Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: DEPRECATED: Struts 2 Sitegraph Plugin

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE GAV Highest Severity CVE Count CPE Confidence Evidence Count
org.mortbay.jetty-5.1.4.jar cpe:/a:jetty:jetty_http_server:5.1.4
cpe:/a:jetty:jetty:5.1.4
cpe:/a:mortbay_jetty:jetty:5.1.4
jetty:org.mortbay.jetty:5.1.4  Medium 1 Low 22
jdtcore-3.1.0.jar eclipse:jdtcore:3.1.0    0 18
ant-1.6.5.jar ant:ant:1.6.5    0 18
jasper-compiler-5.5.12.jar cpe:/a:jasper_project:jasper:5.5.12 tomcat:jasper-compiler:5.5.12    0 Low 16
jasper-runtime-5.5.12.jar cpe:/a:jasper_project:jasper:5.5.12 tomcat:jasper-runtime:5.5.12    0 Low 16
jasper-compiler-jdt-5.5.12.jar cpe:/a:jasper_project:jasper:5.5.12 tomcat:jasper-compiler-jdt:5.5.12    0 Low 17
commons-logging-1.1.3.jar commons-logging:commons-logging:1.1.3    0 36
commons-el-1.0.jar tomcat:commons-el:5.5.23    0 27
commons-io-2.5.jar commons-io:commons-io:2.5    0 40
commons-lang3-3.6.jar org.apache.commons:commons-lang3:3.6    0 41
freemarker-2.3.26-incubating.jar org.freemarker:freemarker:2.3.26-incubating    0 44
javassist-3.20.0-GA.jar org.javassist:javassist:3.20.0-GA    0 27
ognl-3.1.15.jar cpe:/a:ognl_project:ognl:3.1.15 ognl:ognl:3.1.15    0 Low 22
log4j-api-2.9.1.jar cpe:/a:apache:log4j:2.9.1 org.apache.logging.log4j:log4j-api:2.9.1    0 Low 39
commons-fileupload-1.3.3.jar cpe:/a:apache:commons_fileupload:1.3.3 commons-fileupload:commons-fileupload:1.3.3    0 Low 40
struts2-core-2.5.14.1.jar cpe:/a:apache:struts:2.5.14.1 org.apache.struts:struts2-core:2.5.14.1    0 Low 33
jdtcore-3.1.0.jar: jdtCompilerAdapter.jar   0 7

Dependencies

org.mortbay.jetty-5.1.4.jar

File Path: /home/jenkins/.m2/repository/jetty/org.mortbay.jetty/5.1.4/org.mortbay.jetty-5.1.4.jar
MD5: cc2c559c3dfd419312b89dc938d50532
SHA1: 9f8b9485ef1ac5a3e7549f21287510280f460371
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

  • maven: jetty:org.mortbay.jetty:5.1.4    Confidence:Highest
  • cpe: cpe:/a:jetty:jetty_http_server:5.1.4   Confidence:Low   
  • cpe: cpe:/a:jetty:jetty:5.1.4   Confidence:Low   
  • cpe: cpe:/a:mortbay_jetty:jetty:5.1.4   Confidence:Low   
  • maven: org.mortbay.jetty:org.mortbay.jetty:5.1.4    Confidence:Highest

CVE-2007-5615  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')

CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Vulnerable Software & Versions:

jdtcore-3.1.0.jar

File Path: /home/jenkins/.m2/repository/eclipse/jdtcore/3.1.0/jdtcore-3.1.0.jar
MD5: d1651bf9048165f304e7877f1eaad6dc
SHA1: c5e3e72ae7220118c3da808628ec7016d4d8aef2
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

ant-1.6.5.jar

File Path: /home/jenkins/.m2/repository/ant/ant/1.6.5/ant-1.6.5.jar
MD5: c5c499f1eef9367c657e89bb881c69aa
SHA1: 7d18faf23df1a5c3a43613952e0e8a182664564b
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

jasper-compiler-5.5.12.jar

File Path: /home/jenkins/.m2/repository/tomcat/jasper-compiler/5.5.12/jasper-compiler-5.5.12.jar
MD5: 09f7545f0006619925988d0da8f28960
SHA1: c594866c64565344c0e7bdc9bf4fee70290c4dd5
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

jasper-runtime-5.5.12.jar

File Path: /home/jenkins/.m2/repository/tomcat/jasper-runtime/5.5.12/jasper-runtime-5.5.12.jar
MD5: 00106504f4cb72c3d59f917209cfb6c3
SHA1: f3a50a55414655b9843f5a089923ea83d49dc55e
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

  • maven: tomcat:jasper-runtime:5.5.12    Confidence:Highest
  • cpe: cpe:/a:jasper_project:jasper:5.5.12   Confidence:Low   

jasper-compiler-jdt-5.5.12.jar

File Path: /home/jenkins/.m2/repository/tomcat/jasper-compiler-jdt/5.5.12/jasper-compiler-jdt-5.5.12.jar
MD5: d429ebdb19354363dfffc1a2de7a61a1
SHA1: 3692828e6d920028a56006705e308c10c10b5b24
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

commons-logging-1.1.3.jar

Description: Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar
MD5: 92eb5aabc1b47287de53d45c086a435c
SHA1: f6f66e966c70a83ffbdb6f17a0919eaf7c8aca7f
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

commons-el-1.0.jar

Description: JSP 2.0 Expression Language Interpreter Implementation

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: /home/jenkins/.m2/repository/commons-el/commons-el/1.0/commons-el-1.0.jar
MD5: 7c98594df7c126f33688fa6d93169639
SHA1: 1df2c042b3f2de0124750241ac6c886dbfa2cc2c
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

commons-io-2.5.jar

Description:  The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-io/commons-io/2.5/commons-io-2.5.jar
MD5: e2d74794fba570ec2115fb9d5b05dc9b
SHA1: 2852e6e05fbb95076fc091f6d1780f1f8fe35e0f
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

commons-lang3-3.6.jar

Description:  Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/commons/commons-lang3/3.6/commons-lang3-3.6.jar
MD5: 5d18f68b5122fd398c118df53ab4cf55
SHA1: 9d28a6b23650e8a7e9063c04588ace6cf7012c17
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

freemarker-2.3.26-incubating.jar

Description:  FreeMarker is a "template engine"; a generic tool to generate text output based on templates.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/freemarker/freemarker/2.3.26-incubating/freemarker-2.3.26-incubating.jar
MD5: cbb030d58da59a3c597b65cec837c37e
SHA1: 713237e013f725b72f4f9ec931a49c14b1805359
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

javassist-3.20.0-GA.jar

Description:  Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/
File Path: /home/jenkins/.m2/repository/org/javassist/javassist/3.20.0-GA/javassist-3.20.0-GA.jar
MD5: a89dd7907d76e061ec2c07e762a74256
SHA1: a9cbcdfb7e9f86fbc74d3afae65f2248bfbf82a0
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

ognl-3.1.15.jar

Description: OGNL - Object Graph Navigation Library

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/ognl/ognl/3.1.15/ognl-3.1.15.jar
MD5: 47a2f86e8dcd313d606cc5581e202fe6
SHA1: 8ea2a66fafbf9d6f0353c6fac562a1ddb1bedf13
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

  • maven: ognl:ognl:3.1.15    Confidence:Highest
  • cpe: cpe:/a:ognl_project:ognl:3.1.15   Confidence:Low   

log4j-api-2.9.1.jar

Description: The Apache Log4j API

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/logging/log4j/log4j-api/2.9.1/log4j-api-2.9.1.jar
MD5: 20f0b4e1a16bd2030f0acc2b277cb16f
SHA1: 7a2999229464e7a324aa503c0a52ec0f05efe7bd
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

commons-fileupload-1.3.3.jar

Description:  The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-fileupload/commons-fileupload/1.3.3/commons-fileupload-1.3.3.jar
MD5: dd77e787b7b5dc56f6a1cb658716d55d
SHA1: 04ff14d809195b711fd6bcc87e6777f886730ca1
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

struts2-core-2.5.14.1.jar

Description: Apache Struts 2

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/struts/struts2-core/2.5.14.1/struts2-core-2.5.14.1.jar
MD5: 4f5b5fda13e20991d13a18c75010d49b
SHA1: ef575752783dc8f22fade1a3b13330274e7d7f23
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

jdtcore-3.1.0.jar: jdtCompilerAdapter.jar

File Path: /home/jenkins/.m2/repository/eclipse/jdtcore/3.1.0/jdtcore-3.1.0.jar/jdtCompilerAdapter.jar
MD5: e66287f3ce15029d202ffc9c2dc3aa77
SHA1: a9d9eb99b7920dd3ee24d601a26cd7e473b0bf6e
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

  • None


This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the Node Security Platform.