Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: Struts 2 OSGi Plugin

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE GAV Highest Severity CVE Count CPE Confidence Evidence Count
org.apache.felix.framework-4.0.3.jar org.apache.felix:org.apache.felix.framework:4.0.3    0 26
org.apache.felix.main-4.0.3.jar org.apache.felix:org.apache.felix.main:4.0.3    0 21
org.osgi.core-4.1.0.jar org.papoose.osgi:OSGi_R4_v4.1_core_spec:4.1.0.build-200702212030    0 27
org.osgi.compendium-4.0.0.jar org.osgi:org.osgi.compendium:4.0.0    0 18
org.apache.felix.shell-1.4.3.jar org.apache.felix:org.apache.felix.shell:1.4.3    0 28
org.apache.felix.shell.tui-1.4.1.jar org.apache.felix:org.apache.felix.shell.tui:1.4.1    0 28
commons-collections-3.2.2.jar cpe:/a:apache:commons_collections:3.2.2 commons-collections:commons-collections:3.2.2    0 Low 40
commons-lang-2.4.jar commons-lang:commons-lang:2.4    0 34
velocity-1.7.jar org.apache.velocity:velocity:1.7    0 33
commons-beanutils-1.9.2.jar cpe:/a:apache:commons_beanutils:1.9.2 commons-beanutils:commons-beanutils:1.9.2    0 Low 36
commons-chain-1.1.jar commons-chain:commons-chain:1.1    0 29
commons-logging-1.1.3.jar commons-logging:commons-logging:1.1.3    0 36
commons-validator-1.5.1.jar commons-validator:commons-validator:1.5.1    0 40
dom4j-1.1.jar dom4j:dom4j:1.1    0 17
oro-2.0.8.jar oro:oro:2.0.8    0 14
sslext-1.2-0.jar sslext:sslext:1.2-0    0 20
antlr-2.7.2.jar antlr:antlrall:2.7.2    0 13
struts-core-1.3.8.jar cpe:/a:apache:struts:1.3.8 org.apache.struts:struts-core:1.3.8  High 4 Highest 26
struts-tiles-1.3.8.jar cpe:/a:apache:tiles:1.3.8
cpe:/a:apache:struts:1.3.8
org.apache.struts:struts-tiles:1.3.8  High 4 Highest 26
velocity-tools-2.0.jar org.apache.velocity:velocity-tools:2.0    0 30
commons-lang3-3.6.jar org.apache.commons:commons-lang3:3.6    0 41
commons-digester-2.1.jar commons-digester:commons-digester:2.1    0 34
freemarker-2.3.26-incubating.jar org.freemarker:freemarker:2.3.26-incubating    0 44
javassist-3.20.0-GA.jar org.javassist:javassist:3.20.0-GA    0 27
ognl-3.1.15.jar cpe:/a:ognl_project:ognl:3.1.15 ognl:ognl:3.1.15    0 Low 22
log4j-api-2.9.1.jar cpe:/a:apache:log4j:2.9.1 org.apache.logging.log4j:log4j-api:2.9.1    0 Low 39
commons-fileupload-1.3.3.jar cpe:/a:apache:commons_fileupload:1.3.3 commons-fileupload:commons-fileupload:1.3.3    0 Low 40
commons-io-2.5.jar commons-io:commons-io:2.5    0 40
struts2-core-2.5.14.1.jar cpe:/a:apache:struts:2.5.14.1 org.apache.struts:struts2-core:2.5.14.1    0 Low 33

Dependencies

org.apache.felix.framework-4.0.3.jar

Description: OSGi R4 framework implementation.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/felix/org.apache.felix.framework/4.0.3/org.apache.felix.framework-4.0.3.jar
MD5: 9e872449cf44b305a186931592b9bc0f
SHA1: 9791556ac7394b966c965551b97c1123d3d8638a
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

org.apache.felix.main-4.0.3.jar

Description: OSGi R4 framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/felix/org.apache.felix.main/4.0.3/org.apache.felix.main-4.0.3.jar
MD5: 60214692407e19af64feb331cbd18bd0
SHA1: 3371237ec5b6bf185772e989bc11148f8072a40c
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

org.osgi.core-4.1.0.jar

Description: OSGi Service Platform Release 4 Core Interface and Classes.

File Path: /home/jenkins/.m2/repository/org/osgi/org.osgi.core/4.1.0/org.osgi.core-4.1.0.jar
MD5: 2f53de1a2939934088d4899e25967697
SHA1: b88cd082b5b6774e9db939e28c0e3dc526c92d89
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

org.osgi.compendium-4.0.0.jar

File Path: /home/jenkins/.m2/repository/org/osgi/org.osgi.compendium/4.0.0/org.osgi.compendium-4.0.0.jar
MD5: c8d708edb0a365a4a0ff63b9fcf74e38
SHA1: 70d04381dfa21ddb4f1fd82e1f62623632890b48
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

org.apache.felix.shell-1.4.3.jar

Description: A simple OSGi command shell service.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/felix/org.apache.felix.shell/1.4.3/org.apache.felix.shell-1.4.3.jar
MD5: 96087ecf21dd1e9824193439fbe57dff
SHA1: 649b5b55c6c5388654eee75706f1258e1e307ddb
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

org.apache.felix.shell.tui-1.4.1.jar

Description: A simple textual user interface for Felix' shell service.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/felix/org.apache.felix.shell.tui/1.4.1/org.apache.felix.shell.tui-1.4.1.jar
MD5: bf656be67e35a832a4d07cf88bfeef6b
SHA1: 7184b6c9089ffcfb0da269a2cd50ce386f5dc335
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

commons-collections-3.2.2.jar

Description: Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

commons-lang-2.4.jar

Description:  Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-lang/commons-lang/2.4/commons-lang-2.4.jar
MD5: 237a8e845441bad2e535c57d985c8204
SHA1: 16313e02a793435009f1e458fa4af5d879f6fb11
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

velocity-1.7.jar

Description: Apache Velocity is a general purpose template engine.

File Path: /home/jenkins/.m2/repository/org/apache/velocity/velocity/1.7/velocity-1.7.jar
MD5: 3692dd72f8367cb35fb6280dc2916725
SHA1: 2ceb567b8f3f21118ecdec129fe1271dbc09aa7a
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

commons-beanutils-1.9.2.jar

Description: Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar
MD5: 9f298a2d65e68184f9ebaa938bc12106
SHA1: 7a87d845ad3a155297e8f67d9008f4c1e5656b71
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

commons-chain-1.1.jar

Description: An implmentation of the GoF Chain of Responsibility pattern

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: /home/jenkins/.m2/repository/commons-chain/commons-chain/1.1/commons-chain-1.1.jar
MD5: d4ce482153073855e7c6453dc3c725cb
SHA1: 3038bd41dcdb2b63b8c6dcc8c15f0fdf3f389012
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

commons-logging-1.1.3.jar

Description: Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar
MD5: 92eb5aabc1b47287de53d45c086a435c
SHA1: f6f66e966c70a83ffbdb6f17a0919eaf7c8aca7f
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

commons-validator-1.5.1.jar

Description:  Apache Commons Validator provides the building blocks for both client side validation and server side data validation. It may be used standalone or with a framework like Struts.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-validator/commons-validator/1.5.1/commons-validator-1.5.1.jar
MD5: 67fad26aa0c1e884a6aa4249a6126a88
SHA1: 86d05a46e8f064b300657f751b5a98c62807e2a0
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

dom4j-1.1.jar

File Path: /home/jenkins/.m2/repository/dom4j/dom4j/1.1/dom4j-1.1.jar
MD5: f1c39d0d2b2c6f5ffb0046841a34b5c9
SHA1: 0690b3108a502c8f033ea87e7278aec309ffa668
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

oro-2.0.8.jar

File Path: /home/jenkins/.m2/repository/oro/oro/2.0.8/oro-2.0.8.jar
MD5: 42e940d5d2d822f4dc04c65053e630ab
SHA1: 5592374f834645c4ae250f4c9fbb314c9369d698
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

sslext-1.2-0.jar

License:

Apache Software License, Version 1.1: http://www.apache.org/licenses/LICENSE-1.1
File Path: /home/jenkins/.m2/repository/sslext/sslext/1.2-0/sslext-1.2-0.jar
MD5: fda7f2a2f7ac9b017a5de1a4742753fd
SHA1: c86a7db4ac0bc450e675f3d44b3d64cdc934361b
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

antlr-2.7.2.jar

File Path: /home/jenkins/.m2/repository/antlr/antlr/2.7.2/antlr-2.7.2.jar
MD5: a73459120df5cadf75eaa98453433a01
SHA1: 546b5220622c4d9b2da45ad1899224b6ce1c8830
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

struts-core-1.3.8.jar

File Path: /home/jenkins/.m2/repository/org/apache/struts/struts-core/1.3.8/struts-core-1.3.8.jar
MD5: 868de456b4d4331d6dcc4e8d3bee884e
SHA1: 66178d4a9279ebb1cd1eb79c10dc204b4199f061
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

CVE-2014-0114  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Vulnerable Software & Versions: (show all)

CVE-2015-0899  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-20 Improper Input Validation

The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.

Vulnerable Software & Versions: (show all)

CVE-2016-1181  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.

Vulnerable Software & Versions: (show all)

CVE-2016-1182  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-20 Improper Input Validation

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.

Vulnerable Software & Versions: (show all)

struts-tiles-1.3.8.jar

File Path: /home/jenkins/.m2/repository/org/apache/struts/struts-tiles/1.3.8/struts-tiles-1.3.8.jar
MD5: f41992ab2729b1cb9c6b4721465aa4e4
SHA1: 6d212f8ea5d908bc9906e669428b7694dff60785
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

CVE-2014-0114  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Vulnerable Software & Versions: (show all)

CVE-2015-0899  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-20 Improper Input Validation

The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.

Vulnerable Software & Versions: (show all)

CVE-2016-1181  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.

Vulnerable Software & Versions: (show all)

CVE-2016-1182  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-20 Improper Input Validation

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.

Vulnerable Software & Versions: (show all)

velocity-tools-2.0.jar

Description:  VelocityTools is an integrated collection of Velocity subprojects with the common goal of creating tools and infrastructure to speed and ease development of both web and non-web applications using the Velocity template engine.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/velocity/velocity-tools/2.0/velocity-tools-2.0.jar
MD5: 51ed2c6c0103cf3fdbeb9aa5170f5288
SHA1: 69936384de86857018b023a8c56ae0635c56b6a0
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

commons-lang3-3.6.jar

Description:  Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/commons/commons-lang3/3.6/commons-lang3-3.6.jar
MD5: 5d18f68b5122fd398c118df53ab4cf55
SHA1: 9d28a6b23650e8a7e9063c04588ace6cf7012c17
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

commons-digester-2.1.jar

Description:  The Digester package lets you configure an XML to Java object mapping module which triggers certain actions called rules whenever a particular pattern of nested XML elements is recognized.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-digester/commons-digester/2.1/commons-digester-2.1.jar
MD5: 528445033f22da28f5047b6abcd1c7c9
SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

freemarker-2.3.26-incubating.jar

Description:  FreeMarker is a "template engine"; a generic tool to generate text output based on templates.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/freemarker/freemarker/2.3.26-incubating/freemarker-2.3.26-incubating.jar
MD5: cbb030d58da59a3c597b65cec837c37e
SHA1: 713237e013f725b72f4f9ec931a49c14b1805359
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

javassist-3.20.0-GA.jar

Description:  Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/
File Path: /home/jenkins/.m2/repository/org/javassist/javassist/3.20.0-GA/javassist-3.20.0-GA.jar
MD5: a89dd7907d76e061ec2c07e762a74256
SHA1: a9cbcdfb7e9f86fbc74d3afae65f2248bfbf82a0
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

ognl-3.1.15.jar

Description: OGNL - Object Graph Navigation Library

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/ognl/ognl/3.1.15/ognl-3.1.15.jar
MD5: 47a2f86e8dcd313d606cc5581e202fe6
SHA1: 8ea2a66fafbf9d6f0353c6fac562a1ddb1bedf13
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

  • maven: ognl:ognl:3.1.15    Confidence:Highest
  • cpe: cpe:/a:ognl_project:ognl:3.1.15   Confidence:Low   

log4j-api-2.9.1.jar

Description: The Apache Log4j API

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/logging/log4j/log4j-api/2.9.1/log4j-api-2.9.1.jar
MD5: 20f0b4e1a16bd2030f0acc2b277cb16f
SHA1: 7a2999229464e7a324aa503c0a52ec0f05efe7bd
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

commons-fileupload-1.3.3.jar

Description:  The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-fileupload/commons-fileupload/1.3.3/commons-fileupload-1.3.3.jar
MD5: dd77e787b7b5dc56f6a1cb658716d55d
SHA1: 04ff14d809195b711fd6bcc87e6777f886730ca1
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

commons-io-2.5.jar

Description:  The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-io/commons-io/2.5/commons-io-2.5.jar
MD5: e2d74794fba570ec2115fb9d5b05dc9b
SHA1: 2852e6e05fbb95076fc091f6d1780f1f8fe35e0f
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers

struts2-core-2.5.14.1.jar

Description: Apache Struts 2

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/struts/struts2-core/2.5.14.1/struts2-core-2.5.14.1.jar
MD5: 4f5b5fda13e20991d13a18c75010d49b
SHA1: ef575752783dc8f22fade1a3b13330274e7d7f23
Referenced In Project/Scope: Struts 2 OSGi Plugin:compile

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the Node Security Platform.