Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 1.4.4-SNAPSHOT
Report Generated On: Oct 9, 2016 at 07:04:35 EDT
Dependencies Scanned: 306 (289 unique)
Vulnerable Dependencies: 36
Vulnerabilities Found: 289
Vulnerabilities Suppressed: 0
...
NVD CVE 2002: 01/06/2014 07:15:27
NVD CVE 2003: 01/06/2014 06:51:06
NVD CVE 2004: 01/06/2014 06:45:45
NVD CVE 2005: 01/06/2014 06:35:57
NVD CVE 2006: 01/06/2014 06:19:14
NVD CVE 2007: 01/06/2014 05:53:34
NVD CVE 2008: 01/06/2014 05:28:59
NVD CVE 2009: 01/06/2014 05:01:49
NVD CVE 2010: 01/06/2014 04:41:37
NVD CVE 2011: 01/06/2014 04:18:07
NVD CVE 2012: 01/06/2014 03:57:32
NVD CVE 2013: 01/06/2014 03:33:47
NVD CVE 2014: 07/10/2016 03:59:32
NVD CVE 2015: 08/10/2016 03:39:54
NVD CVE 2016: 08/10/2016 03:16:25
NVD CVE Checked: 09/10/2016 07:04:06
NVD CVE Modified: 09/10/2016 06:04:43
NVD CVE test: 31/12/1969 19:00:01
VersionCheckOn: 1476011025345

Display: Showing Vulnerable Dependencies (click to show all)

Dependency	CPE	GAV	Highest Severity	CVE Count	CPE Confidence	Evidence Count
activation-1.1.jar		javax.activation:activation:1.1		0		19
annogen-0.1.0.jar		annogen:annogen:0.1.0		0		11
annotations-3.0.1u2.jar		com.google.code.findbugs:annotations:3.0.1u2		0		18
ant-1.9.7.jar		org.apache.ant:ant:1.9.7		0		19
aopalliance-1.0.jar		aopalliance:aopalliance:1.0		0		13
aspectjrt-1.6.5.jar		org.aspectj:aspectjrt:1.6.5		0		18
aspectjweaver-1.6.5.jar		org.aspectj:aspectjweaver:1.6.5		0		19
binutils/configure				0		4
binutils/configure.ac				0		3
ghostscript/configure.ac	cpe:/a:ghostscript:ghostscript:8.62		High	5	HIGHEST	4
readable-code/configure				0		6
readable-code/configure.ac				0		6
axiom-api-1.2.7.jar		org.apache.ws.commons.axiom:axiom-api:1.2.7		0		16
axiom-dom-1.2.7.jar		org.apache.ws.commons.axiom:axiom-dom:1.2.7		0		16
axiom-impl-1.2.7.jar		org.apache.ws.commons.axiom:axiom-impl:1.2.7		0		16
axis-1.4.jar	cpe:/a:apache:axis:1.4	axis:axis:1.4	Medium	2	HIGHEST	17
axis2-kernel-1.4.1.jar	cpe:/a:apache:axis2:1.4.1	org.apache.axis2:axis2-kernel:1.4.1	High	6	HIGHEST	16
backport-util-concurrent-3.1.jar		backport-util-concurrent:backport-util-concurrent:3.1		0		16
bootable-0.1.0.jar		org.owasp.testing:bootable:0.1.0		0		9
bootable-0.1.0.jar: lib-0.1.0.jar		org.owasp.testing:lib:0.1.0		0		10
ffmpeg\ffmpeg_version.cmake	cpe:/a:ffmpeg:ffmpeg:55.18.102		High	3	LOW	3
cmake\cl2cpp.cmake				0		2
cmake\copyAndroidLibs.cmake				0		1
cmake\FindCUDA.cmake				0		1
FindCUDA\make2cmake.cmake				0		2
FindCUDA\parse_cubin.cmake				0		1
FindCUDA\run_nvcc.cmake				0		1
cmake\OpenCVCompilerOptions.cmake				0		1
cmake\OpenCVConfig.cmake				0		1
cmake\OpenCVCRTLinkage.cmake				0		1
cmake\OpenCVDetectAndroidSDK.cmake	cpe:/a:android:android_sdk:-			0	LOW	1
cmake\OpenCVDetectApacheAnt.cmake				0		1
cmake\OpenCVDetectCStripes.cmake				0		1
cmake\OpenCVDetectCUDA.cmake				0		1
cmake\OpenCVDetectCXXCompiler.cmake				0		3
cmake\OpenCVDetectDirectX.cmake				0		1
cmake\OpenCVDetectOpenCL.cmake				0		1
cmake\OpenCVDetectPython.cmake	cpe:/a:python:python:-		High	11	LOW	1
cmake\OpenCVDetectTBB.cmake				0		1
cmake\OpenCVDetectVTK.cmake				0		1
cmake\OpenCVExtraTargets.cmake				0		1
cmake\OpenCVFindIntelPerCSDK.cmake				0		1
cmake\OpenCVFindIPP.cmake				0		1
cmake\OpenCVFindIPPAsync.cmake				0		1
cmake\OpenCVFindLATEX.cmake				0		1
cmake\OpenCVFindLibsGrfmt.cmake				0		1
cmake\OpenCVFindLibsGUI.cmake				0		1
cmake\OpenCVFindLibsPerf.cmake				0		1
cmake\OpenCVFindLibsVideo.cmake				0		1
cmake\OpenCVFindMatlab.cmake				0		1
cmake\OpenCVFindOpenEXR.cmake	cpe:/a:openexr:openexr:-			0	LOW	1
cmake\OpenCVFindOpenNI.cmake				0		1
cmake\OpenCVFindOpenNI2.cmake				0		2
cmake\OpenCVFindWebP.cmake				0		1
cmake\OpenCVFindXimea.cmake				0		1
cmake\OpenCVGenABI.cmake				0		1
cmake\OpenCVGenAndroidMK.cmake				0		1
cmake\OpenCVGenConfig.cmake				0		1
cmake\OpenCVGenHeaders.cmake				0		1
cmake\OpenCVGenInfoPlist.cmake				0		1
cmake\OpenCVGenPkgconfig.cmake				0		1
cmake\OpenCVMinDepVersions.cmake				0		1
cmake\OpenCVModule.cmake				0		1
cmake\OpenCVPackaging.cmake				0		1
cmake\OpenCVPCHSupport.cmake				0		1
cmake\OpenCVUtils.cmake				0		1
cmake\OpenCVVersion.cmake				0		1
opencv\CMakeLists.txt				0		2
zlib\CMakeLists.txt				0		2
commons-cli-1.2.jar		commons-cli:commons-cli:1.2		0		25
commons-codec-1.2.jar		commons-codec:commons-codec:1.2		0		20
commons-collections-3.2.2.jar	cpe:/a:apache:commons_collections:3.2.2	commons-collections:commons-collections:3.2.2		0	LOW	28
commons-compress-1.12.jar	cpe:/a:apache:commons-compress:1.12	org.apache.commons:commons-compress:1.12		0	LOW	29
commons-fileupload-1.2.1.jar	cpe:/a:apache:commons_fileupload:1.2.1	commons-fileupload:commons-fileupload:1.2.1	High	3	HIGHEST	23
commons-httpclient-3.1.jar	cpe:/a:apache:commons-httpclient:3.1 cpe:/a:apache:httpclient:3.1	commons-httpclient:commons-httpclient:3.1	Medium	2	LOW	20
commons-io-2.5.jar		commons-io:commons-io:2.5		0		28
commons-lang-2.4.jar		commons-lang:commons-lang:2.4		0		25
commons-lang3-3.3.2.jar		org.apache.commons:commons-lang3:3.3.2		0		26
commons-logging-1.1.1.jar		commons-logging:commons-logging:1.1.1		0		21
commons-pool-1.5.3.jar		commons-pool:commons-pool:1.5.3		0		25
commons-validator-1.4.0.jar		commons-validator:commons-validator:1.4.0		0		26
composer.lock				0		1
daytrader-ear-2.1.7.ear				0		2
daytrader-ear-2.1.7.ear: dt-ejb.jar	cpe:/a:apache:geronimo:2.1.7	org.apache.geronimo.daytrader:daytrader-ejb:2.1.7	High	2	HIGHEST	15
daytrader-ear-2.1.7.ear: geronimo-jaxrpc_1.1_spec-2.0.0.jar		org.apache.geronimo.specs:geronimo-jaxrpc_1.1_spec:2.0.0		0		18
daytrader-ear-2.1.7.ear: streamer.jar	cpe:/a:apache:apache_test:2.1.7 cpe:/a:apache:geronimo:2.1.7	org.apache.geronimo.daytrader:daytrader-streamer:2.1.7	High	2	HIGHEST	17
daytrader-ear-2.1.7.ear: web.war				0		5
daytrader-ear-2.1.7.ear: wsappclient.jar	cpe:/a:apache:geronimo:2.1.7	org.apache.geronimo.daytrader:daytrader-wsappclient:2.1.7	High	2	HIGHEST	17
dependency-check-utils-1.4.4-SNAPSHOT.jar		org.owasp:dependency-check-utils:1.4.4-SNAPSHOT		0		14
dojo-war-1.3.0.war	cpe:/a:dojotoolkit:dojo:1.3	org.dojotoolkit:dojo-war:1.3.0	High	4	HIGHEST	12
dwr.jar	cpe:/a:getahead:direct_web_remoting:1.1.1	uk.ltd.getahead:dwr:1.1.1	High	3	HIGHEST	7
ehcache-core-2.2.0.jar		net.sf.ehcache:ehcache-core:2.2.0		0		16
FileHelpers.2.0.0.0.nupkg	cpe:/a:file:file:2.0.0.0		High	1	LOW	2
FileHelpers.2.0.0.0.nupkg: FileHelpers.nuspec				0		6
FileHelpers.2.0.0.0.nupkg: FileHelpers.dll				0		4
FileHelpers.2.0.0.0.nupkg: FileHelpers.ExcelStorage.dll				0		4
FileHelpers.2.0.0.0.nupkg: Interop.Excel.dll				0		4
FileHelpers.2.0.0.0.nupkg: Interop.Office.dll				0		4
freemarker-2.3.12.jar		org.freemarker:freemarker:2.3.12		0		18
geronimo-activation_1.1_spec-1.0.1.jar		org.apache.geronimo.specs:geronimo-activation_1.1_spec:1.0.1		0		18
geronimo-javamail_1.4_spec-1.2.jar		org.apache.geronimo.specs:geronimo-javamail_1.4_spec:1.2		0		18
geronimo-jms_1.1_spec-1.1.1.jar		org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1		0		18
geronimo-jpa_2.0_spec-1.1.jar		org.apache.geronimo.specs:geronimo-jpa_2.0_spec:1.1		0		22
geronimo-jta_1.1_spec-1.1.1.jar		org.apache.geronimo.specs:geronimo-jta_1.1_spec:1.1.1		0		18
geronimo-stax-api_1.0_spec-1.0.1.jar		org.apache.geronimo.specs:geronimo-stax-api_1.0_spec:1.0.1		0		18
guice-3.0.jar		com.google.inject:guice:3.0		0		22
h2-1.3.176.jar		com.h2database:h2:1.3.176		0		18
hamcrest-core-1.3.jar		org.hamcrest:hamcrest-core:1.3		0		17
hazelcast-2.5.jar		com.hazelcast:hazelcast:2.5		0		21
hibernate3.jar				0		10
httpcore-4.0-beta1.jar		org.apache.httpcomponents:httpcore:4.0-beta1		0		15
httpcore-nio-4.0-beta1.jar		org.apache.httpcomponents:httpcore-nio:4.0-beta1		0		15
javax.inject-1.jar		javax.inject:javax.inject:1		0		13
javax.json-1.0.4.jar		org.glassfish:javax.json:1.0.4		0		20
jaxb-xercesImpl-1.5.jar		activesoap:jaxb-xercesImpl:1.5		0		22
jaxen-1.1.1.jar		jaxen:jaxen:1.1.1		0		19
jcip-annotations-1.0.jar		net.jcip:jcip-annotations:1.0		0		13
jetty-6.1.0.jar	cpe:/a:jetty:jetty:6.1.0 cpe:/a:mortbay:jetty:6.1.0 cpe:/a:mortbay_jetty:jetty:6.1	org.mortbay.jetty:jetty:6.1.0	High	10	HIGHEST	14
jmockit-1.24.jar		org.jmockit:jmockit:1.24		0		13
jsoup-1.9.2.jar		org.jsoup:jsoup:1.9.2		0		17
jsr305-3.0.1.jar		com.google.code.findbugs:jsr305:3.0.1		0		15
junit-4.12.jar		junit:junit:4.12		0		17
junit4-ant-2.0.13.jar		com.carrotsearch.randomizedtesting:junit4-ant:2.0.13		0		15
log4net.2.0.3.nuspec	cpe:/a:apache:log4net:2.0.3			0	LOW	7
log4net.dll	cpe:/a:apache:log4net:1.2.13.0			0	LOW	5
logback-classic-1.1.7.jar		ch.qos.logback:logback-classic:1.1.7		0		19
logback-core-1.1.7.jar		ch.qos.logback:logback-core:1.1.7		0		19
lucene-analyzers-common-4.7.2.jar		org.apache.lucene:lucene-analyzers-common:4.7.2		0		21
lucene-codecs-4.7.2.jar		org.apache.lucene:lucene-codecs:4.7.2		0		21
lucene-core-4.7.2.jar		org.apache.lucene:lucene-core:4.7.2		0		20
lucene-queries-4.7.2.jar		org.apache.lucene:lucene-queries:4.7.2		0		22
lucene-queryparser-4.7.2.jar		org.apache.lucene:lucene-queryparser:4.7.2		0		22
lucene-sandbox-4.7.2.jar		org.apache.lucene:lucene-sandbox:4.7.2		0		22
lucene-test-framework-4.7.2.jar	cpe:/a:apache:apache_test:4.7.2	org.apache.lucene:lucene-test-framework:4.7.2		0	LOW	20
mail-1.4.jar	cpe:/a:sun:javamail:1.4	javax.mail:mail:1.4	Medium	1	LOW	20
mailapi-1.5.6.jar	cpe:/a:sun:javamail:1.5.6	com.sun.mail:mailapi:1.5.6	Medium	1	LOW	27
maven-scm-api-1.8.1.jar		org.apache.maven.scm:maven-scm-api:1.8.1		0		18
maven-scm-provider-cvs-commons-1.8.1.jar		org.apache.maven.scm:maven-scm-provider-cvs-commons:1.8.1		0		18
maven-scm-provider-cvsexe-1.8.1.jar		org.apache.maven.scm:maven-scm-provider-cvsexe:1.8.1		0		18
mysql-connector-java-5.1.27-bin.jar	cpe:/a:mysql:mysql:5.1.27		High	97	HIGHEST	12
neethi-2.0.4.jar	cpe:/a:apache:apache_test:2.0.4	org.apache.neethi:neethi:2.0.4		0	LOW	16
debug/package.json				0		7
shelljs/package.json				0		7
dns-sync/package.json	cpe:/a:dns-sync_project:dns-sync:0.1.0::~~~node.js~~		High	1	HIGHEST	6
ognl-2.6.11.jar		opensymphony:ognl:2.6.11		0		12
openjpa-2.0.1.jar	cpe:/a:apache:openjpa:2.0.1	org.apache.openjpa:openjpa:2.0.1	High	1	HIGHEST	22
openssl\opensslv.h	cpe:/a:openssl:openssl:1.0.2c		High	33	HIGH	4
org.mortbay.jetty.jar	cpe:/a:jetty:jetty:4.2.27 cpe:/a:mortbay:jetty:4.2.27 cpe:/a:mortbay_jetty:jetty:4.2.27	jetty:jetty:4.2.27	Medium	5	HIGHEST	19
org.mortbay.jmx.jar				0		3
plexus-utils-3.0.7.jar		org.codehaus.plexus:plexus-utils:3.0.7		0		17
EggTest-0.0.1-py2.7.egg				0		7
Django-1.7.2-py2.py3-none-any.whl	cpe:/a:django_project:django:1.7.2 cpe:/a:djangoproject:django:1.7.2		High	14	HIGHEST	7
eggtest/__init__.py				0		6
Django-1.7.2.dist-info/METADATA	cpe:/a:django_project:django:1.7.2			0	LOW	6
django/__init__.py				0		1
EGG-INFO/PKG-INFO				0		6
randomizedtesting-runner-2.0.13.jar		com.carrotsearch.randomizedtesting:randomizedtesting-runner:2.0.13		0		17
regexp-1.3.jar		regexp:regexp:1.3		0		10
Gemfile.lock				0		1
dalli-2.7.5.gemspec				0		10
Gemfile.lock				0		1
activerecord-oracle_enhanced-adapter-1.1.7.gemspec				0		9
serp-1.13.1.jar		net.sourceforge.serp:serp:1.13.1		0		13
servlet-api-2.5.jar	cpe:/a:sun:one_application_server:2.5	javax.servlet:servlet-api:2.5	Medium	3	LOW	16
slf4j-api-1.7.21.jar		org.slf4j:slf4j-api:1.7.21		0		20
spring-aop-3.0.0.RELEASE.jar		org.springframework:spring-aop:3.0.0.RELEASE		0		19
spring-asm-3.0.0.RELEASE.jar		org.springframework:spring-asm:3.0.0.RELEASE		0		19
spring-core-2.5.5.jar	cpe:/a:pivotal:spring_framework:2.5.5 cpe:/a:pivotal_software:spring_framework:2.5.5 cpe:/a:springsource:spring_framework:2.5.5 cpe:/a:vmware:springsource_spring_framework:2.5.5	org.springframework:spring-core:2.5.5	High	7	HIGHEST	26
spring-core-3.0.0.RELEASE.jar	cpe:/a:pivotal:spring_framework:3.0.0 cpe:/a:pivotal_software:spring_framework:3.0.0 cpe:/a:springsource:spring_framework:3.0.0 cpe:/a:vmware:springsource_spring_framework:3.0.0	org.springframework:spring-core:3.0.0.RELEASE	High	8	HIGHEST	23
spring-expression-3.0.0.RELEASE.jar		org.springframework:spring-expression:3.0.0.RELEASE		0		19
spring-retry-1.1.0.RELEASE.jar		org.springframework.retry:spring-retry:1.1.0.RELEASE		0		14
spring-security-core-3.0.0.RELEASE.jar	cpe:/a:vmware:springsource_spring_security:3.0.0	org.springframework.security:spring-security-core:3.0.0.RELEASE	Medium	5	HIGHEST	17
spring-security-web-3.0.0.RELEASE.jar		org.springframework.security:spring-security-web:3.0.0.RELEASE		0		14
spring-tx-3.0.0.RELEASE.jar		org.springframework:spring-tx:3.0.0.RELEASE		0		18
stagedhttp-modified.tar: commons-httpclient-2.0.jar	cpe:/a:apache:commons-httpclient:2.0 cpe:/a:apache:httpclient:2.0	commons-httpclient:commons-httpclient:2.0	Medium	2	LOW	17
stagedhttp-modified.tar: commons-logging.jar		commons-logging:commons-logging:1.0.3		0		18
stagedhttp-modified.tar: dom4j.jar		dom4j:dom4j:1.4		0		14
stagedhttp-modified.tar: jgroups-all.jar		jgroups:jgroups-all:2.2.7		0		8
stagedhttp-modified.tar: log4j.jar				0		7
stagedhttp-modified.tar: mail.jar	cpe:/a:sun:javamail:1.3.2		Medium	3	HIGH	11
stagedhttp-modified.tar: serializer.jar				0		11
stagedhttp-modified.tar: xalan.jar	cpe:/a:apache:xalan-java:2.7.0		High	1	MEDIUM	28
stagedhttp-modified.tar: xmlsec-1.3.0.jar		org.codehaus.xfire:xmlsec:1.3.0		0		21
stagedhttp-modified.tar: xss4j.jar				0		4
struts.jar	cpe:/a:apache:struts:1.2.7	struts:struts:1.2.7	High	10	HIGHEST	20
struts2-core-2.1.2.jar	cpe:/a:apache:struts:2.1.2	org.apache.struts:struts2-core:2.1.2	High	32	HIGHEST	16
EasyPeasy.podspec				0		7
Gloss.podspec				0		8
uber-1.0-SNAPSHOT.jar				0		2
velocity-1.7.jar		org.apache.velocity:velocity:1.7		0		27
war-4.0.war		org.glassfish.main.admingui:war:4.0		0		9
war-4.0.war: commons-fileupload-1.1.1.jar	cpe:/a:apache:commons_fileupload:1.1.1	commons-fileupload:commons-fileupload:1.1.1	High	3	HIGHEST	22
war-4.0.war: commons-io-1.3.1.jar		commons-io:commons-io:1.3.1		0		22
war-4.0.war: dojo-ajax-nodemo-0.4.1.jar	cpe:/a:sun:woodstock:0.4.1	com.sun.woodstock.dependlibs:dojo-ajax-nodemo:0.4.1		0	LOW	8
war-4.0.war: json-1.0.jar	cpe:/a:sun:woodstock:1.0	com.sun.woodstock.dependlibs:json:1.0		0	LOW	9
war-4.0.war: prototype-1.5.0.jar	cpe:/a:sun:woodstock:1.5.0	com.sun.woodstock.dependlibs:prototype:1.5.0		0	LOW	8
war-4.0.war: webui-jsf-4.0.2.10.jar		com.sun.woodstock:webui-jsf:4.0.2.10		0		22
war-4.0.war: webui-jsf-suntheme-4.0.2.10.jar		com.sun.woodstock:webui-jsf-suntheme:4.0.2.10		0		18
war-4.0.war: console-core-4.0.jar		org.glassfish.main.admingui:console-core:4.0		0		15
woden-api-1.0M8.jar		org.apache.woden:woden-api:1.0M8		0		16
woden-impl-dom-1.0M8.jar		org.apache.woden:woden-impl-dom:1.0M8		0		16
wsdl4j-1.6.2.jar		wsdl4j:wsdl4j:1.6.2		0		19
wstx-asl-3.2.4.jar		org.codehaus.woodstox:wstx-asl:3.2.4		0		20
xalan-2.7.0.jar	cpe:/a:apache:xalan-java:2.7.0	xalan:xalan:2.7.0	High	1	HIGHEST	28
xercesImpl-2.8.1.jar		xerces:xercesImpl:2.8.1		0		55
xml-apis-1.0.b2.jar		xml-apis:xml-apis:1.0.b2		0		35
xmlParserAPIs-2.6.0.jar		xerces:xmlParserAPIs:2.6.0		0		31
xmlpull-1.1.3.1.jar		xmlpull:xmlpull:1.1.3.1		0		12
XmlSchema-1.4.2.jar		org.apache.ws.commons.schema:XmlSchema:1.4.2		0		17
xpp3_min-1.1.4c.jar		xpp3:xpp3_min:1.1.4c		0		14
xstream-1.4.8.jar	cpe:/a:x-stream:xstream:1.4.8	com.thoughtworks.xstream:xstream:1.4.8	Medium	1	HIGHEST	27
xwork-2.1.1.jar	cpe:/a:opensymphony:xwork:2.1.1	com.opensymphony:xwork:2.1.1	Medium	3	HIGHEST	14
hibernate3.jar\META-INF/maven/org.hibernate/hibernate-core/pom.xml		org.hibernate:hibernate-core:3.6.6.Final		0		7
junit4-ant-2.0.13.jar\META-INF/maven/com.google.guava/guava/pom.xml		com.google.guava:guava:14.0.1		0		7
hibernate3.jar\META-INF/maven/org.hibernate/hibernate-commons-annotations/pom.xml		org.hibernate:hibernate-commons-annotations:3.2.0.Final		0		7
hibernate3.jar\META-INF/maven/org.hibernate/hibernate-ehcache/pom.xml		org.hibernate:hibernate-ehcache:3.6.6.Final		0		7
uber-1.0-SNAPSHOT.jar\META-INF/maven/org.owasp.dependency-check/uber/pom.xml		org.owasp.dependency-check:uber:1.0-SNAPSHOT		0		5
junit4-ant-2.0.13.jar\META-INF/maven/commons-io/commons-io/pom.xml		commons-io:commons-io:2.3		0		9
junit4-ant-2.0.13.jar\META-INF/maven/org.simpleframework/simple-xml/pom.xml		org.simpleframework:simple-xml:2.6.2		0		6
hibernate3.jar\META-INF/maven/org.hibernate/hibernate-jbosscache/pom.xml		org.hibernate:hibernate-jbosscache:3.6.6.Final		0		7
hibernate3.jar\META-INF/maven/org.hibernate/hibernate-infinispan/pom.xml		org.hibernate:hibernate-infinispan:3.6.6.Final		0		7
hibernate3.jar\META-INF/maven/org.hibernate/hibernate-testing/pom.xml		org.hibernate:hibernate-testing:3.6.6.Final		0		7
hibernate3.jar\META-INF/maven/org.hibernate/hibernate-oscache/pom.xml		org.hibernate:hibernate-oscache:3.6.6.Final		0		7
hibernate3.jar\META-INF/maven/org.hibernate/hibernate-swarmcache/pom.xml		org.hibernate:hibernate-swarmcache:3.6.6.Final		0		7
hibernate3.jar\META-INF/maven/org.hibernate/hibernate-c3p0/pom.xml		org.hibernate:hibernate-c3p0:3.6.6.Final		0		7
hibernate3.jar\META-INF/maven/org.hibernate/hibernate-proxool/pom.xml		org.hibernate:hibernate-proxool:3.6.6.Final		0		7
hibernate3.jar\META-INF/maven/org.hibernate/hibernate-entitymanager/pom.xml		org.hibernate:hibernate-entitymanager:3.6.6.Final		0		7
hibernate3.jar\META-INF/maven/org.hibernate/hibernate-envers/pom.xml		org.hibernate:hibernate-envers:3.6.6.Final		0		7
uber-1.0-SNAPSHOT.jar\META-INF/maven/commons-io/commons-io/pom.xml		commons-io:commons-io:1.3.2		0		9
uber-1.0-SNAPSHOT.jar\META-INF/maven/com.yammer.dropwizard/dropwizard-core/pom.xml		com.yammer.dropwizard:dropwizard-core:0.1.3		0		6
uber-1.0-SNAPSHOT.jar\META-INF/maven/com.sun.jersey/jersey-core/pom.xml		com.sun.jersey:jersey-core:1.11		0		6
uber-1.0-SNAPSHOT.jar\META-INF/maven/com.sun.jersey/jersey-server/pom.xml		com.sun.jersey:jersey-server:1.11		0		6
uber-1.0-SNAPSHOT.jar\META-INF/maven/com.sun.jersey/jersey-servlet/pom.xml		com.sun.jersey:jersey-servlet:1.11		0		6
uber-1.0-SNAPSHOT.jar\META-INF/maven/com.yammer.metrics/metrics-core/pom.xml		com.yammer.metrics:metrics-core:2.0.0-RC0		0		6
uber-1.0-SNAPSHOT.jar\META-INF/maven/com.yammer.metrics/metrics-servlet/pom.xml		com.yammer.metrics:metrics-servlet:2.0.0-RC0		0		6
uber-1.0-SNAPSHOT.jar\META-INF/maven/com.yammer.metrics/metrics-jetty/pom.xml	cpe:/a:jetty:jetty:2.0.0.rc0	com.yammer.metrics:metrics-jetty:2.0.0-RC0		0	LOW	6
uber-1.0-SNAPSHOT.jar\META-INF/maven/com.yammer.metrics/metrics-log4j/pom.xml		com.yammer.metrics:metrics-log4j:2.0.0-RC0		0		6
uber-1.0-SNAPSHOT.jar\META-INF/maven/log4j/log4j/pom.xml		log4j:log4j:1.2.16		0		7
uber-1.0-SNAPSHOT.jar\META-INF/maven/com.yammer.metrics/metrics-jersey/pom.xml		com.yammer.metrics:metrics-jersey:2.0.0-RC0		0		7
uber-1.0-SNAPSHOT.jar\META-INF/maven/com.yammer.metrics/metrics-annotation/pom.xml		com.yammer.metrics:metrics-annotation:2.0.0-RC0		0		7
uber-1.0-SNAPSHOT.jar\META-INF/maven/org.slf4j/slf4j-api/pom.xml		org.slf4j:slf4j-api:1.6.4		0		8
uber-1.0-SNAPSHOT.jar\META-INF/maven/org.slf4j/slf4j-log4j12/pom.xml		org.slf4j:slf4j-log4j12:1.6.4		0		8
uber-1.0-SNAPSHOT.jar\META-INF/maven/org.slf4j/jul-to-slf4j/pom.xml		org.slf4j:jul-to-slf4j:1.6.4		0		8
uber-1.0-SNAPSHOT.jar\META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml	cpe:/a:jetty:jetty:7.6.0.rc4	org.eclipse.jetty:jetty-server:7.6.0.RC4		0	LOW	8
uber-1.0-SNAPSHOT.jar\META-INF/maven/org.eclipse.jetty/jetty-continuation/pom.xml	cpe:/a:jetty:jetty:7.6.0.rc4	org.eclipse.jetty:jetty-continuation:7.6.0.RC4		0	LOW	7
uber-1.0-SNAPSHOT.jar\META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml	cpe:/a:jetty:jetty:7.6.0.rc4	org.eclipse.jetty:jetty-servlet:7.6.0.RC4		0	LOW	7
uber-1.0-SNAPSHOT.jar\META-INF/maven/org.eclipse.jetty/jetty-security/pom.xml	cpe:/a:jetty:jetty:7.6.0.rc4	org.eclipse.jetty:jetty-security:7.6.0.RC4		0	LOW	7
uber-1.0-SNAPSHOT.jar\META-INF/maven/org.eclipse.jetty/jetty-http/pom.xml	cpe:/a:jetty:jetty:7.6.0.rc4	org.eclipse.jetty:jetty-http:7.6.0.RC4		0	LOW	6
uber-1.0-SNAPSHOT.jar\META-INF/maven/org.eclipse.jetty/jetty-io/pom.xml		org.eclipse.jetty:jetty-io:7.6.0.RC4		0		6
uber-1.0-SNAPSHOT.jar\META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml	cpe:/a:jetty:jetty:7.6.0.rc4	org.eclipse.jetty:jetty-util:7.6.0.RC4		0	LOW	7
uber-1.0-SNAPSHOT.jar\META-INF/maven/com.google.guava/guava/pom.xml		com.google.guava:guava:11.0.1		0		7
uber-1.0-SNAPSHOT.jar\META-INF/maven/org.hibernate/hibernate-validator/pom.xml	cpe:/a:hibernate:hibernate_validator:4.2.0	org.hibernate:hibernate-validator:4.2.0.Final	Medium	1	HIGHEST	7
uber-1.0-SNAPSHOT.jar\META-INF/maven/com.googlecode.jtype/jtype/pom.xml		com.googlecode.jtype:jtype:0.1.1		0		6
uber-1.0-SNAPSHOT.jar\META-INF/maven/javax.validation/validation-api/pom.xml		javax.validation:validation-api:1.0.0.GA		0		5
uber-1.0-SNAPSHOT.jar\META-INF/maven/org.yaml/snakeyaml/pom.xml		org.yaml:snakeyaml:1.9		0		6
ffmpeg\ffmpeg_version.cmake:libavformat				0		2
ffmpeg\ffmpeg_version.cmake:libavutil				0		2
ffmpeg\ffmpeg_version.cmake:libswscale				0		2
ffmpeg\ffmpeg_version.cmake:libavresample				0		2
composer.lock:classpreloader/classpreloader				0		3
composer.lock:danielstjules/stringy				0		3
composer.lock:dnoegel/php-xdg-base-dir				0		3
composer.lock:doctrine/inflector				0		3
composer.lock:jakub-onderka/php-console-color				0		3
composer.lock:jakub-onderka/php-console-highlighter				0		3
composer.lock:jeremeamia/SuperClosure				0		3
composer.lock:laravel/framework				0		3
composer.lock:laravel/laravel				0		3
composer.lock:league/flysystem				0		3
composer.lock:monolog/monolog				0		3
composer.lock:mtdowling/cron-expression				0		3
composer.lock:nesbot/carbon				0		3
composer.lock:nikic/php-parser				0		3
composer.lock:psr/log				0		3
composer.lock:psy/psysh				0		3
composer.lock:swiftmailer/swiftmailer				0		3
composer.lock:symfony/console				0		4
composer.lock:symfony/css-selector				0		4
composer.lock:symfony/debug				0		4
composer.lock:symfony/dom-crawler				0		4
composer.lock:symfony/event-dispatcher				0		4
composer.lock:symfony/finder				0		4
composer.lock:symfony/http-foundation				0		4
composer.lock:symfony/http-kernel				0		4
composer.lock:symfony/process				0		4
composer.lock:symfony/routing				0		4
composer.lock:symfony/translation				0		4
composer.lock:symfony/var-dumper				0		4
composer.lock:vlucas/phpdotenv				0		3

Dependencies

activation-1.1.jar

Description: JavaBeans Activation Framework (JAF) is a standard extension to the Java platform that lets you take advantage of standard services to: determine the type of an arbitrary piece of data; encapsulate access to it; discover the operations available on it; and instantiate the appropriate bean to perform the operation(s).

License:

Common Development and Distribution License (CDDL) v1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\activation-1.1.jar
MD5: 8ae38e87cd4f86059c0294a8fe3e0b18
SHA1: e6cb541461c2834bdea3eb920f1884d1eb508b50

Evidence

Source	Name	Value
central	artifactid	activation
central	groupid	javax.activation
central	version	1.1
file	name	activation
file	version	1.1
jar	package name	activation
jar	package name	javax
Manifest	extension-name	javax.activation
Manifest	Implementation-Vendor	Sun Microsystems, Inc.
Manifest	Implementation-Vendor-Id	com.sun
Manifest	Implementation-Version	1.1
Manifest	specification-title	JavaBeans(TM) Activation Framework Specification
Manifest	specification-vendor	Sun Microsystems, Inc.
pom	artifactid	activation
pom	description	JavaBeans Activation Framework (JAF) is a standard extension to the Java platform that lets you take advantage of standard services to: determine the type of an arbitrary piece of data; encapsulate access to it; discover the operations available on it; and instantiate the appropriate bean to perform the operation(s).
pom	groupid	javax.activation
pom	name	JavaBeans Activation Framework (JAF)
pom	url	http://java.sun.com/products/javabeans/jaf/index.jsp
pom	version	1.1

Identifiers

maven: javax.activation:activation:1.1 Confidence:HIGHEST

annogen-0.1.0.jar

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\annogen-0.1.0.jar
MD5: ff275c3491ac6715ad9f6c22a9660503
SHA1: a8de34ea7aa93765d24dc16ec9c61af5160bb899

Evidence

Source	Name	Value
central	artifactid	annogen
central	groupid	annogen
central	version	0.1.0
file	name	annogen
file	version	0.1.0
jar	package name	codehaus
jar	package name	internal
jar	package name	jam
pom	artifactid	annogen
pom	groupid	annogen
pom	version	0.1.0

Identifiers

maven: annogen:annogen:0.1.0 Confidence:HIGHEST

annotations-3.0.1u2.jar

Description: Annotation the FindBugs tool supports

License:

GNU Lesser Public License: http://www.gnu.org/licenses/lgpl.html

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\annotations-3.0.1u2.jar
MD5: 4242c4e6b7719eeb3f91d3fe4c7af12c
SHA1: 89a670596c98e416fb2583c08ae34cc5c3ce2097

Evidence

Source	Name	Value
central	artifactid	annotations
central	groupid	com.google.code.findbugs
central	version	3.0.1u2
file	name	annotations
file	version	3.0.1.u2
jar	package name	annotation
jar	package name	javax
manifest	Bundle-Description	Annotation the FindBugs tool supports
Manifest	Bundle-Name	FindBugs-Annotations
Manifest	bundle-requiredexecutionenvironment	J2SE-1.5
Manifest	bundle-symbolicname	findbugsAnnotations
Manifest	Bundle-Version	3.0.1
pom	artifactid	annotations
pom	description	Annotation the FindBugs tool supports
pom	groupid	google.code.findbugs
pom	name	FindBugs-Annotations
pom	url	http://findbugs.sourceforge.net/
pom	version	3.0.1u2

Identifiers

maven: com.google.code.findbugs:annotations:3.0.1u2 Confidence:HIGHEST

ant-1.9.7.jar

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\ant-1.9.7.jar
MD5: a14502c25ee6bc76c4614315845b29e9
SHA1: 3b2a10512ee6537d3852c9b693a0284dcab5de68

Evidence

Source	Name	Value
central	artifactid	ant
central	groupid	org.apache.ant
central	version	1.9.7
file	name	ant
file	version	1.9.7
jar	package name	ant
jar	package name	apache
jar	package name	tools
manifest: org/apache/tools/ant/	Implementation-Title	org.apache.tools.ant
manifest: org/apache/tools/ant/	Implementation-Vendor	Apache Software Foundation
manifest: org/apache/tools/ant/	Implementation-Version	1.9.7
manifest: org/apache/tools/ant/	Specification-Title	Apache Ant
pom	artifactid	ant
pom	groupid	apache.ant
pom	name	Apache Ant Core
pom	parent-artifactid	ant-parent
pom	parent-groupid	org.apache.ant
pom	url	http://ant.apache.org/
pom	version	1.9.7

Identifiers

maven: org.apache.ant:ant:1.9.7 Confidence:HIGHEST

aopalliance-1.0.jar

Description: AOP Alliance

License:

Public Domain

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8

Evidence

Source	Name	Value
central	artifactid	aopalliance
central	groupid	aopalliance
central	version	1.0
file	name	aopalliance
file	version	1.0
jar	package name	aopalliance
jar	package name	intercept
pom	artifactid	aopalliance
pom	description	AOP Alliance
pom	groupid	aopalliance
pom	name	AOP alliance
pom	url	http://aopalliance.sourceforge.net
pom	version	1.0

Identifiers

maven: aopalliance:aopalliance:1.0 Confidence:HIGHEST

aspectjrt-1.6.5.jar

Description: The runtime needed to execute a program using AspectJ

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\aspectjrt-1.6.5.jar
MD5: 71d9982a11bf94ac21221e2f052f3869
SHA1: d35f32a63eb823dc2dffc7ee6fdb8e00a680d114

Evidence

Source	Name	Value
central	artifactid	aspectjrt
central	groupid	org.aspectj
central	version	1.6.5
file	name	aspectjrt
file	version	1.6.5
jar	package name	aspectj
jar	package name	lang
jar	package name	reflect
manifest: org/aspectj/lang/	Implementation-Title	org.aspectj.tools
manifest: org/aspectj/lang/	Implementation-Vendor	aspectj.org
manifest: org/aspectj/lang/	Implementation-Version	1.6.5
manifest: org/aspectj/lang/	Specification-Title	AspectJ Runtime Classes
pom	artifactid	aspectjrt
pom	description	The runtime needed to execute a program using AspectJ
pom	groupid	aspectj
pom	name	AspectJ runtime
pom	url	http://www.aspectj.org
pom	version	1.6.5

Identifiers

maven: org.aspectj:aspectjrt:1.6.5 Confidence:HIGHEST

aspectjweaver-1.6.5.jar

Description: The AspectJ weaver introduces advices to java classes

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\aspectjweaver-1.6.5.jar
MD5: 2fa7d0e921c46245d0e1b39f3ac365f5
SHA1: 3ead0550dc9e2e0a5abd0fdb3116e636b59e4dc4

Evidence

Source	Name	Value
central	artifactid	aspectjweaver
central	groupid	org.aspectj
central	version	1.6.5
file	name	aspectjweaver
file	version	1.6.5
jar	package name	aspectj
jar	package name	weaver
Manifest	Implementation-Title	org.aspectj.weaver
Manifest	Implementation-Vendor	aspectj.org
Manifest	Implementation-Version	1.6.5
Manifest	name	org/aspectj/weaver/
Manifest	specification-title	AspectJ Weaver Classes
Manifest	specification-vendor	aspectj.org
pom	artifactid	aspectjweaver
pom	description	The AspectJ weaver introduces advices to java classes
pom	groupid	aspectj
pom	name	AspectJ weaver
pom	url	http://www.aspectj.org
pom	version	1.6.5

Identifiers

maven: org.aspectj:aspectjweaver:1.6.5 Confidence:HIGHEST

binutils/configure

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\autoconf\binutils\configure
MD5: 87ef7e524d4c3190c297ce64df0e600e
SHA1: ed33427ceee41faa5e69fb89452cd69318e3723a

Evidence

Source	Name	Value
configure	NAME	binutils
configure	TARNAME	binutils
configure	VERSION	2.25.51
file	name	configure

Identifiers

None

binutils/configure.ac

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\autoconf\binutils\configure.ac
MD5: 1982a659f09482b4eabbf19a000822fa
SHA1: 4dd69b029c1e0ebd8a087f0ef14742e83708b79a

Evidence

Source	Name	Value
configure.ac	Package	binutils
configure.ac	Package Version	BFD_VERSION
file	name	configure

Identifiers

None

ghostscript/configure.ac

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\autoconf\ghostscript\configure.ac
MD5: a7e8bdc5c0dab93d042e822130b8cfc9
SHA1: 94d7acda832dc53ab91892dcdd4b1ac9fc191e75

Evidence

Source	Name	Value
configure.ac	Bug report address	gnu-ghostscript-bug@gnu.org
configure.ac	Package	gnu-ghostscript
configure.ac	Package Version	8.62.0
file	name	configure

Identifiers

cpe: cpe:/a:ghostscript:ghostscript:8.62 Confidence:HIGHEST

Published Vulnerabilities

CVE-2009-0792

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-189 Numeric Errors

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583.

BUGTRAQ - 20090417 rPSA-2009-0060-1 ghostscript
CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm
CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2009-0060
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=491853
FEDORA - FEDORA-2009-3430
FEDORA - FEDORA-2009-3435
FEDORA - FEDORA-2009-3709
FEDORA - FEDORA-2009-3710
MANDRIVA - MDVSA-2009:095
MANDRIVA - MDVSA-2009:096
REDHAT - RHSA-2009:0420
REDHAT - RHSA-2009:0421
SECUNIA - 34373
SECUNIA - 34667
SECUNIA - 34711
SECUNIA - 34726
SECUNIA - 34729
SECUNIA - 34732
SECUNIA - 35416
SECUNIA - 35559
SECUNIA - 35569
SUNALERT - 262288
SUSE - SUSE-SR:2009:009
SUSE - SUSE-SR:2009:011
UBUNTU - USN-757-1
VUPEN - ADV-2009-1708
XF - ghostscript-icc-bo(50381)

Vulnerable Software & Versions: (show all)

CVE-2009-0584

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-189 Numeric Errors

icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

AUSCERT - ESB-2009.0259
BID - 34184
BUGTRAQ - 20090319 rPSA-2009-0050-1 ghostscript
CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=261087
CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm
CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=487744
CONFIRM - https://issues.rpath.com/browse/RPL-2991
DEBIAN - DSA-1746
FEDORA - FEDORA-2009-2883
FEDORA - FEDORA-2009-2885
FEDORA - FEDORA-2009-3011
FEDORA - FEDORA-2009-3031
GENTOO - GLSA-200903-37
MANDRIVA - MDVSA-2009:095
MANDRIVA - MDVSA-2009:096
OSVDB - 52988
REDHAT - RHSA-2009:0345
SECTRACK - 1021868
SECUNIA - 34266
SECUNIA - 34373
SECUNIA - 34381
SECUNIA - 34393
SECUNIA - 34398
SECUNIA - 34418
SECUNIA - 34437
SECUNIA - 34443
SECUNIA - 34469
SECUNIA - 34729
SECUNIA - 35559
SECUNIA - 35569
SUNALERT - 262288
SUSE - SUSE-SR:2009:007
UBUNTU - USN-743-1
UBUNTU - USN-757-1
VUPEN - ADV-2009-0776
VUPEN - ADV-2009-0777
VUPEN - ADV-2009-0816
VUPEN - ADV-2009-1708
XF - ghostscript-icclib-bo(49327)

Vulnerable Software & Versions: (show all)

cpe:/a:ghostscript:ghostscript:8.64 and all previous versions
...
cpe:/a:argyllcms:cms:1.0.3 and all previous versions
cpe:/a:ghostscript:ghostscript:0
cpe:/a:ghostscript:ghostscript:5.50
cpe:/a:ghostscript:ghostscript:7.05
cpe:/a:ghostscript:ghostscript:7.07
cpe:/a:ghostscript:ghostscript:8.0.1
cpe:/a:ghostscript:ghostscript:8.15
cpe:/a:ghostscript:ghostscript:8.15.2
cpe:/a:ghostscript:ghostscript:8.54
cpe:/a:ghostscript:ghostscript:8.56
cpe:/a:ghostscript:ghostscript:8.57
cpe:/a:ghostscript:ghostscript:8.60
cpe:/a:ghostscript:ghostscript:8.61
cpe:/a:ghostscript:ghostscript:8.64 and all previous versions

CVE-2009-0583

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

AUSCERT - ESB-2009.0259
BID - 34184
BUGTRAQ - 20090319 rPSA-2009-0050-1 ghostscript
CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=261087
CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm
CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=487742
CONFIRM - https://issues.rpath.com/browse/RPL-2991
DEBIAN - DSA-1746
FEDORA - FEDORA-2009-2883
FEDORA - FEDORA-2009-2885
FEDORA - FEDORA-2009-3011
FEDORA - FEDORA-2009-3031
GENTOO - GLSA-200903-37
MANDRIVA - MDVSA-2009:095
MANDRIVA - MDVSA-2009:096
REDHAT - RHSA-2009:0345
SECTRACK - 1021868
SECUNIA - 34266
SECUNIA - 34373
SECUNIA - 34381
SECUNIA - 34393
SECUNIA - 34398
SECUNIA - 34418
SECUNIA - 34437
SECUNIA - 34443
SECUNIA - 34469
SECUNIA - 34729
SECUNIA - 35559
SECUNIA - 35569
SUNALERT - 262288
SUSE - SUSE-SR:2009:007
UBUNTU - USN-743-1
UBUNTU - USN-757-1
VUPEN - ADV-2009-0776
VUPEN - ADV-2009-0777
VUPEN - ADV-2009-0816
VUPEN - ADV-2009-1708
XF - ghostscript-icclib-native-color-bo(49329)

Vulnerable Software & Versions: (show all)

CVE-2009-0196

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.

BID - 34445
BUGTRAQ - 20090409 Secunia Research: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow
BUGTRAQ - 20090417 rPSA-2009-0060-1 ghostscript
CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2009-0060
FEDORA - FEDORA-2009-3709
FEDORA - FEDORA-2009-3710
MANDRIVA - MDVSA-2009:095
MISC - http://secunia.com/secunia_research/2009-21/
MISC - https://bugzilla.redhat.com/attachment.cgi?id=337747
OSVDB - 53492
REDHAT - RHSA-2009:0421
SECTRACK - 1022029
SECUNIA - 34292
SECUNIA - 34667
SECUNIA - 34729
SECUNIA - 34732
SECUNIA - 35416
SECUNIA - 35559
SECUNIA - 35569
SUNALERT - 262288
SUSE - SUSE-SR:2009:009
SUSE - SUSE-SR:2009:011
UBUNTU - USN-757-1
VUPEN - ADV-2009-0983
VUPEN - ADV-2009-1708

Vulnerable Software & Versions: (show all)

CVE-2008-6679

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file.

BUGTRAQ - 20090417 rPSA-2009-0060-1 ghostscript
CONFIRM - http://bugs.ghostscript.com/show_bug.cgi?id=690211
CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2009-0060
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=493445
FEDORA - FEDORA-2009-3709
FEDORA - FEDORA-2009-3710
MANDRIVA - MDVSA-2009:095
MLIST - [oss-security] 20090401 CVE request -- ghostscript
REDHAT - RHSA-2009:0421
SECUNIA - 34667
SECUNIA - 34729
SECUNIA - 34732
SECUNIA - 35416
SECUNIA - 35559
SECUNIA - 35569
SUNALERT - 262288
SUSE - SUSE-SR:2009:011
UBUNTU - USN-757-1
VUPEN - ADV-2009-1708

Vulnerable Software & Versions:

cpe:/a:ghostscript:ghostscript:8.62

readable-code/configure

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\autoconf\readable-code\configure
MD5: e4b0986a605c8d223bcd8cbf036caae8
SHA1: cd18db2a682ef6c3deeeab099d2036e405a1f07c

Evidence

Source	Name	Value
configure	BUGREPORT	dwheeler@dwheeler.com
configure	NAME	readable
configure	TARNAME	readable
configure	URL	http://readable.sourceforge.net/
configure	VERSION	1.0.7
file	name	configure

Identifiers

None

readable-code/configure.ac

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\autoconf\readable-code\configure.ac
MD5: d130e2fa32a516b4898b3de12b1b42bc
SHA1: 5dba846da57603462614e4b6801cc82655519023

Evidence

Source	Name	Value
configure.ac	Bug report address	dwheeler@dwheeler.com
configure.ac	Package	readable
configure.ac	Package Version	1.0.7
configure.ac	Tarname	readable
configure.ac	URL	http://readable.sourceforge.net/
file	name	configure

Identifiers

None

axiom-api-1.2.7.jar

Description: The Axiom API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\axiom-api-1.2.7.jar
MD5: b06e716d6e5c3a0e3289d28126d01121
SHA1: aa260a5f3fcaee3b95b551a9bbcbe63f56e5a2ad

Evidence

Source	Name	Value
central	artifactid	axiom-api
central	groupid	org.apache.ws.commons.axiom
central	version	1.2.7
file	name	axiom-api
file	version	1.2.7
Manifest	bundle-docurl	http://www.apache.org/
Manifest	Bundle-Name	Axiom API
Manifest	bundle-symbolicname	org.apache.ws.commons.axiom.axiom-api
Manifest	Bundle-Version	1.2.7
pom	artifactid	axiom-api
pom	description	The Axiom API
pom	groupid	apache.ws.commons.axiom
pom	name	Axiom API
pom	parent-artifactid	axiom
pom	parent-groupid	org.apache.ws.commons.axiom
pom	version	1.2.7

Identifiers

maven: org.apache.ws.commons.axiom:axiom-api:1.2.7 Confidence:HIGHEST

axiom-dom-1.2.7.jar

Description: The Axiom DOM implementation.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\axiom-dom-1.2.7.jar
MD5: 9d1ff1229a42b8a93fc1db8c349ce830
SHA1: 34f6d22244963bc617f3971a826104162eef1da4

Evidence

Source	Name	Value
central	artifactid	axiom-dom
central	groupid	org.apache.ws.commons.axiom
central	version	1.2.7
file	name	axiom-dom
file	version	1.2.7
Manifest	bundle-docurl	http://www.apache.org/
Manifest	Bundle-Name	Axiom DOM
Manifest	bundle-symbolicname	org.apache.ws.commons.axiom.axiom-dom
Manifest	Bundle-Version	1.2.7
pom	artifactid	axiom-dom
pom	description	The Axiom DOM implementation.
pom	groupid	apache.ws.commons.axiom
pom	name	Axiom DOM
pom	parent-artifactid	axiom
pom	parent-groupid	org.apache.ws.commons.axiom
pom	version	1.2.7

Identifiers

maven: org.apache.ws.commons.axiom:axiom-dom:1.2.7 Confidence:HIGHEST

axiom-impl-1.2.7.jar

Description: The Axiom default implementation.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\axiom-impl-1.2.7.jar
MD5: b58763085089fe3d4d106386323ccd63
SHA1: 378b814d1a6129a3e8175d95cf60d48c60ae9d51

Evidence

Source	Name	Value
central	artifactid	axiom-impl
central	groupid	org.apache.ws.commons.axiom
central	version	1.2.7
file	name	axiom-impl
file	version	1.2.7
Manifest	bundle-docurl	http://www.apache.org/
Manifest	Bundle-Name	Axiom API
Manifest	bundle-symbolicname	org.apache.ws.commons.axiom.axiom-impl
Manifest	Bundle-Version	1.2.7
pom	artifactid	axiom-impl
pom	description	The Axiom default implementation.
pom	groupid	apache.ws.commons.axiom
pom	name	Axiom Impl
pom	parent-artifactid	axiom
pom	parent-groupid	org.apache.ws.commons.axiom
pom	version	1.2.7

Identifiers

maven: org.apache.ws.commons.axiom:axiom-impl:1.2.7 Confidence:HIGHEST

axis-1.4.jar

Description: An implementation of the SOAP ("Simple Object Access Protocol") submission to W3C.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\axis-1.4.jar
MD5: 03dcfdd88502505cc5a805a128bfdd8d
SHA1: 94a9ce681a42d0352b3ad22659f67835e560d107

Evidence

Source	Name	Value
central	artifactid	axis
central	groupid	axis
central	groupid	org.apache.axis
central	version	1.4
file	name	axis
file	version	1.4
jar	package name	apache
jar	package name	axis
manifest: org/apache/axis	Implementation-Title	Apache Axis
manifest: org/apache/axis	Implementation-Vendor	Apache Web Services
manifest: org/apache/axis	Implementation-Version	1.4 1855 April 22 2006
pom	artifactid	axis
pom	description	An implementation of the SOAP ("Simple Object Access Protocol") submission to W3C.
pom	groupid	axis
pom	name	Axis Web Services
pom	url	http://ws.apache.org/axis
pom	version	1.4

Identifiers

maven: axis:axis:1.4 Confidence:HIGHEST
cpe: cpe:/a:apache:axis:1.4 Confidence:HIGHEST
maven: org.apache.axis:axis:1.4 Confidence:HIGHEST

Published Vulnerabilities

CVE-2014-3596

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.

BID - 69295
MISC - https://issues.apache.org/jira/browse/AXIS-2905
MLIST - [oss-security] 20140820 CVE-2014-3596 - Apache Axis 1 vulnerable to MITM attack
REDHAT - RHSA-2014:1193
SECTRACK - 1030745
XF - apache-axis-cve20143596-spoofing(95377)

Vulnerable Software & Versions: (show all)

cpe:/a:apache:axis:1.4 and all previous versions
...
cpe:/a:apache:axis:1.0
cpe:/a:apache:axis:1.0:beta
cpe:/a:apache:axis:1.0:rc1
cpe:/a:apache:axis:1.0:rc2
cpe:/a:apache:axis:1.1
cpe:/a:apache:axis:1.1:beta
cpe:/a:apache:axis:1.1:rc1
cpe:/a:apache:axis:1.1:rc2
cpe:/a:apache:axis:1.2
cpe:/a:apache:axis:1.2:alpha
cpe:/a:apache:axis:1.2:beta1
cpe:/a:apache:axis:1.2:beta2
cpe:/a:apache:axis:1.2:beta3
cpe:/a:apache:axis:1.2:rc1
cpe:/a:apache:axis:1.2:rc2
cpe:/a:apache:axis:1.2:rc3
cpe:/a:apache:axis:1.2.1
cpe:/a:apache:axis:1.3
cpe:/a:apache:axis:1.4 and all previous versions

CVE-2012-5784

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation

Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

BID - 56408
MISC - http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
REDHAT - RHSA-2013:0269
REDHAT - RHSA-2013:0683
REDHAT - RHSA-2014:0037
SECUNIA - 51219
XF - apache-axis-ssl-spoofing(79829)

Vulnerable Software & Versions: (show all)

axis2-kernel-1.4.1.jar

Description: Core Parts of Axis 2.0. This includes Axis 2.0 engine, Client API, Addressing support, etc.,

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\axis2-kernel-1.4.1.jar
MD5: f5f5255626be01918cece10d14f937df
SHA1: fd59331a4bbc734c290744316e627ea343329f49

Evidence

Source	Name	Value
central	artifactid	axis2-kernel
central	groupid	org.apache.axis2
central	version	1.4.1
file	name	axis2-kernel
file	version	1.4.1
Manifest	bundle-docurl	http://www.apache.org/
Manifest	Bundle-Name	Axis2 Kernel
Manifest	bundle-symbolicname	org.apache.axis2.kernel
Manifest	Bundle-Version	1.4
pom	artifactid	axis2-kernel
pom	description	Core Parts of Axis 2.0. This includes Axis 2.0 engine, Client API, Addressing support, etc.,
pom	groupid	apache.axis2
pom	name	Apache Axis2 - Kernel
pom	parent-artifactid	axis2-parent
pom	parent-groupid	org.apache.axis2
pom	version	1.4.1

Related Dependencies

axis2-adb-1.4.1.jar
- File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\axis2-adb-1.4.1.jar
- SHA1: 800c809fde5746d679e4083d64b3c6f4cb95f74b
- MD5: e29969fdd0dfdc361a9e116a9ad49c43
- maven: org.apache.axis2:axis2-adb:1.4.1
axis2-spring-1.4.1.jar
- File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\axis2-spring-1.4.1.jar
- SHA1: c9d1a9a7bcb5665c4b3e5224be95e353f8285912
- MD5: 561ae3fc450359077da8c54bdd081c1b
- maven: org.apache.axis2:axis2-spring:1.4.1

Identifiers

cpe: cpe:/a:apache:axis2:1.4.1 Confidence:HIGHEST
maven: org.apache.axis2:axis2-kernel:1.4.1 Confidence:HIGHEST

Published Vulnerabilities

CVE-2012-5785

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation

Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

BID - 56408
MISC - http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
SECUNIA - 51219
XF - apache-axis2-ssl-spoofing(79830)

Vulnerable Software & Versions: (show all)

cpe:/a:apache:axis2:1.6.2 and all previous versions
...
cpe:/a:apache:axis2:1.5.1
cpe:/a:apache:axis2:1.5.2
cpe:/a:apache:axis2:1.5.3
cpe:/a:apache:axis2:1.5.4
cpe:/a:apache:axis2:1.5.5
cpe:/a:apache:axis2:1.5.6
cpe:/a:apache:axis2:1.6
cpe:/a:apache:axis2:1.6.1
cpe:/a:apache:axis2:1.6.2 and all previous versions

CVE-2012-5351

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.

Vulnerable Software & Versions:

cpe:/a:apache:axis2:-

CVE-2012-4418

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication

Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

Vulnerable Software & Versions:

cpe:/a:apache:axis2:-

CVE-2010-2103

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.

BID - 40327
BUGTRAQ - 20100521 PR10-03: Authenticated Cross-Site Scripting (XSS) within the Apache Axis2 administration console
CONFIRM - https://kb.juniper.net/KB27373
EXPLOIT-DB - 12689
MISC - http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf
MISC - http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-03
OSVDB - 64844
SECUNIA - 39906
VUPEN - ADV-2010-1215
XF - axis2-modules-xss(58790)

Vulnerable Software & Versions: (show all)

CVE-2010-1632

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.

CONFIRM - http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html
CONFIRM - http://geronimo.apache.org/21x-security-report.html
CONFIRM - http://geronimo.apache.org/22x-security-report.html
CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21433581
CONFIRM - https://issues.apache.org/jira/browse/AXIS2-4450
CONFIRM - https://issues.apache.org/jira/browse/GERONIMO-5383
CONFIRM - https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf
MISC - http://markmail.org/message/e4yiij7lfexastvl
SECUNIA - 40252
SECUNIA - 40279
SECUNIA - 41016
SECUNIA - 41025
VUPEN - ADV-2010-1528
VUPEN - ADV-2010-1531

Vulnerable Software & Versions: (show all)

cpe:/a:apache:axis2:1.4.1
...
cpe:/a:apache:axis2:1.3
cpe:/a:apache:axis2:1.4
cpe:/a:apache:axis2:1.4.1
cpe:/a:apache:axis2:1.5
cpe:/a:apache:axis2:1.5.1 and all previous versions

CVE-2010-0219

Severity: High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-255 Credentials Management

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.

BUGTRAQ - 20101014 R7-0037: SAP BusinessObjects Axis2 Default Admin Password
CERT-VN - VU#989719
CONFIRM - https://kb.juniper.net/KB27373
EXPLOIT-DB - 15869
MISC - http://retrogod.altervista.org/9sg_ca_d2d.html
MISC - http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf
MISC - http://www.rapid7.com/security-center/advisories/R7-0037.jsp
MISC - https://service.sap.com/sap/support/notes/1432881
OSVDB - 70233
SECTRACK - 1024929
SECUNIA - 41799
SECUNIA - 42763
VUPEN - ADV-2010-2673
XF - businessobjects-dswsbobje-security-bypass(62523)

Vulnerable Software & Versions: (show all)

backport-util-concurrent-3.1.jar

Description: Dawid Kurzyniec's backport of JSR 166

License:

Public Domain: http://creativecommons.org/licenses/publicdomain

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\backport-util-concurrent-3.1.jar
MD5: 748bb0cbf4780b2e3121dc9c12e10cd9
SHA1: 682f7ac17fed79e92f8e87d8455192b63376347b

Evidence

Source	Name	Value
central	artifactid	backport-util-concurrent
central	groupid	backport-util-concurrent
central	version	3.1
file	name	backport-util-concurrent
file	version	3.1
jar	package name	backport
jar	package name	edu
jar	package name	emory
jar	package name	mathcs
pom	artifactid	backport-util-concurrent
pom	description	Dawid Kurzyniec's backport of JSR 166
pom	groupid	backport-util-concurrent
pom	name	Backport of JSR 166
pom	organization name	http://www.mathcs.emory.edu/~dawidk/
pom	url	http://backport-jsr166.sourceforge.net/
pom	version	3.1

Identifiers

maven: backport-util-concurrent:backport-util-concurrent:3.1 Confidence:HIGHEST

bootable-0.1.0.jar

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\bootable-0.1.0.jar
MD5: 22d05d41c7d7174a1166802d5cb34a01
SHA1: f8801c5780e56c6b7e86b3a729b0f4003225dae7

Evidence

Source	Name	Value
file	name	bootable
file	version	0.1.0
Manifest	spring-boot-version	1.3.5.RELEASE
pom	artifactid	bootable
pom	groupid	owasp.testing
pom	name	bootable
pom	parent-artifactid	fully-executable
pom	parent-groupid	org.owasp.testing
pom	version	0.1.0

Identifiers

maven: org.owasp.testing:bootable:0.1.0 Confidence:HIGH

bootable-0.1.0.jar: lib-0.1.0.jar

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\bootable-0.1.0.jar\lib\lib-0.1.0.jar
MD5: 877e0eb39e3c985e2c1d553bb6dad934
SHA1: 13af17492135898d8ebced6cfe7aa3b9914ddeaa

Evidence

Source	Name	Value
file	name	lib
file	version	0.1.0
jar	package name	lib
jar	package name	owasp
pom	artifactid	lib
pom	groupid	owasp.testing
pom	name	lib
pom	parent-artifactid	fully-executable
pom	parent-groupid	org.owasp.testing
pom	version	0.1.0

Identifiers

maven: org.owasp.testing:lib:0.1.0 Confidence:HIGH

ffmpeg\ffmpeg_version.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\3rdparty\ffmpeg\ffmpeg_version.cmake
MD5: 47c336385aec534dee9a316f3ac04773
SHA1: 81feb6f931f727482b71b2e34f325387f46ad09b

Evidence

Source	Name	Value
ffmpeg\ffmpeg_version.cmake	Product	libavcodec
ffmpeg\ffmpeg_version.cmake	Version	55.18.102
file	name	ffmpeg_version

Identifiers

cpe: cpe:/a:ffmpeg:ffmpeg:55.18.102 Confidence:LOW

Published Vulnerabilities

CVE-2011-4031

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-189 Numeric Errors

Integer underflow in the asfrtp_parse_packet function in libavformat/rtpdec_asf.c in FFmpeg before 0.8.3 allows remote attackers to execute arbitrary code via a crafted ASF packet.

Vulnerable Software & Versions: (show all)

CVE-2009-0385

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-189 Numeric Errors

Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.

BID - 33502
BUGTRAQ - 20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability
CONFIRM - http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17
CONFIRM - http://svn.mplayerhq.hu/ffmpeg/trunk/libavformat/4xm.c?r1=16838&r2=16846&pathrev=16846
CONFIRM - http://svn.mplayerhq.hu/ffmpeg?view=rev&revision=16846
DEBIAN - DSA-1781
DEBIAN - DSA-1782
FEDORA - FEDORA-2009-3428
FEDORA - FEDORA-2009-3433
GENTOO - GLSA-200903-33
MANDRIVA - MDVSA-2009:297
MISC - http://www.trapkit.de/advisories/TKADV2009-004.txt
OSVDB - 51643
SECUNIA - 33711
SECUNIA - 34296
SECUNIA - 34385
SECUNIA - 34712
SECUNIA - 34845
SECUNIA - 34905
UBUNTU - USN-734-1
VUPEN - ADV-2009-0277
XF - ffmpeg-fourxmreadheader-code-execution(48330)

Vulnerable Software & Versions:

cpe:/a:ffmpeg:ffmpeg

CVE-2005-4048

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.

BID - 15743
CONFIRM - http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup
CONFIRM - http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c.diff?r1=1.161&r2=1.162&cvsroot=FFMpeg
CONFIRM - http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c?rev=1.162&content-type=text/x-cvsweb-markup&cvsroot=FFMpeg
DEBIAN - DSA-1004
DEBIAN - DSA-1005
DEBIAN - DSA-992
GENTOO - GLSA-200601-06
GENTOO - GLSA-200602-01
GENTOO - GLSA-200603-03
MANDRIVA - MDKSA-2005:228
MANDRIVA - MDKSA-2005:229
MANDRIVA - MDKSA-2005:230
MANDRIVA - MDKSA-2005:231
MANDRIVA - MDKSA-2005:232
MISC - http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558
SECUNIA - 17892
SECUNIA - 18066
SECUNIA - 18087
SECUNIA - 18107
SECUNIA - 18400
SECUNIA - 18739
SECUNIA - 18746
SECUNIA - 19114
SECUNIA - 19192
SECUNIA - 19272
SECUNIA - 19279
UBUNTU - USN-230-1
UBUNTU - USN-230-2
VUPEN - ADV-2005-2770

Vulnerable Software & Versions: (show all)

cmake\cl2cpp.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\cl2cpp.cmake
MD5: 39ac6f35af7d4dd3ac3d75c06afe0613
SHA1: 1113347fe96d7d514c9f0bf711b96b352808dd0a

Evidence

Source	Name	Value
file	name	cl2cpp
file	version	2

Identifiers

None

cmake\copyAndroidLibs.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\copyAndroidLibs.cmake
MD5: 6cea8a766548a7db3855ccec5627271d
SHA1: 8c9e2de7b35767238467548af3e05166e39edf4f

Evidence

Source	Name	Value
file	name	copyAndroidLibs

Identifiers

None

cmake\FindCUDA.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\FindCUDA.cmake
MD5: 082b257f892af1049627ab591e88ad5e
SHA1: 30b72858802f64c3e5331b6ec70e59dbad58673a

Evidence

Source	Name	Value
file	name	FindCUDA

Identifiers

None

FindCUDA\make2cmake.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\FindCUDA\make2cmake.cmake
MD5: 5a3c246f2fc21437ba265fa979b160d8
SHA1: 43d5d598c58f5f140d162975a92d2730806cce3f

Evidence

Source	Name	Value
file	name	make2cmake
file	version	2

Identifiers

None

FindCUDA\parse_cubin.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\FindCUDA\parse_cubin.cmake
MD5: 5e5fb166c6c93c04621796f04189d0d7
SHA1: 3ecad79fcfe7c5d88a1535d1030026e1fcb2fce0

Evidence

Source	Name	Value
file	name	parse_cubin

Identifiers

None

FindCUDA\run_nvcc.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\FindCUDA\run_nvcc.cmake
MD5: d6160a6dcaaec3e526bc34cfcea2ee23
SHA1: 0349f1a43fbd380b0c7b578ae3242a7cb6d43cae

Evidence

Source	Name	Value
file	name	run_nvcc

Identifiers

None

cmake\OpenCVCompilerOptions.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVCompilerOptions.cmake
MD5: b40df1c984b511841c40d05a907d433d
SHA1: 30589febdc497eb330eb932a6a1f10197b362fb4

Evidence

Source	Name	Value
file	name	OpenCVCompilerOptions

Identifiers

None

cmake\OpenCVConfig.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVConfig.cmake
MD5: f1f68ff13813a495470c6e73cc9b892a
SHA1: ad85337bb1ccac4a1261f6dda6ad1efcbce8b19d

Evidence

Source	Name	Value
file	name	OpenCVConfig

Identifiers

None

cmake\OpenCVCRTLinkage.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVCRTLinkage.cmake
MD5: 7f8dcbf9848068f53e352679c0859cd5
SHA1: 25bcb6542245cf8497b467a1363fdf6adeaa67e2

Evidence

Source	Name	Value
file	name	OpenCVCRTLinkage

Identifiers

None

cmake\OpenCVDetectAndroidSDK.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVDetectAndroidSDK.cmake
MD5: bd17bbe3d290b31f39ca4f7876baf725
SHA1: c72e36dd3a7e6b933595c0724a2ce47a9d0fc45e

Evidence

Source	Name	Value
file	name	OpenCVDetectAndroidSDK

Identifiers

cpe: cpe:/a:android:android_sdk:- Confidence:LOW

cmake\OpenCVDetectApacheAnt.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVDetectApacheAnt.cmake
MD5: c94b15ca35aec95bb1bdc6a8eec5ede1
SHA1: 33e018cfb004b30a5bd9c58e613172c36d74af41

Evidence

Source	Name	Value
file	name	OpenCVDetectApacheAnt

Identifiers

None

cmake\OpenCVDetectCStripes.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVDetectCStripes.cmake
MD5: b7be59d929d4daf4ff6e367cd413f795
SHA1: a9e20a51d1d50603da768ab3fd7b6fdc03257370

Evidence

Source	Name	Value
file	name	OpenCVDetectCStripes

Identifiers

None

cmake\OpenCVDetectCUDA.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVDetectCUDA.cmake
MD5: e8acb70a35eafaf93531804da5b3e827
SHA1: ca9162fe9849f5ebe84e14fc0ac6ea2a864da811

Evidence

Source	Name	Value
file	name	OpenCVDetectCUDA

Identifiers

None

cmake\OpenCVDetectCXXCompiler.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVDetectCXXCompiler.cmake
MD5: d57d4cab100ce6d86a2abcf43895759d
SHA1: 1ed30817b5b2dd7c02d832ba95654ae120175715

Evidence

Source	Name	Value
cmake\OpenCVDetectCXXCompiler.cmake	Product	CMAKE_GCC_REGEX
cmake\OpenCVDetectCXXCompiler.cmake	Version	4.2.1
file	name	OpenCVDetectCXXCompiler

Identifiers

None

cmake\OpenCVDetectDirectX.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVDetectDirectX.cmake
MD5: 30652d429f0a8562c7e8856517c4514d
SHA1: ce1afeafae26f37681b1a5ac698723e9d098dcff

Evidence

Source	Name	Value
file	name	OpenCVDetectDirectX

Identifiers

None

cmake\OpenCVDetectOpenCL.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVDetectOpenCL.cmake
MD5: 7420a52a371cea66b93e2067c70b7f38
SHA1: 7d318b5bf007a532d3adc8f1c6978fdb365fa2c5

Evidence

Source	Name	Value
file	name	OpenCVDetectOpenCL

Identifiers

None

cmake\OpenCVDetectPython.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVDetectPython.cmake
MD5: 5be7cd9ed88517f1017de27b8eb3228c
SHA1: 9bc4060369dbf9e7ece57639db81488115c84e13

Evidence

Source	Name	Value
file	name	OpenCVDetectPython

Identifiers

cpe: cpe:/a:python:python:- Confidence:LOW

Published Vulnerabilities

CVE-2016-5699

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.

Vulnerable Software & Versions: (show all)

CVE-2016-5636

Severity: High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-190 Integer Overflow or Wraparound

Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.

Vulnerable Software & Versions: (show all)

CVE-2016-1494

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-20 Improper Input Validation

The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.

Vulnerable Software & Versions:

cpe:/a:python:python:3.2.6 and all previous versions

CVE-2016-0772

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-693 Protection Mechanism Failure

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1303647
CONFIRM - https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5
CONFIRM - https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2
CONFIRM - https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS
CONFIRM - https://hg.python.org/cpython/rev/b3ce713fb9be
CONFIRM - https://hg.python.org/cpython/rev/d590114c2394
MLIST - [oss-security] 20160614 Python CVE-2016-0772: smtplib StartTLS stripping attack

Vulnerable Software & Versions: (show all)

CVE-2015-5652

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)

Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was determined that this is a longtime behavior of Python that cannot really be altered at this point."

JVN - JVN#49503705
JVNDB - JVNDB-2015-000141
MISC - http://jvn.jp/en/jp/JVN49503705/995204/index.html

Vulnerable Software & Versions:

cpe:/a:python:python:3.5.0 and all previous versions

CVE-2014-7185

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
CWE: CWE-189 Numeric Errors

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.

APPLE - APPLE-SA-2015-08-13-2
BID - 70089
CONFIRM - http://bugs.python.org/issue21831
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1146026
CONFIRM - https://support.apple.com/kb/HT205031
FEDORA - FEDORA-2014-11559
MLIST - [oss-security] 20140923 CVE Request: Python 2.7
MLIST - [oss-security] 20140925 Re: CVE Request: Python 2.7
SUSE - openSUSE-SU-2014:1292
XF - python-bufferobject-overflow(96193)

Vulnerable Software & Versions: (show all)

cpe:/a:python:python:2.7.7 and all previous versions
...
cpe:/a:apple:mac_os_x:10.10.4 and all previous versions
cpe:/a:python:python:2.7
cpe:/a:python:python:2.7.1
cpe:/a:python:python:2.7.1:rc1
cpe:/a:python:python:2.7.2:rc1
cpe:/a:python:python:2.7.3
cpe:/a:python:python:2.7.4
cpe:/a:python:python:2.7.5
cpe:/a:python:python:2.7.6
cpe:/a:python:python:2.7.7 and all previous versions
cpe:/a:python:python:2.7.1150
cpe:/a:python:python:2.7.1150::~~~~x64~
cpe:/a:python:python:2.7.2150

CVE-2013-7338

Severity: High
CVSS Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)
CWE: CWE-20 Improper Input Validation

Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function.

CONFIRM - http://bugs.python.org/issue20078
CONFIRM - http://hg.python.org/cpython/rev/79ea4ce431b1
CONFIRM - https://docs.python.org/3.3/whatsnew/changelog.html
MLIST - [oss-security] 20140318 CVE request for python/zipfile
MLIST - [oss-security] 20140319 Re: CVE request for python/zipfile
SECTRACK - 1029973
SUSE - openSUSE-SU-2014:0597

Vulnerable Software & Versions: (show all)

cpe:/a:python:python:3.3.4:rc1 and all previous versions
...
cpe:/a:python:python:3.3
cpe:/a:python:python:3.3:beta2
cpe:/a:python:python:3.3.0
cpe:/a:python:python:3.3.1
cpe:/a:python:python:3.3.1:rc1
cpe:/a:python:python:3.3.2
cpe:/a:python:python:3.3.3
cpe:/a:python:python:3.3.3:rc1
cpe:/a:python:python:3.3.3:rc2
cpe:/a:python:python:3.3.4:rc1 and all previous versions

CVE-2012-1150

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-310 Cryptographic Issues

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

APPLE - APPLE-SA-2013-10-22-3
CONFIRM - http://bugs.python.org/issue13703
CONFIRM - http://python.org/download/releases/2.6.8/
CONFIRM - http://python.org/download/releases/2.7.3/
CONFIRM - http://python.org/download/releases/3.1.5/
CONFIRM - http://python.org/download/releases/3.2.3/
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=750555
MLIST - [oss-security] 20120309 Re: CVE Request: Python Hash DoS (Issue 13703)
MLIST - [python-dev] 20111229 Hash collision security issue (now public)
MLIST - [python-dev] 20120128 plugging the hash attack
SECUNIA - 50858
SECUNIA - 51087
SECUNIA - 51089
UBUNTU - USN-1592-1
UBUNTU - USN-1596-1
UBUNTU - USN-1615-1
UBUNTU - USN-1616-1

Vulnerable Software & Versions: (show all)

CVE-2012-0845

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.

APPLE - APPLE-SA-2013-10-22-3
CONFIRM - http://bugs.python.org/issue14001
CONFIRM - http://python.org/download/releases/2.6.8/
CONFIRM - http://python.org/download/releases/2.7.3/
CONFIRM - http://python.org/download/releases/3.1.5/
CONFIRM - http://python.org/download/releases/3.2.3/
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=789790
MLIST - [oss-security] 20120213 Re: CVE Request -- python (SimpleXMLRPCServer): DoS (excessive CPU usage) via malformed XML-RPC / HTTP POST request
SECTRACK - 1026689
SECUNIA - 50858
SECUNIA - 51024
SECUNIA - 51040
SECUNIA - 51087
SECUNIA - 51089
UBUNTU - USN-1592-1
UBUNTU - USN-1596-1
UBUNTU - USN-1613-1
UBUNTU - USN-1613-2
UBUNTU - USN-1615-1
UBUNTU - USN-1616-1

Vulnerable Software & Versions: (show all)

CVE-2011-4940

Severity: Low
CVSS Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.

BID - 54083
CONFIRM - http://bugs.python.org/issue11442
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=803500
JVN - JVN#51176027
JVNDB - JVNDB-2012-000063
SECUNIA - 50858
SECUNIA - 51024
SECUNIA - 51040
UBUNTU - USN-1592-1
UBUNTU - USN-1596-1
UBUNTU - USN-1613-1
UBUNTU - USN-1613-2

Vulnerable Software & Versions: (show all)

CVE-2010-3492

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.

Vulnerable Software & Versions: (show all)

cmake\OpenCVDetectTBB.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVDetectTBB.cmake
MD5: 35189457dc179a836ad4484994d5976d
SHA1: 40ea5f223fe4deb3713b3f3d2e16e6e1b6772617

Evidence

Source	Name	Value
file	name	OpenCVDetectTBB

Identifiers

None

cmake\OpenCVDetectVTK.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVDetectVTK.cmake
MD5: c134da83c26ab7a2da167d844c79ad03
SHA1: 47fe39d954f02e6ece66d6b30294798c2d1057bf

Evidence

Source	Name	Value
file	name	OpenCVDetectVTK

Identifiers

None

cmake\OpenCVExtraTargets.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVExtraTargets.cmake
MD5: 300f1984f05136a2550662b4bba28484
SHA1: f9df6c52285f609bc449e0d264cec3ba4d33495c

Evidence

Source	Name	Value
file	name	OpenCVExtraTargets

Identifiers

None

cmake\OpenCVFindIntelPerCSDK.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVFindIntelPerCSDK.cmake
MD5: 4a8839ddf7a69626978b6f51d8148ba8
SHA1: a0c46db81c0ccadc5c0d4d8d1b28c506836e3dc5

Evidence

Source	Name	Value
file	name	OpenCVFindIntelPerCSDK

Identifiers

None

cmake\OpenCVFindIPP.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVFindIPP.cmake
MD5: 1b0e6265a662426ed5ee3a8eae3571f1
SHA1: 1bffb60918a63d6865165cb47e53d08971bfdb3e

Evidence

Source	Name	Value
file	name	OpenCVFindIPP

Identifiers

None

cmake\OpenCVFindIPPAsync.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVFindIPPAsync.cmake
MD5: 9053f0d6f31a969eaa1fc6ae03d72b45
SHA1: 0487f605adcfaabf4c4d2898691c3c453c6cd98d

Evidence

Source	Name	Value
file	name	OpenCVFindIPPAsync

Identifiers

None

cmake\OpenCVFindLATEX.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVFindLATEX.cmake
MD5: c048924d7b99ee46b0ad194b0e9236a2
SHA1: 59493c4b35f9772e5f46b8195804b73bc0b8cd68

Evidence

Source	Name	Value
file	name	OpenCVFindLATEX

Identifiers

None

cmake\OpenCVFindLibsGrfmt.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVFindLibsGrfmt.cmake
MD5: 471c89912ae29f34ce3d8951bfaba775
SHA1: e41b7bd06b878254fba925fd6d5d97e8f7e4abdd

Evidence

Source	Name	Value
file	name	OpenCVFindLibsGrfmt

Identifiers

None

cmake\OpenCVFindLibsGUI.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVFindLibsGUI.cmake
MD5: c744b1958188a1418eab4eb8f295631a
SHA1: e4791e1c486531692bc0aa07ee144276ff957b17

Evidence

Source	Name	Value
file	name	OpenCVFindLibsGUI

Identifiers

None

cmake\OpenCVFindLibsPerf.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVFindLibsPerf.cmake
MD5: 10f99115bf875881b2802eabd746a628
SHA1: 1ebfda9512e60f2f75ec491b17c3b2bf3649980d

Evidence

Source	Name	Value
file	name	OpenCVFindLibsPerf

Identifiers

None

cmake\OpenCVFindLibsVideo.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVFindLibsVideo.cmake
MD5: 4d81f6af4a31bd51dee812e87617219d
SHA1: 979689596b9e86b846f514d87e56bf87895c1279

Evidence

Source	Name	Value
file	name	OpenCVFindLibsVideo

Identifiers

None

cmake\OpenCVFindMatlab.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVFindMatlab.cmake
MD5: 9f8df03241c51e2003d1bcfe9f99949d
SHA1: 895e96702c15ae75ed3a9904762104e8e67c9349

Evidence

Source	Name	Value
file	name	OpenCVFindMatlab

Identifiers

None

cmake\OpenCVFindOpenEXR.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVFindOpenEXR.cmake
MD5: c596e3648c5aed16362c90abf1a69885
SHA1: 91cd4c5d5cd98d1990f23dfd8a52de7525fe2636

Evidence

Source	Name	Value
file	name	OpenCVFindOpenEXR

Identifiers

cpe: cpe:/a:openexr:openexr:- Confidence:LOW

cmake\OpenCVFindOpenNI.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVFindOpenNI.cmake
MD5: 98bcd2f11e0793e231abd8a3ffb32faa
SHA1: b7274cea06a5973a42553d6b4b9ff428785f6d48

Evidence

Source	Name	Value
file	name	OpenCVFindOpenNI

Identifiers

None

cmake\OpenCVFindOpenNI2.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVFindOpenNI2.cmake
MD5: 1409780229828db7219727ad64db1f6e
SHA1: daa97eb9f5072aa4bc951eda2a921fc35d2eac2b

Evidence

Source	Name	Value
file	name	OpenCVFindOpenNI2
file	version	2

Identifiers

None

cmake\OpenCVFindWebP.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVFindWebP.cmake
MD5: 02b64eac70bf1852a0be5fda17c92e11
SHA1: 949fb1bd9eeebf9b55eeaa3a8f4d95a450c47b13

Evidence

Source	Name	Value
file	name	OpenCVFindWebP

Identifiers

None

cmake\OpenCVFindXimea.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVFindXimea.cmake
MD5: b65b6afa478b612f1ab8f4486b3ba791
SHA1: f8cf6b2baa915d9488062a317f2c6e473ad96ef1

Evidence

Source	Name	Value
file	name	OpenCVFindXimea

Identifiers

None

cmake\OpenCVGenABI.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVGenABI.cmake
MD5: dab62ee8b994fba211e1877c88dcb7ae
SHA1: d01fed523caff4a3be0c0b0062e7a192f0b3e592

Evidence

Source	Name	Value
file	name	OpenCVGenABI

Identifiers

None

cmake\OpenCVGenAndroidMK.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVGenAndroidMK.cmake
MD5: 9523098110ae460e82b9d5e44ad4c7ad
SHA1: 63024b62e8b39fa23658b8ec10830d94b72587d9

Evidence

Source	Name	Value
file	name	OpenCVGenAndroidMK

Identifiers

None

cmake\OpenCVGenConfig.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVGenConfig.cmake
MD5: a2ab87729d247b60a7c4aaedd9a9389d
SHA1: 0bdf47a9c04ac44f62d8cf7806640bf8be9825b2

Evidence

Source	Name	Value
file	name	OpenCVGenConfig

Identifiers

None

cmake\OpenCVGenHeaders.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVGenHeaders.cmake
MD5: 5a7d0877b8f16a4f5c62757a0051dcc5
SHA1: d7cfe5e707b00ec2e79d6aef77b339ea3c7b2f17

Evidence

Source	Name	Value
file	name	OpenCVGenHeaders

Identifiers

None

cmake\OpenCVGenInfoPlist.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVGenInfoPlist.cmake
MD5: ce0875d872f99c9ef28d52a8f59a85f2
SHA1: 313376669a28af75d25ab8b735132550a4f3052e

Evidence

Source	Name	Value
file	name	OpenCVGenInfoPlist

Identifiers

None

cmake\OpenCVGenPkgconfig.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVGenPkgconfig.cmake
MD5: 61f497e15c639f7231c0657cf51202fd
SHA1: d2e5ea3b8a68485bbac4a205c7a68217ed66e779

Evidence

Source	Name	Value
file	name	OpenCVGenPkgconfig

Identifiers

None

cmake\OpenCVMinDepVersions.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVMinDepVersions.cmake
MD5: d1dde2680e36cc1889856ca3f1502d2a
SHA1: 139df4b6c44a3454d180e608dcac8a6489c68a18

Evidence

Source	Name	Value
file	name	OpenCVMinDepVersions

Identifiers

None

cmake\OpenCVModule.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVModule.cmake
MD5: 5f5dcd91004c42bdf9f42babcc2d2d56
SHA1: ff2a67f9ac07ca9e24060423f17ca6c9b9249a5b

Evidence

Source	Name	Value
file	name	OpenCVModule

Identifiers

None

cmake\OpenCVPackaging.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVPackaging.cmake
MD5: 523b5531ee9126224ba0573830643176
SHA1: 96797a22ee5edac0629dc40cbe823f492d531d69

Evidence

Source	Name	Value
file	name	OpenCVPackaging

Identifiers

None

cmake\OpenCVPCHSupport.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVPCHSupport.cmake
MD5: 9d50a0c038a112a9f3b4312930244fd0
SHA1: ed94777aaa7d9f2b58411a3ce2ec38863473f9f7

Evidence

Source	Name	Value
file	name	OpenCVPCHSupport

Identifiers

None

cmake\OpenCVUtils.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVUtils.cmake
MD5: bf033cbe5749eb6eb060c3ac076a33f8
SHA1: 97c14247374bce9ff0595063c2fe0ff96081b0fb

Evidence

Source	Name	Value
file	name	OpenCVUtils

Identifiers

None

cmake\OpenCVVersion.cmake

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\cmake\OpenCVVersion.cmake
MD5: 9afc0036841d17576b57b714120fc629
SHA1: aff16bf50579427fd3e55d407b0d3ac2f72ef18e

Evidence

Source	Name	Value
file	name	OpenCVVersion

Identifiers

None

opencv\CMakeLists.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\opencv\CMakeLists.txt
MD5: b1b39612f8273876aeed9039f3aa7254
SHA1: 69a4df896246065fc9a16ff259d415c833b9c95a

Evidence

Source	Name	Value
CMakeLists.txt	Project	OpenCV
file	name	CMakeLists

Identifiers

None

zlib\CMakeLists.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\cmake\zlib\CMakeLists.txt
MD5: 6452c3208faaaafdb71447a509a9c78a
SHA1: 7b4d80f4fe6bf3086fa3f6c19a8fc8179e172721

Evidence

Source	Name	Value
CMakeLists.txt	Project	zlib
file	name	CMakeLists

Identifiers

None

commons-cli-1.2.jar

Description: Commons CLI provides a simple API for presenting, processing and validating a command line interface.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\commons-cli-1.2.jar
MD5: bfdcae1ff93f0c07d733f03bdce28c9e
SHA1: 2bf96b7aa8b611c177d329452af1dc933e14501c

Evidence

Source	Name	Value
central	artifactid	commons-cli
central	groupid	commons-cli
central	version	1.2
file	name	commons-cli
file	version	1.2
manifest	Bundle-Description	Commons CLI provides a simple API for presenting, processing and validating a command line interface.
Manifest	bundle-docurl	http://commons.apache.org/cli/
Manifest	Bundle-Name	Commons CLI
Manifest	bundle-symbolicname	org.apache.commons.cli
Manifest	Bundle-Version	1.2
Manifest	Implementation-Title	Commons CLI
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	1.2
Manifest	specification-title	Commons CLI
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	commons-cli
pom	description	Commons CLI provides a simple API for presenting, processing and validating a command line interface.
pom	groupid	commons-cli
pom	name	Commons CLI
pom	parent-artifactid	commons-parent
pom	parent-groupid	org.apache.commons
pom	parent-version	1.2
pom	url	http://commons.apache.org/cli/
pom	version	1.2

Identifiers

maven: commons-cli:commons-cli:1.2 Confidence:HIGHEST

commons-codec-1.2.jar

Description: The codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\commons-codec-1.2.jar
MD5: 2617b220009f952bb9542af167d040cf
SHA1: 397f4731a9f9b6eb1907e224911c77ea3aa27a8b

Evidence

Source	Name	Value
central	artifactid	commons-codec
central	groupid	commons-codec
central	version	1.2
file	name	commons-codec
file	version	1.2
jar	package name	apache
jar	package name	codec
jar	package name	commons
Manifest	extension-name	org.apache.commons.codec.*
Manifest	Implementation-Title	org.apache.commons.codec.*
Manifest	Implementation-Vendor	Apache Software Foundation
Manifest	Implementation-Vendor-Id
Manifest	Implementation-Version	1.2
Manifest	specification-title	Jakarta Commons Codec
Manifest	specification-vendor	Apache Software Foundation
pom	artifactid	commons-codec
pom	description	The codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
pom	groupid	commons-codec
pom	name	Codec
pom	version	1.2

Identifiers

maven: commons-codec:commons-codec:1.2 Confidence:HIGHEST

commons-collections-3.2.2.jar

Description: Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5

Evidence

Source	Name	Value
central	artifactid	commons-collections
central	groupid	commons-collections
central	version	3.2.2
file	name	commons-collections
file	version	3.2.2
manifest	Bundle-Description	Types that extend and augment the Java Collections Framework.
Manifest	bundle-docurl	http://commons.apache.org/collections/
Manifest	Bundle-Name	Apache Commons Collections
Manifest	bundle-symbolicname	org.apache.commons.collections
Manifest	Bundle-Version	3.2.2
Manifest	implementation-build	tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100
Manifest	Implementation-Title	Apache Commons Collections
Manifest	implementation-url	http://commons.apache.org/collections/
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	3.2.2
Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))"
Manifest	specification-title	Apache Commons Collections
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	commons-collections
pom	description	Types that extend and augment the Java Collections Framework.
pom	groupid	commons-collections
pom	name	Apache Commons Collections
pom	parent-artifactid	commons-parent
pom	parent-groupid	org.apache.commons
pom	parent-version	3.2.2
pom	url	http://commons.apache.org/collections/
pom	version	3.2.2

Identifiers

maven: commons-collections:commons-collections:3.2.2 Confidence:HIGHEST
cpe: cpe:/a:apache:commons_collections:3.2.2 Confidence:LOW

commons-compress-1.12.jar

Description: Apache Commons Compress software defines an API for working with compression and archive formats. These include: bzip2, gzip, pack200, lzma, xz, Snappy, traditional Unix Compress, DEFLATE and ar, cpio, jar, tar, zip, dump, 7z, arj.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\commons-compress-1.12.jar
MD5: b394a44c74c1e904c1ab6df0893ebb7e
SHA1: 84caa68576e345eb5e7ae61a0e5a9229eb100d7b

Evidence

Source	Name	Value
central	artifactid	commons-compress
central	groupid	org.apache.commons
central	version	1.12
file	name	commons-compress
file	version	1.12
manifest	Bundle-Description	Apache Commons Compress software defines an API for working withcompression and archive formats. These include: bzip2, gzip, pack200,lzma, xz, Snappy, traditional Unix Compress, DEFLATE and ar, cpio,jar, tar, zip, dump, 7z, arj.
Manifest	bundle-docurl	http://commons.apache.org/proper/commons-compress/
Manifest	Bundle-Name	Apache Commons Compress
Manifest	bundle-symbolicname	org.apache.commons.compress
Manifest	Bundle-Version	1.12.0
Manifest	extension-name	org.apache.commons.compress
Manifest	implementation-build	UNKNOWN@r${buildNumber}; 2016-06-18 17:29:54+0200
Manifest	Implementation-Title	Apache Commons Compress
Manifest	implementation-url	http://commons.apache.org/proper/commons-compress/
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	1.12
Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"
Manifest	specification-title	Apache Commons Compress
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	commons-compress
pom	description	Apache Commons Compress software defines an API for working with compression and archive formats. These include: bzip2, gzip, pack200, lzma, xz, Snappy, traditional Unix Compress, DEFLATE and ar, cpio, jar, tar, zip, dump, 7z, arj.
pom	groupid	apache.commons
pom	name	Apache Commons Compress
pom	parent-artifactid	commons-parent
pom	parent-groupid	org.apache.commons
pom	parent-version	1.12
pom	url	http://commons.apache.org/proper/commons-compress/
pom	version	1.12

Identifiers

cpe: cpe:/a:apache:commons-compress:1.12 Confidence:LOW
maven: org.apache.commons:commons-compress:1.12 Confidence:HIGHEST

commons-fileupload-1.2.1.jar

Description: The FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\commons-fileupload-1.2.1.jar
MD5: 951b36984148fc4f4e901f06ab382273
SHA1: 384faa82e193d4e4b0546059ca09572654bc3970

Evidence

Source	Name	Value
central	artifactid	commons-fileupload
central	groupid	commons-fileupload
central	version	1.2.1
file	name	commons-fileupload
file	version	1.2.1
Manifest	Bundle-Name	Apache Commons FileUpload Bundle
Manifest	bundle-symbolicname	org.apache.commons.fileupload
Manifest	Bundle-Version	1.2.1
Manifest	Implementation-Title	Commons FileUpload
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	1.2.1
Manifest	specification-title	Commons FileUpload
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	commons-fileupload
pom	description	The FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.
pom	groupid	commons-fileupload
pom	name	Commons FileUpload
pom	parent-artifactid	commons-parent
pom	parent-groupid	org.apache.commons
pom	parent-version	1.2.1
pom	url	http://commons.apache.org/fileupload/
pom	version	1.2.1

Identifiers

maven: commons-fileupload:commons-fileupload:1.2.1 Confidence:HIGHEST
cpe: cpe:/a:apache:commons_fileupload:1.2.1 Confidence:HIGHEST

Published Vulnerabilities

CVE-2016-3092

Severity: High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-20 Improper Input Validation

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

BID - 91453
CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1743480
CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1743722
CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1743738
CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1743742
CONFIRM - http://tomcat.apache.org/security-7.html
CONFIRM - http://tomcat.apache.org/security-8.html
CONFIRM - http://tomcat.apache.org/security-9.html
CONFIRM - http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1349468
CONFIRM - https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371
CONFIRM - https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840
DEBIAN - DSA-3609
DEBIAN - DSA-3611
DEBIAN - DSA-3614
JVN - JVN#89379547
JVNDB - JVNDB-2016-000121
MLIST - [dev] 20160621 CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability
UBUNTU - USN-3024-1
UBUNTU - USN-3027-1

Vulnerable Software & Versions: (show all)

CVE-2014-0050

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

BID - 65400
BUGTRAQ - 20140625 NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts library
BUGTRAQ - 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
CONFIRM - http://advisories.mageia.org/MGASA-2014-0110.html
CONFIRM - http://svn.apache.org/r1565143
CONFIRM - http://tomcat.apache.org/security-7.html
CONFIRM - http://tomcat.apache.org/security-8.html
CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21669554
CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21675432
CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21676091
CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21676092
CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21676401
CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21676403
CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21676405
CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21676410
CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21676656
CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21676853
CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21677691
CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21677724
CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21681214
CONFIRM - http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html
CONFIRM - http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html
CONFIRM - http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html
CONFIRM - http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CONFIRM - http://www.vmware.com/security/advisories/VMSA-2014-0007.html
CONFIRM - http://www.vmware.com/security/advisories/VMSA-2014-0012.html
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1062337
FULLDISC - 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
HP - HPSBGN03329
JVN - JVN#14876762
JVNDB - JVNDB-2014-000017
MANDRIVA - MDVSA-2015:084
MISC - http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html
MISC - http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
MLIST - [commons-dev] 20140206 [SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS
REDHAT - RHSA-2014:0400

Vulnerable Software & Versions: (show all)

CVE-2013-0248

Severity: Low
CVSS Score: 3.3 (AV:L/AC:M/Au:N/C:N/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.

BUGTRAQ - 20130306 [SECURITY] CVE-2013-0248 Apache Commons FileUpload - Insecure examples
OSVDB - 90906

Vulnerable Software & Versions: (show all)

commons-httpclient-3.1.jar

Description: The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.

License:

Apache License: http://www.apache.org/licenses/LICENSE-2.0

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\commons-httpclient-3.1.jar
MD5: 8ad8c9229ef2d59ab9f59f7050e846a5
SHA1: 964cd74171f427720480efdec40a7c7f6e58426a

Evidence

Source	Name	Value
central	artifactid	commons-httpclient
central	groupid	commons-httpclient
central	version	3.1
file	name	commons-httpclient
file	version	3.1
jar	package name	apache
jar	package name	commons
jar	package name	httpclient
Manifest	maven-version	1.1
manifest: org/apache/commons/httpclient	Implementation-Title	org.apache.commons.httpclient
manifest: org/apache/commons/httpclient	Implementation-Vendor	Apache Software Foundation
manifest: org/apache/commons/httpclient	Implementation-Version	3.1
manifest: org/apache/commons/httpclient	Specification-Title	Jakarta Commons HttpClient
pom	artifactid	commons-httpclient
pom	description	The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.
pom	groupid	commons-httpclient
pom	name	HttpClient
pom	organization name	http://jakarta.apache.org/
pom	url	http://jakarta.apache.org/httpcomponents/httpclient-3.x/
pom	version	3.1

Identifiers

maven: commons-httpclient:commons-httpclient:3.1 Confidence:HIGHEST
cpe: cpe:/a:apache:commons-httpclient:3.1 Confidence:LOW
cpe: cpe:/a:apache:httpclient:3.1 Confidence:LOW

Published Vulnerabilities

CVE-2015-5262

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1626784
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1261538
CONFIRM - https://issues.apache.org/jira/browse/HTTPCLIENT-1478
FEDORA - FEDORA-2015-15588
FEDORA - FEDORA-2015-15589
FEDORA - FEDORA-2015-15590
SECTRACK - 1033743
UBUNTU - USN-2769-1

Vulnerable Software & Versions:

cpe:/a:apache:httpclient:4.3.5 and all previous versions

CVE-2014-3577

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.

CONFIRM - https://access.redhat.com/solutions/1165533
CONFIRM - https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564
FULLDISC - 20140818 CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack
MISC - http://packetstormsecurity.com/files/127913/Apache-HttpComponents-Man-In-The-Middle.html
REDHAT - RHSA-2014:1146
REDHAT - RHSA-2014:1166
REDHAT - RHSA-2014:1833
REDHAT - RHSA-2014:1834
REDHAT - RHSA-2014:1835
REDHAT - RHSA-2014:1836
REDHAT - RHSA-2014:1891
REDHAT - RHSA-2014:1892
REDHAT - RHSA-2015:0125
REDHAT - RHSA-2015:0158
REDHAT - RHSA-2015:0675
REDHAT - RHSA-2015:0720
REDHAT - RHSA-2015:0765
REDHAT - RHSA-2015:0850
REDHAT - RHSA-2015:0851
REDHAT - RHSA-2015:1176
REDHAT - RHSA-2015:1177
UBUNTU - USN-2769-1

Vulnerable Software & Versions: (show all)

commons-io-2.5.jar

Description: The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\commons-io-2.5.jar
MD5: e2d74794fba570ec2115fb9d5b05dc9b
SHA1: 2852e6e05fbb95076fc091f6d1780f1f8fe35e0f

Evidence

Source	Name	Value
central	artifactid	commons-io
central	groupid	commons-io
central	version	2.5
file	name	commons-io
file	version	2.5
manifest	Bundle-Description	The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.
Manifest	bundle-docurl	http://commons.apache.org/proper/commons-io/
Manifest	Bundle-Name	Apache Commons IO
Manifest	bundle-symbolicname	org.apache.commons.io
Manifest	Bundle-Version	2.5.0
Manifest	implementation-build	tags/commons-io-2.5@r1739098; 2016-04-14 09:19:54-0400
Manifest	Implementation-Title	Apache Commons IO
Manifest	implementation-url	http://commons.apache.org/proper/commons-io/
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	2.5
Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"
Manifest	specification-title	Apache Commons IO
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	commons-io
pom	description	The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.
pom	groupid	commons-io
pom	name	Apache Commons IO
pom	parent-artifactid	commons-parent
pom	parent-groupid	org.apache.commons
pom	parent-version	2.5
pom	url	http://commons.apache.org/proper/commons-io/
pom	version	2.5

Identifiers

maven: commons-io:commons-io:2.5 Confidence:HIGHEST

commons-lang-2.4.jar

Description: Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\commons-lang-2.4.jar
MD5: 237a8e845441bad2e535c57d985c8204
SHA1: 16313e02a793435009f1e458fa4af5d879f6fb11

Evidence

Source	Name	Value
central	artifactid	commons-lang
central	groupid	commons-lang
central	version	2.4
file	name	commons-lang
file	version	2.4
manifest	Bundle-Description	Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.
Manifest	bundle-docurl	http://commons.apache.org/lang/
Manifest	Bundle-Name	Commons Lang
Manifest	bundle-symbolicname	org.apache.commons.lang
Manifest	Bundle-Version	2.4
Manifest	Implementation-Title	Commons Lang
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	2.4
Manifest	specification-title	Commons Lang
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	commons-lang
pom	description	Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.
pom	groupid	commons-lang
pom	name	Commons Lang
pom	parent-artifactid	commons-parent
pom	parent-groupid	org.apache.commons
pom	parent-version	2.4
pom	url	http://commons.apache.org/lang/
pom	version	2.4

Identifiers

maven: commons-lang:commons-lang:2.4 Confidence:HIGHEST

commons-lang3-3.3.2.jar

Description: Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\commons-lang3-3.3.2.jar
MD5: 3128bf75a2549ebe38663401191bacab
SHA1: 90a3822c38ec8c996e84c16a3477ef632cbc87a3

Evidence

Source	Name	Value
central	artifactid	commons-lang3
central	groupid	org.apache.commons
central	version	3.3.2
file	name	commons-lang3
file	version	3.3.2
manifest	Bundle-Description	Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.
Manifest	bundle-docurl	http://commons.apache.org/proper/commons-lang/
Manifest	Bundle-Name	Apache Commons Lang
Manifest	bundle-symbolicname	org.apache.commons.lang3
Manifest	Bundle-Version	3.3.2
Manifest	implementation-build	tags/LANG_3_3_2_RC1@r1585295; 2014-04-06 14:18:52+0200
Manifest	Implementation-Title	Apache Commons Lang
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	3.3.2
Manifest	specification-title	Apache Commons Lang
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	commons-lang3
pom	description	Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.
pom	groupid	apache.commons
pom	name	Apache Commons Lang
pom	parent-artifactid	commons-parent
pom	parent-groupid	org.apache.commons
pom	parent-version	3.3.2
pom	url	http://commons.apache.org/proper/commons-lang/
pom	version	3.3.2

Identifiers

maven: org.apache.commons:commons-lang3:3.3.2 Confidence:HIGHEST

commons-logging-1.1.1.jar

Description: Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\commons-logging-1.1.1.jar
MD5: ed448347fc0104034aa14c8189bf37de
SHA1: 5043bfebc3db072ed80fbd362e7caf00e885d8ae

Evidence

Source	Name	Value
central	artifactid	commons-logging
central	groupid	commons-logging
central	version	1.1.1
file	name	commons-logging
file	version	1.1.1
Manifest	extension-name	org.apache.commons.logging
Manifest	Implementation-Title	Jakarta Commons Logging
Manifest	Implementation-Vendor	Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	1.1.1
Manifest	specification-title	Jakarta Commons Logging
Manifest	specification-vendor	Apache Software Foundation
pom	artifactid	commons-logging
pom	description	Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.
pom	groupid	commons-logging
pom	name	Commons Logging
pom	parent-artifactid	commons-parent
pom	parent-groupid	org.apache.commons
pom	parent-version	1.1.1
pom	url	http://commons.apache.org/logging
pom	version	1.1.1

Identifiers

maven: commons-logging:commons-logging:1.1.1 Confidence:HIGHEST

commons-pool-1.5.3.jar

Description: Commons Object Pooling Library

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\commons-pool-1.5.3.jar
MD5: 0c6fdbaaac00387df7d738379422912e
SHA1: 7ad440d63c6eea5e79f1737e264810c76258d042

Evidence

Source	Name	Value
central	artifactid	commons-pool
central	groupid	commons-pool
central	version	1.5.3
file	name	commons-pool
file	version	1.5.3
manifest	Bundle-Description	Commons Object Pooling Library
Manifest	bundle-docurl	http://commons.apache.org/pool/
Manifest	Bundle-Name	Commons Pool
Manifest	bundle-symbolicname	org.apache.commons.pool
Manifest	Bundle-Version	1.5.3
Manifest	Implementation-Title	Commons Pool
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	1.5.3
Manifest	specification-title	Commons Pool
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	commons-pool
pom	description	Commons Object Pooling Library
pom	groupid	commons-pool
pom	name	Commons Pool
pom	parent-artifactid	commons-parent
pom	parent-groupid	org.apache.commons
pom	parent-version	1.5.3
pom	url	http://commons.apache.org/pool/
pom	version	1.5.3

Identifiers

maven: commons-pool:commons-pool:1.5.3 Confidence:HIGHEST

commons-validator-1.4.0.jar

Description: Commons Validator provides the building blocks for both client side validation and server side data validation. It may be used standalone or with a framework like Struts.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\commons-validator-1.4.0.jar
MD5: 8f381c168688704a85c550cf343a5ca2
SHA1: 42fa1046955ade59f5354a1876cfc523cea33815

Evidence

Source	Name	Value
central	artifactid	commons-validator
central	groupid	commons-validator
central	version	1.4.0
file	name	commons-validator
file	version	1.4.0
manifest	Bundle-Description	Commons Validator provides the building blocks for both client side validation and server side data validation. It may be used standalone or with a framework ...
Manifest	bundle-docurl	http://commons.apache.org/validator/
Manifest	Bundle-Name	Commons Validator
Manifest	bundle-symbolicname	org.apache.commons.validator
Manifest	Bundle-Version	1.4.0
Manifest	implementation-build	tags/VALIDATOR_1_4_0_RC2@r1237247; 2012-01-29 12:53:39+0100
Manifest	Implementation-Title	Commons Validator
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	1.4.0
Manifest	specification-title	Commons Validator
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	commons-validator
pom	description	Commons Validator provides the building blocks for both client side validation and server side data validation. It may be used standalone or with a framework ...
pom	groupid	commons-validator
pom	name	Commons Validator
pom	parent-artifactid	commons-parent
pom	parent-groupid	org.apache.commons
pom	parent-version	1.4.0
pom	url	http://commons.apache.org/validator/
pom	version	1.4.0

Identifiers

maven: commons-validator:commons-validator:1.4.0 Confidence:HIGHEST

composer.lock

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\composer.lock
MD5: a4846582d3f217ac97801948bf8c496c
SHA1: 875ecf45948aeed57d09c0ddba43e5b2e99fa8c7

Evidence

Source	Name	Value
file	name	composer

Identifiers

None

daytrader-ear-2.1.7.ear

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\daytrader-ear-2.1.7.ear
MD5: 9fa8c4e8072904589fc0d1a12e8eb291
SHA1: 61868609eb138c41c0298373c9f8c19713fefa54

Evidence

Source	Name	Value
file	name	daytrader-ear
file	version	2.1.7

Identifiers

None

daytrader-ear-2.1.7.ear: dt-ejb.jar

Description: Daytrader EJBs

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\daytrader-ear-2.1.7.ear\dt-ejb.jar
MD5: 26e92dbacad11c73f03ede043b113653
SHA1: f2f7c05243ec8e5fb93efb35f5908bba88651bf3

Evidence

Source	Name	Value
central	artifactid	daytrader-ejb
central	groupid	org.apache.geronimo.daytrader
central	version	2.1.7
file	name	dt-ejb
jar	package name	apache
jar	package name	daytrader
jar	package name	geronimo
jar	package name	samples
pom	artifactid	daytrader-ejb
pom	description	Daytrader EJBs
pom	groupid	apache.geronimo.daytrader
pom	name	DayTrader :: Modules :: EJBs
pom	parent-artifactid	modules
pom	parent-groupid	org.apache.geronimo.daytrader
pom	version	2.1.7

Identifiers

cpe: cpe:/a:apache:geronimo:2.1.7 Confidence:HIGHEST
maven: org.apache.geronimo.daytrader:daytrader-ejb:2.1.7 Confidence:HIGHEST

Published Vulnerabilities

CVE-2011-5034

Severity: High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-20 Improper Input Validation

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.

BUGTRAQ - 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table
CERT-VN - VU#903934
MISC - http://www.nruns.com/_downloads/advisory28122011.pdf
MISC - http://www.ocert.org/advisories/ocert-2011-003.html
MISC - https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py
SECUNIA - 47412

Vulnerable Software & Versions: (show all)

CVE-2008-0732

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.

SECUNIA - 28838
SUSE - SUSE-SR:2008:003

Vulnerable Software & Versions:

cpe:/a:apache:geronimo

daytrader-ear-2.1.7.ear: geronimo-jaxrpc_1.1_spec-2.0.0.jar

Description: Provides open-source implementations of Sun specifications.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\daytrader-ear-2.1.7.ear\geronimo-jaxrpc_1.1_spec-2.0.0.jar
MD5: 89b6273486a7c78353d919941f9f843c
SHA1: 4fad4b521e38ef8d9a2434a2421a9a1dc7910285

Evidence

Source	Name	Value
central	artifactid	geronimo-jaxrpc_1.1_spec
central	groupid	org.apache.geronimo.specs
central	version	2.0.0
file	name	geronimo-jaxrpc_1.1_spec-2.0.0
manifest	Bundle-Description	Provides open-source implementations of Sun specifications.
Manifest	bundle-docurl	http://www.apache.org
Manifest	Bundle-Name	geronimo-jaxrpc_1.1_spec
Manifest	bundle-symbolicname	org.apache.geronimo.specs.geronimo-jaxrpc_1.1_spec
Manifest	Bundle-Version	2.0.0
Manifest	Implementation-Title	Apache Geronimo
Manifest	Implementation-Version	2.0.0
pom	artifactid	geronimo-jaxrpc_1.1_spec
pom	groupid	apache.geronimo.specs
pom	name	JAXRPC 1.1
pom	parent-artifactid	specs
pom	parent-groupid	org.apache.geronimo.specs
pom	parent-version	2.0.0
pom	version	2.0.0

Identifiers

maven: org.apache.geronimo.specs:geronimo-jaxrpc_1.1_spec:2.0.0 Confidence:HIGHEST

daytrader-ear-2.1.7.ear: streamer.jar

Description: Streamer Application for Day Trader

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\daytrader-ear-2.1.7.ear\streamer.jar
MD5: 5bc6de1a34935d20331ef777463fd28b
SHA1: ec631c926ab667182840b3e5e32bd3d2f8a808ac

Evidence

Source	Name	Value
central	artifactid	daytrader-streamer
central	groupid	org.apache.geronimo.daytrader
central	version	2.1.7
file	name	streamer
Manifest	Implementation-Title	DayTrader :: Modules :: Quote Streamer
Manifest	Implementation-Vendor	Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.geronimo.daytrader
Manifest	Implementation-Version	2.1.7
Manifest	specification-title	DayTrader :: Modules :: Quote Streamer
Manifest	specification-vendor	Apache Software Foundation
pom	artifactid	daytrader-streamer
pom	description	Streamer Application for Day Trader
pom	groupid	apache.geronimo.daytrader
pom	name	DayTrader :: Modules :: Quote Streamer
pom	parent-artifactid	modules
pom	parent-groupid	org.apache.geronimo.daytrader
pom	version	2.1.7

Identifiers

cpe: cpe:/a:apache:apache_test:2.1.7 Confidence:LOW
cpe: cpe:/a:apache:geronimo:2.1.7 Confidence:HIGHEST
maven: org.apache.geronimo.daytrader:daytrader-streamer:2.1.7 Confidence:HIGHEST

Published Vulnerabilities

CVE-2011-5034

Severity: High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-20 Improper Input Validation

BUGTRAQ - 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table
CERT-VN - VU#903934
MISC - http://www.nruns.com/_downloads/advisory28122011.pdf
MISC - http://www.ocert.org/advisories/ocert-2011-003.html
MISC - https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py
SECUNIA - 47412

Vulnerable Software & Versions: (show all)

CVE-2008-0732

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.

SECUNIA - 28838
SUSE - SUSE-SR:2008:003

Vulnerable Software & Versions:

cpe:/a:apache:geronimo

daytrader-ear-2.1.7.ear: web.war

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\daytrader-ear-2.1.7.ear\web.war
MD5: 857655bb1ddb4204f09d63e5ca8c56bc
SHA1: 7a7455f5d78bb4e1b8e66cd3e6c1f964d18705f9

Evidence

Source	Name	Value
file	name	web
jar	package name	apache
jar	package name	classes
jar	package name	org
jar	package name	web-inf

Identifiers

None

daytrader-ear-2.1.7.ear: wsappclient.jar

Description: Client demonstrating Web Services

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\daytrader-ear-2.1.7.ear\wsappclient.jar
MD5: c343646c162fdd19156400fe83f41ce2
SHA1: ece01974be048ba75e2b344c39efb176915a1c16

Evidence

Source	Name	Value
central	artifactid	daytrader-wsappclient
central	groupid	org.apache.geronimo.daytrader
central	version	2.1.7
file	name	wsappclient
Manifest	Implementation-Title	DayTrader :: Modules :: WS Application Client
Manifest	Implementation-Vendor	Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.geronimo.daytrader
Manifest	Implementation-Version	2.1.7
Manifest	specification-title	DayTrader :: Modules :: WS Application Client
Manifest	specification-vendor	Apache Software Foundation
pom	artifactid	daytrader-wsappclient
pom	description	Client demonstrating Web Services
pom	groupid	apache.geronimo.daytrader
pom	name	DayTrader :: Modules :: WS Application Client
pom	parent-artifactid	modules
pom	parent-groupid	org.apache.geronimo.daytrader
pom	version	2.1.7

Identifiers

cpe: cpe:/a:apache:geronimo:2.1.7 Confidence:HIGHEST
maven: org.apache.geronimo.daytrader:daytrader-wsappclient:2.1.7 Confidence:HIGHEST

Published Vulnerabilities

CVE-2011-5034

Severity: High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-20 Improper Input Validation

BUGTRAQ - 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table
CERT-VN - VU#903934
MISC - http://www.nruns.com/_downloads/advisory28122011.pdf
MISC - http://www.ocert.org/advisories/ocert-2011-003.html
MISC - https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py
SECUNIA - 47412

Vulnerable Software & Versions: (show all)

CVE-2008-0732

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.

SECUNIA - 28838
SUSE - SUSE-SR:2008:003

Vulnerable Software & Versions:

cpe:/a:apache:geronimo

dependency-check-utils-1.4.4-SNAPSHOT.jar

Description: dependency-check-utils is a collection of common utility classes used within dependency-check that might be useful in other projects.

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\dependency-check-utils-1.4.4-SNAPSHOT.jar
MD5: c1c61050f7fdb6af867729d932610092
SHA1: 62504c3acda5ffa039bca63231caee6209dc69bb

Evidence

Source	Name	Value
file	name	dependency-check-utils
file	version	1.4.4
Manifest	Implementation-Title	Dependency-Check Utils
Manifest	implementation-url	https://github.com/jeremylong/DependencyCheck.git/dependency-check-utils
Manifest	Implementation-Vendor	OWASP
Manifest	Implementation-Vendor-Id	org.owasp
Manifest	Implementation-Version	1.4.4-SNAPSHOT
pom	artifactid	dependency-check-utils
pom	description	dependency-check-utils is a collection of common utility classes used within dependency-check that might be useful in other projects.
pom	groupid	owasp
pom	name	Dependency-Check Utils
pom	parent-artifactid	dependency-check-parent
pom	parent-groupid	org.owasp
pom	version	1.4.4-SNAPSHOT

Identifiers

maven: org.owasp:dependency-check-utils:1.4.4-SNAPSHOT Confidence:HIGH

dojo-war-1.3.0.war

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\dojo-war-1.3.0.war
MD5: cd00cb6bc15004638548148a21d799aa
SHA1: 36572b4e096421becab9346da41bbc4ec1316a54

Evidence

Source	Name	Value
file	name	dojo-war
file	version	1.3.0
jar	package name	classes
jar	package name	dojotoolkit
jar	package name	org
jar	package name	web-inf
pom	artifactid	dojo-war
pom	groupid	dojotoolkit
pom	name	Dojo Toolkit :: WAR
pom	parent-artifactid	dojo-maven
pom	parent-groupid	org.dojotoolkit
pom	version	1.3.0

Identifiers

cpe: cpe:/a:dojotoolkit:dojo:1.3 Confidence:HIGHEST
maven: org.dojotoolkit:dojo-war:1.3.0 Confidence:HIGH

Published Vulnerabilities

CVE-2010-2276

Severity: High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-16 Configuration

The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component.

AIXAPAR - LO50994
CONFIRM - http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/
CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21431472
SECUNIA - 38964
SECUNIA - 40007
VUPEN - ADV-2010-1281

Vulnerable Software & Versions: (show all)

CVE-2010-2275

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html.

AIXAPAR - LO50896
AIXAPAR - LO50994
CONFIRM - http://bugs.dojotoolkit.org/ticket/10773
CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21431472
MISC - http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/
SECUNIA - 38964
SECUNIA - 40007
VUPEN - ADV-2010-1281

Vulnerable Software & Versions: (show all)

CVE-2010-2274

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html.

AIXAPAR - LO50994
CONFIRM - http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/
CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21431472
SECUNIA - 38964
SECUNIA - 40007
VUPEN - ADV-2010-1281

Vulnerable Software & Versions: (show all)

CVE-2010-2273

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html.

AIXAPAR - LO50994
CONFIRM - http://bugs.dojotoolkit.org/ticket/10773
CONFIRM - http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/
CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21431472
MISC - http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/
SECUNIA - 38964
SECUNIA - 40007
VUPEN - ADV-2010-1281

Vulnerable Software & Versions: (show all)

dwr.jar

Description: DWR is easy Ajax for Java.

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\dwr.jar
MD5: b7f7865f90401b843ef5c032e6767f7f
SHA1: 3b8c0e896a586f825e31af06508b321b520e5aeb

Evidence

Source	Name	Value
file	name	dwr
pom	artifactid	dwr
pom	description	DWR is easy Ajax for Java.
pom	groupid	uk.ltd.getahead
pom	name	Direct Web Remoting
pom	url	http://getahead.ltd.uk/dwr
pom	version	1.1.1

Related Dependencies

Identifiers

cpe: cpe:/a:getahead:direct_web_remoting:1.1.1 Confidence:HIGHEST
maven: uk.ltd.getahead:dwr:1.1.1 Confidence:HIGH

Published Vulnerabilities

CVE-2007-0185

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to cause a denial of service (memory exhaustion and servlet outage) via unknown vectors related to a large number of calls in a batch.

BID - 21955
CONFIRM - http://getahead.ltd.uk/dwr/changelog
OSVDB - 32658
SECUNIA - 23641
SUSE - SUSE-SR:2009:004
VUPEN - ADV-2007-0095
XF - dwr-servlet-engine-dos(31382)

Vulnerable Software & Versions: (show all)

CVE-2007-0184

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.

BID - 21955
CONFIRM - http://getahead.ltd.uk/dwr/changelog
OSVDB - 32657
SECUNIA - 23641
SUSE - SUSE-SR:2009:004
VUPEN - ADV-2007-0095
XF - dwr-include-exclude-security-bypass(31377)

Vulnerable Software & Versions: (show all)

CVE-2006-6916

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to cause a denial of service (infinite loop) via unknown vectors related to "crafted input."

CONFIRM - http://getahead.ltd.uk/dwr/changelog

Vulnerable Software & Versions:

cpe:/a:getahead:direct_web_remoting:1.1.2 and all previous versions

ehcache-core-2.2.0.jar

Description: This is the ehcache core module. Pair it with other modules for added functionality.

License:

The Apache Software License, Version 2.0: src/assemble/LICENSE.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\ehcache-core-2.2.0.jar
MD5: 2c95e83b612691ba2a54e0c56cb9177f
SHA1: c3fba1f00073a38d370990ce7d8b5d4f9b05a11a

Evidence

Source	Name	Value
central	artifactid	ehcache-core
central	groupid	net.sf.ehcache
central	version	2.2.0
file	name	ehcache-core
file	version	2.2.0
jar	package name	ehcache
jar	package name	net
jar	package name	sf
pom	artifactid	ehcache-core
pom	description	This is the ehcache core module. Pair it with other modules for added functionality.
pom	groupid	net.sf.ehcache
pom	name	Ehcache Core
pom	parent-artifactid	ehcache-parent
pom	parent-version	2.2.0
pom	url	http://ehcache.org
pom	version	2.2.0

Identifiers

maven: net.sf.ehcache:ehcache-core:2.2.0 Confidence:HIGHEST

FileHelpers.2.0.0.0.nupkg

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\FileHelpers.2.0.0.0.nupkg
MD5: 0bf948b505852a2af8a597b8a129ef9a
SHA1: 30fb37d6163cf16e3ba740343becdd14d5457619

Evidence

Source	Name	Value
file	name	FileHelpers.2.0.0.0
file	version	2.0.0.0

Identifiers

cpe: cpe:/a:file:file:2.0.0.0 Confidence:LOW

Published Vulnerabilities

CVE-2007-1536

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-189 Numeric Errors

Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.

APPLE - APPLE-SA-2007-05-24
BID - 23021
BUGTRAQ - 20070825 OpenBSD 4.1 - Heap overflow vulnerabillity
BUGTRAQ - 20070828 Re: OpenBSD 4.1 - Heap overflow vulnerabillity
CERT-VN - VU#606700
CONFIRM - http://docs.info.apple.com/article.html?artnum=305530
CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2007-179.htm
CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=171452
CONFIRM - https://issues.rpath.com/browse/RPL-1148
DEBIAN - DSA-1274
FREEBSD - FreeBSD-SA-07:04
GENTOO - GLSA-200703-26
GENTOO - GLSA-200710-19
MANDRIVA - MDKSA-2007:067
MLIST - [file] 20070302 file-4.20 is now available
NETBSD - NetBSD-SA2008-001
OPENBSD - [4.0] 20070709 015: SECURITY FIX: July 9, 2007
REDHAT - RHSA-2007:0124
SECTRACK - 1017796
SECUNIA - 24548
SECUNIA - 24592
SECUNIA - 24604
SECUNIA - 24608
SECUNIA - 24616
SECUNIA - 24617
SECUNIA - 24723
SECUNIA - 24754
SECUNIA - 25133
SECUNIA - 25393
SECUNIA - 25402
SECUNIA - 25931
SECUNIA - 25989
SECUNIA - 27307
SECUNIA - 27314
SECUNIA - 29179
SLACKWARE - SSA:2007-093-01
SUSE - SUSE-SA:2007:040
SUSE - SUSE-SR:2007:005
UBUNTU - USN-439-1
VUPEN - ADV-2007-1040
VUPEN - ADV-2007-1939
XF - openbsd-file-bo(36283)

Vulnerable Software & Versions:

cpe:/a:file:file:4.19 and all previous versions

FileHelpers.2.0.0.0.nupkg: FileHelpers.nuspec

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\FileHelpers.2.0.0.0.nupkg\FileHelpers.nuspec
MD5: 9e2287f0174bcd79cf7e2427d73a1197
SHA1: d14a722b66388d84ac3b57c4de56e702aa5fea96

Evidence

Source	Name	Value
file	name	FileHelpers
nuspec	authors	Marcos Meli
nuspec	id	FileHelpers
nuspec	owners	Marcos Meli
nuspec	title	FileHelpers Lib http://www.filehelpers.com
nuspec	version	2.0.0.0

Identifiers

None

FileHelpers.2.0.0.0.nupkg: FileHelpers.dll

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\FileHelpers.2.0.0.0.nupkg\lib\FileHelpers.dll
MD5: 4829fa768de37c315a3a3b7bca027b64
SHA1: a256f622a6209ec21a13d490443ffd6dbda4f5b7

Evidence

Source	Name	Value
file	name	FileHelpers
grokassembly	product	FileHelpers
grokassembly	vendor	Marcos Meli
grokassembly	version	2.0.0.0

Identifiers

None

FileHelpers.2.0.0.0.nupkg: FileHelpers.ExcelStorage.dll

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\FileHelpers.2.0.0.0.nupkg\lib\FileHelpers.ExcelStorage.dll
MD5: d22aeca6ee71a2e6f5b3d296280ba98a
SHA1: e416350e2ee0e0711e2716cf7efce54168accc52

Evidence

Source	Name	Value
file	name	FileHelpers.ExcelStorage
grokassembly	product	FileHelpers.ExcelStorage
grokassembly	vendor	Marcos Meli
grokassembly	version	2.0.0.0

Identifiers

None

FileHelpers.2.0.0.0.nupkg: Interop.Excel.dll

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\FileHelpers.2.0.0.0.nupkg\lib\Interop.Excel.dll
MD5: 728ff3aeae71cbd8d303f442e3843c4c
SHA1: cdaa993485f737951fd91c71f41c929cd06dffa3

Evidence

Source	Name	Value
file	name	Interop.Excel
grokassembly	product	Interop.Excel
grokassembly	vendor
grokassembly	version	1.3.0.0

Identifiers

None

FileHelpers.2.0.0.0.nupkg: Interop.Office.dll

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\FileHelpers.2.0.0.0.nupkg\lib\Interop.Office.dll
MD5: 7b55e3bf19775b7a6fa5bf3c271e2c0c
SHA1: eefcfe4b0c90b6f4232d07d588a08bc04fd32e84

Evidence

Source	Name	Value
file	name	Interop.Office
grokassembly	product	Interop.Office
grokassembly	vendor
grokassembly	version	2.1.0.0

Identifiers

None

freemarker-2.3.12.jar

Description: FreeMarker is a "template engine"; a generic tool to generate text output based on templates.

License:

BSD-style license: http://www.freemarker.org/LICENSE.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\freemarker-2.3.12.jar
MD5: 719554bbc3d8a98582a8a93328134fe2
SHA1: 3501b670aa7e3822ddf7693082f621b1cd8ce086

Evidence

Source	Name	Value
central	artifactid	freemarker
central	groupid	org.freemarker
central	version	2.3.12
file	name	freemarker
file	version	2.3.12
jar	package name	freemarker
Manifest	extension-name	FreeMarker
Manifest	Implementation-Title	VSS Java FreeMarker
Manifest	Implementation-Vendor	Visigoth Software Society
Manifest	Implementation-Version	2.3.12
Manifest	specification-title	FreeMarker
Manifest	specification-vendor	Visigoth Software Society
pom	artifactid	freemarker
pom	description	FreeMarker is a "template engine"; a generic tool to generate text output based on templates.
pom	groupid	freemarker
pom	name	FreeMarker
pom	url	http://www.freemarker.org
pom	version	2.3.12

Identifiers

maven: org.freemarker:freemarker:2.3.12 Confidence:HIGHEST

geronimo-activation_1.1_spec-1.0.1.jar

Description: Provides open-source implementations of Sun specifications.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\geronimo-activation_1.1_spec-1.0.1.jar
MD5: fd89b8782af5fd2ac1cadb006477e828
SHA1: 79c75e201af44cf766e78a2515c3f88a19f69e1f

Evidence

Source	Name	Value
central	artifactid	geronimo-activation_1.1_spec
central	groupid	org.apache.geronimo.specs
central	version	1.0.1
file	name	geronimo-activation_1.1_spec-1.0.1
manifest	Bundle-Description	Provides open-source implementations of Sun specifications.
Manifest	bundle-docurl	http://www.apache.org
Manifest	Bundle-Name	geronimo-activation_1.1_spec
Manifest	bundle-symbolicname	org.apache.geronimo.specs.geronimo-activation_1.1_spec
Manifest	Bundle-Version	1.0.1
Manifest	Implementation-Title	Apache Geronimo
Manifest	Implementation-Version	1.0.1
pom	artifactid	geronimo-activation_1.1_spec
pom	groupid	apache.geronimo.specs
pom	name	Activation 1.1
pom	parent-artifactid	specs
pom	parent-groupid	org.apache.geronimo.specs
pom	parent-version	1.0.1
pom	version	1.0.1

Identifiers

maven: org.apache.geronimo.specs:geronimo-activation_1.1_spec:1.0.1 Confidence:HIGHEST

geronimo-javamail_1.4_spec-1.2.jar

Description: Provides open-source implementations of Sun specifications.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\geronimo-javamail_1.4_spec-1.2.jar
MD5: f9f0465816f2db5fa9f409fb1d9700c8
SHA1: 0f6b07582a3d6ba452b10527fb508809aff8b353

Evidence

Source	Name	Value
central	artifactid	geronimo-javamail_1.4_spec
central	groupid	org.apache.geronimo.specs
central	version	1.2
file	name	geronimo-javamail_1.4_spec-1.2
manifest	Bundle-Description	Provides open-source implementations of Sun specifications.
Manifest	bundle-docurl	http://www.apache.org
Manifest	Bundle-Name	geronimo-javamail_1.4_spec
Manifest	bundle-symbolicname	org.apache.geronimo.specs.geronimo-javamail_1.4_spec
Manifest	Bundle-Version	1.2
Manifest	Implementation-Title	Apache Geronimo
Manifest	Implementation-Version	1.2
pom	artifactid	geronimo-javamail_1.4_spec
pom	groupid	apache.geronimo.specs
pom	name	JavaMail 1.4
pom	parent-artifactid	specs
pom	parent-groupid	org.apache.geronimo.specs
pom	parent-version	1.2
pom	version	1.2

Identifiers

maven: org.apache.geronimo.specs:geronimo-javamail_1.4_spec:1.2 Confidence:HIGHEST

geronimo-jms_1.1_spec-1.1.1.jar

Description: Provides open-source implementations of Sun specifications.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\geronimo-jms_1.1_spec-1.1.1.jar
MD5: d80ce71285696d36c1add1989b94f084
SHA1: c872b46c601d8dc03633288b81269f9e42762cea

Evidence

Source	Name	Value
central	artifactid	geronimo-jms_1.1_spec
central	groupid	org.apache.geronimo.specs
central	version	1.1.1
file	name	geronimo-jms_1.1_spec-1.1.1
manifest	Bundle-Description	Provides open-source implementations of Sun specifications.
Manifest	bundle-docurl	http://www.apache.org
Manifest	Bundle-Name	geronimo-jms_1.1_spec
Manifest	bundle-symbolicname	org.apache.geronimo.specs.geronimo-jms_1.1_spec
Manifest	Bundle-Version	1.1.1
Manifest	Implementation-Title	Apache Geronimo
Manifest	Implementation-Version	1.1.1
pom	artifactid	geronimo-jms_1.1_spec
pom	groupid	apache.geronimo.specs
pom	name	JMS 1.1
pom	parent-artifactid	specs
pom	parent-groupid	org.apache.geronimo.specs
pom	parent-version	1.1.1
pom	version	1.1.1

Identifiers

maven: org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1 Confidence:HIGHEST

geronimo-jpa_2.0_spec-1.1.jar

Description: Implementation of Sun JSR-317 JPA 2.0 Spec API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\geronimo-jpa_2.0_spec-1.1.jar
MD5: 007c972f6dcfea68a6686b262c6f3d2f
SHA1: f4d90788691f5f5f201f39a53a23d392cde660a3

Evidence

Source	Name	Value
central	artifactid	geronimo-jpa_2.0_spec
central	groupid	org.apache.geronimo.specs
central	version	1.1
file	name	geronimo-jpa_2.0_spec-1.1
manifest	Bundle-Description	Implementation of Sun JSR-317 JPA 2.0 Spec API
Manifest	bundle-docurl	http://geronimo.apache.org/maven/specs/geronimo-jpa_2.0_spec/1.1
Manifest	Bundle-Name	Apache Geronimo JSR-317 JPA 2.0 Spec API
Manifest	bundle-symbolicname	org.apache.geronimo.specs.geronimo-jpa_2.0_spec;singleton=true
Manifest	Bundle-Version	1.1
Manifest	Implementation-Title	Apache Geronimo JSR-317 JPA 2.0 Spec API
Manifest	Implementation-Version	1.1
Manifest	specification-title	JSR-317 Java Persistence API 2.0
Manifest	specification-vendor	Sun Microsystems, Inc.
pom	artifactid	geronimo-jpa_2.0_spec
pom	description	Implementation of Sun JSR-317 JPA 2.0 Spec API
pom	groupid	apache.geronimo.specs
pom	name	Apache Geronimo JSR-317 JPA 2.0 Spec API
pom	parent-artifactid	genesis-java5-flava
pom	parent-groupid	org.apache.geronimo.genesis
pom	parent-version	1.1
pom	url	http://geronimo.apache.org/maven/${siteId}/${version}
pom	version	1.1

Identifiers

maven: org.apache.geronimo.specs:geronimo-jpa_2.0_spec:1.1 Confidence:HIGHEST

geronimo-jta_1.1_spec-1.1.1.jar

Description: Provides open-source implementations of Sun specifications.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\geronimo-jta_1.1_spec-1.1.1.jar
MD5: 4aa8d50456bcec0bf6f032ceb182ad64
SHA1: aabab3165b8ea936b9360abbf448459c0d04a5a4

Evidence

Source	Name	Value
central	artifactid	geronimo-jta_1.1_spec
central	groupid	org.apache.geronimo.specs
central	version	1.1.1
file	name	geronimo-jta_1.1_spec-1.1.1
manifest	Bundle-Description	Provides open-source implementations of Sun specifications.
Manifest	bundle-docurl	http://www.apache.org
Manifest	Bundle-Name	geronimo-jta_1.1_spec
Manifest	bundle-symbolicname	org.apache.geronimo.specs.geronimo-jta_1.1_spec
Manifest	Bundle-Version	1.1.1
Manifest	Implementation-Title	Apache Geronimo
Manifest	Implementation-Version	1.1.1
pom	artifactid	geronimo-jta_1.1_spec
pom	groupid	apache.geronimo.specs
pom	name	JTA 1.1
pom	parent-artifactid	specs
pom	parent-groupid	org.apache.geronimo.specs
pom	parent-version	1.1.1
pom	version	1.1.1

Identifiers

maven: org.apache.geronimo.specs:geronimo-jta_1.1_spec:1.1.1 Confidence:HIGHEST

geronimo-stax-api_1.0_spec-1.0.1.jar

Description: Provides open-source implementations of Sun specifications.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\geronimo-stax-api_1.0_spec-1.0.1.jar
MD5: b7c2a715cd3d1c43dc4ccfae426e8e2e
SHA1: 1c171093a8b43aa550c6050ac441abe713ebb4f2

Evidence

Source	Name	Value
central	artifactid	geronimo-stax-api_1.0_spec
central	groupid	org.apache.geronimo.specs
central	version	1.0.1
file	name	geronimo-stax-api_1.0_spec-1.0.1
manifest	Bundle-Description	Provides open-source implementations of Sun specifications.
Manifest	bundle-docurl	http://www.apache.org
Manifest	Bundle-Name	geronimo-stax-api_1.0_spec
Manifest	bundle-symbolicname	org.apache.geronimo.specs.geronimo-stax-api_1.0_spec
Manifest	Bundle-Version	1.0.1
Manifest	Implementation-Title	Apache Geronimo
Manifest	Implementation-Version	1.0.1
pom	artifactid	geronimo-stax-api_1.0_spec
pom	groupid	apache.geronimo.specs
pom	name	Streaming API for XML (STAX API 1.0)
pom	parent-artifactid	specs
pom	parent-groupid	org.apache.geronimo.specs
pom	parent-version	1.0.1
pom	version	1.0.1

Identifiers

maven: org.apache.geronimo.specs:geronimo-stax-api_1.0_spec:1.0.1 Confidence:HIGHEST

guice-3.0.jar

Description: Guice is a lightweight dependency injection framework for Java 5 and above

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\guice-3.0.jar
MD5: ca1c7ba366884cfcd2cfb48d2395c400
SHA1: 9d84f15fe35e2c716a02979fb62f50a29f38aefa

Evidence

Source	Name	Value
central	artifactid	guice
central	groupid	com.google.inject
central	version	3.0
file	name	guice
file	version	3.0
jar	package name	google
jar	package name	inject
jar	package name	internal
Manifest	bundle-copyright	2006
Manifest	bundle-copyright	Copyright (C) 2006 Google Inc.
manifest	Bundle-Description	Guice is a lightweight dependency injection framework for Java 5 and above
Manifest	bundle-docurl	http://code.google.com/p/google-guice/
Manifest	Bundle-Name	guice
Manifest	bundle-requiredexecutionenvironment	J2SE-1.5,JavaSE-1.6
Manifest	bundle-symbolicname	com.google.inject
Manifest	Bundle-Version	3.0.0
pom	artifactid	guice
pom	groupid	google.inject
pom	name	Google Guice - Core Library
pom	parent-artifactid	guice-parent
pom	parent-groupid	com.google.inject
pom	version	3.0

Identifiers

maven: com.google.inject:guice:3.0 Confidence:HIGHEST

h2-1.3.176.jar

Description: H2 Database Engine

License:

The H2 License, Version 1.0: http://h2database.com/html/license.html

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\h2-1.3.176.jar
MD5: 9c15d378136b31e4fd8f54561e90713a
SHA1: fd369423346b2f1525c413e33f8cf95b09c92cbd

Evidence

Source	Name	Value
central	artifactid	h2
central	groupid	com.h2database
central	version	1.3.176
file	name	h2
file	version	1.3.176
jar	package name	h2
Manifest	Bundle-Name	H2 Database Engine
Manifest	bundle-symbolicname	org.h2
Manifest	Bundle-Version	1.3.176
Manifest	Implementation-Title	H2 Database Engine
Manifest	implementation-url	http://www.h2database.com
Manifest	Implementation-Version	1.3.176
pom	artifactid	h2
pom	description	H2 Database Engine
pom	groupid	h2database
pom	name	H2 Database Engine
pom	url	http://www.h2database.com
pom	version	1.3.176

Identifiers

maven: com.h2database:h2:1.3.176 Confidence:HIGHEST

hamcrest-core-1.3.jar

Description: This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\hamcrest-core-1.3.jar
MD5: 6393363b47ddcbba82321110c3e07519
SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0

Evidence

Source	Name	Value
central	artifactid	hamcrest-core
central	groupid	org.hamcrest
central	version	1.3
file	name	hamcrest-core
file	version	1.3
jar	package name	hamcrest
Manifest	built-date	2012-07-09 19:49:34
Manifest	Implementation-Title	hamcrest-core
Manifest	Implementation-Vendor	hamcrest.org
Manifest	Implementation-Version	1.3
pom	artifactid	hamcrest-core
pom	description	This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.
pom	groupid	hamcrest
pom	name	Hamcrest Core
pom	parent-artifactid	hamcrest-parent
pom	parent-groupid	org.hamcrest
pom	version	1.3

Identifiers

maven: org.hamcrest:hamcrest-core:1.3 Confidence:HIGHEST

hazelcast-2.5.jar

Description: Hazelcast In-Memory DataGrid

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\hazelcast-2.5.jar
MD5: cecb9f89cf60f8947451f620e542cbc8
SHA1: 3614fa9e42e8cd4d124ca37a2edb36d0e926959d

Evidence

Source	Name	Value
central	artifactid	hazelcast
central	groupid	com.hazelcast
central	version	2.5
file	name	hazelcast
file	version	2.5
manifest	Bundle-Description	Hazelcast In-Memory DataGrid
Manifest	bundle-docurl	http://www.hazelcast.com/
Manifest	Bundle-Name	hazelcast
Manifest	bundle-symbolicname	com.hazelcast
Manifest	Bundle-Version	2.5.0
Manifest	Implementation-Title	hazelcast
Manifest	Implementation-Vendor	Hazelcast, Inc.
Manifest	Implementation-Vendor-Id	com.hazelcast
Manifest	Implementation-Version	2.5
Manifest	specification-title	hazelcast
pom	artifactid	hazelcast
pom	groupid	hazelcast
pom	name	hazelcast
pom	parent-artifactid	hazelcast-root
pom	parent-groupid	com.hazelcast
pom	version	2.5

Identifiers

maven: com.hazelcast:hazelcast:2.5 Confidence:HIGHEST

hibernate3.jar

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\hibernate3.jar
MD5: b22bbafa38341db968033f1acbfa8dd9
SHA1: 826da9fc452e7009116dffc2d348ba705fe2aa82

Evidence

Source	Name	Value
file	name	hibernate3
file	version	3
jar	package name	hibernate
Manifest	Implementation-Title	Hibernate Distribution
Manifest	implementation-url	http://hibernate.org
Manifest	Implementation-Vendor	Hibernate.org
Manifest	Implementation-Vendor-Id	org.hibernate
Manifest	Implementation-Version	3.6.6.Final
Manifest	specification-title	Hibernate Distribution
Manifest	specification-vendor	Hibernate.org

Identifiers

None

httpcore-4.0-beta1.jar

Description: HttpComponents Core (Java 1.3 compatible)

License:

Apache License: ../LICENSE.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\httpcore-4.0-beta1.jar
MD5: 7515cfff71e32ce55d5ba6b73251d93a
SHA1: c642a5f7c20539840957584b1af2ad798cd1ba52

Evidence

Source	Name	Value
central	artifactid	httpcore
central	groupid	org.apache.httpcomponents
central	version	4.0-beta1
file	name	httpcore
file	version	4.0.beta
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	4.0-beta1
pom	artifactid	httpcore
pom	description	HttpComponents Core (Java 1.3 compatible)
pom	groupid	apache.httpcomponents
pom	name	HttpCore (base module)
pom	parent-artifactid	httpcomponents-core
pom	parent-groupid	org.apache.httpcomponents
pom	url	http://hc.apache.org/httpcomponents-core/
pom	version	4.0-beta1

Identifiers

maven: org.apache.httpcomponents:httpcore:4.0-beta1 Confidence:HIGHEST

httpcore-nio-4.0-beta1.jar

Description: HttpComponents Core (NIO extensions)

License:

Apache License: ../LICENSE.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\httpcore-nio-4.0-beta1.jar
MD5: 926965bc84b5f5f138df66ddd05baed0
SHA1: a0d825beaa0bc0b03fcf11315abc4b7fd60fe2e8

Evidence

Source	Name	Value
central	artifactid	httpcore-nio
central	groupid	org.apache.httpcomponents
central	version	4.0-beta1
file	name	httpcore-nio
file	version	4.0.beta
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	4.0-beta1
pom	artifactid	httpcore-nio
pom	description	HttpComponents Core (NIO extensions)
pom	groupid	apache.httpcomponents
pom	name	HttpCore (NIO extensions module)
pom	parent-artifactid	httpcomponents-core
pom	parent-groupid	org.apache.httpcomponents
pom	url	http://hc.apache.org/httpcomponents-core/
pom	version	4.0-beta1

Identifiers

maven: org.apache.httpcomponents:httpcore-nio:4.0-beta1 Confidence:HIGHEST

javax.inject-1.jar

Description: The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38

Evidence

Source	Name	Value
central	artifactid	javax.inject
central	groupid	javax.inject
central	version	1
file	name	javax.inject-1
file	version	1
jar	package name	inject
jar	package name	javax
pom	artifactid	javax.inject
pom	description	The javax.inject API
pom	groupid	javax.inject
pom	name	javax.inject
pom	url	http://code.google.com/p/atinject/
pom	version	1

Identifiers

maven: javax.inject:javax.inject:1 Confidence:HIGHEST

javax.json-1.0.4.jar

Description: Default provider for JSR 353:Java API for Processing JSON

License:

https://glassfish.java.net/public/CDDL+GPL_1_1.html

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\javax.json-1.0.4.jar
MD5: 569870f975deeeb6691fcb9bc02a9555
SHA1: 3178f73569fd7a1e5ffc464e680f7a8cc784b85a

Evidence

Source	Name	Value
central	artifactid	javax.json
central	groupid	org.glassfish
central	version	1.0.4
file	name	javax.json
file	version	1.0.4
manifest	Bundle-Description	Default provider for JSR 353:Java API for Processing JSON
Manifest	bundle-docurl	http://www.oracle.com
Manifest	Bundle-Name	JSR 353 (JSON Processing) Default Provider
Manifest	bundle-symbolicname	org.glassfish.javax.json
Manifest	Bundle-Version	1.0.4
Manifest	extension-name	javax.json
Manifest	Implementation-Version	1.0.4
pom	artifactid	javax.json
pom	description	Default provider for JSR 353:Java API for Processing JSON
pom	groupid	glassfish
pom	name	JSR 353 (JSON Processing) Default Provider
pom	parent-artifactid	json
pom	parent-groupid	org.glassfish
pom	url	http://jsonp.java.net
pom	version	1.0.4

Identifiers

maven: org.glassfish:javax.json:1.0.4 Confidence:HIGHEST

jaxb-xercesImpl-1.5.jar

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\jaxb-xercesImpl-1.5.jar
MD5: 8cd074364c830fc8ff40a8a19c0a74c8
SHA1: 73a51faadb407dccdbd77234e0d5a0a648665692

Evidence

Source	Name	Value
central	artifactid	jaxb-xercesImpl
central	artifactid	xercesImpl
central	groupid	activesoap
central	version	1.5
file	name	jaxb-xercesImpl
file	version	1.5
jar	package name	apache
jar	package name	org
jar	package name	sun
jar	package name	xerces
jar (hint)	package name	oracle
Manifest	extension-name	com.sun.org.apache.xerces.internal
Manifest	Implementation-Title	Xerces 2 Parser Implementation (of JAXP RI 1.2.6 )
Manifest	implementation-url	http://xml.apache.org/xerces2-j
Manifest	Implementation-Vendor	Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	Xerces-J_2_6_2
Manifest	specification-title	Java API for XML Processing
Manifest	specification-vendor	Sun Microsystems Inc.
pom	artifactid	jaxb-xercesImpl
pom	groupid	activesoap
pom	version	1.5

Identifiers

maven: activesoap:jaxb-xercesImpl:1.5 Confidence:HIGHEST
maven: activesoap:xercesImpl:1.5 Confidence:HIGHEST

jaxen-1.1.1.jar

Description: Jaxen is a universal Java XPath engine.

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\jaxen-1.1.1.jar
MD5: 261d1aa59865842ecc32b3848b0c6538
SHA1: 9f5d3c5974dbe5cf69c2c2ec7d8a4eb6e0fce7f9

Evidence

Source	Name	Value
central	artifactid	jaxen
central	groupid	jaxen
central	version	1.1.1
file	name	jaxen
file	version	1.1.1
jar	package name	jaxen
Manifest	extension-name	jaxen
Manifest	Implementation-Title	org.jaxen
Manifest	Implementation-Vendor	Codehaus
Manifest	Implementation-Version	1.1.1
Manifest	specification-title	Universal Java XPath Engine
Manifest	specification-vendor	Codehaus
pom	artifactid	jaxen
pom	description	Jaxen is a universal Java XPath engine.
pom	groupid	jaxen
pom	name	jaxen
pom	organization name	http://codehaus.org
pom	url	http://jaxen.codehaus.org/
pom	version	1.1.1

Identifiers

maven: jaxen:jaxen:1.1.1 Confidence:HIGHEST

jcip-annotations-1.0.jar

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\jcip-annotations-1.0.jar
MD5: 9d5272954896c5a5d234f66b7372b17a
SHA1: afba4942caaeaf46aab0b976afd57cc7c181467e

Evidence

Source	Name	Value
central	artifactid	jcip-annotations
central	groupid	net.jcip
central	version	1.0
file	name	jcip-annotations
file	version	1.0
jar	package name	annotations
jar	package name	jcip
jar	package name	net
pom	artifactid	jcip-annotations
pom	groupid	net.jcip
pom	name	"Java Concurrency in Practice" book annotations
pom	url	http://jcip.net/
pom	version	1.0

Identifiers

maven: net.jcip:jcip-annotations:1.0 Confidence:HIGHEST

jetty-6.1.0.jar

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\jetty-6.1.0.jar
MD5: 121a72b1dea1a9adf83079a44ca08e7b
SHA1: fb39ebc0cdccea6b54ad87d229a352a894eebecc

Evidence

Source	Name	Value
central	artifactid	jetty
central	groupid	org.mortbay.jetty
central	version	6.1.0
file	name	jetty
file	version	6.1.0
Manifest	implementation-version	6.1.0
Manifest	url	http://jetty.mortbay.org
pom	artifactid	jetty
pom	groupid	mortbay.jetty
pom	name	Jetty Server
pom	parent-artifactid	project
pom	parent-groupid	org.mortbay.jetty
pom	url	http://jetty.mortbay.org
pom	version	6.1.0

Related Dependencies

Identifiers

cpe: cpe:/a:jetty:jetty:6.1.0 Confidence:LOW
cpe: cpe:/a:mortbay:jetty:6.1.0 Confidence:HIGHEST
cpe: cpe:/a:mortbay_jetty:jetty:6.1 Confidence:HIGHEST
maven: org.mortbay.jetty:jetty:6.1.0 Confidence:HIGHEST

Published Vulnerabilities

CVE-2011-4461

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-310 Cryptographic Issues

Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

BUGTRAQ - 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table
CERT-VN - VU#903934
MISC - http://www.nruns.com/_downloads/advisory28122011.pdf
MISC - http://www.ocert.org/advisories/ocert-2011-003.html
SECTRACK - 1026475
SECUNIA - 47408
SECUNIA - 48981
UBUNTU - USN-1429-1
XF - jetty-hash-dos(72017)

Vulnerable Software & Versions: (show all)

CVE-2009-4612

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP Snoop page in Mort Bay Jetty 6.1.x through 6.1.21 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) jspsnoop/, (2) jspsnoop/ERROR/, and (3) jspsnoop/IOException/, and possibly the PATH_INFO to (4) snoop.jsp.

MISC - http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt

Vulnerable Software & Versions: (show all)

CVE-2009-4611

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

Mort Bay Jetty 6.x and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator, related to (1) a string value in the Age parameter to the default URI for the Cookie Dump Servlet in test-jetty-webapp/src/main/java/com/acme/CookieDump.java under cookie/, (2) an alphabetic value in the A parameter to jsp/expr.jsp, or (3) an alphabetic value in the Content-Length HTTP header to an arbitrary application.

Vulnerable Software & Versions: (show all)

CVE-2009-4610

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty 6.x and 7.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to jsp/dump.jsp in the JSP Dump feature, or the (2) Name or (3) Value parameter to the default URI for the Session Dump Servlet under session/.

MISC - http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt

Vulnerable Software & Versions: (show all)

CVE-2009-4609

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote attackers to obtain sensitive information about internal variables and other data via a request to a URI ending in /dump/, as demonstrated by discovering the value of the getPathTranslated variable.

MISC - http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt

Vulnerable Software & Versions: (show all)

CVE-2009-1524

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before 6.1.17 allows remote attackers to inject arbitrary web script or HTML via a directory listing request containing a ; (semicolon) character.

BID - 34800
CONFIRM - http://jira.codehaus.org/browse/JETTY-980
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=499867
HP - HPSBMA02553
HP - SSRT100184
SECUNIA - 34975
SECUNIA - 40553
VUPEN - ADV-2010-1792

Vulnerable Software & Versions: (show all)

CVE-2009-1523

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.

BID - 34800
BID - 35675
CERT-VN - VU#402580
CONFIRM - http://jira.codehaus.org/browse/JETTY-1004
CONFIRM - http://www.kb.cert.org/vuls/id/CRDY-7RKQCY
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=499867
FEDORA - FEDORA-2009-5500
FEDORA - FEDORA-2009-5509
FEDORA - FEDORA-2009-5513
HP - HPSBMA02553
HP - SSRT100184
SECTRACK - 1022563
SECUNIA - 34975
SECUNIA - 35143
SECUNIA - 35225
SECUNIA - 35776
SECUNIA - 40553
VUPEN - ADV-2009-1900
VUPEN - ADV-2010-1792

Vulnerable Software & Versions: (show all)

CVE-2007-5615

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')

CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

BID - 26696
CERT-VN - VU#212984
CONFIRM - http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt
FEDORA - FEDORA-2008-6141
FEDORA - FEDORA-2008-6164
OSVDB - 42495
SECUNIA - 27925
SECUNIA - 30941
SECUNIA - 35143
SUSE - SUSE-SR:2009:004

Vulnerable Software & Versions:

cpe:/a:mortbay_jetty:jetty:6.1.6rc0 and all previous versions

CVE-2007-5614

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors.

BID - 26695
CERT-VN - VU#438616
CONFIRM - http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt
FEDORA - FEDORA-2008-6141
FEDORA - FEDORA-2008-6164
OSVDB - 42496
SECUNIA - 27925
SECUNIA - 30941
SECUNIA - 35143

Vulnerable Software & Versions: (show all)

CVE-2007-5613

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies.

BID - 26697
CERT-VN - VU#237888
CONFIRM - http://jira.codehaus.org/browse/JETTY-452
CONFIRM - http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt
FEDORA - FEDORA-2008-6141
FEDORA - FEDORA-2008-6164
OSVDB - 42497
SECUNIA - 27925
SECUNIA - 30941
SECUNIA - 35143
SUSE - SUSE-SR:2009:004

Vulnerable Software & Versions: (show all)

jmockit-1.24.jar

Description: JMockit is a Java toolkit for automated developer testing. It contains mocking and faking APIs and a code coverage tool, supporting both JUnit and TestNG. The mocking API allows all kinds of Java code, without testability restrictions, to be tested in isolation from selected dependencies.

License:

The MIT License: http://www.opensource.org/licenses/mit-license.php

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\jmockit-1.24.jar
MD5: 27c6e2be6bda6f78f83604d1f1d40006
SHA1: c8f3d57267a9979727da9d679921f1e60fa2beec

Evidence

Source	Name	Value
central	artifactid	jmockit
central	groupid	org.jmockit
central	version	1.24
file	name	jmockit
file	version	1.24
jar	package name	internal
jar	package name	mockit
pom	artifactid	jmockit
pom	description	JMockit is a Java toolkit for automated developer testing. It contains mocking and faking APIs and a code coverage tool, supporting both JUnit and TestNG. The mocking API allows all kinds of Java code, without testability restrictions, to be tested in isolation from selected dependencies.
pom	groupid	jmockit
pom	name	Main
pom	url	http://www.jmockit.org
pom	version	1.24

Identifiers

maven: org.jmockit:jmockit:1.24 Confidence:HIGHEST

jsoup-1.9.2.jar

Description: jsoup HTML parser

License:

The MIT License: https://jsoup.org/license

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\jsoup-1.9.2.jar
MD5: a8627c801e0d16169ef9ca83cf89861a
SHA1: 5e3bda828a80c7a21dfbe2308d1755759c2fd7b4

Evidence

Source	Name	Value
central	artifactid	jsoup
central	groupid	org.jsoup
central	version	1.9.2
file	name	jsoup
file	version	1.9.2
manifest	Bundle-Description	jsoup HTML parser
Manifest	bundle-docurl	http://jsoup.org/
Manifest	Bundle-Name	jsoup
Manifest	bundle-symbolicname	org.jsoup
Manifest	Bundle-Version	1.9.2
pom	artifactid	jsoup
pom	description	jsoup HTML parser
pom	groupid	jsoup
pom	name	jsoup
pom	organization name	http://jonathanhedley.com/
pom	url	https://jsoup.org/
pom	version	1.9.2

Identifiers

maven: org.jsoup:jsoup:1.9.2 Confidence:HIGHEST

jsr305-3.0.1.jar

Description: JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\jsr305-3.0.1.jar
MD5: c6532beb3f7cc54a8d73d25d5602b9e4
SHA1: f7be08ec23c21485b9b5a1cf1654c2ec8c58168d

Evidence

Source	Name	Value
central	artifactid	jsr305
central	groupid	com.google.code.findbugs
central	version	3.0.1
file	name	jsr305
file	version	3.0.1
manifest	Bundle-Description	JSR305 Annotations for Findbugs
Manifest	Bundle-Name	FindBugs-jsr305
Manifest	bundle-symbolicname	org.jsr-305
Manifest	Bundle-Version	3.0.1
pom	artifactid	jsr305
pom	description	JSR305 Annotations for Findbugs
pom	groupid	google.code.findbugs
pom	name	FindBugs-jsr305
pom	url	http://findbugs.sourceforge.net/
pom	version	3.0.1

Identifiers

maven: com.google.code.findbugs:jsr305:3.0.1 Confidence:HIGHEST

junit-4.12.jar

Description: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.

License:

Eclipse Public License 1.0: http://www.eclipse.org/legal/epl-v10.html

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\junit-4.12.jar
MD5: 5b38c40c97fbd0adee29f91e60405584
SHA1: 2973d150c0dc1fefe998f834810d68f278ea58ec

Evidence

Source	Name	Value
central	artifactid	junit
central	groupid	junit
central	version	4.12
file	name	junit
file	version	4.12
jar	package name	junit
Manifest	Implementation-Title	JUnit
Manifest	Implementation-Vendor	JUnit
Manifest	Implementation-Vendor-Id	junit
Manifest	Implementation-Version	4.12
pom	artifactid	junit
pom	description	JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.
pom	groupid	junit
pom	name	JUnit
pom	organization name	http://www.junit.org
pom	url	http://junit.org
pom	version	4.12

Identifiers

maven: junit:junit:4.12 Confidence:HIGHEST

junit4-ant-2.0.13.jar

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\junit4-ant-2.0.13.jar
MD5: ebab7fecab4398e859176ecb81e63d0e
SHA1: 33904a47c5f920d270437ea1075cc9fa5ecb8099

Evidence

Source	Name	Value
central	artifactid	junit4-ant
central	groupid	com.carrotsearch.randomizedtesting
central	version	2.0.13
file	name	junit4-ant
file	version	2.0.13
jar	package name	ant
jar	package name	carrotsearch
jar	package name	junit4
jar	package name	tasks
pom	artifactid	junit4-ant
pom	groupid	carrotsearch.randomizedtesting
pom	name	RandomizedTesting JUnit4 ANT Task
pom	parent-artifactid	randomizedtesting-parent
pom	parent-groupid	com.carrotsearch.randomizedtesting
pom	version	2.0.13

Identifiers

maven: com.carrotsearch.randomizedtesting:junit4-ant:2.0.13 Confidence:HIGHEST

log4net.2.0.3.nuspec

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\log4net.2.0.3.nuspec
MD5: d95207bfd2539c046ba7271b695b08f7
SHA1: b82102a0767f56525926698fbba4b7c47e96d4ab

Evidence

Source	Name	Value
file	name	log4net.2.0.3
file	version	2.0.3
nuspec	authors	Apache Software Foundation
nuspec	id	log4net
nuspec	owners	Apache Software Foundation
nuspec	title	log4net [1.2.13]
nuspec	version	2.0.3

Identifiers

cpe: cpe:/a:apache:log4net:2.0.3 Confidence:LOW

log4net.dll

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\log4net.dll
MD5: e873f47ff9ed73a7ed7054aaf4e7601a
SHA1: 44d7ee86c72be615da883a24f0b54fd0725ad298

Evidence

Source	Name	Value
file	name	log4net
file	version	4
grokassembly	product	log4net
grokassembly	vendor	The Apache Software Foundation
grokassembly	version	1.2.13.0

Identifiers

cpe: cpe:/a:apache:log4net:1.2.13.0 Confidence:LOW

logback-classic-1.1.7.jar

Description: logback-classic module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\logback-classic-1.1.7.jar
MD5: 7373c8ad1bfa162332d7d13c4596c2a1
SHA1: 9865cf6994f9ff13fce0bf93f2054ef6c65bb462

Evidence

Source	Name	Value
central	artifactid	logback-classic
central	groupid	ch.qos.logback
central	version	1.1.7
file	name	logback-classic
file	version	1.1.7
manifest	Bundle-Description	logback-classic module
Manifest	bundle-docurl	http://www.qos.ch
Manifest	Bundle-Name	Logback Classic Module
Manifest	bundle-requiredexecutionenvironment	JavaSE-1.6
Manifest	bundle-symbolicname	ch.qos.logback.classic
Manifest	Bundle-Version	1.1.7
Manifest	originally-created-by	Apache Maven Bundle Plugin
Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"
pom	artifactid	logback-classic
pom	description	logback-classic module
pom	groupid	ch.qos.logback
pom	name	Logback Classic Module
pom	parent-artifactid	logback-parent
pom	version	1.1.7

Identifiers

maven: ch.qos.logback:logback-classic:1.1.7 Confidence:HIGHEST

logback-core-1.1.7.jar

Description: logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\logback-core-1.1.7.jar
MD5: 4021551de5018dfa4b79ec553280f00a
SHA1: 7873092d39ef741575ca91378a6a21c388363ac8

Evidence

Source	Name	Value
central	artifactid	logback-core
central	groupid	ch.qos.logback
central	version	1.1.7
file	name	logback-core
file	version	1.1.7
manifest	Bundle-Description	logback-core module
Manifest	bundle-docurl	http://www.qos.ch
Manifest	Bundle-Name	Logback Core Module
Manifest	bundle-requiredexecutionenvironment	JavaSE-1.6
Manifest	bundle-symbolicname	ch.qos.logback.core
Manifest	Bundle-Version	1.1.7
Manifest	originally-created-by	Apache Maven Bundle Plugin
Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"
pom	artifactid	logback-core
pom	description	logback-core module
pom	groupid	ch.qos.logback
pom	name	Logback Core Module
pom	parent-artifactid	logback-parent
pom	version	1.1.7

Identifiers

maven: ch.qos.logback:logback-core:1.1.7 Confidence:HIGHEST

lucene-analyzers-common-4.7.2.jar

Description: Additional Analyzers

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\lucene-analyzers-common-4.7.2.jar
MD5: cbc49dfc4ed6ee29db3a1ed5a84c5a9e
SHA1: 72017b7643f6e2389a140099a3fce198a569b599

Evidence

Source	Name	Value
central	artifactid	lucene-analyzers-common
central	groupid	org.apache.lucene
central	version	4.7.2
file	name	lucene-analyzers-common
file	version	4.7.2
jar	package name	analysis
jar	package name	apache
jar	package name	lucene
Manifest	extension-name	org.apache.lucene
Manifest	Implementation-Title	org.apache.lucene
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Version	4.7.2 1586229 - rmuir - 2014-04-10 09:00:55
Manifest	specification-title	Lucene Search Engine: analyzers-common
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	lucene-analyzers-common
pom	description	Additional Analyzers
pom	groupid	apache.lucene
pom	name	Lucene Common Analyzers
pom	parent-artifactid	lucene-parent
pom	parent-groupid	org.apache.lucene
pom	version	4.7.2

Identifiers

maven: org.apache.lucene:lucene-analyzers-common:4.7.2 Confidence:HIGHEST

lucene-codecs-4.7.2.jar

Description: Codecs and postings formats for Apache Lucene.

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\lucene-codecs-4.7.2.jar
MD5: c442ec2c5e403d9c6f8ba8ad8762cd81
SHA1: 386adfd04528461f9ddfa0ff839190f6a6d9c1a5

Evidence

Source	Name	Value
central	artifactid	lucene-codecs
central	groupid	org.apache.lucene
central	version	4.7.2
file	name	lucene-codecs
file	version	4.7.2
jar	package name	apache
jar	package name	codecs
jar	package name	lucene
Manifest	extension-name	org.apache.lucene
Manifest	Implementation-Title	org.apache.lucene
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Version	4.7.2 1586229 - rmuir - 2014-04-10 09:01:03
Manifest	specification-title	Lucene Search Engine: codecs
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	lucene-codecs
pom	description	Codecs and postings formats for Apache Lucene.
pom	groupid	apache.lucene
pom	name	Lucene codecs
pom	parent-artifactid	lucene-parent
pom	parent-groupid	org.apache.lucene
pom	version	4.7.2

Identifiers

maven: org.apache.lucene:lucene-codecs:4.7.2 Confidence:HIGHEST

lucene-core-4.7.2.jar

Description: Apache Lucene Java Core

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\lucene-core-4.7.2.jar
MD5: 6ed7375bfe046610363a10915ce2dd8b
SHA1: c9ec1d5b48635aa032ca3d2c824dea0e6523a4a5

Evidence

Source	Name	Value
central	artifactid	lucene-core
central	groupid	org.apache.lucene
central	version	4.7.2
file	name	lucene-core
file	version	4.7.2
jar	package name	apache
jar	package name	lucene
Manifest	extension-name	org.apache.lucene
Manifest	Implementation-Title	org.apache.lucene
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Version	4.7.2 1586229 - rmuir - 2014-04-10 09:00:35
Manifest	specification-title	Lucene Search Engine: core
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	lucene-core
pom	description	Apache Lucene Java Core
pom	groupid	apache.lucene
pom	name	Lucene Core
pom	parent-artifactid	lucene-parent
pom	parent-groupid	org.apache.lucene
pom	version	4.7.2

Identifiers

maven: org.apache.lucene:lucene-core:4.7.2 Confidence:HIGHEST

lucene-queries-4.7.2.jar

Description: Lucene Queries Module

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\lucene-queries-4.7.2.jar
MD5: fe815419a0aff3f76452ac516fffb680
SHA1: c357a2494e341f2680fccbf9e96138c7083aaad4

Evidence

Source	Name	Value
central	artifactid	lucene-queries
central	groupid	org.apache.lucene
central	version	4.7.2
file	name	lucene-queries
file	version	4.7.2
jar	package name	apache
jar	package name	function
jar	package name	lucene
jar	package name	queries
Manifest	extension-name	org.apache.lucene
Manifest	Implementation-Title	org.apache.lucene
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Version	4.7.2 1586229 - rmuir - 2014-04-10 09:01:08
Manifest	specification-title	Lucene Search Engine: queries
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	lucene-queries
pom	description	Lucene Queries Module
pom	groupid	apache.lucene
pom	name	Lucene Queries
pom	parent-artifactid	lucene-parent
pom	parent-groupid	org.apache.lucene
pom	version	4.7.2

Identifiers

maven: org.apache.lucene:lucene-queries:4.7.2 Confidence:HIGHEST

lucene-queryparser-4.7.2.jar

Description: Lucene QueryParsers module

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\lucene-queryparser-4.7.2.jar
MD5: e7c72fce30aae45d9e3ad43b24b2a58f
SHA1: 0ef6eb0d081065d3b69a4f097eec115a80f3a8f7

Evidence

Source	Name	Value
central	artifactid	lucene-queryparser
central	groupid	org.apache.lucene
central	version	4.7.2
file	name	lucene-queryparser
file	version	4.7.2
jar	package name	apache
jar	package name	flexible
jar	package name	lucene
jar	package name	queryparser
Manifest	extension-name	org.apache.lucene
Manifest	Implementation-Title	org.apache.lucene
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Version	4.7.2 1586229 - rmuir - 2014-04-10 09:01:09
Manifest	specification-title	Lucene Search Engine: queryparser
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	lucene-queryparser
pom	description	Lucene QueryParsers module
pom	groupid	apache.lucene
pom	name	Lucene QueryParsers
pom	parent-artifactid	lucene-parent
pom	parent-groupid	org.apache.lucene
pom	version	4.7.2

Identifiers

maven: org.apache.lucene:lucene-queryparser:4.7.2 Confidence:HIGHEST

lucene-sandbox-4.7.2.jar

Description: Lucene Sandbox

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\lucene-sandbox-4.7.2.jar
MD5: a6e13813e4bf0d0053423a51b6588f4d
SHA1: 447747b4ddd1f2af2ae8a1759ada5988393e945c

Evidence

Source	Name	Value
central	artifactid	lucene-sandbox
central	groupid	org.apache.lucene
central	version	4.7.2
file	name	lucene-sandbox
file	version	4.7.2
jar	package name	apache
jar	package name	lucene
jar	package name	queries
jar	package name	sandbox
Manifest	extension-name	org.apache.lucene
Manifest	Implementation-Title	org.apache.lucene
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Version	4.7.2 1586229 - rmuir - 2014-04-10 09:01:10
Manifest	specification-title	Lucene Search Engine: sandbox
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	lucene-sandbox
pom	description	Lucene Sandbox
pom	groupid	apache.lucene
pom	name	Lucene Sandbox
pom	parent-artifactid	lucene-parent
pom	parent-groupid	org.apache.lucene
pom	version	4.7.2

Identifiers

maven: org.apache.lucene:lucene-sandbox:4.7.2 Confidence:HIGHEST

lucene-test-framework-4.7.2.jar

Description: Apache Lucene Java Test Framework

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\lucene-test-framework-4.7.2.jar
MD5: ceef8bf76c02cb58b40d6e43a22c5165
SHA1: 194947eb27a42e777c2a02ff3b6842c8dbfd2678

Evidence

Source	Name	Value
central	artifactid	lucene-test-framework
central	groupid	org.apache.lucene
central	version	4.7.2
file	name	lucene-test-framework
file	version	4.7.2
jar	package name	apache
jar	package name	lucene
Manifest	extension-name	org.apache.lucene
Manifest	Implementation-Title	org.apache.lucene
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Version	4.7.2 1586229 - rmuir - 2014-04-10 09:00:36
Manifest	specification-title	Lucene Search Engine: test-framework
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	lucene-test-framework
pom	description	Apache Lucene Java Test Framework
pom	groupid	apache.lucene
pom	name	Lucene Test Framework
pom	parent-artifactid	lucene-parent
pom	parent-groupid	org.apache.lucene
pom	version	4.7.2

Identifiers

cpe: cpe:/a:apache:apache_test:4.7.2 Confidence:LOW
maven: org.apache.lucene:lucene-test-framework:4.7.2 Confidence:HIGHEST

mail-1.4.jar

Description: The JavaMail API provides a platform-independent and protocol-independent framework to build mail and messaging applications.

License:

Common Development and Distribution License (CDDL) v1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\mail-1.4.jar
MD5: 2e64a3805d543bdb86e6e5eeca5529f8
SHA1: 1aa1579ae5ecd41920c4f355b0a9ef40b68315dd

Evidence

Source	Name	Value
central	artifactid	mail
central	groupid	javax.mail
central	version	1.4
file	name	mail
file	version	1.4
jar	package name	javax
jar	package name	mail
Manifest	extension-name	javax.mail
Manifest	Implementation-Title	JavaMail(TM) API Reference Implementation
Manifest	Implementation-Vendor	Sun Microsystems, Inc.
Manifest	Implementation-Vendor-Id	com.sun
Manifest	Implementation-Version	1.4
Manifest	specification-title	JavaMail(TM) API Design Specification
Manifest	specification-vendor	Sun Microsystems, Inc.
pom	artifactid	mail
pom	description	The JavaMail API provides a platform-independent and protocol-independent framework to build mail and messaging applications.
pom	groupid	javax.mail
pom	name	JavaMail API
pom	url	https://glassfish.dev.java.net/javaee5/mail/
pom	version	1.4

Identifiers

cpe: cpe:/a:sun:javamail:1.4 Confidence:LOW
maven: javax.mail:mail:1.4 Confidence:HIGHEST

Published Vulnerabilities

CVE-2007-6059

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

** DISPUTED ** Javamail does not properly handle a series of invalid login attempts in which the same e-mail address is entered as username and password, and the domain portion of this address yields a Java UnknownHostException error, which allows remote attackers to cause a denial of service (connection pool exhaustion) via a large number of requests, resulting in a SQLNestedException. NOTE: Sun disputes this issue, stating "The report makes references to source code and files that do not exist in the mentioned products."

BUGTRAQ - 20071116 Javamail login username and password same email problem
OSVDB - 45299

Vulnerable Software & Versions:

cpe:/a:sun:javamail

mailapi-1.5.6.jar

Description: JavaMail API (no providers)

License:

https://glassfish.java.net/public/CDDL+GPL_1_1.html

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\mailapi-1.5.6.jar
MD5: 2d5d81cd7a3e1ca3caab3a3d70add6f7
SHA1: 8fe524d88c28362b50052200c28149bc8f1f45e4

Evidence

Source	Name	Value
central	artifactid	mailapi
central	groupid	com.sun.mail
central	version	1.5.6
file	name	mailapi
file	version	1.5.6
manifest	Bundle-Description	JavaMail API (no providers)
Manifest	bundle-docurl	http://www.oracle.com
Manifest	Bundle-Name	JavaMail API (no providers)
Manifest	bundle-symbolicname	javax.mail.api
Manifest	Bundle-Version	1.5.6
Manifest	extension-name	javax.mail
Manifest	Implementation-Title	javax.mail
Manifest	Implementation-Vendor	Oracle
Manifest	Implementation-Vendor-Id	com.sun
Manifest	Implementation-Version	1.5.6
Manifest	originally-created-by	1.8.0_92 (Oracle Corporation)
Manifest	probe-provider-xml-file-names	META-INF/gfprobe-provider.xml
Manifest	specification-title	JavaMail(TM) API Design Specification
Manifest	specification-vendor	Oracle
Manifest (hint)	Implementation-Vendor	sun
Manifest (hint)	specification-vendor	sun
pom	artifactid	mailapi
pom	groupid	sun.mail
pom	name	JavaMail API (no providers)
pom	parent-artifactid	all
pom	parent-groupid	com.sun.mail
pom	version	1.5.6

Identifiers

maven: com.sun.mail:mailapi:1.5.6 Confidence:HIGHEST
cpe: cpe:/a:sun:javamail:1.5.6 Confidence:LOW

Published Vulnerabilities

CVE-2007-6059

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

BUGTRAQ - 20071116 Javamail login username and password same email problem
OSVDB - 45299

Vulnerable Software & Versions:

cpe:/a:sun:javamail

maven-scm-api-1.8.1.jar

Description: The SCM API provides mechanisms to manage all SCM tools.

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\maven-scm-api-1.8.1.jar
MD5: c409fc1a6c9baf928cc37b2ffb852c83
SHA1: d72bcdc54a873e8bfbc53fde6200e53911c3d9fe

Evidence

Source	Name	Value
central	artifactid	maven-scm-api
central	groupid	org.apache.maven.scm
central	version	1.8.1
file	name	maven-scm-api
file	version	1.8.1
Manifest	Implementation-Title	Maven SCM API
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven.scm
Manifest	Implementation-Version	1.8.1
Manifest	specification-title	Maven SCM API
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	maven-scm-api
pom	description	The SCM API provides mechanisms to manage all SCM tools.
pom	groupid	apache.maven.scm
pom	name	Maven SCM API
pom	parent-artifactid	maven-scm
pom	parent-groupid	org.apache.maven.scm
pom	version	1.8.1

Identifiers

maven: org.apache.maven.scm:maven-scm-api:1.8.1 Confidence:HIGHEST

maven-scm-provider-cvs-commons-1.8.1.jar

Description: Common library for SCM CVS Provider.

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\maven-scm-provider-cvs-commons-1.8.1.jar
MD5: 7d35f493a22226b821b5d5363e85765c
SHA1: 97411239d474ecafcc2ab89facaf2593eb0de49b

Evidence

Source	Name	Value
central	artifactid	maven-scm-provider-cvs-commons
central	groupid	org.apache.maven.scm
central	version	1.8.1
file	name	maven-scm-provider-cvs-commons
file	version	1.8.1
Manifest	Implementation-Title	Maven SCM CVS Provider - Common library
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven.scm
Manifest	Implementation-Version	1.8.1
Manifest	specification-title	Maven SCM CVS Provider - Common library
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	maven-scm-provider-cvs-commons
pom	description	Common library for SCM CVS Provider.
pom	groupid	apache.maven.scm
pom	name	Maven SCM CVS Provider - Common library
pom	parent-artifactid	maven-scm-providers-cvs
pom	parent-groupid	org.apache.maven.scm
pom	version	1.8.1

Identifiers

maven: org.apache.maven.scm:maven-scm-provider-cvs-commons:1.8.1 Confidence:HIGHEST

maven-scm-provider-cvsexe-1.8.1.jar

Description: Executable implementation for SCM CVS Provider.

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\maven-scm-provider-cvsexe-1.8.1.jar
MD5: 8900abe1192b79b35aedb0f683a8b412
SHA1: 5c7bf6d2c741885d2a6c17cb044ff8e2966f69ca

Evidence

Source	Name	Value
central	artifactid	maven-scm-provider-cvsexe
central	groupid	org.apache.maven.scm
central	version	1.8.1
file	name	maven-scm-provider-cvsexe
file	version	1.8.1
Manifest	Implementation-Title	Maven SCM CVS Provider - CVS Executable Impl.
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache.maven.scm
Manifest	Implementation-Version	1.8.1
Manifest	specification-title	Maven SCM CVS Provider - CVS Executable Impl.
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	maven-scm-provider-cvsexe
pom	description	Executable implementation for SCM CVS Provider.
pom	groupid	apache.maven.scm
pom	name	Maven SCM CVS Provider - CVS Executable Impl.
pom	parent-artifactid	maven-scm-providers-cvs
pom	parent-groupid	org.apache.maven.scm
pom	version	1.8.1

Identifiers

maven: org.apache.maven.scm:maven-scm-provider-cvsexe:1.8.1 Confidence:HIGHEST

mysql-connector-java-5.1.27-bin.jar

File Path: C:\Users\jerem\projects\DependencyCheck\dependency-check-core\target\test-classes\mysql-connector-java-5.1.27-bin.jar
MD5: 0317d93cccab2dd08a7a3cca06403e78
SHA1: 180296391137c12da3ba2a35dcc93ef23fb2c1ff

Evidence

Source	Name	Value
file	name	mysql-connector-java
file	version	5.1.27
jar	package name	jdbc
jar	package name	mysql
Manifest	Bundle-Name	Oracle Corporation' JDBC Driver for MySQL
Manifest	bundle-symbolicname	com.mysql.jdbc
Manifest	Bundle-Version	5.1.27
manifest: common	Implementation-Title	MySQL Connector Java
manifest: common	Implementation-Vendor	Oracle
manifest: common	Implementation-Version	5.1.27
manifest: common	Specification-Title	JDBC
manifest: common (hint)	Implementation-Vendor	sun

Identifiers

cpe: cpe:/a:mysql:mysql:5.1.27 Confidence:HIGHEST

Published Vulnerabilities

CVE-2015-2575

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)

Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
DEBIAN - DSA-3621
SUSE - SUSE-SU-2015:0946

Vulnerable Software & Versions:

cpe:/a:mysql:mysql:5.1.34 and all previous versions

CVE-2014-0437

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

BID - 64758
BID - 64849
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
DEBIAN - DSA-2845
DEBIAN - DSA-2848
REDHAT - RHSA-2014:0164
REDHAT - RHSA-2014:0173
REDHAT - RHSA-2014:0186
REDHAT - RHSA-2014:0189
UBUNTU - USN-2086-1
XF - oracle-cpujan2014-cve20140437(90385)

Vulnerable Software & Versions: (show all)

CVE-2014-0412

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

BID - 64758
BID - 64880
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
DEBIAN - DSA-2845
DEBIAN - DSA-2848
REDHAT - RHSA-2014:0164
REDHAT - RHSA-2014:0173
REDHAT - RHSA-2014:0186
REDHAT - RHSA-2014:0189
UBUNTU - USN-2086-1
XF - oracle-cpujan2014-cve20140412(90378)

Vulnerable Software & Versions: (show all)

CVE-2014-0402

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.

BID - 64758
BID - 64908
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
DEBIAN - DSA-2845
DEBIAN - DSA-2848
REDHAT - RHSA-2014:0164
REDHAT - RHSA-2014:0173
REDHAT - RHSA-2014:0186
REDHAT - RHSA-2014:0189
UBUNTU - USN-2086-1
XF - oracle-cpujan2014-cve20140402(90379)

Vulnerable Software & Versions: (show all)

CVE-2014-0401

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

BID - 64758
BID - 64898
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
DEBIAN - DSA-2845
DEBIAN - DSA-2848
REDHAT - RHSA-2014:0164
REDHAT - RHSA-2014:0173
REDHAT - RHSA-2014:0186
REDHAT - RHSA-2014:0189
UBUNTU - USN-2086-1
XF - oracle-cpujan2014-cve20140401(90382)

Vulnerable Software & Versions: (show all)

CVE-2014-0393

Severity: Low
CVSS Score: 3.3 (AV:N/AC:L/Au:M/C:N/I:P/A:N)

BID - 64758
BID - 64877
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
DEBIAN - DSA-2845
DEBIAN - DSA-2848
REDHAT - RHSA-2014:0164
REDHAT - RHSA-2014:0173
REDHAT - RHSA-2014:0186
REDHAT - RHSA-2014:0189
UBUNTU - USN-2086-1
XF - oracle-cpujan2014-cve20140393(90386)

Vulnerable Software & Versions: (show all)

CVE-2014-0386

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

BID - 64758
BID - 64904
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
DEBIAN - DSA-2845
DEBIAN - DSA-2848
REDHAT - RHSA-2014:0164
REDHAT - RHSA-2014:0173
REDHAT - RHSA-2014:0186
REDHAT - RHSA-2014:0189
UBUNTU - USN-2086-1
XF - oracle-cpujan2014-cve20140386(90380)

Vulnerable Software & Versions: (show all)

CVE-2014-0001

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.

CONFIRM - http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1054592
CONFIRM - https://mariadb.com/kb/en/mariadb-5535-changelog/
MANDRIVA - MDVSA-2014:029
REDHAT - RHSA-2014:0164
REDHAT - RHSA-2014:0173
REDHAT - RHSA-2014:0186
REDHAT - RHSA-2014:0189

Vulnerable Software & Versions: (show all)

cpe:/a:mysql:mysql
...
cpe:/a:mariadb:mariadb:5.5.34 and all previous versions
cpe:/a:mysql:mysql

CVE-2013-5908

Severity: Low
CVSS Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.

BID - 64758
BID - 64896
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
DEBIAN - DSA-2845
DEBIAN - DSA-2848
OSVDB - 102078
REDHAT - RHSA-2014:0164
REDHAT - RHSA-2014:0173
REDHAT - RHSA-2014:0186
REDHAT - RHSA-2014:0189
SECUNIA - 56491
SECUNIA - 56541
SECUNIA - 56580
UBUNTU - USN-2086-1
XF - oracle-cpujan2014-cve20135908(90389)

Vulnerable Software & Versions: (show all)

CVE-2013-3808

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
GENTOO - GLSA-201308-06
OSVDB - 95330
SECUNIA - 53372
SUSE - SUSE-SU-2013:1390
SUSE - SUSE-SU-2013:1529
SUSE - openSUSE-SU-2013:1335
SUSE - openSUSE-SU-2013:1410
XF - oracle-cpujuly2013-cve20133808(85717)

Vulnerable Software & Versions: (show all)

CVE-2013-3804

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
DEBIAN - DSA-2818
GENTOO - GLSA-201308-06
OSVDB - 95328
SECUNIA - 53372
SECUNIA - 54300
SUSE - SUSE-SU-2013:1390
SUSE - SUSE-SU-2013:1529
SUSE - openSUSE-SU-2013:1335
SUSE - openSUSE-SU-2013:1410
UBUNTU - USN-1909-1
XF - oracle-cpujuly2013-cve20133804(85715)

Vulnerable Software & Versions: (show all)

CVE-2013-3802

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

BID - 61244
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
DEBIAN - DSA-2818
GENTOO - GLSA-201308-06
OSVDB - 95325
SECUNIA - 53372
SECUNIA - 54300
SUSE - SUSE-SU-2013:1390
SUSE - SUSE-SU-2013:1529
SUSE - openSUSE-SU-2013:1335
SUSE - openSUSE-SU-2013:1410
UBUNTU - USN-1909-1
XF - oracle-cpujuly2013-cve20133802(85712)

Vulnerable Software & Versions: (show all)

CVE-2013-2392

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2013:0772
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2013-2391

Severity: Low
CVSS Score: 3.0 (AV:L/AC:M/Au:S/C:P/I:P/A:N)

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2013:0772
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2013-2389

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2013:0772
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2013-2378

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2013:0772
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2013-1555

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2013:0772
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2013-1552

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2013:0772
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2013-1548

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2013:0772
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2013-1521

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2013:0772
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2013-1506

Severity: Low
CVSS Score: 2.8 (AV:N/AC:M/Au:M/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2013:0772
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2013-1492

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553.

CONFIRM - https://blogs.oracle.com/sunsecurity/entry/cve_2013_1492_buffer_overflow
GENTOO - GLSA-201308-06
MISC - http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html
MISC - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-30.html
SECUNIA - 52445
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2013-0389

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2013:0219
SECUNIA - 53372
UBUNTU - USN-1703-1

Vulnerable Software & Versions: (show all)

CVE-2013-0385

Severity: Medium
CVSS Score: 6.6 (AV:L/AC:L/Au:N/C:C/I:C/A:N)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2013:0219
SECUNIA - 53372
UBUNTU - USN-1703-1

Vulnerable Software & Versions: (show all)

CVE-2013-0384

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2013:0219
SECUNIA - 53372
UBUNTU - USN-1703-1

Vulnerable Software & Versions: (show all)

CVE-2013-0383

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2013:0219
SECUNIA - 53372
UBUNTU - USN-1703-1

Vulnerable Software & Versions: (show all)

CVE-2013-0375

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2013:0219
SECUNIA - 53372
UBUNTU - USN-1703-1

Vulnerable Software & Versions: (show all)

CVE-2012-5627

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-255 Credentials Management

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.

CONFIRM - https://mariadb.atlassian.net/browse/MDEV-3915
FULLDISC - 20121203 MySQL Local/Remote FAST Account Password Cracking
FULLDISC - 20121205 Re: MySQL Local/Remote FAST Account Password Cracking
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:102
MISC - https://bugzilla.redhat.com/show_bug.cgi?id=883719
MLIST - [oss-security] 20121206 Re: CVE request: Mysql/Mariadb insecure salt-usage
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2012-5060

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
SECUNIA - 53372
UBUNTU - USN-1703-1

Vulnerable Software & Versions: (show all)

CVE-2012-3197

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
DEBIAN - DSA-2581
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2012:1462
SECUNIA - 51177
SECUNIA - 51309
SECUNIA - 53372
UBUNTU - USN-1621-1
XF - mysqlserver-serverreplication-dos(79393)

Vulnerable Software & Versions: (show all)

CVE-2012-3180

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
DEBIAN - DSA-2581
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2012:1462
SECUNIA - 51177
SECUNIA - 51309
SECUNIA - 53372
UBUNTU - USN-1621-1
XF - mysqlserver-optimize-dos(79389)

Vulnerable Software & Versions: (show all)

CVE-2012-3177

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
DEBIAN - DSA-2581
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2012:1462
SECUNIA - 51177
SECUNIA - 51309
SECUNIA - 53372
UBUNTU - USN-1621-1
XF - mysqlserver-server-dos(79383)

Vulnerable Software & Versions: (show all)

CVE-2012-3173

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
DEBIAN - DSA-2581
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2012:1462
SECUNIA - 51177
SECUNIA - 51309
SECUNIA - 53372
UBUNTU - USN-1621-1
XF - mysqlserver-innodbplugin-dos(79386)

Vulnerable Software & Versions: (show all)

CVE-2012-3167

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
DEBIAN - DSA-2581
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2012:1462
SECUNIA - 51177
SECUNIA - 51309
SECUNIA - 53372
UBUNTU - USN-1621-1
XF - mysqlserver-serverfulltextsearch-dos(79392)

Vulnerable Software & Versions: (show all)

CVE-2012-3166

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
DEBIAN - DSA-2581
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2012:1462
SECUNIA - 51177
SECUNIA - 51309
SECUNIA - 53372
UBUNTU - USN-1621-1

Vulnerable Software & Versions: (show all)

CVE-2012-3163

Severity: High
CVSS Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.

CONFIRM - http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14907.html
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
DEBIAN - DSA-2581
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2012:1462
SECUNIA - 51177
SECUNIA - 51309
SECUNIA - 53372
SECUNIA - 56509
SECUNIA - 56513
UBUNTU - USN-1621-1
XF - mysqlserver-informationschema-cve20123163(79381)

Vulnerable Software & Versions: (show all)

CVE-2012-3160

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
DEBIAN - DSA-2581
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2012:1462
SECUNIA - 51177
SECUNIA - 51309
SECUNIA - 53372
UBUNTU - USN-1621-1
XF - mysqlserver-serverinstallation-info-disc(79394)

Vulnerable Software & Versions: (show all)

CVE-2012-3158

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
DEBIAN - DSA-2581
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:102
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2012:1462
SECUNIA - 51177
SECUNIA - 51309
SECUNIA - 53372
UBUNTU - USN-1621-1
XF - mysqlserver-protocol-cve20123158(79382)

Vulnerable Software & Versions: (show all)

CVE-2012-3150

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
DEBIAN - DSA-2581
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2012:1462
SECUNIA - 51177
SECUNIA - 51309
SECUNIA - 53372
UBUNTU - USN-1621-1
XF - mysqlserver-opt-dos(79388)

Vulnerable Software & Versions: (show all)

CVE-2012-2749

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index.

BID - 55120
CONFIRM - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=833737
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2012:1462
REDHAT - RHSA-2013:0180
SECUNIA - 51309
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2012-2102

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.

BID - 52931
CONFIRM - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html
CONFIRM - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html
GENTOO - GLSA-201308-06
MISC - http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15
MISC - http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/
MLIST - [oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2012-1734

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

BID - 54540
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
OSVDB - 83979
REDHAT - RHSA-2012:1462
SECUNIA - 51309
SECUNIA - 53372
XF - mysql-servopt-dos(77064)

Vulnerable Software & Versions: (show all)

CVE-2012-1705

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2013:0219
SECUNIA - 53372
UBUNTU - USN-1703-1

Vulnerable Software & Versions: (show all)

CVE-2012-1703

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

BID - 53058
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2012:1462
SECUNIA - 48890
SECUNIA - 49179
SECUNIA - 51309
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2012-1702

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2013:0219
SECUNIA - 53372
UBUNTU - USN-1703-1

Vulnerable Software & Versions: (show all)

CVE-2012-1697

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.

BID - 53064
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
SECUNIA - 48890
SECUNIA - 49179
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2012-1696

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

BID - 53071
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
SECUNIA - 48890
SECUNIA - 49179
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2012-1690

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

BID - 53074
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2012:1462
SECUNIA - 48890
SECUNIA - 49179
SECUNIA - 51309
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2012-1689

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

BID - 54547
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
OSVDB - 83980
REDHAT - RHSA-2012:1462
SECUNIA - 51309
SECUNIA - 53372
XF - mysql-optimizer-dos(77065)

Vulnerable Software & Versions: (show all)

CVE-2012-1688

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.

BID - 53067
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2012:1462
SECUNIA - 48890
SECUNIA - 49179
SECUNIA - 51309
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2012-0882

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.

Vulnerable Software & Versions: (show all)

CVE-2012-0583

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.

BID - 53061
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
SECUNIA - 48890
SECUNIA - 49179
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2012-0574

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
GENTOO - GLSA-201308-06
HP - HPSBUX02824
HP - SSRT100970
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2013:0219
SECUNIA - 53372
UBUNTU - USN-1703-1

Vulnerable Software & Versions: (show all)

CVE-2012-0572

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2013:0219
SECUNIA - 53372
UBUNTU - USN-1703-1

Vulnerable Software & Versions: (show all)

CVE-2012-0553

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.

CONFIRM - https://blogs.oracle.com/sunsecurity/entry/cve_2012_0553_buffer_overflow
GENTOO - GLSA-201308-06
MISC - http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html
SECUNIA - 52445
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2012-0540

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
GENTOO - GLSA-201308-06
MANDRIVA - MDVSA-2013:150
REDHAT - RHSA-2012:1462
SECUNIA - 51309
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2012-0492

Severity: Low
CVSS Score: 2.1 (AV:N/AC:H/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.

BID - 51516
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
GENTOO - GLSA-201308-06
OSVDB - 78393
SECUNIA - 53372
XF - mysql-serveruns14-dos(72537)

Vulnerable Software & Versions: (show all)

CVE-2012-0490

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.

BID - 51524
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
GENTOO - GLSA-201308-06
OSVDB - 78388
SECUNIA - 53372
SUSE - SUSE-SU-2012:0984
XF - mysql-serveruns9-dos(72531)

Vulnerable Software & Versions: (show all)

CVE-2012-0485

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

BID - 51513
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
GENTOO - GLSA-201308-06
OSVDB - 78383
SECUNIA - 53372
XF - mysql-serveruns4-dos(72526)

Vulnerable Software & Versions: (show all)

CVE-2012-0484

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.

BID - 51515
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
GENTOO - GLSA-201308-06
OSVDB - 78372
SECUNIA - 53372
SUSE - SUSE-SU-2012:0984
XF - mysql-server-info-disc(72525)

Vulnerable Software & Versions: (show all)

CVE-2012-0120

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
GENTOO - GLSA-201308-06
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2012-0119

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
GENTOO - GLSA-201308-06
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2012-0118

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
GENTOO - GLSA-201308-06
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2012-0116

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
GENTOO - GLSA-201308-06
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2012-0115

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
GENTOO - GLSA-201308-06
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2012-0114

Severity: Low
CVSS Score: 3.0 (AV:L/AC:M/Au:S/C:P/I:P/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
GENTOO - GLSA-201308-06
SECUNIA - 53372
SUSE - SUSE-SU-2012:0984

Vulnerable Software & Versions: (show all)

CVE-2012-0113

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:P/I:N/A:P)

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
GENTOO - GLSA-201308-06
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2012-0112

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
GENTOO - GLSA-201308-06
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2012-0102

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0101.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
GENTOO - GLSA-201308-06
OSVDB - 78379
SECUNIA - 53372
SUSE - SUSE-SU-2012:0984
XF - mysql-serveruns2-dos(72521)

Vulnerable Software & Versions: (show all)

CVE-2012-0101

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
GENTOO - GLSA-201308-06
OSVDB - 78378
SECUNIA - 53372
SUSE - SUSE-SU-2012:0984
XF - mysql-serveruns1-dos(72520)

Vulnerable Software & Versions: (show all)

CVE-2012-0087

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

BID - 51509
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
GENTOO - GLSA-201308-06
OSVDB - 78377
SECUNIA - 53372
SUSE - SUSE-SU-2012:0984
XF - mysql-serveruns-dos(72519)

Vulnerable Software & Versions: (show all)

CVE-2012-0075

Severity: Low
CVSS Score: 1.7 (AV:N/AC:H/Au:M/C:N/I:P/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.

BID - 51526
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
GENTOO - GLSA-201308-06
OSVDB - 78374
SECUNIA - 53372
SUSE - SUSE-SU-2012:0984
XF - mysql-server-cve20120075(72539)

Vulnerable Software & Versions: (show all)

CVE-2011-2262

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
GENTOO - GLSA-201308-06
SECUNIA - 53372

Vulnerable Software & Versions: (show all)

CVE-2010-3840

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.

BID - 43676
CONFIRM - http://bugs.mysql.com/bug.php?id=51875
CONFIRM - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=640865
DEBIAN - DSA-2143
MANDRIVA - MDVSA-2010:222
MANDRIVA - MDVSA-2010:223
MISC - http://lists.mysql.com/commits/117094
REDHAT - RHSA-2010:0824
REDHAT - RHSA-2010:0825
REDHAT - RHSA-2011:0164
SECUNIA - 42875
SECUNIA - 42936
TURBO - TLSA-2011-3
UBUNTU - USN-1017-1
VUPEN - ADV-2011-0105
VUPEN - ADV-2011-0170
VUPEN - ADV-2011-0345
XF - mysql-gislinestringinitfromwkb-dos(64838)

Vulnerable Software & Versions: (show all)

CVE-2010-3839

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.

BID - 43676
CONFIRM - http://bugs.mysql.com/bug.php?id=53544
CONFIRM - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html
CONFIRM - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=640861
MANDRIVA - MDVSA-2010:222
MANDRIVA - MDVSA-2010:223
REDHAT - RHSA-2010:0825
REDHAT - RHSA-2011:0164
SECUNIA - 42936
UBUNTU - USN-1017-1
VUPEN - ADV-2011-0170
XF - mysql-invocations-dos(64839)

Vulnerable Software & Versions: (show all)

CVE-2010-3838

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."

APPLE - APPLE-SA-2011-06-23-1
BID - 43676
CONFIRM - http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html
CONFIRM - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html
CONFIRM - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html
CONFIRM - http://support.apple.com/kb/HT4723
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=640858
DEBIAN - DSA-2143
MANDRIVA - MDVSA-2010:222
MANDRIVA - MDVSA-2010:223
MISC - http://bugs.mysql.com/bug.php?id=54461
REDHAT - RHSA-2010:0825
REDHAT - RHSA-2011:0164
SECUNIA - 42875
SECUNIA - 42936
TURBO - TLSA-2011-3
UBUNTU - USN-1017-1
VUPEN - ADV-2011-0105
VUPEN - ADV-2011-0170
VUPEN - ADV-2011-0345
XF - mysql-longblob-dos(64840)

Vulnerable Software & Versions: (show all)

CVE-2010-3837

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.

APPLE - APPLE-SA-2011-06-23-1
BID - 43676
CONFIRM - http://bugs.mysql.com/bug.php?id=54476
CONFIRM - http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html
CONFIRM - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html
CONFIRM - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html
CONFIRM - http://support.apple.com/kb/HT4723
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=640856
DEBIAN - DSA-2143
MANDRIVA - MDVSA-2010:222
MANDRIVA - MDVSA-2010:223
REDHAT - RHSA-2010:0825
REDHAT - RHSA-2011:0164
SECUNIA - 42875
SECUNIA - 42936
TURBO - TLSA-2011-3
UBUNTU - USN-1017-1
VUPEN - ADV-2011-0105
VUPEN - ADV-2011-0170
VUPEN - ADV-2011-0345
XF - mysql-prepared-statement-dos(64841)

Vulnerable Software & Versions: (show all)

CVE-2010-3836

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.

APPLE - APPLE-SA-2011-06-23-1
BID - 43676
CONFIRM - http://bugs.mysql.com/bug.php?id=54568
CONFIRM - http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html
CONFIRM - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html
CONFIRM - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html
CONFIRM - http://support.apple.com/kb/HT4723
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=640845
DEBIAN - DSA-2143
MANDRIVA - MDVSA-2010:222
MANDRIVA - MDVSA-2010:223
REDHAT - RHSA-2010:0825
REDHAT - RHSA-2011:0164
SECUNIA - 42875
SECUNIA - 42936
TURBO - TLSA-2011-3
UBUNTU - USN-1017-1
VUPEN - ADV-2011-0105
VUPEN - ADV-2011-0170
VUPEN - ADV-2011-0345
XF - mysql-view-preparation-dos(64842)

Vulnerable Software & Versions: (show all)

CVE-2010-3835

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.

APPLE - APPLE-SA-2011-06-23-1
BID - 43676
CONFIRM - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html
CONFIRM - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html
CONFIRM - http://support.apple.com/kb/HT4723
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=640819
DEBIAN - DSA-2143
MANDRIVA - MDVSA-2010:222
MANDRIVA - MDVSA-2010:223
MISC - http://bugs.mysql.com/bug.php?id=55564
REDHAT - RHSA-2010:0825
REDHAT - RHSA-2011:0164
SECUNIA - 42875
SECUNIA - 42936
TURBO - TLSA-2011-3
UBUNTU - USN-1017-1
VUPEN - ADV-2011-0105
VUPEN - ADV-2011-0170
VUPEN - ADV-2011-0345
XF - mysql-uservariable-dos(64843)

Vulnerable Software & Versions: (show all)

CVE-2010-3834

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments."

APPLE - APPLE-SA-2011-06-23-1
BID - 43676
CONFIRM - http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html
CONFIRM - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html
CONFIRM - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html
CONFIRM - http://support.apple.com/kb/HT4723
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=640808
DEBIAN - DSA-2143
MANDRIVA - MDVSA-2010:222
MANDRIVA - MDVSA-2010:223
MISC - http://bugs.mysql.com/bug.php?id=55568
SECUNIA - 42875
TURBO - TLSA-2011-3
UBUNTU - USN-1017-1
VUPEN - ADV-2011-0105
VUPEN - ADV-2011-0345
XF - mysql-derived-table-dos(64844)

Vulnerable Software & Versions: (show all)

CVE-2010-3833

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT."

APPLE - APPLE-SA-2011-06-23-1
BID - 43676
CONFIRM - http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html
CONFIRM - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html
CONFIRM - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html
CONFIRM - http://support.apple.com/kb/HT4723
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=640751
DEBIAN - DSA-2143
MANDRIVA - MDVSA-2010:222
MANDRIVA - MDVSA-2010:223
MISC - http://bugs.mysql.com/bug.php?id=55826
REDHAT - RHSA-2010:0825
REDHAT - RHSA-2011:0164
SECUNIA - 42875
SECUNIA - 42936
TURBO - TLSA-2011-3
UBUNTU - USN-1017-1
VUPEN - ADV-2011-0105
VUPEN - ADV-2011-0170
VUPEN - ADV-2011-0345
XF - mysql-extremevalue-dos(64845)

Vulnerable Software & Versions: (show all)

CVE-2010-3683

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.

BID - 42625
CONFIRM - http://bugs.mysql.com/bug.php?id=52512
CONFIRM - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
CONFIRM - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-5.html
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=628698
MANDRIVA - MDVSA-2010:155
MANDRIVA - MDVSA-2011:012
MLIST - [oss-security] 20100928 Re: CVE Request -- MySQL v5.1.49 -- multiple DoS flaws
REDHAT - RHSA-2011:0164
SECUNIA - 42936
SUSE - SUSE-SR:2010:019
SUSE - SUSE-SR:2010:021
UBUNTU - USN-1017-1
VUPEN - ADV-2011-0133
VUPEN - ADV-2011-0170
XF - mysql-ok-packet-dos(64683)

Vulnerable Software & Versions: (show all)

CVE-2010-3682

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.

APPLE - APPLE-SA-2011-06-23-1
BID - 42599
CONFIRM - http://bugs.mysql.com/bug.php?id=52711
CONFIRM - http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html
CONFIRM - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
CONFIRM - http://support.apple.com/kb/HT4723
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=628328
DEBIAN - DSA-2143
MANDRIVA - MDVSA-2010:155
MANDRIVA - MDVSA-2010:222
MANDRIVA - MDVSA-2011:012
MLIST - [oss-security] 20100928 Re: CVE Request -- MySQL v5.1.49 -- multiple DoS flaws
REDHAT - RHSA-2010:0825
REDHAT - RHSA-2011:0164
SECUNIA - 42875
SECUNIA - 42936
SUSE - SUSE-SR:2010:019
TURBO - TLSA-2011-3
UBUNTU - USN-1017-1
VUPEN - ADV-2011-0105
VUPEN - ADV-2011-0133
VUPEN - ADV-2011-0170
VUPEN - ADV-2011-0345
XF - mysql-itemsinglerowsubselect-dos(64684)

Vulnerable Software & Versions: (show all)

CVE-2010-3681

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.

BID - 42633
CONFIRM - http://bugs.mysql.com/bug.php?id=54007
CONFIRM - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
CONFIRM - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-5.html
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=628680
DEBIAN - DSA-2143
MANDRIVA - MDVSA-2010:155
MANDRIVA - MDVSA-2010:222
MANDRIVA - MDVSA-2011:012
MLIST - [oss-security] 20100928 Re: CVE Request -- MySQL v5.1.49 -- multiple DoS flaws
REDHAT - RHSA-2010:0824
REDHAT - RHSA-2010:0825
REDHAT - RHSA-2011:0164
SECUNIA - 42875
SECUNIA - 42936
SUSE - SUSE-SR:2010:019
SUSE - SUSE-SR:2010:021
TURBO - TLSA-2011-3
UBUNTU - USN-1017-1
VUPEN - ADV-2011-0105
VUPEN - ADV-2011-0133
VUPEN - ADV-2011-0170
VUPEN - ADV-2011-0345
XF - mysql-handler-interface-dos(64685)

Vulnerable Software & Versions: (show all)

CVE-2010-3680

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.

BID - 42598
CONFIRM - http://bugs.mysql.com/bug.php?id=54044
CONFIRM - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=628192
DEBIAN - DSA-2143
MANDRIVA - MDVSA-2010:155
MANDRIVA - MDVSA-2010:222
MANDRIVA - MDVSA-2011:012
MLIST - [oss-security] 20100928 Re: CVE Request -- MySQL v5.1.49 -- multiple DoS flaws
REDHAT - RHSA-2010:0825
REDHAT - RHSA-2011:0164
SECUNIA - 42875
SECUNIA - 42936
TURBO - TLSA-2011-3
UBUNTU - USN-1017-1
VUPEN - ADV-2011-0105
VUPEN - ADV-2011-0133
VUPEN - ADV-2011-0170
VUPEN - ADV-2011-0345
XF - mysql-innodb-dos(64686)

Vulnerable Software & Versions: (show all)

CVE-2010-3679

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.

BID - 42638
CONFIRM - http://bugs.mysql.com/bug.php?id=54393
CONFIRM - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=628062
MANDRIVA - MDVSA-2010:155
MANDRIVA - MDVSA-2011:012
MLIST - [oss-security] 20100928 Re: CVE Request -- MySQL v5.1.49 -- multiple DoS flaws
REDHAT - RHSA-2011:0164
SECUNIA - 42936
UBUNTU - USN-1017-1
VUPEN - ADV-2011-0133
VUPEN - ADV-2011-0170
XF - mysql-binlog-command-dos(64687)

Vulnerable Software & Versions: (show all)

CVE-2010-3678

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.

BID - 42596
CONFIRM - http://bugs.mysql.com/bug.php?id=54477
CONFIRM - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=628172
MANDRIVA - MDVSA-2010:155
MANDRIVA - MDVSA-2011:012
MLIST - [oss-security] 20100928 Re: CVE Request -- MySQL v5.1.49 -- multiple DoS flaws
REDHAT - RHSA-2011:0164
SECUNIA - 42936
SUSE - SUSE-SR:2010:019
UBUNTU - USN-1017-1
VUPEN - ADV-2011-0133
VUPEN - ADV-2011-0170

Vulnerable Software & Versions: (show all)

CVE-2010-3677

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.

APPLE - APPLE-SA-2011-06-23-1
BID - 42646
CONFIRM - http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html
CONFIRM - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
CONFIRM - http://support.apple.com/kb/HT4723
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=628040
DEBIAN - DSA-2143
MANDRIVA - MDVSA-2010:155
MANDRIVA - MDVSA-2010:222
MANDRIVA - MDVSA-2011:012
MISC - http://bugs.mysql.com/bug.php?id=54575
MLIST - [oss-security] 20100928 Re: CVE Request -- MySQL v5.1.49 -- multiple DoS flaws
REDHAT - RHSA-2010:0825
REDHAT - RHSA-2011:0164
SECUNIA - 42875
SECUNIA - 42936
SUSE - SUSE-SR:2010:019
TURBO - TLSA-2011-3
UBUNTU - USN-1017-1
VUPEN - ADV-2011-0105
VUPEN - ADV-2011-0133
VUPEN - ADV-2011-0170
VUPEN - ADV-2011-0345
XF - mysql-setcolumn-dos(64688)

Vulnerable Software & Versions: (show all)

CVE-2010-3676

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.

BID - 42643
CONFIRM - http://bugs.mysql.com/bug.php?id=55039
CONFIRM - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=628660
MANDRIVA - MDVSA-2011:012
MLIST - [oss-security] 20100928 Re: CVE Request -- MySQL v5.1.49 -- multiple DoS flaws
VUPEN - ADV-2011-0133
XF - mysql-dictocrea-dos(64689)

Vulnerable Software & Versions: (show all)

CVE-2010-2008

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.

BID - 41198
CONFIRM - http://bugs.mysql.com/bug.php?id=53804
CONFIRM - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html
FEDORA - FEDORA-2010-11135
MANDRIVA - MDVSA-2010:155
SECTRACK - 1024160
SECUNIA - 40333
SECUNIA - 40762
UBUNTU - USN-1017-1
VUPEN - ADV-2010-1918

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: DependencyCheck

Dependencies

activation-1.1.jar

Evidence

Identifiers

annogen-0.1.0.jar

Evidence

Identifiers

annotations-3.0.1u2.jar

Evidence

Identifiers

ant-1.9.7.jar

Evidence

Identifiers

aopalliance-1.0.jar

Evidence

Identifiers

aspectjrt-1.6.5.jar

Evidence

Identifiers

aspectjweaver-1.6.5.jar

Evidence

Identifiers

binutils/configure

Evidence

Identifiers

binutils/configure.ac

Evidence

Identifiers

ghostscript/configure.ac

Evidence

Identifiers

Published Vulnerabilities

readable-code/configure

Evidence

Identifiers

readable-code/configure.ac

Evidence

Identifiers

axiom-api-1.2.7.jar

Evidence

Identifiers

axiom-dom-1.2.7.jar

Evidence

Identifiers

axiom-impl-1.2.7.jar

Evidence

Identifiers

axis-1.4.jar

Evidence

Identifiers

Published Vulnerabilities

axis2-kernel-1.4.1.jar

Evidence

Related Dependencies

Identifiers

Published Vulnerabilities

backport-util-concurrent-3.1.jar

Evidence

Identifiers

bootable-0.1.0.jar

Evidence

Identifiers

bootable-0.1.0.jar: lib-0.1.0.jar

Evidence

Identifiers

ffmpeg\ffmpeg_version.cmake

Evidence

Identifiers

Published Vulnerabilities

cmake\cl2cpp.cmake

Evidence

Identifiers

cmake\copyAndroidLibs.cmake

Evidence

Identifiers

cmake\FindCUDA.cmake

Evidence

Identifiers