Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: Struts 2

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE Coordinates Highest Severity CVE Count CPE Confidence Evidence Count
jcommander-1.48.jar com.beust:jcommander:1.48    0 23
bsh-2.0b4.jar cpe:/a:beanshell_project:beanshell:2.0.b4 org.beanshell:bsh:2.0b4  Medium 1 Low 25
testng-6.9.10.jar org.testng:testng:6.9.10    0 28
commons-logging-1.1.3.jar commons-logging:commons-logging:1.1.3    0 36
spring-core-4.3.13.RELEASE.jar cpe:/a:pivotal_software:spring_framework:4.3.13
cpe:/a:pivotal:spring_framework:4.3.13
org.springframework:spring-core:4.3.13.RELEASE  High 8 Highest 28
freemarker-2.3.26-incubating.jar org.freemarker:freemarker:2.3.26-incubating    0 44
javassist-3.20.0-GA.jar org.javassist:javassist:3.20.0-GA    0 27
ognl-3.1.15.jar cpe:/a:ognl_project:ognl:3.1.15 ognl:ognl:3.1.15    0 Low 22
commons-fileupload-1.3.3.jar cpe:/a:apache:commons_fileupload:1.3.3 commons-fileupload:commons-fileupload:1.3.3    0 Low 40
commons-io-2.5.jar commons-io:commons-io:2.5    0 40
commons-lang3-3.6.jar org.apache.commons:commons-lang3:3.6    0 41
struts2-core-2.5.18.jar cpe:/a:apache:struts:2.5.18 org.apache.struts:struts2-core:2.5.18    0 Low 33
oval-1.31.jar net.sf.oval:oval:1.31    0 38
xmlpull-1.1.3.1.jar xmlpull:xmlpull:1.1.3.1    0 18
xpp3_min-1.1.4c.jar xpp3:xpp3_min:1.1.4c    0 24
xstream-1.4.10.jar cpe:/a:xstream_project:xstream:1.4.10 com.thoughtworks.xstream:xstream:1.4.10    0 Low 53
commons-beanutils-1.9.2.jar cpe:/a:apache:commons_beanutils:1.9.2 commons-beanutils:commons-beanutils:1.9.2    0 Low 36
commons-collections-3.2.2.jar cpe:/a:apache:commons_collections:3.2.2 commons-collections:commons-collections:3.2.2    0 Low 40
commons-lang-2.5.jar commons-lang:commons-lang:2.5    0 34
ezmorph-1.0.6.jar net.sf.ezmorph:ezmorph:1.0.6    0 22
json-lib-2.4-jdk15.jar com.hynnet:json-lib:2.4    0 15
jackson-core-2.9.5.jar cpe:/a:fasterxml:jackson:2.9.5 com.fasterxml.jackson.core:jackson-core:2.9.5    0 Low 41
jackson-annotations-2.9.0.jar cpe:/a:fasterxml:jackson:2.9.0 com.fasterxml.jackson.core:jackson-annotations:2.9.0    0 Low 39
jackson-databind-2.9.5.jar cpe:/a:fasterxml:jackson-databind:2.9.5
cpe:/a:fasterxml:jackson:2.9.5
com.fasterxml.jackson.core:jackson-databind:2.9.5    0 Low 41
stax2-api-3.1.4.jar org.codehaus.woodstox:stax2-api:3.1.4    0 29
woodstox-core-5.0.3.jar com.fasterxml.woodstox:woodstox-core:5.0.3    0 43
dwr-1.1.1.jar cpe:/a:getahead:direct_web_remoting:1.1.1 uk.ltd.getahead:dwr:1.1.1  High 3 Highest 22
google-gxp-0.2.4-beta.jar cpe:/a:html-pages_project:html-pages:0.2.4.beta com.google.gxp:google-gxp:0.2.4-beta    0 Low 25
google-collections-1.0.jar com.google.collections:google-collections:1.0    0 31
slf4j-api-1.7.12.jar cpe:/a:slf4j:slf4j:1.7.12 org.slf4j:slf4j-api:1.7.12    0 Low 31
commons-digester-2.1.jar commons-digester:commons-digester:2.1    0 34
jcl-over-slf4j-1.7.6.jar cpe:/a:slf4j:slf4j:1.7.6 org.slf4j:jcl-over-slf4j:1.7.6    0 Low 31
tiles-core-3.0.7.jar cpe:/a:apache:tiles:3.0.7 org.apache.tiles:tiles-core:3.0.7    0 Low 33
tiles-request-api-1.0.6.jar cpe:/a:apache:tiles:1.0.6 org.apache.tiles:tiles-request-api:1.0.6    0 Low 33
tiles-autotag-core-runtime-1.2.jar cpe:/a:apache:tiles:1.2 org.apache.tiles:tiles-autotag-core-runtime:1.2    0 Low 33
javax.el-3.0.0.jar org.glassfish:javax.el:3.0.0    0 36
commons-lang-2.4.jar commons-lang:commons-lang:2.4    0 34
velocity-1.7.jar org.apache.velocity:velocity:1.7    0 33
commons-chain-1.1.jar commons-chain:commons-chain:1.1    0 29
dom4j-1.1.jar dom4j:dom4j:1.1    0 17
oro-2.0.8.jar oro:oro:2.0.8    0 14
sslext-1.2-0.jar sslext:sslext:1.2-0    0 20
antlr-2.7.2.jar antlr:antlrall:2.7.2    0 13
struts-core-1.3.8.jar org.apache.struts:struts-core:1.3.8    0 26
struts-taglib-1.3.8.jar org.apache.struts:struts-taglib:1.3.8    0 26
struts-tiles-1.3.8.jar cpe:/a:apache:tiles:1.3.8 org.apache.struts:struts-tiles:1.3.8    0 Low 26
velocity-tools-2.0.jar org.apache.velocity:velocity-tools:2.0    0 30
aspectjweaver-1.8.9.jar org.aspectj:aspectjweaver:1.8.9    0 25
cglib-nodep-2.1_3.jar cglib:cglib-nodep:2.1_3    0 20
hamcrest-core-1.3.jar org.hamcrest:hamcrest-core:1.3    0 25
junit-4.12.jar junit:junit:4.12    0 25
struts-annotations-1.0.6.jar org.apache.struts:struts-annotations:1.0.6    0 28
jcommander-1.12.jar com.beust:jcommander:1.12    0 23
snakeyaml-1.6.jar org.yaml:snakeyaml:1.6    0 21
testng-5.14.10.jar org.testng:testng:5.14.10    0 23
org.mortbay.jetty-5.1.4.jar cpe:/a:jetty:jetty_http_server:5.1.4
cpe:/a:jetty:jetty:5.1.4
cpe:/a:mortbay_jetty:jetty:5.1.4
jetty:org.mortbay.jetty:5.1.4  Medium 1 Low 22
jdtcore-3.1.0.jar eclipse:jdtcore:3.1.0    0 18
ant-1.6.5.jar ant:ant:1.6.5    0 18
jasper-compiler-5.5.12.jar cpe:/a:jasper_project:jasper:5.5.12 tomcat:jasper-compiler:5.5.12    0 Low 16
jasper-runtime-5.5.12.jar cpe:/a:jasper_project:jasper:5.5.12 tomcat:jasper-runtime:5.5.12    0 Low 16
jasper-compiler-jdt-5.5.12.jar cpe:/a:jasper_project:jasper:5.5.12 tomcat:jasper-compiler-jdt:5.5.12    0 Low 17
commons-el-1.0.jar tomcat:commons-el:5.5.23    0 30
struts2-tiles-plugin-2.5.18.jar cpe:/a:apache:struts:2.5.18
cpe:/a:apache:tiles:2.5.18
org.apache.struts:struts2-tiles-plugin:2.5.18    0 Low 33
asm-5.2.jar org.ow2.asm:asm:5.2    0 28
asm-tree-5.2.jar org.ow2.asm:asm-tree:5.2    0 28
asm-commons-5.2.jar org.ow2.asm:asm-commons:5.2    0 28
validation-api-1.1.0.Final.jar javax.validation:validation-api:1.1.0.Final    0 22
log4j-core-2.10.0.jar cpe:/a:apache:log4j:2.10.0 org.apache.logging.log4j:log4j-core:2.10.0    0 Low 41
commons-validator-1.5.1.jar commons-validator:commons-validator:1.5.1    0 40
sitemesh-2.4.2.jar opensymphony:sitemesh:2.4.2    0 26
jboss-logging-3.1.3.GA.jar org.jboss.logging:jboss-logging:3.1.3.GA    0 44
classmate-1.0.0.jar com.fasterxml:classmate:1.0.0    0 29
hibernate-validator-5.1.3.Final.jar cpe:/a:hibernate:hibernate_validator:5.1.3 org.hibernate:hibernate-validator:5.1.3.Final    0 Low 32
plexus-utils-1.2.jar org.codehaus.plexus:plexus-utils:1.2    0 24
classworlds-1.1.jar classworlds:classworlds:1.1    0 26
plexus-container-default-1.0-alpha-10.jar org.codehaus.plexus:plexus-container-default:1.0-alpha-10    0 25
juli-6.0.18.jar cpe:/a:apache:tomcat:6.0.18
cpe:/a:apache_software_foundation:tomcat:6.0.18
cpe:/a:apache_tomcat:apache_tomcat:6.0.18
org.apache.tomcat:juli:6.0.18  High 59 Highest 17
org.apache.felix.framework-4.0.3.jar org.apache.felix:org.apache.felix.framework:4.0.3    0 26
org.apache.felix.main-4.0.3.jar org.apache.felix:org.apache.felix.main:4.0.3    0 21
org.osgi.core-4.1.0.jar org.papoose.osgi:OSGi_R4_v4.1_core_spec:4.1.0.build-200702212030    0 27
org.osgi.compendium-4.0.0.jar org.osgi:org.osgi.compendium:4.0.0    0 19
org.apache.felix.shell-1.4.3.jar org.apache.felix:org.apache.felix.shell:1.4.3    0 28
org.apache.felix.shell.tui-1.4.1.jar org.apache.felix:org.apache.felix.shell.tui:1.4.1    0 28
commons-jci-fam-1.1.jar org.apache.commons:commons-jci-fam:1.1    0 35
jdtcore-3.1.0.jar: jdtCompilerAdapter.jar   0 7

Dependencies

jcommander-1.48.jar

Description: A Java framework to parse command line options with annotations.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/beust/jcommander/1.48/jcommander-1.48.jar
MD5: 7a84fb4b01f46c904bd549e67e6c48a1
SHA1: bfcb96281ea3b59d626704f74bc6d625ff51cbce
Referenced In Project/Scope: Struts 2 TestNG Plugin:compile

Identifiers

bsh-2.0b4.jar

Description: BeanShell

File Path: /home/jenkins/.m2/repository/org/beanshell/bsh/2.0b4/bsh-2.0b4.jar
MD5: a1c60aa83c9c9a6cb2391c1c1b85eb00
SHA1: a05f0a0feefa8d8467ac80e16e7de071489f0d9c
Referenced In Projects/Scopes:

  • Struts 2 TestNG Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 Assembly:compile

Identifiers

  • maven: org.beanshell:bsh:2.0b4    Confidence:Highest
  • cpe: cpe:/a:beanshell_project:beanshell:2.0.b4   Confidence:Low   

CVE-2016-2510  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-19 Data Handling

BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.

Vulnerable Software & Versions:

testng-6.9.10.jar

Description: Testing framework for Java

License:

Apache  Version 2.0, January 2004
File Path: /home/jenkins/.m2/repository/org/testng/testng/6.9.10/testng-6.9.10.jar
MD5: 83e26cb672a81f5bbda139436ef4d8d0
SHA1: 6feb3e964aeb7097aff30c372aac3ec0f8d87ede
Referenced In Project/Scope: Struts 2 TestNG Plugin:compile

Identifiers

commons-logging-1.1.3.jar

Description: Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar
MD5: 92eb5aabc1b47287de53d45c086a435c
SHA1: f6f66e966c70a83ffbdb6f17a0919eaf7c8aca7f
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • DEPRECATED: Struts 2 Sitegraph Plugin:compile
  • Struts 2 JUnit Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 REST Plugin:compile

Identifiers

spring-core-4.3.13.RELEASE.jar

Description: Spring Core

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/jenkins/.m2/repository/org/springframework/spring-core/4.3.13.RELEASE/spring-core-4.3.13.RELEASE.jar
MD5: efd11c13ff85ffc5915f03e09ea88977
SHA1: eea18d7f4d01f1baa1b6728b678b5a6fe23c61f6
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 Assembly:compile
  • Struts 2 REST Plugin:compile

Identifiers

CVE-2018-11039  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-20 Improper Input Validation

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.

Vulnerable Software & Versions: (show all)

CVE-2018-11040  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-254 Security Features

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.

Vulnerable Software & Versions: (show all)

CVE-2018-1199  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-20 Improper Input Validation

Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed.

Vulnerable Software & Versions: (show all)

CVE-2018-1257  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.

Vulnerable Software & Versions: (show all)

CVE-2018-1270  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-358 Improperly Implemented Security Check for Standard

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Vulnerable Software & Versions: (show all)

CVE-2018-1271  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.

Vulnerable Software & Versions: (show all)

CVE-2018-1272  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

Vulnerable Software & Versions: (show all)

CVE-2018-1275  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-358 Improperly Implemented Security Check for Standard

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.

Vulnerable Software & Versions: (show all)

freemarker-2.3.26-incubating.jar

Description:  FreeMarker is a "template engine"; a generic tool to generate text output based on templates.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/freemarker/freemarker/2.3.26-incubating/freemarker-2.3.26-incubating.jar
MD5: cbb030d58da59a3c597b65cec837c37e
SHA1: 713237e013f725b72f4f9ec931a49c14b1805359
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Plexus Plugin:compile
  • Struts Plugins:compile
  • Struts OSGi Bundles:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OSGi Plugin:compile
  • DEPRECATED: Struts 2 Sitegraph Plugin:compile
  • Struts 2 JSON Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 Webapps:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 REST Plugin:compile

Identifiers

javassist-3.20.0-GA.jar

Description:  Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/
File Path: /home/jenkins/.m2/repository/org/javassist/javassist/3.20.0-GA/javassist-3.20.0-GA.jar
MD5: a89dd7907d76e061ec2c07e762a74256
SHA1: a9cbcdfb7e9f86fbc74d3afae65f2248bfbf82a0
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Plexus Plugin:compile
  • Struts Plugins:compile
  • Struts OSGi Bundles:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OSGi Plugin:compile
  • DEPRECATED: Struts 2 Sitegraph Plugin:compile
  • Struts 2 JSON Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 Webapps:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 REST Plugin:compile

Identifiers

ognl-3.1.15.jar

Description: OGNL - Object Graph Navigation Library

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/ognl/ognl/3.1.15/ognl-3.1.15.jar
MD5: 47a2f86e8dcd313d606cc5581e202fe6
SHA1: 8ea2a66fafbf9d6f0353c6fac562a1ddb1bedf13
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Plexus Plugin:compile
  • Struts Plugins:compile
  • Struts OSGi Bundles:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OSGi Plugin:compile
  • DEPRECATED: Struts 2 Sitegraph Plugin:compile
  • Struts 2 JSON Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 Webapps:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 REST Plugin:compile

Identifiers

  • maven: ognl:ognl:3.1.15    Confidence:Highest
  • cpe: cpe:/a:ognl_project:ognl:3.1.15   Confidence:Low   

commons-fileupload-1.3.3.jar

Description:  The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-fileupload/commons-fileupload/1.3.3/commons-fileupload-1.3.3.jar
MD5: dd77e787b7b5dc56f6a1cb658716d55d
SHA1: 04ff14d809195b711fd6bcc87e6777f886730ca1
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Plexus Plugin:compile
  • Struts Plugins:compile
  • Struts OSGi Bundles:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OSGi Plugin:compile
  • DEPRECATED: Struts 2 Sitegraph Plugin:compile
  • Struts 2 JSON Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 Webapps:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 REST Plugin:compile

Identifiers

commons-io-2.5.jar

Description:  The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-io/commons-io/2.5/commons-io-2.5.jar
MD5: e2d74794fba570ec2115fb9d5b05dc9b
SHA1: 2852e6e05fbb95076fc091f6d1780f1f8fe35e0f
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Plexus Plugin:compile
  • Struts Plugins:compile
  • Struts OSGi Bundles:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OSGi Plugin:compile
  • DEPRECATED: Struts 2 Sitegraph Plugin:compile
  • Struts 2 JSON Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 Webapps:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 REST Plugin:compile

Identifiers

commons-lang3-3.6.jar

Description:  Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/commons/commons-lang3/3.6/commons-lang3-3.6.jar
MD5: 5d18f68b5122fd398c118df53ab4cf55
SHA1: 9d28a6b23650e8a7e9063c04588ace6cf7012c17
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Plexus Plugin:compile
  • Struts Plugins:compile
  • Struts OSGi Bundles:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OSGi Plugin:compile
  • DEPRECATED: Struts 2 Sitegraph Plugin:compile
  • Struts 2 JSON Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 Webapps:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 REST Plugin:compile

Identifiers

struts2-core-2.5.18.jar

Description: Apache Struts 2

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/struts/struts2-core/2.5.18/struts2-core-2.5.18.jar
MD5: 333f5aef52425eef7bd764c29b7bdc47
SHA1: 4366b4f463024064acb8352bbf7d5c4ca6b317af
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Plexus Plugin:compile
  • Struts Plugins:compile
  • Struts OSGi Bundles:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OSGi Plugin:compile
  • DEPRECATED: Struts 2 Sitegraph Plugin:compile
  • Struts 2 JSON Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 Webapps:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 REST Plugin:compile

Identifiers

oval-1.31.jar

Description:  OVal is a pragmatic and extensible validation framework for any kind of Java objects (not only JavaBeans). Constraints can be declared with annotations (@NotNull, @MaxLength), POJOs or XML. Custom constraints can be expressed as custom Java classes or by using scripting languages such as JavaScript, Groovy, BeanShell, OGNL or MVEL. Besides field/property validation OVal implements Programming by Contract features by utilizing AspectJ based aspects. This for example allows runtime validation of method arguments.

License:

Eclipse Public License - v 1.0: http://oval.sf.net/license/epl-v10.txt
File Path: /home/jenkins/.m2/repository/net/sf/oval/oval/1.31/oval-1.31.jar
MD5: 424ec662362b798f6252b627f8713ded
SHA1: 3c2b983182f04f3854bbada755aa10a63bf3350e
Referenced In Projects/Scopes:
  • Struts 2 OVal Plugin:compile
  • Struts 2 Assembly:compile

Identifiers

xmlpull-1.1.3.1.jar

License:

Public Domain: http://www.xmlpull.org/v1/download/unpacked/LICENSE.txt
File Path: /home/jenkins/.m2/repository/xmlpull/xmlpull/1.1.3.1/xmlpull-1.1.3.1.jar
MD5: cc57dacc720eca721a50e78934b822d2
SHA1: 2b8e230d2ab644e4ecaa94db7cdedbc40c805dfa
Referenced In Projects/Scopes:
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 REST Plugin:compile

Identifiers

xpp3_min-1.1.4c.jar

Description: MXP1 is a stable XmlPull parsing engine that is based on ideas from XPP and in particular XPP2 but completely revised and rewritten to take the best advantage of latest JIT JVMs such as Hotspot in JDK 1.4+.

License:

Indiana University Extreme! Lab Software License, vesion 1.1.1: http://www.extreme.indiana.edu/viewcvs/~checkout~/XPP3/java/LICENSE.txt
Public Domain: http://creativecommons.org/licenses/publicdomain
File Path: /home/jenkins/.m2/repository/xpp3/xpp3_min/1.1.4c/xpp3_min-1.1.4c.jar
MD5: dcd95bcb84b09897b2b66d4684c040da
SHA1: 19d4e90b43059058f6e056f794f0ea4030d60b86
Referenced In Projects/Scopes:
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 REST Plugin:compile

Identifiers

xstream-1.4.10.jar

Description: XStream is a serialization library from Java objects to XML and back.

License:

http://x-stream.github.io/license.html
File Path: /home/jenkins/.m2/repository/com/thoughtworks/xstream/xstream/1.4.10/xstream-1.4.10.jar
MD5: d00eec778910f95b26201395ac64cca0
SHA1: dfecae23647abc9d9fd0416629a4213a3882b101
Referenced In Projects/Scopes:
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 REST Plugin:compile

Identifiers

commons-beanutils-1.9.2.jar

Description: Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar
MD5: 9f298a2d65e68184f9ebaa938bc12106
SHA1: 7a87d845ad3a155297e8f67d9008f4c1e5656b71
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 REST Plugin:compile

Identifiers

commons-collections-3.2.2.jar

Description: Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 REST Plugin:compile

Identifiers

commons-lang-2.5.jar

Description:  Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-lang/commons-lang/2.5/commons-lang-2.5.jar
MD5: ab04c560caea60d3b0050beb57776a32
SHA1: b0236b252e86419eef20c31a44579d2aee2f0a69
Referenced In Project/Scope: Struts 2 REST Plugin:compile

Identifiers

ezmorph-1.0.6.jar

Description:  Simple java library for transforming an Object to another Object.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/net/sf/ezmorph/ezmorph/1.0.6/ezmorph-1.0.6.jar
MD5: 1fa113c6aacf3a01af1449df77acd474
SHA1: 01e55d2a0253ea37745d33062852fd2c90027432
Referenced In Project/Scope: Struts 2 REST Plugin:compile

Identifiers

json-lib-2.4-jdk15.jar

File Path: /home/jenkins/.m2/repository/net/sf/json-lib/json-lib/2.4/json-lib-2.4-jdk15.jar
MD5: f5db294d05b3d5a5bfb873455b0a8626
SHA1: 136743e0d12df4e785e62b48618cee169b2ae546
Referenced In Project/Scope: Struts 2 REST Plugin:compile

Identifiers

jackson-core-2.9.5.jar

Description: Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.9.5/jackson-core-2.9.5.jar
MD5: ec59f24f7f8d9acf53301c562722adf2
SHA1: a22ac51016944b06fd9ffbc9541c6e7ce5eea117
Referenced In Projects/Scopes:
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Assembly:compile
  • Struts 2 REST Plugin:compile

Identifiers

jackson-annotations-2.9.0.jar

Description: Core annotations used for value types, used by Jackson data binding package.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.9.0/jackson-annotations-2.9.0.jar
MD5: c09faa1b063681cf45706c6df50685b6
SHA1: 07c10d545325e3a6e72e06381afe469fd40eb701
Referenced In Projects/Scopes:
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Assembly:compile
  • Struts 2 REST Plugin:compile

Identifiers

jackson-databind-2.9.5.jar

Description: General data-binding functionality for Jackson: works on core streaming API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.5/jackson-databind-2.9.5.jar
MD5: 34b37affbf74f5d199be10622ddc83cd
SHA1: 3490508379d065fe3fcb80042b62f630f7588606
Referenced In Projects/Scopes:
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Assembly:compile
  • Struts 2 REST Plugin:compile

Identifiers

stax2-api-3.1.4.jar

Description: tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API.

License:

The BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: /home/jenkins/.m2/repository/org/codehaus/woodstox/stax2-api/3.1.4/stax2-api-3.1.4.jar
MD5: c08e89de601b0a78f941b2c29db565c3
SHA1: ac19014b1e6a7c08aad07fe114af792676b685b7
Referenced In Projects/Scopes:
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 REST Plugin:compile

Identifiers

woodstox-core-5.0.3.jar

Description:  Woodstox is a high-performance XML processor that implements Stax (JSR-173), SAX2 and Stax2 APIs

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/fasterxml/woodstox/woodstox-core/5.0.3/woodstox-core-5.0.3.jar
MD5: 8b151bd3d262d9c07e0384b7cc6c4cd9
SHA1: 10aa199207fda142eff01cd61c69244877d71770
Referenced In Projects/Scopes:
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 REST Plugin:compile

Identifiers

dwr-1.1.1.jar

Description: DWR is easy Ajax for Java.

File Path: /home/jenkins/.m2/repository/uk/ltd/getahead/dwr/1.1.1/dwr-1.1.1.jar
MD5: acf4c23760ecb7377ee5047cd89afc90
SHA1: 52fa2a12084cef04a5ce4e99d6dd63ba3fbf1071
Referenced In Projects/Scopes:

  • Struts 2 DWR Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile

Identifiers

CVE-2006-6916  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to cause a denial of service (infinite loop) via unknown vectors related to "crafted input."

Vulnerable Software & Versions:

CVE-2007-0184  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.

Vulnerable Software & Versions: (show all)

CVE-2007-0185  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to cause a denial of service (memory exhaustion and servlet outage) via unknown vectors related to a large number of calls in a batch.

Vulnerable Software & Versions: (show all)

google-gxp-0.2.4-beta.jar

Description: Google XML Pages (GXP) is a templating system used to generate XML/SGML markup (most often HTML).

File Path: /home/jenkins/.m2/repository/com/google/gxp/google-gxp/0.2.4-beta/google-gxp-0.2.4-beta.jar
MD5: 9ccdb925731dab69eec49b1881a0794a
SHA1: b80c7c780973ffd5eac63de301eb6a05035aeb46
Referenced In Projects/Scopes:

  • Struts 2 GXP Plugin:compile
  • Struts 2 Assembly:compile

Identifiers

google-collections-1.0.jar

Description: Google Collections Library is a suite of new collections and collection-related goodness for Java 5.0

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/google/collections/google-collections/1.0/google-collections-1.0.jar
MD5: 7c882c8d734e50112000e4a88e06c535
SHA1: 9ffe71ac6dcab6bc03ea13f5c2e7b2804e69b357
Referenced In Projects/Scopes:
  • Struts 2 GXP Plugin:compile
  • Struts 2 Assembly:compile

Identifiers

slf4j-api-1.7.12.jar

Description: The slf4j API

File Path: /home/jenkins/.m2/repository/org/slf4j/slf4j-api/1.7.12/slf4j-api-1.7.12.jar
MD5: 68910bf95dbcf90ce5859128f0f75d1e
SHA1: 8e20852d05222dc286bf1c71d78d0531e177c317
Referenced In Projects/Scopes:

  • Struts 2 Tiles Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 Assembly:compile

Identifiers

commons-digester-2.1.jar

Description:  The Digester package lets you configure an XML to Java object mapping module which triggers certain actions called rules whenever a particular pattern of nested XML elements is recognized.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-digester/commons-digester/2.1/commons-digester-2.1.jar
MD5: 528445033f22da28f5047b6abcd1c7c9
SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Core:compile
  • Struts 2 Assembly:compile

Identifiers

jcl-over-slf4j-1.7.6.jar

Description: JCL 1.1.1 implemented over SLF4J

File Path: /home/jenkins/.m2/repository/org/slf4j/jcl-over-slf4j/1.7.6/jcl-over-slf4j-1.7.6.jar
MD5: 0cebfe147c0ff0b38930db24e576bdd4
SHA1: ab1648fe1dd6f1e5c2ec6d12f394672bb8c1036a
Referenced In Projects/Scopes:

  • Struts 2 Tiles Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile

Identifiers

tiles-core-3.0.7.jar

Description: Tiles Core Library, including basic implementation of the APIs.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/tiles/tiles-core/3.0.7/tiles-core-3.0.7.jar
MD5: 3686bed73b8abc2716b73bb8f86c1963
SHA1: 7dea454df03ef7f736f373252a3b535c5e31f3d9
Referenced In Projects/Scopes:
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile

Identifiers

tiles-request-api-1.0.6.jar

Description: API for the Tiles Request framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/tiles/tiles-request-api/1.0.6/tiles-request-api-1.0.6.jar
MD5: da4b3b42121a597f65406d5dd3530813
SHA1: 159cd498ce20e904516e0cad7f0c2fd9f729e746
Referenced In Projects/Scopes:
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile

Identifiers

tiles-autotag-core-runtime-1.2.jar

Description: Autotag: runtime core classes.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/tiles/tiles-autotag-core-runtime/1.2/tiles-autotag-core-runtime-1.2.jar
MD5: 425009289d5df24ff34eb0bab20a1c36
SHA1: 0100bd3cae1a5debf9afb4ef5c8b36c508d06326
Referenced In Projects/Scopes:
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Assembly:compile

Identifiers

javax.el-3.0.0.jar

Description: Expression Language 3.0 API and Implementation

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /home/jenkins/.m2/repository/org/glassfish/javax.el/3.0.0/javax.el-3.0.0.jar
MD5: 9b413b6b4c57f68cc3e8649f754153f5
SHA1: dd532526e7c8de48e40419e6af1183658a973379
Referenced In Project/Scope: Struts 2 Tiles Plugin:compile

Identifiers

commons-lang-2.4.jar

Description:  Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-lang/commons-lang/2.4/commons-lang-2.4.jar
MD5: 237a8e845441bad2e535c57d985c8204
SHA1: 16313e02a793435009f1e458fa4af5d879f6fb11
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Core:compile
  • Struts 2 Assembly:compile

Identifiers

velocity-1.7.jar

Description: Apache Velocity is a general purpose template engine.

File Path: /home/jenkins/.m2/repository/org/apache/velocity/velocity/1.7/velocity-1.7.jar
MD5: 3692dd72f8367cb35fb6280dc2916725
SHA1: 2ceb567b8f3f21118ecdec129fe1271dbc09aa7a
Referenced In Projects/Scopes:

  • Struts 2 OSGi Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Core:compile
  • Struts 2 Assembly:compile

Identifiers

commons-chain-1.1.jar

Description: An implmentation of the GoF Chain of Responsibility pattern

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: /home/jenkins/.m2/repository/commons-chain/commons-chain/1.1/commons-chain-1.1.jar
MD5: d4ce482153073855e7c6453dc3c725cb
SHA1: 3038bd41dcdb2b63b8c6dcc8c15f0fdf3f389012
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Core:compile

Identifiers

dom4j-1.1.jar

File Path: /home/jenkins/.m2/repository/dom4j/dom4j/1.1/dom4j-1.1.jar
MD5: f1c39d0d2b2c6f5ffb0046841a34b5c9
SHA1: 0690b3108a502c8f033ea87e7278aec309ffa668
Referenced In Projects/Scopes:

  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Core:compile

Identifiers

oro-2.0.8.jar

File Path: /home/jenkins/.m2/repository/oro/oro/2.0.8/oro-2.0.8.jar
MD5: 42e940d5d2d822f4dc04c65053e630ab
SHA1: 5592374f834645c4ae250f4c9fbb314c9369d698
Referenced In Projects/Scopes:

  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Core:compile

Identifiers

sslext-1.2-0.jar

License:

Apache Software License, Version 1.1: http://www.apache.org/licenses/LICENSE-1.1
File Path: /home/jenkins/.m2/repository/sslext/sslext/1.2-0/sslext-1.2-0.jar
MD5: fda7f2a2f7ac9b017a5de1a4742753fd
SHA1: c86a7db4ac0bc450e675f3d44b3d64cdc934361b
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Core:compile

Identifiers

antlr-2.7.2.jar

File Path: /home/jenkins/.m2/repository/antlr/antlr/2.7.2/antlr-2.7.2.jar
MD5: a73459120df5cadf75eaa98453433a01
SHA1: 546b5220622c4d9b2da45ad1899224b6ce1c8830
Referenced In Projects/Scopes:

  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Core:compile

Identifiers

struts-core-1.3.8.jar

File Path: /home/jenkins/.m2/repository/org/apache/struts/struts-core/1.3.8/struts-core-1.3.8.jar
MD5: 868de456b4d4331d6dcc4e8d3bee884e
SHA1: 66178d4a9279ebb1cd1eb79c10dc204b4199f061
Referenced In Projects/Scopes:

  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Core:compile

Identifiers

struts-taglib-1.3.8.jar

File Path: /home/jenkins/.m2/repository/org/apache/struts/struts-taglib/1.3.8/struts-taglib-1.3.8.jar
MD5: 0effb2e71f676c25d76c3ae5dd6674f9
SHA1: e87e9817bdf03c2367fb5f6d5ead953db2df4c21
Referenced In Projects/Scopes:

  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Core:compile

Identifiers

struts-tiles-1.3.8.jar

File Path: /home/jenkins/.m2/repository/org/apache/struts/struts-tiles/1.3.8/struts-tiles-1.3.8.jar
MD5: f41992ab2729b1cb9c6b4721465aa4e4
SHA1: 6d212f8ea5d908bc9906e669428b7694dff60785
Referenced In Projects/Scopes:

  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Core:compile

Identifiers

velocity-tools-2.0.jar

Description:  VelocityTools is an integrated collection of Velocity subprojects with the common goal of creating tools and infrastructure to speed and ease development of both web and non-web applications using the Velocity template engine.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/velocity/velocity-tools/2.0/velocity-tools-2.0.jar
MD5: 51ed2c6c0103cf3fdbeb9aa5170f5288
SHA1: 69936384de86857018b023a8c56ae0635c56b6a0
Referenced In Projects/Scopes:
  • Struts 2 OSGi Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Core:compile

Identifiers

aspectjweaver-1.8.9.jar

Description: The AspectJ weaver introduces advices to java classes

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: /home/jenkins/.m2/repository/org/aspectj/aspectjweaver/1.8.9/aspectjweaver-1.8.9.jar
MD5: 304a51bce49f52a26bb79f3fd0b58325
SHA1: db28774f477f07220eac18d5ec9c4e01f48589d7
Referenced In Project/Scope: Struts 2 Core:compile

Identifiers

cglib-nodep-2.1_3.jar

File Path: /home/jenkins/.m2/repository/cglib/cglib-nodep/2.1_3/cglib-nodep-2.1_3.jar
MD5: db0e461169599af137eb24478c5292ce
SHA1: 58d3be5953547c0019e5704d6ed4ffda3b0c7c66
Referenced In Project/Scope: Struts 2 Core:compile

Identifiers

hamcrest-core-1.3.jar

Description:  This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.

File Path: /home/jenkins/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar
MD5: 6393363b47ddcbba82321110c3e07519
SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0
Referenced In Projects/Scopes:

  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 JUnit Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Core:compile
  • Struts OSGi Bundles:compile
  • Struts 2 Assembly:compile

Identifiers

junit-4.12.jar

Description: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.

License:

Eclipse Public License 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: /home/jenkins/.m2/repository/junit/junit/4.12/junit-4.12.jar
MD5: 5b38c40c97fbd0adee29f91e60405584
SHA1: 2973d150c0dc1fefe998f834810d68f278ea58ec
Referenced In Projects/Scopes:
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 JUnit Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Core:compile
  • Struts OSGi Bundles:compile
  • Struts 2 Assembly:compile

Identifiers

struts-annotations-1.0.6.jar

Description:  struts-annotations adds apt generation support for struts based annotated projects, such as TLD and documentation generation from annotated component classes as used in struts2

File Path: /home/jenkins/.m2/repository/org/apache/struts/struts-annotations/1.0.6/struts-annotations-1.0.6.jar
MD5: 5c4d4f7c5c2be95c22f13c74d35151fd
SHA1: 7285cf19a05f6a5bc3027fbe618eac77eb96e7d7
Referenced In Project/Scope: Struts 2 Core:compile

Identifiers

jcommander-1.12.jar

Description: A Java framework to parse command line options with annotations.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/com/beust/jcommander/1.12/jcommander-1.12.jar
MD5: c10e52d5d77de7f01eb671bcf828e3eb
SHA1: 7409692b48022f9eca7445861defbcdb9ee3c2a8
Referenced In Projects/Scopes:
  • Struts 2 Core:compile
  • Struts 2 Assembly:compile

Identifiers

snakeyaml-1.6.jar

Description: YAML 1.1 parser and emitter for Java

License:

Apache License Version 2.0: LICENSE.txt
File Path: /home/jenkins/.m2/repository/org/yaml/snakeyaml/1.6/snakeyaml-1.6.jar
MD5: 0c3b9b14db632872da111fb59d89de91
SHA1: a1e23e31c424d566ee27382e373d73a28fdabd88
Referenced In Projects/Scopes:
  • Struts 2 Core:compile
  • Struts 2 Assembly:compile

Identifiers

testng-5.14.10.jar

Description: TestNG is a testing framework.

License:

Apache License, Version 2.0: http://apache.org/licenses/LICENSE-2.0
File Path: /home/jenkins/.m2/repository/org/testng/testng/5.14.10/testng-5.14.10.jar
MD5: 9e9c69d7fc10f237f89646a33fcd30e5
SHA1: 29944bce4d63741f55ee90a30d74750341c5b39d
Referenced In Projects/Scopes:
  • Struts 2 Core:compile
  • Struts 2 Assembly:compile

Identifiers

org.mortbay.jetty-5.1.4.jar

File Path: /home/jenkins/.m2/repository/jetty/org.mortbay.jetty/5.1.4/org.mortbay.jetty-5.1.4.jar
MD5: cc2c559c3dfd419312b89dc938d50532
SHA1: 9f8b9485ef1ac5a3e7549f21287510280f460371
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

  • maven: jetty:org.mortbay.jetty:5.1.4    Confidence:Highest
  • cpe: cpe:/a:jetty:jetty_http_server:5.1.4   Confidence:Low   
  • cpe: cpe:/a:jetty:jetty:5.1.4   Confidence:Low   
  • cpe: cpe:/a:mortbay_jetty:jetty:5.1.4   Confidence:Low   
  • maven: org.mortbay.jetty:org.mortbay.jetty:5.1.4    Confidence:Highest

CVE-2007-5615  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')

CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Vulnerable Software & Versions:

jdtcore-3.1.0.jar

File Path: /home/jenkins/.m2/repository/eclipse/jdtcore/3.1.0/jdtcore-3.1.0.jar
MD5: d1651bf9048165f304e7877f1eaad6dc
SHA1: c5e3e72ae7220118c3da808628ec7016d4d8aef2
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

ant-1.6.5.jar

File Path: /home/jenkins/.m2/repository/ant/ant/1.6.5/ant-1.6.5.jar
MD5: c5c499f1eef9367c657e89bb881c69aa
SHA1: 7d18faf23df1a5c3a43613952e0e8a182664564b
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

jasper-compiler-5.5.12.jar

File Path: /home/jenkins/.m2/repository/tomcat/jasper-compiler/5.5.12/jasper-compiler-5.5.12.jar
MD5: 09f7545f0006619925988d0da8f28960
SHA1: c594866c64565344c0e7bdc9bf4fee70290c4dd5
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

jasper-runtime-5.5.12.jar

File Path: /home/jenkins/.m2/repository/tomcat/jasper-runtime/5.5.12/jasper-runtime-5.5.12.jar
MD5: 00106504f4cb72c3d59f917209cfb6c3
SHA1: f3a50a55414655b9843f5a089923ea83d49dc55e
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

  • maven: tomcat:jasper-runtime:5.5.12    Confidence:Highest
  • cpe: cpe:/a:jasper_project:jasper:5.5.12   Confidence:Low   

jasper-compiler-jdt-5.5.12.jar

File Path: /home/jenkins/.m2/repository/tomcat/jasper-compiler-jdt/5.5.12/jasper-compiler-jdt-5.5.12.jar
MD5: d429ebdb19354363dfffc1a2de7a61a1
SHA1: 3692828e6d920028a56006705e308c10c10b5b24
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile

Identifiers

commons-el-1.0.jar

Description: JSP 2.0 Expression Language Interpreter Implementation

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: /home/jenkins/.m2/repository/commons-el/commons-el/1.0/commons-el-1.0.jar
MD5: 7c98594df7c126f33688fa6d93169639
SHA1: 1df2c042b3f2de0124750241ac6c886dbfa2cc2c
Referenced In Project/Scope: DEPRECATED: Struts 2 Sitegraph Plugin:compile