: A Java framework to parse command line options with annotations.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/beust/jcommander/1.48/jcommander-1.48.jar
MD5: 7a84fb4b01f46c904bd549e67e6c48a1
SHA1: bfcb96281ea3b59d626704f74bc6d625ff51cbce
Referenced In Project/Scope: Struts 2 TestNG Plugin:compile

Identifiers

bsh-2.0b4.jar

Description: BeanShell

File Path: /home/jenkins/.m2/repository/org/beanshell/bsh/2.0b4/bsh-2.0b4.jar
MD5: a1c60aa83c9c9a6cb2391c1c1b85eb00
SHA1: a05f0a0feefa8d8467ac80e16e7de071489f0d9c
Referenced In Project/Scope: Struts 2 TestNG Plugin:compile

Identifiers

  • maven: org.beanshell:bsh:2.0b4    Confidence:Highest
  • cpe: cpe:/a:beanshell_project:beanshell:2.0.b4   Confidence:Low   

CVE-2016-2510  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-19 Data Handling

BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.

Vulnerable Software & Versions:

testng-6.9.10.jar

Description: Testing framework for Java

License:

Apache  Version 2.0, January 2004
File Path: /home/jenkins/.m2/repository/org/testng/testng/6.9.10/testng-6.9.10.jar
MD5: 83e26cb672a81f5bbda139436ef4d8d0
SHA1: 6feb3e964aeb7097aff30c372aac3ec0f8d87ede
Referenced In Project/Scope: Struts 2 TestNG Plugin:compile

Identifiers

commons-logging-1.1.3.jar

Description: Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar
MD5: 92eb5aabc1b47287de53d45c086a435c
SHA1: f6f66e966c70a83ffbdb6f17a0919eaf7c8aca7f
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • DEPRECATED: Struts 2 Sitegraph Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 JUnit Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 REST Plugin:compile

Identifiers

spring-core-4.1.9.RELEASE.jar

Description: Spring Core

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/springframework/spring-core/4.1.9.RELEASE/spring-core-4.1.9.RELEASE.jar
MD5: 2b1b2a3af329e583f041bf6e8a8a9feb
SHA1: 85a6d6031c4193d873144496e865b649a874cc47
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 REST Plugin:compile

Identifiers

CVE-2016-5007  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.

Vulnerable Software & Versions: (show all)

xmlpull-1.1.3.1.jar

License:

Public Domain: http://www.xmlpull.org/v1/download/unpacked/LICENSE.txt
File Path: /home/jenkins/.m2/repository/xmlpull/xmlpull/1.1.3.1/xmlpull-1.1.3.1.jar
MD5: cc57dacc720eca721a50e78934b822d2
SHA1: 2b8e230d2ab644e4ecaa94db7cdedbc40c805dfa
Referenced In Projects/Scopes:
  • Struts 2 OVal Plugin:compile
  • Struts 2 REST Plugin:compile

Identifiers

xpp3_min-1.1.4c.jar

Description: MXP1 is a stable XmlPull parsing engine that is based on ideas from XPP and in particular XPP2 but completely revised and rewritten to take the best advantage of latest JIT JVMs such as Hotspot in JDK 1.4+.

License:

Indiana University Extreme! Lab Software License, vesion 1.1.1: http://www.extreme.indiana.edu/viewcvs/~checkout~/XPP3/java/LICENSE.txt
Public Domain: http://creativecommons.org/licenses/publicdomain
File Path: /home/jenkins/.m2/repository/xpp3/xpp3_min/1.1.4c/xpp3_min-1.1.4c.jar
MD5: dcd95bcb84b09897b2b66d4684c040da
SHA1: 19d4e90b43059058f6e056f794f0ea4030d60b86
Referenced In Projects/Scopes:
  • Struts 2 OVal Plugin:compile
  • Struts 2 REST Plugin:compile

Identifiers

xstream-1.4.10.jar

Description: XStream is a serialization library from Java objects to XML and back.

License:

http://x-stream.github.io/license.html
File Path: /home/jenkins/.m2/repository/com/thoughtworks/xstream/xstream/1.4.10/xstream-1.4.10.jar
MD5: d00eec778910f95b26201395ac64cca0
SHA1: dfecae23647abc9d9fd0416629a4213a3882b101
Referenced In Projects/Scopes:
  • Struts 2 OVal Plugin:compile
  • Struts 2 REST Plugin:compile

Identifiers

  • cpe: cpe:/a:xstream_project:xstream:1.4.10   Confidence:Low   
  • cpe: cpe:/a:x-stream:xstream:1.4.10   Confidence:Low   
  • maven: com.thoughtworks.xstream:xstream:1.4.10    Confidence:Highest

commons-beanutils-1.9.2.jar

Description: Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar
MD5: 9f298a2d65e68184f9ebaa938bc12106
SHA1: 7a87d845ad3a155297e8f67d9008f4c1e5656b71
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 REST Plugin:compile

Identifiers

commons-collections-3.2.2.jar

Description: Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 REST Plugin:compile

Identifiers

commons-lang-2.5.jar

Description:  Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-lang/commons-lang/2.5/commons-lang-2.5.jar
MD5: ab04c560caea60d3b0050beb57776a32
SHA1: b0236b252e86419eef20c31a44579d2aee2f0a69
Referenced In Project/Scope: Struts 2 REST Plugin:compile

Identifiers

ezmorph-1.0.6.jar

Description:  Simple java library for transforming an Object to another Object.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/net/sf/ezmorph/ezmorph/1.0.6/ezmorph-1.0.6.jar
MD5: 1fa113c6aacf3a01af1449df77acd474
SHA1: 01e55d2a0253ea37745d33062852fd2c90027432
Referenced In Project/Scope: Struts 2 REST Plugin:compile

Identifiers

json-lib-2.4-jdk15.jar

File Path: /home/jenkins/.m2/repository/net/sf/json-lib/json-lib/2.4/json-lib-2.4-jdk15.jar
MD5: f5db294d05b3d5a5bfb873455b0a8626
SHA1: 136743e0d12df4e785e62b48618cee169b2ae546
Referenced In Project/Scope: Struts 2 REST Plugin:compile

Identifiers

jackson-core-2.9.2.jar

Description: Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.9.2/jackson-core-2.9.2.jar
MD5: 456af981c1be006d6ac38df86c4339d6
SHA1: aed20e50152a2f19adc1995c8d8f307c7efa414d
Referenced In Project/Scope: Struts 2 REST Plugin:compile

Identifiers

jackson-annotations-2.9.0.jar

Description: Core annotations used for value types, used by Jackson data binding package.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.9.0/jackson-annotations-2.9.0.jar
MD5: c09faa1b063681cf45706c6df50685b6
SHA1: 07c10d545325e3a6e72e06381afe469fd40eb701
Referenced In Project/Scope: Struts 2 REST Plugin:compile

Identifiers

plexus-utils-1.2.jar

File Path: /home/jenkins/.m2/repository/org/codehaus/plexus/plexus-utils/1.2/plexus-utils-1.2.jar
MD5: 4e05dbd6dbfdf2e976921e80079f9d38
SHA1: 9756b92f7f380e4372d1e34f7d194bc0a5767849
Referenced In Project/Scope: Struts 2 Plexus Plugin:compile

Identifiers

classworlds-1.1.jar

File Path: /home/jenkins/.m2/repository/classworlds/classworlds/1.1/classworlds-1.1.jar
MD5: c20629baa65f1f2948b37aa393b0310b
SHA1: 60c708f55deeb7c5dfce8a7886ef09cbc1388eca
Referenced In Project/Scope: Struts 2 Plexus Plugin:compile

Identifiers

plexus-container-default-1.0-alpha-10.jar

File Path: /home/jenkins/.m2/repository/org/codehaus/plexus/plexus-container-default/1.0-alpha-10/plexus-container-default-1.0-alpha-10.jar
MD5: 110aaa0c629787cb95e1137bd7ad4b93
SHA1: 575e5663d175c8f112f654bc2f2a3db4077c74e0
Referenced In Project/Scope: Struts 2 Plexus Plugin:compile

Identifiers

sitemesh-2.4.2.jar

Description: SiteMesh is a web-page layout and decoration framework and web- application integration framework to aid in creating large sites consisting of many pages for which a consistent look/feel, navigation and layout scheme is required.

License:

The Apache Software License, Version 1.1: http://www.opensymphony.com/sitemesh/license.action
File Path: /home/jenkins/.m2/repository/opensymphony/sitemesh/2.4.2/sitemesh-2.4.2.jar
MD5: b9cd6bb5c6e34555ae430d9c2f2441ba
SHA1: 4cb3b08c96553b0f4595a80917838ca302f67f3f
Referenced In Project/Scope: Struts 2 Sitemesh Plugin:compile

Identifiers

commons-lang-2.4.jar

Description:  Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-lang/commons-lang/2.4/commons-lang-2.4.jar
MD5: 237a8e845441bad2e535c57d985c8204
SHA1: 16313e02a793435009f1e458fa4af5d879f6fb11
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile

Identifiers

velocity-1.7.jar

Description: Apache Velocity is a general purpose template engine.

File Path: /home/jenkins/.m2/repository/org/apache/velocity/velocity/1.7/velocity-1.7.jar
MD5: 3692dd72f8367cb35fb6280dc2916725
SHA1: 2ceb567b8f3f21118ecdec129fe1271dbc09aa7a
Referenced In Projects/Scopes:

  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile

Identifiers

commons-digester-2.1.jar

Description:  The Digester package lets you configure an XML to Java object mapping module which triggers certain actions called rules whenever a particular pattern of nested XML elements is recognized.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-digester/commons-digester/2.1/commons-digester-2.1.jar
MD5: 528445033f22da28f5047b6abcd1c7c9
SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Portlet Plugin:compile

Identifiers

commons-chain-1.1.jar

Description: An implmentation of the GoF Chain of Responsibility pattern

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: /home/jenkins/.m2/repository/commons-chain/commons-chain/1.1/commons-chain-1.1.jar
MD5: d4ce482153073855e7c6453dc3c725cb
SHA1: 3038bd41dcdb2b63b8c6dcc8c15f0fdf3f389012
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile

Identifiers

commons-validator-1.5.1.jar

Description:  Apache Commons Validator provides the building blocks for both client side validation and server side data validation. It may be used standalone or with a framework like Struts.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-validator/commons-validator/1.5.1/commons-validator-1.5.1.jar
MD5: 67fad26aa0c1e884a6aa4249a6126a88
SHA1: 86d05a46e8f064b300657f751b5a98c62807e2a0
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile

Identifiers

dom4j-1.1.jar

File Path: /home/jenkins/.m2/repository/dom4j/dom4j/1.1/dom4j-1.1.jar
MD5: f1c39d0d2b2c6f5ffb0046841a34b5c9
SHA1: 0690b3108a502c8f033ea87e7278aec309ffa668
Referenced In Projects/Scopes:

  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile

Identifiers

oro-2.0.8.jar

File Path: /home/jenkins/.m2/repository/oro/oro/2.0.8/oro-2.0.8.jar
MD5: 42e940d5d2d822f4dc04c65053e630ab
SHA1: 5592374f834645c4ae250f4c9fbb314c9369d698
Referenced In Projects/Scopes:

  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile

Identifiers

sslext-1.2-0.jar

License:

Apache Software License, Version 1.1: http://www.apache.org/licenses/LICENSE-1.1
File Path: /home/jenkins/.m2/repository/sslext/sslext/1.2-0/sslext-1.2-0.jar
MD5: fda7f2a2f7ac9b017a5de1a4742753fd
SHA1: c86a7db4ac0bc450e675f3d44b3d64cdc934361b
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile

Identifiers

antlr-2.7.2.jar

File Path: /home/jenkins/.m2/repository/antlr/antlr/2.7.2/antlr-2.7.2.jar
MD5: a73459120df5cadf75eaa98453433a01
SHA1: 546b5220622c4d9b2da45ad1899224b6ce1c8830
Referenced In Projects/Scopes:

  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile

Identifiers

struts-core-1.3.8.jar

File Path: /home/jenkins/.m2/repository/org/apache/struts/struts-core/1.3.8/struts-core-1.3.8.jar
MD5: 868de456b4d4331d6dcc4e8d3bee884e
SHA1: 66178d4a9279ebb1cd1eb79c10dc204b4199f061
Referenced In Projects/Scopes:

  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile

Identifiers

CVE-2014-0114  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Vulnerable Software & Versions: (show all)

CVE-2015-0899  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-20 Improper Input Validation

The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.

Vulnerable Software & Versions: (show all)

CVE-2016-1181  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.

Vulnerable Software & Versions: (show all)

CVE-2016-1182  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-20 Improper Input Validation

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.

Vulnerable Software & Versions: (show all)

struts-tiles-1.3.8.jar

File Path: /home/jenkins/.m2/repository/org/apache/struts/struts-tiles/1.3.8/struts-tiles-1.3.8.jar
MD5: f41992ab2729b1cb9c6b4721465aa4e4
SHA1: 6d212f8ea5d908bc9906e669428b7694dff60785
Referenced In Projects/Scopes:

  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile

Identifiers

CVE-2014-0114  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Vulnerable Software & Versions: (show all)

CVE-2015-0899  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-20 Improper Input Validation

The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.

Vulnerable Software & Versions: (show all)

CVE-2016-1181  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.

Vulnerable Software & Versions: (show all)

CVE-2016-1182  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-20 Improper Input Validation

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.

Vulnerable Software & Versions: (show all)

velocity-tools-2.0.jar

Description:  VelocityTools is an integrated collection of Velocity subprojects with the common goal of creating tools and infrastructure to speed and ease development of both web and non-web applications using the Velocity template engine.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/velocity/velocity-tools/2.0/velocity-tools-2.0.jar
MD5: 51ed2c6c0103cf3fdbeb9aa5170f5288
SHA1: 69936384de86857018b023a8c56ae0635c56b6a0
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile

Identifiers

dwr-1.1.1.jar

Description: DWR is easy Ajax for Java.

File Path: /home/jenkins/.m2/repository/uk/ltd/getahead/dwr/1.1.1/dwr-1.1.1.jar
MD5: acf4c23760ecb7377ee5047cd89afc90
SHA1: 52fa2a12084cef04a5ce4e99d6dd63ba3fbf1071
Referenced In Project/Scope: Struts 2 DWR Plugin:compile

Identifiers

CVE-2006-6916  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to cause a denial of service (infinite loop) via unknown vectors related to "crafted input."

Vulnerable Software & Versions:

CVE-2007-0184  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.

Vulnerable Software & Versions: (show all)

CVE-2007-0185  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to cause a denial of service (memory exhaustion and servlet outage) via unknown vectors related to a large number of calls in a batch.

Vulnerable Software & Versions: (show all)

asm-5.2.jar

File Path: /home/jenkins/.m2/repository/org/ow2/asm/asm/5.2/asm-5.2.jar
MD5: 8bb8efe7c0f8488c4a2d6297066632aa
SHA1: 4ce3ecdc7115bcbf9d4ff4e6ec638e60760819df
Referenced In Project/Scope: Struts 2 Convention Plugin:compile

Identifiers

asm-tree-5.2.jar

File Path: /home/jenkins/.m2/repository/org/ow2/asm/asm-tree/5.2/asm-tree-5.2.jar
MD5: f7e33a05a3e40f26bcf20803a74a07d1
SHA1: 733a8d67f6f4174d12142b7bbcfc496a6d99882e
Referenced In Project/Scope: Struts 2 Convention Plugin:compile

Identifiers

asm-commons-5.2.jar

File Path: /home/jenkins/.m2/repository/org/ow2/asm/asm-commons/5.2/asm-commons-5.2.jar
MD5: 17b64c0aeb59138dffe213c319bfc394
SHA1: 2f916f2c20f1d04404276cb1c2e6d5d6793dca3f
Referenced In Project/Scope: Struts 2 Convention Plugin:compile

Identifiers

juli-6.0.18.jar

Description: Tomcat Core Logging Package

File Path: /home/jenkins/.m2/repository/org/apache/tomcat/juli/6.0.18/juli-6.0.18.jar
MD5: cac2848a283896ed2b988c9b67bcbb7a
SHA1: 5803a3fc40ba28e02688f29da850174beca027a1
Referenced In Project/Scope: Struts 2 Embedded JSP Plugin:compile

Identifiers

  • cpe: cpe:/a:apache:tomcat:6.0.18   Confidence:Highest   
  • maven: org.apache.tomcat:juli:6.0.18    Confidence:Highest
  • cpe: cpe:/a:apache_software_foundation:tomcat:6.0.18   Confidence:Low   
  • cpe: cpe:/a:apache_tomcat:apache_tomcat:6.0.18   Confidence:Low   

CVE-2008-5515  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.

Vulnerable Software & Versions: (show all)

CVE-2009-0783  

Severity: Medium
CVSS Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-200 Information Exposure

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.

Vulnerable Software & Versions: (show all)

CVE-2009-2693  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.

Vulnerable Software & Versions: (show all)

CVE-2009-2901  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.

Vulnerable Software & Versions: (show all)

CVE-2009-2902  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.

Vulnerable Software & Versions: (show all)

CVE-2009-3548  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-255 Credentials Management

The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.

Vulnerable Software & Versions: (show all)

CVE-2010-1157  

Severity: Low
CVSS Score: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.

Vulnerable Software & Versions: (show all)