Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: pa-server

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

DependencyCPECoordinatesHighest SeverityCVE CountCPE ConfidenceEvidence Count
powerauth-java-server.wario.getlime.security:powerauth-java-server:0.21.0 023
powerauth-java-server.war: tomcat-embed-el-8.5.32.jarcpe:/a:apache_software_foundation:tomcat:8.5.32org.apache.tomcat.embed:tomcat-embed-el:8.5.32  0Low23
powerauth-java-server.war: tomcat-embed-core-8.5.32.jarcpe:/a:apache_software_foundation:tomcat:8.5.32
cpe:/a:apache:tomcat:8.5.32
cpe:/a:apache_tomcat:apache_tomcat:8.5.32
org.apache.tomcat.embed:tomcat-embed-core:8.5.32  0Low21
powerauth-java-server.war: spring-boot-starter-tomcat-2.0.4.RELEASE.jarcpe:/a:pivotal_software:spring_boot:2.0.4org.springframework.boot:spring-boot-starter-tomcat:2.0.4.RELEASE  0Low27
powerauth-java-server.war: spring-boot-2.0.4.RELEASE.jarcpe:/a:pivotal_software:spring_boot:2.0.4org.springframework.boot:spring-boot:2.0.4.RELEASE  0Low30
powerauth-java-server.war: nio-multipart-parser-1.1.0.jarorg.synchronoss.cloud:nio-multipart-parser:1.1.0 018
powerauth-java-server.war: ehcache-2.10.5.jarnet.sf.ehcache:ehcache:2.10.5  047
powerauth-java-server.war: opensaml-xacml-api-3.3.0.jarorg.opensaml:opensaml-xacml-api:3.3.0 021
powerauth-java-server.war: reactive-streams-1.0.2.jarorg.reactivestreams:reactive-streams:1.0.2  029
powerauth-java-server.war: cryptacular-1.1.1.jarorg.cryptacular:cryptacular:1.1.1 021
powerauth-java-server.war: wss4j-ws-security-dom-2.2.0.jarcpe:/a:apache:wss4j:2.2.0org.apache.wss4j:wss4j-ws-security-dom:2.2.0 0Low31
powerauth-java-server.war: antlr-2.7.7.jarantlr:antlr:2.7.7  018
powerauth-java-server.war: hibernate-commons-annotations-5.0.1.Final.jarorg.hibernate.common:hibernate-commons-annotations:5.0.1.Final  035
powerauth-java-server.war: commons-codec-1.11.jarcommons-codec:commons-codec:1.11 037
powerauth-java-server.war: jasypt-1.9.2.jarcpe:/a:jasypt_project:jasypt:1.9.2org.jasypt:jasypt:1.9.2 0Low19
powerauth-java-server.war: netty-transport-4.1.27.Final.jarcpe:/a:netty_project:netty:4.1.27io.netty:netty-transport:4.1.27.Final 0Low29
powerauth-java-server.war: opensaml-security-api-3.3.0.jarorg.opensaml:opensaml-security-api:3.3.0 019
powerauth-java-server.war: guava-25.1-jre.jarcom.google.guava:guava:25.1-jre 027
powerauth-java-server.war: opensaml-profile-api-3.3.0.jarorg.opensaml:opensaml-profile-api:3.3.0 019
powerauth-java-server.war: jul-to-slf4j-1.7.25.jarcpe:/a:slf4j:slf4j:1.7.25org.slf4j:jul-to-slf4j:1.7.25 0Low26
powerauth-java-server.war: metrics-core-3.2.6.jario.dropwizard.metrics:metrics-core:3.2.6 022
powerauth-java-server.war: animal-sniffer-annotations-1.14.jarorg.codehaus.mojo:animal-sniffer-annotations:1.14 020
powerauth-java-server.war: opensaml-xmlsec-impl-3.3.0.jarorg.opensaml:opensaml-xmlsec-impl:3.3.0 020
powerauth-java-server.war: opensaml-xacml-saml-api-3.3.0.jarorg.opensaml:opensaml-xacml-saml-api:3.3.0 022
powerauth-java-server.war: slf4j-api-1.7.25.jarcpe:/a:slf4j:slf4j:1.7.25org.slf4j:slf4j-api:1.7.25 0Low27
powerauth-java-server.war: joda-time-2.9.9.jarjoda-time:joda-time:2.9.9 033
powerauth-java-server.war: opensaml-soap-api-3.3.0.jarorg.opensaml:opensaml-soap-api:3.3.0 019
powerauth-java-server.war: validation-api-2.0.1.Final.jarjavax.validation:validation-api:2.0.1.Final 023
powerauth-java-server.war: commons-io-2.5.jarcommons-io:commons-io:2.5 037
powerauth-java-server.war: logback-core-1.2.3.jarcpe:/a:logback:logback:1.2.3ch.qos.logback:logback-core:1.2.3 0Low27
powerauth-java-server.war: spring-boot-starter-security-2.0.4.RELEASE.jarcpe:/a:pivotal_software:spring_boot:2.0.4
cpe:/a:pivotal_software:spring_security:2.0.4
org.springframework.boot:spring-boot-starter-security:2.0.4.RELEASE  0Low27
powerauth-java-server.war: bcprov-jdk15on-1.60.jarcpe:/a:bouncycastle:bouncy_castle_crypto_package:1.60
cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.60
org.bouncycastle:bcprov-jdk15on:1.60  0Low43
powerauth-java-server.war: xmlsec-2.1.0.jarcpe:/a:apache:xml_security_for_java:2.1.0
cpe:/a:apache:santuario_xml_security_for_java:2.1.0
org.apache.santuario:xmlsec:2.1.0 0Low37
powerauth-java-server.war: snakeyaml-1.19.jarorg.yaml:snakeyaml:1.19 021
powerauth-java-server.war: javax.transaction-api-1.2.jarjavax.transaction:javax.transaction-api:1.2 035
powerauth-java-server.war: stax2-api-3.1.4.jarorg.codehaus.woodstox:stax2-api:3.1.4 025
powerauth-java-server.war: error_prone_annotations-2.1.3.jarcom.google.errorprone:error_prone_annotations:2.1.3 019
powerauth-java-server.war: log4j-api-2.10.0.jarcpe:/a:apache:log4j:2.10.0org.apache.logging.log4j:log4j-api:2.10.0 0Low37
powerauth-java-server.war: geronimo-javamail_1.4_mail-1.8.4.jarcpe:/a:apache:geronimo:1.8.4org.apache.geronimo.javamail:geronimo-javamail_1.4_mail:1.8.4 High2Low32
powerauth-java-server.war: opensaml-saml-api-3.3.0.jarorg.opensaml:opensaml-saml-api:3.3.0 019
powerauth-java-server.war: j2objc-annotations-1.1.jarcom.google.j2objc:j2objc-annotations:1.1 019
powerauth-java-server.war: spring-data-commons-2.0.9.RELEASE.jarorg.springframework.data:spring-data-commons:2.0.9.RELEASE 017
powerauth-java-server.war: java-support-7.3.0.jarcpe:/a:shibboleth_project:shibboleth:7.3.0net.shibboleth.utilities:java-support:7.3.0 0Low20
powerauth-java-server.war: opensaml-saml-impl-3.3.0.jarorg.opensaml:opensaml-saml-impl:3.3.0 021
powerauth-java-server.war: jackson-databind-2.9.6.jarcpe:/a:fasterxml:jackson:2.9.6
cpe:/a:fasterxml:jackson-databind:2.9.6
com.fasterxml.jackson.core:jackson-databind:2.9.6 0Low37
powerauth-java-server.war: jsr305-3.0.2.jarcom.google.code.findbugs:jsr305:3.0.2 019
powerauth-java-server.war: opensaml-xmlsec-api-3.3.0.jarorg.opensaml:opensaml-xmlsec-api:3.3.0 019
powerauth-java-server.war: dom4j-1.6.1.jardom4j:dom4j:1.6.1  039
powerauth-java-server.war: spring-ws-core-3.0.3.RELEASE.jarcpe:/a:ws_project:ws:3.0.3org.springframework.ws:spring-ws-core:3.0.3.RELEASE 0Low18
powerauth-java-server.war: HikariCP-2.7.9.jarcom.zaxxer:HikariCP:2.7.9 029
powerauth-java-server.war: spring-data-jpa-2.0.9.RELEASE.jarorg.springframework.data:spring-data-jpa:2.0.9.RELEASE 021
powerauth-java-server.war: wsdl4j-1.6.3.jarwsdl4j:wsdl4j:1.6.3  027
powerauth-java-server.war: powerauth-java-prov-0.21.0.jarcpe:/a:mod_security:mod_security:0.21.0io.getlime.security:powerauth-java-prov:0.21.0 0Low20
powerauth-java-server.war: reactor-netty-0.7.8.RELEASE.jario.projectreactor.ipc:reactor-netty:0.7.8.RELEASE  032
powerauth-java-server.war: nio-stream-storage-1.1.3.jarcpe:/a:id:id-software:1.1.3org.synchronoss.cloud:nio-stream-storage:1.1.3 0Low20
powerauth-java-server.war: classmate-1.3.4.jarcom.fasterxml:classmate:1.3.4 041
powerauth-java-server.war: reactor-core-3.1.8.RELEASE.jario.projectreactor:reactor-core:3.1.8.RELEASE  032
powerauth-java-server.war: log4j-to-slf4j-2.10.0.jarcpe:/a:slf4j:slf4j:2.10.0
cpe:/a:apache:log4j:2.10.0
org.apache.logging.log4j:log4j-to-slf4j:2.10.0 0Low37
powerauth-java-server.war: opensaml-security-impl-3.3.0.jarorg.opensaml:opensaml-security-impl:3.3.0 020
powerauth-java-server.war: hibernate-validator-6.0.11.Final.jarcpe:/a:hibernate:hibernate_validator:6.0.11org.hibernate.validator:hibernate-validator:6.0.11.Final 0Low32
powerauth-java-server.war: opensaml-xacml-impl-3.3.0.jarorg.opensaml:opensaml-xacml-impl:3.3.0 022
powerauth-java-server.war: opensaml-xacml-saml-impl-3.3.0.jarorg.opensaml:opensaml-xacml-saml-impl:3.3.0 022
powerauth-java-server.war: spring-core-5.0.8.RELEASE.jarcpe:/a:pivotal_software:spring_framework:5.0.8
cpe:/a:pivotal:spring_framework:5.0.8
org.springframework:spring-core:5.0.8.RELEASE  0Low32
powerauth-java-server.war: stax-api-1.0-2.jarjavax.xml.stream:stax-api:1.0-2  020
powerauth-java-server.war: hibernate-core-5.2.17.Final.jarorg.hibernate:hibernate-core:5.2.17.Final  037
powerauth-java-server.war: javassist-3.22.0-GA.jarorg.javassist:javassist:3.22.0-GA 025
powerauth-java-server.war: checker-qual-2.0.0.jarorg.checkerframework:checker-qual:2.0.0  026
powerauth-java-server.war: jandex-2.0.3.Final.jarorg.jboss:jandex:2.0.3.Final 034
powerauth-java-server.war: spring-security-core-5.0.7.RELEASE.jarcpe:/a:pivotal_software:spring_security:5.0.7org.springframework.security:spring-security-core:5.0.7.RELEASE  0Low28
powerauth-java-server.war: jackson-annotations-2.9.0.jarcpe:/a:fasterxml:jackson:2.9.0com.fasterxml.jackson.core:jackson-annotations:2.9.0 0Low35
powerauth-java-server.war: powerauth-java-crypto-0.21.0.jario.getlime.security:powerauth-java-crypto:0.21.0 016
powerauth-java-server.war: hibernate-jpa-2.1-api-1.0.2.Final.jarorg.hibernate.javax.persistence:hibernate-jpa-2.1-api:1.0.2.Final  028
powerauth-java-server.war: aspectjweaver-1.8.13.jarorg.aspectj:aspectjweaver:1.8.13  027
powerauth-java-server.war: jboss-logging-3.3.2.Final.jarorg.jboss.logging:jboss-logging:3.3.2.Final 040
powerauth-java-server.war: javax.annotation-api-1.3.2.jarjavax.annotation:javax.annotation-api:1.3.2 037
powerauth-java-server.war: woodstox-core-asl-4.4.1.jarorg.codehaus.woodstox:woodstox-core-asl:4.4.1  034
powerauth-java-server.war: opensaml-core-3.3.0.jarorg.opensaml:opensaml-core:3.3.0 018
powerauth-java-server.war: jackson-core-2.9.6.jarcpe:/a:fasterxml:jackson:2.9.6com.fasterxml.jackson.core:jackson-core:2.9.6 0Low37
powerauth-java-server.war: ehcache-2.10.5.jar: sizeof-agent.jarnet.sf.ehcache:sizeof-agent:1.0.1 026
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-annotations/pom.xmlcpe:/a:fasterxml:jackson:2.3.0com.fasterxml.jackson.core:jackson-annotations:2.3.0 0Low16
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-core/pom.xmlcpe:/a:fasterxml:jackson:2.3.3com.fasterxml.jackson.core:jackson-core:2.3.3 0Low16
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xmlcpe:/a:fasterxml:jackson-databind:2.3.3
cpe:/a:fasterxml:jackson:2.3.3
com.fasterxml.jackson.core:jackson-databind:2.3.3High5Highest16
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base/pom.xmlcpe:/a:fasterxml:jackson:2.3.3com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:2.3.3 0Low13
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider/pom.xmlcpe:/a:fasterxml:jackson:2.3.3com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:2.3.3 0Low13
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations/pom.xmlcpe:/a:fasterxml:jackson:2.3.3com.fasterxml.jackson.module:jackson-module-jaxb-annotations:2.3.3 0Low16
powerauth-java-server.war: geronimo-javamail_1.4_mail-1.8.4.jar/META-INF/maven/org.apache.geronimo.specs/geronimo-javamail_1.4_spec/pom.xmlorg.apache.geronimo.specs:geronimo-javamail_1.4_spec:1.7.1 016
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/javax.annotation/javax.annotation-api/pom.xmljavax.annotation:javax.annotation-api:1.2 020
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/javax.servlet/javax.servlet-api/pom.xmljavax.servlet:javax.servlet-api:3.0.1 018
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/javax.validation/validation-api/pom.xmljavax.validation:validation-api:1.1.0.Final 011
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/javax.ws.rs/javax.ws.rs-api/pom.xmlcpe:/a:ws_project:ws:2.0javax.ws.rs:javax.ws.rs-api:2.0 0Low18
powerauth-java-server.war: netty-common-4.1.27.Final.jar/META-INF/maven/io.netty/netty-common/pom.xmlcpe:/a:netty_project:netty:4.1.27io.netty:netty-common:4.1.27.Final 0Low9
powerauth-java-server.war: netty-common-4.1.27.Final.jar/META-INF/maven/org.jctools/jctools-core/pom.xmlorg.jctools:jctools-core:2.1.1 011
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/javax.xml.bind/jaxb-api/pom.xmljavax.xml.bind:jaxb-api:2.3.0 07
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache.internal/ehcache-rest-agent/pom.xmlnet.sf.ehcache.internal:ehcache-rest-agent:2.10.5 013
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-common/pom.xmlnet.sf.ehcache:management-ehcache-common:2.10.5 011
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-impl-v1/pom.xmlnet.sf.ehcache:management-ehcache-impl-v1:2.10.5 011
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-impl-v2/pom.xmlnet.sf.ehcache:management-ehcache-impl-v2:2.10.5 011
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-v1/pom.xmlnet.sf.ehcache:management-ehcache-v1:2.10.5 011
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-v2/pom.xmlnet.sf.ehcache:management-ehcache-v2:2.10.5 011
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-continuation/pom.xmlcpe:/a:jetty:jetty:8.1.15.v20140411
cpe:/a:eclipse:jetty:8.1.15.v20140411
org.eclipse.jetty:jetty-continuation:8.1.15.v20140411High4Low15
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-http/pom.xmlcpe:/a:jetty:jetty:8.1.15.v20140411
cpe:/a:eclipse:jetty:8.1.15.v20140411
org.eclipse.jetty:jetty-http:8.1.15.v20140411High4Low13
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-io/pom.xmlorg.eclipse.jetty:jetty-io:8.1.15.v20140411 013
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-security/pom.xmlcpe:/a:jetty:jetty:8.1.15.v20140411
cpe:/a:eclipse:jetty:8.1.15.v20140411
org.eclipse.jetty:jetty-security:8.1.15.v20140411High4Low15
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xmlcpe:/a:jetty:jetty:8.1.15.v20140411
cpe:/a:eclipse:jetty:8.1.15.v20140411
org.eclipse.jetty:jetty-server:8.1.15.v20140411High4Low15
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xmlcpe:/a:jetty:jetty:8.1.15.v20140411
cpe:/a:eclipse:jetty:8.1.15.v20140411
org.eclipse.jetty:jetty-servlet:8.1.15.v20140411High4Low15
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xmlcpe:/a:jetty:jetty:8.1.15.v20140411
cpe:/a:eclipse:jetty:8.1.15.v20140411
org.eclipse.jetty:jetty-util:8.1.15.v20140411High4Low15
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2.external/aopalliance-repackaged/pom.xmlorg.glassfish.hk2.external:aopalliance-repackaged:2.2.0 011
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2.external/asm-all-repackaged/pom.xmlorg.glassfish.hk2.external:asm-all-repackaged:2.2.0 011
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2.external/javax.inject/pom.xmlorg.glassfish.hk2.external:javax.inject:2.2.0 011
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2/hk2-api/pom.xmlorg.glassfish.hk2:hk2-api:2.2.0 013
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2/hk2-locator/pom.xmlorg.glassfish.hk2:hk2-locator:2.2.0 013
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2/hk2-utils/pom.xmlorg.glassfish.hk2:hk2-utils:2.2.0 013
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.hk2/osgi-resource-locator/pom.xmlorg.glassfish.hk2:osgi-resource-locator:1.0.1 014
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.bundles.repackaged/jersey-guava/pom.xmlorg.glassfish.jersey.bundles.repackaged:jersey-guava:2.6 013
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.containers/jersey-container-servlet-core/pom.xmlorg.glassfish.jersey.containers:jersey-container-servlet-core:2.6 013
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.containers/jersey-container-servlet/pom.xmlorg.glassfish.jersey.containers:jersey-container-servlet:2.6 013
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.core/jersey-client/pom.xmlorg.glassfish.jersey.core:jersey-client:2.6 013
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.core/jersey-common/pom.xmlorg.glassfish.jersey.core:jersey-common:2.6 013
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.core/jersey-server/pom.xmlorg.glassfish.jersey.core:jersey-server:2.6 013
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.glassfish.jersey.media/jersey-media-sse/pom.xmlorg.glassfish.jersey.media:jersey-media-sse:2.6 013
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.javassist/javassist/pom.xmlorg.javassist:javassist:3.18.1-GA 011
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.jvnet/tiger-types/pom.xmlorg.jvnet:tiger-types:1.4 012
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-common-resources-v1/pom.xmlorg.terracotta:management-common-resources-v1:2.0.16 013
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-common-resources-v2/pom.xmlorg.terracotta:management-common-resources-v2:2.0.16 013
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-common-v1/pom.xmlorg.terracotta:management-common-v1:2.0.16 013
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-common-v2/pom.xmlorg.terracotta:management-common-v2:2.0.16 013
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-core-resources/pom.xmlorg.terracotta:management-core-resources:2.0.16 013
powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.terracotta/management-core/pom.xmlorg.terracotta:management-core:2.0.16 013

Dependencies

powerauth-java-server.war

Description:

 PowerAuth Server

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war
MD5: ac7ba151387ae89d2756bb982c76a599
SHA1: cd4c26e293114f145b24d270f83b70b213b43175

Identifiers

  • maven: io.getlime.security:powerauth-java-server:0.21.0  Confidence:High

powerauth-java-server.war: tomcat-embed-el-8.5.32.jar

Description:

 Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib-provided/tomcat-embed-el-8.5.32.jar
MD5: 7da764e6501d21f1e12b6dce811f3367
SHA1: e4fd0ee015d83fa1c5ec93ff1d05bdaf9a4480c5

Identifiers

powerauth-java-server.war: tomcat-embed-core-8.5.32.jar

Description:

 Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib-provided/tomcat-embed-core-8.5.32.jar
MD5: 2d01649dcad6664065dcdf05c77e9f0e
SHA1: 6bc6896200146010cc4666bdc6b9b0cbb453ee22

Identifiers

powerauth-java-server.war: spring-boot-starter-tomcat-2.0.4.RELEASE.jar

Description:

 Starter for using Tomcat as the embedded servlet container. Default
		servlet container starter used by spring-boot-starter-web

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib-provided/spring-boot-starter-tomcat-2.0.4.RELEASE.jar
MD5: 10d8327ee28744974b968c5fc26e46da
SHA1: dcf28989a34b0801fea0e810c371fb9dab1e7784

Identifiers

powerauth-java-server.war: spring-boot-2.0.4.RELEASE.jar

Description:

 Spring Boot

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/spring-boot-2.0.4.RELEASE.jar
MD5: efb3a8c9084e41428c5f3afd89baecef
SHA1: c8619c5b06d4dcdb4cac1e5e9c839e6e8b1c8574

Identifiers

powerauth-java-server.war: nio-multipart-parser-1.1.0.jar

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/nio-multipart-parser-1.1.0.jar
MD5: 1a5d6d1073dd2f5d026852dea49e23d4
SHA1: c6c417fec6612584b1c34d4dd98c5a4e47e8c754

Identifiers

  • maven: org.synchronoss.cloud:nio-multipart-parser:1.1.0  Confidence:High

powerauth-java-server.war: ehcache-2.10.5.jar

Description:

 Ehcache is an open source, standards-based cache used to boost performance,
  offload the database and simplify scalability. Ehcache is robust, proven and full-featured and
  this has made it the most widely-used Java-based cache.

License:

The Apache Software License, Version 2.0: src/assemble/EHCACHE-CORE-LICENSE.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/ehcache-2.10.5.jar
MD5: b1d05294c7621fe13da5c94989c3f8d1
SHA1: 74c1ec0a88bf20a14edb1b30a92b4c33cc6ea6b0

Identifiers

powerauth-java-server.war: opensaml-xacml-api-3.3.0.jar

Description:

 XACML Provider API

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/opensaml-xacml-api-3.3.0.jar
MD5: 4e8497d0587e7ffa042a41813c938bf3
SHA1: fe3189de9a330ceafc21ede651d542f14826bc33

Identifiers

  • maven: org.opensaml:opensaml-xacml-api:3.3.0  Confidence:High

powerauth-java-server.war: reactive-streams-1.0.2.jar

Description:

 A Protocol for Asynchronous Non-Blocking Data Sequence

License:

CC0: http://creativecommons.org/publicdomain/zero/1.0/
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/reactive-streams-1.0.2.jar
MD5: 022ff8ca0101daeb35c8df9b120ff99e
SHA1: 323964c36556eb0e6209f65c1cef72b53b461ab8

Identifiers

powerauth-java-server.war: cryptacular-1.1.1.jar

Description:

 The spectacular complement to the Bouncy Castle crypto API for Java.

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-3.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/cryptacular-1.1.1.jar
MD5: 6d6afbdd6f7596f52b70a274e6fd0d51
SHA1: fb63bf067d278e11eb74c6ff6139493d0df4e8a9

Identifiers

  • maven: org.cryptacular:cryptacular:1.1.1  Confidence:High

powerauth-java-server.war: wss4j-ws-security-dom-2.2.0.jar

Description:

 Apache WSS4J parent pom

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/wss4j-ws-security-dom-2.2.0.jar
MD5: cd35a0b6b1f4502c421643029aad9bf2
SHA1: ffca1eb7c0971ec950c8934c6e8272ea2801e988

Identifiers

  • cpe: cpe:/a:apache:wss4j:2.2.0  Confidence:Low  
  • maven: org.apache.wss4j:wss4j-ws-security-dom:2.2.0  Confidence:High

powerauth-java-server.war: antlr-2.7.7.jar

Description:

 
    A framework for constructing recognizers, compilers,
    and translators from grammatical descriptions containing
    Java, C#, C++, or Python actions.
  

License:

BSD License: http://www.antlr.org/license.html
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/antlr-2.7.7.jar
MD5: f8f1352c52a4c6a500b597596501fc64
SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0

Identifiers

powerauth-java-server.war: hibernate-commons-annotations-5.0.1.Final.jar

Description:

 Common reflection code used in support of annotation processing

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/hibernate-commons-annotations-5.0.1.Final.jar
MD5: 2a9d6f5a4ece96557bc4300ecc4486fb
SHA1: 71e1cff3fcb20d3b3af4f3363c3ddb24d33c6879

Identifiers

powerauth-java-server.war: commons-codec-1.11.jar

Description:

 
     The Apache Commons Codec package contains simple encoder and decoders for
     various formats such as Base64 and Hexadecimal.  In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/commons-codec-1.11.jar
MD5: 567159b1ae257a43e1391a8f59d24cfe
SHA1: 3acb4705652e16236558f0f4f2192cc33c3bd189

Identifiers

  • maven: commons-codec:commons-codec:1.11  Confidence:High

powerauth-java-server.war: jasypt-1.9.2.jar

Description:

 Java library which enables encryption in java apps with minimum effort.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/jasypt-1.9.2.jar
MD5: 92a13d215927d3d5fccb5487c1b13ba2
SHA1: 91eee489a389faba9fc57bfee75c87c615c19cd7

Identifiers

  • cpe: cpe:/a:jasypt_project:jasypt:1.9.2  Confidence:Low  
  • maven: org.jasypt:jasypt:1.9.2  Confidence:High

powerauth-java-server.war: netty-transport-4.1.27.Final.jar

Description:

 Netty is an asynchronous event-driven network application framework for    rapid development of maintainable high performance protocol servers and    clients.

License:

http://www.apache.org/licenses/LICENSE-2.0
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/netty-transport-4.1.27.Final.jar
MD5: 3de02aae41e1dfec94ec3bbe7e61eb27
SHA1: b5c2da3ea89dd67320925f1504c9eb3615241b7c

Identifiers

  • cpe: cpe:/a:netty_project:netty:4.1.27  Confidence:Low  
  • maven: io.netty:netty-transport:4.1.27.Final  Confidence:High

powerauth-java-server.war: opensaml-security-api-3.3.0.jar

Description:

 Security API

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/opensaml-security-api-3.3.0.jar
MD5: f55dfbba0ac2e925856330ef94aa84b8
SHA1: 89477899f0836040e9a584b451895a61d923bf96

Identifiers

  • maven: org.opensaml:opensaml-security-api:3.3.0  Confidence:High

powerauth-java-server.war: guava-25.1-jre.jar

Description:

 
    Guava is a suite of core and expanded libraries that include
    utility classes, google's collections, io classes, and much
    much more.
  

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/guava-25.1-jre.jar
MD5: da3838847d109ac435f0d3ed4ae1c794
SHA1: 6c57e4b22b44e89e548b5c9f70f0c45fe10fb0b4

Identifiers

  • maven: com.google.guava:guava:25.1-jre  Confidence:High

powerauth-java-server.war: opensaml-profile-api-3.3.0.jar

Description:

 Profile API

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/opensaml-profile-api-3.3.0.jar
MD5: 52ae1fca37b16e3e8d900dd9f59126d8
SHA1: e4c72301b98cf4967c49c450de7da2dbc1f6b8d0

Identifiers

  • maven: org.opensaml:opensaml-profile-api:3.3.0  Confidence:High

powerauth-java-server.war: jul-to-slf4j-1.7.25.jar

Description:

 JUL to SLF4J bridge

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/jul-to-slf4j-1.7.25.jar
MD5: ab28124cb05fec600f2ffe37b94629e0
SHA1: 0af5364cd6679bfffb114f0dec8a157aaa283b76

Identifiers

  • maven: org.slf4j:jul-to-slf4j:1.7.25  Confidence:High
  • cpe: cpe:/a:slf4j:slf4j:1.7.25  Confidence:Low  

powerauth-java-server.war: metrics-core-3.2.6.jar

Description:

 
        Metrics is a Java library which gives you unparalleled insight into what your code does in
        production. Metrics provides a powerful toolkit of ways to measure the behavior of critical
        components in your production environment.
    

License:

http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/metrics-core-3.2.6.jar
MD5: 641716ee081aeaa016415019c74fb447
SHA1: 62fe170cffeded1cef60e9e3402a93b45ce14327

Identifiers

  • maven: io.dropwizard.metrics:metrics-core:3.2.6  Confidence:High

powerauth-java-server.war: animal-sniffer-annotations-1.14.jar

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/animal-sniffer-annotations-1.14.jar
MD5: 9d42e46845c874f1710a9f6a741f6c14
SHA1: 775b7e22fb10026eed3f86e8dc556dfafe35f2d5

Identifiers

  • maven: org.codehaus.mojo:animal-sniffer-annotations:1.14  Confidence:High

powerauth-java-server.war: opensaml-xmlsec-impl-3.3.0.jar

Description:

 XML Security Implementation

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/opensaml-xmlsec-impl-3.3.0.jar
MD5: 99cc0c6a2d081654faafb9820fe49777
SHA1: 569ae8fc7c84817c5324e9f9b7958adf700a94c1

Identifiers

  • maven: org.opensaml:opensaml-xmlsec-impl:3.3.0  Confidence:High

powerauth-java-server.war: opensaml-xacml-saml-api-3.3.0.jar

Description:

 SAML XACML Profile API

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/opensaml-xacml-saml-api-3.3.0.jar
MD5: 9e847e86b91596e7cb0cfd3e63757331
SHA1: ac67fdc40a4006666e46decac8a8e288d501ad24

Identifiers

  • maven: org.opensaml:opensaml-xacml-saml-api:3.3.0  Confidence:High

powerauth-java-server.war: slf4j-api-1.7.25.jar

Description:

 The slf4j API

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/slf4j-api-1.7.25.jar
MD5: caafe376afb7086dcbee79f780394ca3
SHA1: da76ca59f6a57ee3102f8f9bd9cee742973efa8a

Identifiers

  • maven: org.slf4j:slf4j-api:1.7.25  Confidence:High
  • cpe: cpe:/a:slf4j:slf4j:1.7.25  Confidence:Low  

powerauth-java-server.war: joda-time-2.9.9.jar

Description:

 Date and time library to replace JDK date handling

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/joda-time-2.9.9.jar
MD5: eca438c8cc2b1de38e28d884b7f15dbc
SHA1: f7b520c458572890807d143670c9b24f4de90897

Identifiers

  • maven: joda-time:joda-time:2.9.9  Confidence:High

powerauth-java-server.war: opensaml-soap-api-3.3.0.jar

Description:

 SOAP Provider API

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/opensaml-soap-api-3.3.0.jar
MD5: 9e7b62c2ce6917dcd84f3283de346428
SHA1: 4e900056cd80c1f0bd72497c26a48664089e04a8

Identifiers

  • maven: org.opensaml:opensaml-soap-api:3.3.0  Confidence:High

powerauth-java-server.war: validation-api-2.0.1.Final.jar

Description:

 
        Bean Validation API
    

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/validation-api-2.0.1.Final.jar
MD5: 5d02c034034a7a16725ceff787e191d6
SHA1: cb855558e6271b1b32e716d24cb85c7f583ce09e

Identifiers

  • maven: javax.validation:validation-api:2.0.1.Final  Confidence:High

powerauth-java-server.war: commons-io-2.5.jar

Description:

 
The Apache Commons IO library contains utility classes, stream implementations, file filters, 
file comparators, endian transformation classes, and much more.
  

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/commons-io-2.5.jar
MD5: e2d74794fba570ec2115fb9d5b05dc9b
SHA1: 2852e6e05fbb95076fc091f6d1780f1f8fe35e0f

Identifiers

  • maven: commons-io:commons-io:2.5  Confidence:High

powerauth-java-server.war: logback-core-1.2.3.jar

Description:

 logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/logback-core-1.2.3.jar
MD5: 841fc80c6edff60d947a3872a2db4d45
SHA1: 864344400c3d4d92dfeb0a305dc87d953677c03c

Identifiers

  • cpe: cpe:/a:logback:logback:1.2.3  Confidence:Low  
  • maven: ch.qos.logback:logback-core:1.2.3  Confidence:High

powerauth-java-server.war: spring-boot-starter-security-2.0.4.RELEASE.jar

Description:

 Starter for using Spring Security

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/spring-boot-starter-security-2.0.4.RELEASE.jar
MD5: 5e520b823c8adf95338dd7f05f67c483
SHA1: 2ac314e5985fd9ae0d2acaea450f4f6c3dbd7f92

Identifiers

powerauth-java-server.war: bcprov-jdk15on-1.60.jar

Description:

 The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.

License:

Bouncy Castle Licence: http://www.bouncycastle.org/licence.html
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/bcprov-jdk15on-1.60.jar
MD5: 435ff931af9ed4430d2a27456b0386b2
SHA1: bd47ad3bd14b8e82595c7adaa143501e60842a84

Identifiers

  • cpe: cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.60  Confidence:Low  
  • maven: org.bouncycastle:bcprov-jdk15on:1.60   Confidence:Highest
  • cpe: cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.60  Confidence:Low  

powerauth-java-server.war: xmlsec-2.1.0.jar

Description:

 
        Apache XML Security for Java supports XML-Signature Syntax and Processing,
        W3C Recommendation 12 February 2002, and XML Encryption Syntax and
        Processing, W3C Recommendation 10 December 2002. As of version 1.4,
        the library supports the standard Java API JSR-105: XML Digital Signature APIs.
    

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/xmlsec-2.1.0.jar
MD5: d6162ba8ffb63cbd07d4aa5c0776fc4c
SHA1: 99964d24525fa5ffbfe00bfc02085fc2e3a0f98d

Identifiers

  • cpe: cpe:/a:apache:xml_security_for_java:2.1.0  Confidence:Low  
  • maven: org.apache.santuario:xmlsec:2.1.0  Confidence:High
  • cpe: cpe:/a:apache:santuario_xml_security_for_java:2.1.0  Confidence:Low  

powerauth-java-server.war: snakeyaml-1.19.jar

Description:

 YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/snakeyaml-1.19.jar
MD5: 95472b5a0ded8761545342a087e82117
SHA1: 2d998d3d674b172a588e54ab619854d073f555b5

Identifiers

  • maven: org.yaml:snakeyaml:1.19  Confidence:High

powerauth-java-server.war: javax.transaction-api-1.2.jar

Description:

 Project GlassFish Java Transaction API

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/javax.transaction-api-1.2.jar
MD5: 2dfee184286530e726ad155816e15b4c
SHA1: d81aff979d603edd90dcd8db2abc1f4ce6479e3e

Identifiers

  • maven: javax.transaction:javax.transaction-api:1.2  Confidence:High

powerauth-java-server.war: stax2-api-3.1.4.jar

Description:

 tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API.
  

License:

The BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/stax2-api-3.1.4.jar
MD5: c08e89de601b0a78f941b2c29db565c3
SHA1: ac19014b1e6a7c08aad07fe114af792676b685b7

Identifiers

  • maven: org.codehaus.woodstox:stax2-api:3.1.4  Confidence:High

powerauth-java-server.war: error_prone_annotations-2.1.3.jar

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/error_prone_annotations-2.1.3.jar
MD5: 97504b36cf871722d81a4b9e114f2a16
SHA1: 39b109f2cd352b2d71b52a3b5a1a9850e1dc304b

Identifiers

  • maven: com.google.errorprone:error_prone_annotations:2.1.3  Confidence:High

powerauth-java-server.war: log4j-api-2.10.0.jar

Description:

 The Apache Log4j API

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/log4j-api-2.10.0.jar
MD5: b15b1def49daaf7e74fffcce9442ba98
SHA1: fec5797a55b786184a537abd39c3fa1449d752d6

Identifiers

  • maven: org.apache.logging.log4j:log4j-api:2.10.0  Confidence:High
  • cpe: cpe:/a:apache:log4j:2.10.0  Confidence:Low  

powerauth-java-server.war: geronimo-javamail_1.4_mail-1.8.4.jar

Description:

 Geronimmo JavaMail Bundle.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/geronimo-javamail_1.4_mail-1.8.4.jar
MD5: f0f877ca397f77198f4c941bee52f0a4
SHA1: 0c111549605e4fb904984e4f40299a3a653871ea

Identifiers

CVE-2008-0732  

Severity:Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.

Vulnerable Software & Versions:

CVE-2011-5034  

Severity:High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-20 Improper Input Validation

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.  NOTE: this might overlap CVE-2011-4461.

Vulnerable Software & Versions: (show all)

powerauth-java-server.war: opensaml-saml-api-3.3.0.jar

Description:

 SAML Provider API

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/opensaml-saml-api-3.3.0.jar
MD5: c681c20398b65bd9b73c0a15b58f5c16
SHA1: c9611395e073206e59816b0b5ce5166450e8101e

Identifiers

  • maven: org.opensaml:opensaml-saml-api:3.3.0  Confidence:High

powerauth-java-server.war: j2objc-annotations-1.1.jar

Description:

 
    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.
  

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/j2objc-annotations-1.1.jar
MD5: 49ae3204bb0bb9b2ac77062641f4a6d7
SHA1: ed28ded51a8b1c6b112568def5f4b455e6809019

Identifiers

  • maven: com.google.j2objc:j2objc-annotations:1.1  Confidence:High

powerauth-java-server.war: spring-data-commons-2.0.9.RELEASE.jar

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/spring-data-commons-2.0.9.RELEASE.jar
MD5: c16aad093702b08099091e6471f817af
SHA1: 9c8f3ea29c9dd6e4c41876c46e9f5f4987390beb

Identifiers

  • maven: org.springframework.data:spring-data-commons:2.0.9.RELEASE  Confidence:High

powerauth-java-server.war: java-support-7.3.0.jar

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/java-support-7.3.0.jar
MD5: 67b23622febcf0461863d52ccb4776d8
SHA1: 288ecc17f2025ad14f768163d42808987d5ffcd6

Identifiers

  • maven: net.shibboleth.utilities:java-support:7.3.0  Confidence:High
  • cpe: cpe:/a:shibboleth_project:shibboleth:7.3.0  Confidence:Low  

powerauth-java-server.war: opensaml-saml-impl-3.3.0.jar

Description:

 SAML Provider Implementations

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/opensaml-saml-impl-3.3.0.jar
MD5: 8f6b1c6321b7d9b64d11e70d2496bdeb
SHA1: 391ac88f96a9f8f522d693c168d4c65fad20535d

Identifiers

  • maven: org.opensaml:opensaml-saml-impl:3.3.0  Confidence:High

powerauth-java-server.war: jackson-databind-2.9.6.jar

Description:

 General data-binding functionality for Jackson: works on core streaming API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/jackson-databind-2.9.6.jar
MD5: c6634d654c2df15a987bc37ec8d2b6b2
SHA1: cfa4f316351a91bfd95cb0644c6a2c95f52db1fc

Identifiers

  • maven: com.fasterxml.jackson.core:jackson-databind:2.9.6  Confidence:High
  • cpe: cpe:/a:fasterxml:jackson:2.9.6  Confidence:Low  
  • cpe: cpe:/a:fasterxml:jackson-databind:2.9.6  Confidence:Low  

powerauth-java-server.war: jsr305-3.0.2.jar

Description:

 JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d

Identifiers

  • maven: com.google.code.findbugs:jsr305:3.0.2  Confidence:High

powerauth-java-server.war: opensaml-xmlsec-api-3.3.0.jar

Description:

 XML Security API

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/opensaml-xmlsec-api-3.3.0.jar
MD5: b66b809860e35827ec3b44d3cff2b0e6
SHA1: e824f1e3ec14080412a4ab4b0807a13933d9be80

Identifiers

  • maven: org.opensaml:opensaml-xmlsec-api:3.3.0  Confidence:High

powerauth-java-server.war: dom4j-1.6.1.jar

Description:

 dom4j: the flexible XML framework for Java

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/dom4j-1.6.1.jar
MD5: 4d8f51d3fe3900efc6e395be48030d6d
SHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94

Identifiers

powerauth-java-server.war: spring-ws-core-3.0.3.RELEASE.jar

Description:

 Spring WS Core

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/spring-ws-core-3.0.3.RELEASE.jar
MD5: 4ef7a4f64ceff9bdf57322df6dd1e3fb
SHA1: 9175b57d3335b1815d65ca8183ab0ce4f69904e1

Identifiers

  • maven: org.springframework.ws:spring-ws-core:3.0.3.RELEASE  Confidence:High
  • cpe: cpe:/a:ws_project:ws:3.0.3  Confidence:Low  

powerauth-java-server.war: HikariCP-2.7.9.jar

Description:

 Ultimate JDBC Connection Pool

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/HikariCP-2.7.9.jar
MD5: 2002335357f6c75336692f93004004e3
SHA1: a83113d2c091d0d0f853dad3217bd7df3beb6ae3

Identifiers

  • maven: com.zaxxer:HikariCP:2.7.9  Confidence:High

powerauth-java-server.war: spring-data-jpa-2.0.9.RELEASE.jar

Description:

 Spring Data module for JPA repositories.

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/spring-data-jpa-2.0.9.RELEASE.jar
MD5: d7169ab0dc121d4a3fa97af8ae8ea309
SHA1: 0030acb36f682367d93ed400b4324fe2559f0fcb

Identifiers

  • maven: org.springframework.data:spring-data-jpa:2.0.9.RELEASE  Confidence:High

powerauth-java-server.war: wsdl4j-1.6.3.jar

Description:

 Java stub generator for WSDL

License:

CPL: http://www.opensource.org/licenses/cpl1.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/wsdl4j-1.6.3.jar
MD5: cfc28d89625c5e88589aec7a9aee0208
SHA1: 6d106a6845a3d3477a1560008479312888e94f2f

Identifiers

powerauth-java-server.war: powerauth-java-prov-0.21.0.jar

Description:

 Technical Maven module. Simple interface for generic crypto provider inclusion.

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/powerauth-java-prov-0.21.0.jar
MD5: 68f23fa5e4dc8c54ff23f263582d34f2
SHA1: 36f563a10d351f6733b7e62c6ac752c25d51fa34

Identifiers

  • cpe: cpe:/a:mod_security:mod_security:0.21.0  Confidence:Low  
  • maven: io.getlime.security:powerauth-java-prov:0.21.0  Confidence:High

powerauth-java-server.war: reactor-netty-0.7.8.RELEASE.jar

Description:

 Reactive Streams Netty driver

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/reactor-netty-0.7.8.RELEASE.jar
MD5: a4ed837de32c58f42cbdfd3d9486b124
SHA1: fe25c7d3042b6005690f7d243cef987b696a12ee

Identifiers

powerauth-java-server.war: nio-stream-storage-1.1.3.jar

Description:

 A lightweight library to stream byte data using a combination of in memory and file storage.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/nio-stream-storage-1.1.3.jar
MD5: 848917322d5b4e121e53cc512d01a2f4
SHA1: 986dba5f6e5eed20f0dba6ddc8e8a64a9ebdc2f3

Identifiers

  • cpe: cpe:/a:id:id-software:1.1.3  Confidence:Low  
  • maven: org.synchronoss.cloud:nio-stream-storage:1.1.3  Confidence:High

powerauth-java-server.war: classmate-1.3.4.jar

Description:

 Library for introspecting types with full generic information
        including resolving of field and method types.
    

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/classmate-1.3.4.jar
MD5: 1e2e0fcc510753882683417e01895242
SHA1: 03d5f48f10bbe4eb7bd862f10c0583be2e0053c6

Identifiers

  • maven: com.fasterxml:classmate:1.3.4  Confidence:High

powerauth-java-server.war: reactor-core-3.1.8.RELEASE.jar

Description:

 Non-Blocking Reactive Foundation for the JVM

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/reactor-core-3.1.8.RELEASE.jar
MD5: dfc6416c1b07557100229f88473152bb
SHA1: 3bcc30f9161d3d17abe44b4aa20e397e5170566e

Identifiers

powerauth-java-server.war: log4j-to-slf4j-2.10.0.jar

Description:

 The Apache Log4j binding between Log4j 2 API and SLF4J.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/log4j-to-slf4j-2.10.0.jar
MD5: 7ac821f6ff3d7f9ed68ffe982a76b8c2
SHA1: f7e631ccf49cfc0aefa4a2a728da7d374c05bd3c

Identifiers

  • cpe: cpe:/a:slf4j:slf4j:2.10.0  Confidence:Low  
  • maven: org.apache.logging.log4j:log4j-to-slf4j:2.10.0  Confidence:High
  • cpe: cpe:/a:apache:log4j:2.10.0  Confidence:Low  

powerauth-java-server.war: opensaml-security-impl-3.3.0.jar

Description:

 Security Implementation

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/opensaml-security-impl-3.3.0.jar
MD5: fa365f047ff1f169702024728e479fec
SHA1: 48cf37a5080ee406aef21a49045f5e1d15ea46e6

Identifiers

  • maven: org.opensaml:opensaml-security-impl:3.3.0  Confidence:High

powerauth-java-server.war: hibernate-validator-6.0.11.Final.jar

Description:

 Hibernate's Bean Validation (JSR-380) reference implementation.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/hibernate-validator-6.0.11.Final.jar
MD5: ea85d60ab9a58357b60f1a9d9571a560
SHA1: 36f9d10a11e4768f55e8fb91ebe4338a5c43954e

Identifiers

  • cpe: cpe:/a:hibernate:hibernate_validator:6.0.11  Confidence:Low  
  • maven: org.hibernate.validator:hibernate-validator:6.0.11.Final  Confidence:High

powerauth-java-server.war: opensaml-xacml-impl-3.3.0.jar

Description:

 XACML Provider Implementations

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/opensaml-xacml-impl-3.3.0.jar
MD5: e4052084cce2baa133dff2af6440a162
SHA1: a86016114986e68636c23df8f13ebf0b0e2601cf

Identifiers

  • maven: org.opensaml:opensaml-xacml-impl:3.3.0  Confidence:High

powerauth-java-server.war: opensaml-xacml-saml-impl-3.3.0.jar

Description:

 SAML XACML Profile Implementation

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/opensaml-xacml-saml-impl-3.3.0.jar
MD5: 8af738b0f975082161cba4b5a4d93d64
SHA1: e90e50432cf2d9a8fac836ddd5a92961f3fcbd14

Identifiers

  • maven: org.opensaml:opensaml-xacml-saml-impl:3.3.0  Confidence:High

powerauth-java-server.war: spring-core-5.0.8.RELEASE.jar

Description:

 Spring Core

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/spring-core-5.0.8.RELEASE.jar
MD5: 437bf5d4e00a150720c5761668035cd5
SHA1: dc39c49e3246cdf73d3786ac41119140aed3fa08

Identifiers

  • cpe: cpe:/a:pivotal_software:spring_framework:5.0.8  Confidence:Low  
  • cpe: cpe:/a:pivotal:spring_framework:5.0.8  Confidence:Low  
  • maven: org.springframework:spring-core:5.0.8.RELEASE   Confidence:Highest

powerauth-java-server.war: stax-api-1.0-2.jar

Description:

 
    StAX is a standard XML processing API that allows you to stream XML data from and to your application.
  

License:

GNU General Public Library: http://www.gnu.org/licenses/gpl.txt
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: http://www.sun.com/cddl/cddl.html
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/stax-api-1.0-2.jar
MD5: 7d18b63063580284c3f5734081fdc99f
SHA1: d6337b0de8b25e53e81b922352fbea9f9f57ba0b

Identifiers

powerauth-java-server.war: hibernate-core-5.2.17.Final.jar

Description:

 The core O/RM functionality as provided by Hibernate

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/hibernate-core-5.2.17.Final.jar
MD5: f572a6e35cab0c72e78f43ac7a43fc51
SHA1: f2dc36470e7a2ffcf6106bb1625ecf5b54bb5f65

Identifiers

powerauth-java-server.war: javassist-3.22.0-GA.jar

Description:

 
  	Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
    simple.  It is a class library for editing bytecodes in Java.
  

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/javassist-3.22.0-GA.jar
MD5: 69f277ed4c6631e45ec4cacd0e6e46c6
SHA1: 3e83394258ae2089be7219b971ec21a8288528ad

Identifiers

  • maven: org.javassist:javassist:3.22.0-GA  Confidence:High

powerauth-java-server.war: checker-qual-2.0.0.jar

Description:

 
        Checker Qual is the set of annotations (qualifiers) and supporting classes
        used by the Checker Framework to type check Java source code.  Please
        see artifact:
        org.checkerframework:checker
    

License:

GNU General Public License, version 2 (GPL2), with the classpath exception: http://www.gnu.org/software/classpath/license.html
The MIT License: http://opensource.org/licenses/MIT
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/checker-qual-2.0.0.jar
MD5: 94fe1af76c10006fbc5b988180b71bf0
SHA1: 518929596ee3249127502a8573b2e008e2d51ed3

Identifiers

powerauth-java-server.war: jandex-2.0.3.Final.jar

Description:

 Parent POM for JBoss projects. Provides default project build configuration.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/jandex-2.0.3.Final.jar
MD5: 77db6e55da888349f5466d2dcf150b14
SHA1: bfc4d6257dbff7a33a357f0de116be6ff951d849

Identifiers

  • maven: org.jboss:jandex:2.0.3.Final  Confidence:High

powerauth-java-server.war: spring-security-core-5.0.7.RELEASE.jar

Description:

 spring-security-core

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/spring-security-core-5.0.7.RELEASE.jar
MD5: ab6fdbf0f5ac7cdba2d91dc9185b978c
SHA1: 40a0c57af6b4c3f8c611216d2579c6ab19672694

Identifiers

powerauth-java-server.war: jackson-annotations-2.9.0.jar

Description:

 Core annotations used for value types, used by Jackson data binding package.
  

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/jackson-annotations-2.9.0.jar
MD5: c09faa1b063681cf45706c6df50685b6
SHA1: 07c10d545325e3a6e72e06381afe469fd40eb701

Identifiers

  • maven: com.fasterxml.jackson.core:jackson-annotations:2.9.0  Confidence:High
  • cpe: cpe:/a:fasterxml:jackson:2.9.0  Confidence:Low  

powerauth-java-server.war: powerauth-java-crypto-0.21.0.jar

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/powerauth-java-crypto-0.21.0.jar
MD5: bec3cd6e05aa0e1592b57982f22eda1e
SHA1: 1d1d481fd4f8b97f55f76051df8994a1443bdb30

Identifiers

  • maven: io.getlime.security:powerauth-java-crypto:0.21.0  Confidence:High

powerauth-java-server.war: hibernate-jpa-2.1-api-1.0.2.Final.jar

Description:

 Clean-room definition of JPA APIs intended for use in developing Hibernate JPA implementation.  See README.md for details

License:

Eclipse Public License (EPL), Version 1.0: http://www.eclipse.org/legal/epl-v10.html
Eclipse Distribution License (EDL), Version 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/hibernate-jpa-2.1-api-1.0.2.Final.jar
MD5: 9f8b719e945337446705486a957624b8
SHA1: 52afb5762c704a6b586e27742470c08f91877fc1

Identifiers

powerauth-java-server.war: aspectjweaver-1.8.13.jar

Description:

 The AspectJ weaver introduces advices to java classes

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/aspectjweaver-1.8.13.jar
MD5: 4a95811a5b41a038a359c05189de9829
SHA1: ad94df2a28d658a40dc27bbaff6a1ce5fbf04e9b

Identifiers

powerauth-java-server.war: jboss-logging-3.3.2.Final.jar

Description:

 The JBoss Logging Framework

License:

Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/jboss-logging-3.3.2.Final.jar
MD5: c397132f958d7e8ac0d566b6723ca7ca
SHA1: 3789d00e859632e6c6206adc0c71625559e6e3b0

Identifiers

  • maven: org.jboss.logging:jboss-logging:3.3.2.Final  Confidence:High

powerauth-java-server.war: javax.annotation-api-1.3.2.jar

Description:

 Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.annotation/blob/master/LICENSE
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/javax.annotation-api-1.3.2.jar
MD5: 2ab1973eefffaa2aeec47d50b9e40b9d
SHA1: 934c04d3cfef185a8008e7bf34331b79730a9d43

Identifiers

  • maven: javax.annotation:javax.annotation-api:1.3.2  Confidence:High

powerauth-java-server.war: woodstox-core-asl-4.4.1.jar

Description:

 Woodstox is a high-performance XML processor that
implements Stax (JSR-173) and SAX2 APIs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/woodstox-core-asl-4.4.1.jar
MD5: 1f53f91f117288fb2ef2e120f27e5498
SHA1: 84fee5eb1a4a1cefe65b6883c73b3fa83be3c1a1

Identifiers

powerauth-java-server.war: opensaml-core-3.3.0.jar

Description:

 Core

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/opensaml-core-3.3.0.jar
MD5: e558149f017f5e7dd948658f76d7a44a
SHA1: 6fac68342891abec3c22d53e14c706ba3e58918b

Identifiers

  • maven: org.opensaml:opensaml-core:3.3.0  Confidence:High

powerauth-java-server.war: jackson-core-2.9.6.jar

Description:

 Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/jackson-core-2.9.6.jar
MD5: f3cf83b839fac92307cad542c2ded5c4
SHA1: 4e393793c37c77e042ccc7be5a914ae39251b365

Identifiers

  • cpe: cpe:/a:fasterxml:jackson:2.9.6  Confidence:Low  
  • maven: com.fasterxml.jackson.core:jackson-core:2.9.6  Confidence:High

powerauth-java-server.war: ehcache-2.10.5.jar: sizeof-agent.jar

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/ehcache-2.10.5.jar/net/sf/ehcache/pool/sizeof/sizeof-agent.jar
MD5: 5ad919b3ac0516897bdca079c9a222a8
SHA1: e86399a80ae6a6c7a563717eaa0ce9ba4708571c

Identifiers

  • maven: net.sf.ehcache:sizeof-agent:1.0.1  Confidence:High

powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-annotations/pom.xml

Description:

 Core annotations used for value types, used by Jackson data binding package.
  

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-annotations/pom.xml
MD5: 920a7c797babb215595b83388a2cab1a
SHA1: bf2a064aec0f86ef110ded6b11147350cfef0bb7

Identifiers

  • cpe: cpe:/a:fasterxml:jackson:2.3.0  Confidence:Low  
  • maven: com.fasterxml.jackson.core:jackson-annotations:2.3.0  Confidence:High

powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-core/pom.xml

Description:

 Core Jackson abstractions, basic JSON streaming API implementation
  

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-core/pom.xml
MD5: 57bca813b5307e3154e7d8eeddb5c156
SHA1: fc05676963f49f5c338cdc115b4ff74dfe041c4f

Identifiers

  • maven: com.fasterxml.jackson.core:jackson-core:2.3.3  Confidence:High
  • cpe: cpe:/a:fasterxml:jackson:2.3.3  Confidence:Low  

powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml

Description:

 General data-binding functionality for Jackson: works on core streaming API

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
MD5: 04e23f17a1150e7ec1f70eeac734af7d
SHA1: fc2fa919676ab9574a7e312fd44741e5569b86a1

Identifiers

  • cpe: cpe:/a:fasterxml:jackson-databind:2.3.3  Confidence:Highest  
  • maven: com.fasterxml.jackson.core:jackson-databind:2.3.3  Confidence:High
  • cpe: cpe:/a:fasterxml:jackson:2.3.3  Confidence:Low  

CVE-2017-15095  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.

Vulnerable Software & Versions: (show all)

CVE-2017-17485  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.

Vulnerable Software & Versions: (show all)

CVE-2017-7525  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Vulnerable Software & Versions: (show all)

CVE-2018-5968  

Severity:Medium
CVSS Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
CWE: CWE-184 Incomplete Blacklist

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.

Vulnerable Software & Versions: (show all)

CVE-2018-7489  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-184 Incomplete Blacklist

FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.

Vulnerable Software & Versions: (show all)

powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base/pom.xml

Description:

 Pile of code that is shared by all Jackson-based JAX-RS
providers.
  

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base/pom.xml
MD5: a0b035a5188c067e32cc6e16b0deab19
SHA1: c3eba3468d5971c45c981c803efa776508a5c63d

Identifiers

  • maven: com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:2.3.3  Confidence:High
  • cpe: cpe:/a:fasterxml:jackson:2.3.3  Confidence:Low  

powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider/pom.xml

Description:

 Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.
  

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider/pom.xml
MD5: 8cb8dfac80c2beada46f76493632c0b0
SHA1: 2f4b8921cc1693827f46dbedcdfd2c1afe6e0928

Identifiers

  • maven: com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:2.3.3  Confidence:High
  • cpe: cpe:/a:fasterxml:jackson:2.3.3  Confidence:Low  

powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations/pom.xml

Description:

 Support for using JAXB annotations as an alternative to "native" Jackson annotations, for configuring data binding.
  

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations/pom.xml
MD5: 0e4ffd3552d53012977f4aa7e8631139
SHA1: 63e7293b8a7ebc035133c91da4fcdfdc8d35fa56

Identifiers

  • maven: com.fasterxml.jackson.module:jackson-module-jaxb-annotations:2.3.3  Confidence:High
  • cpe: cpe:/a:fasterxml:jackson:2.3.3  Confidence:Low  

powerauth-java-server.war: geronimo-javamail_1.4_mail-1.8.4.jar/META-INF/maven/org.apache.geronimo.specs/geronimo-javamail_1.4_spec/pom.xml

Description:

 Javamail 1.4 Specification

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/geronimo-javamail_1.4_mail-1.8.4.jar/META-INF/maven/org.apache.geronimo.specs/geronimo-javamail_1.4_spec/pom.xml
MD5: 3743449ae3615be03030800b9e3a7635
SHA1: 74ae043414f17033b626ec465233bccc5fb844fc

Identifiers

  • maven: org.apache.geronimo.specs:geronimo-javamail_1.4_spec:1.7.1  Confidence:High

powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/javax.annotation/javax.annotation-api/pom.xml

Description:

 Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/javax.annotation/javax.annotation-api/pom.xml
MD5: 11204d5fb5c6aa1ae5948f22a37a2795
SHA1: d90e6c7f83898fe30f83aeaf4d411285f970a433

Identifiers

  • maven: javax.annotation:javax.annotation-api:1.2  Confidence:High

powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/javax.servlet/javax.servlet-api/pom.xml

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/javax.servlet/javax.servlet-api/pom.xml
MD5: faa665eb553f227ed989e294d09c4175
SHA1: 992273c71fb14b78cd29052188857b446aa157d5

Identifiers

  • maven: javax.servlet:javax.servlet-api:3.0.1  Confidence:High

powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/javax.validation/validation-api/pom.xml

Description:

 
        Bean Validation API
    

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/javax.validation/validation-api/pom.xml
MD5: 392b65b1983526abcfb87d01d46973ea
SHA1: 0d2ad4d1498d1048abc6c6948fd3f835d8fdafb0

Identifiers

  • maven: javax.validation:validation-api:1.1.0.Final  Confidence:High

powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/javax.ws.rs/javax.ws.rs-api/pom.xml

License:

CDDL 1.1: http://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/javax.ws.rs/javax.ws.rs-api/pom.xml
MD5: ba4f047c8d5f7cfbed1b31c32989999d
SHA1: 056dfb068c761287f29c4c39ef492df23eb581c7

Identifiers

  • maven: javax.ws.rs:javax.ws.rs-api:2.0  Confidence:High
  • cpe: cpe:/a:ws_project:ws:2.0  Confidence:Low  

powerauth-java-server.war: netty-common-4.1.27.Final.jar/META-INF/maven/io.netty/netty-common/pom.xml

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/netty-common-4.1.27.Final.jar/META-INF/maven/io.netty/netty-common/pom.xml
MD5: d7013a8eeebd327d5cde7a596d6324b3
SHA1: 3a6879243c06e0872208eeea628dd7103eadfab9

Identifiers

  • maven: io.netty:netty-common:4.1.27.Final  Confidence:High
  • cpe: cpe:/a:netty_project:netty:4.1.27  Confidence:Low  

powerauth-java-server.war: netty-common-4.1.27.Final.jar/META-INF/maven/org.jctools/jctools-core/pom.xml

Description:

 Java Concurrency Tools Core Library

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/netty-common-4.1.27.Final.jar/META-INF/maven/org.jctools/jctools-core/pom.xml
MD5: d532029de01ef1c790266dea91b1ecdc
SHA1: f9571c65e428d21c795a34de2b217419dfc0e2f7

Identifiers

  • maven: org.jctools:jctools-core:2.1.1  Confidence:High

powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/javax.xml.bind/jaxb-api/pom.xml

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/javax.xml.bind/jaxb-api/pom.xml
MD5: 1acc9ac1010c4edfba88534c64aa9027
SHA1: 61dab99f547e2110e42e35f659d9ba27bd00108c

Identifiers

  • maven: javax.xml.bind:jaxb-api:2.3.0  Confidence:High

powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache.internal/ehcache-rest-agent/pom.xml

Description:

 Ehcache REST implementation

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache.internal/ehcache-rest-agent/pom.xml
MD5: 869d7857a5c0622575d781a3406f13bc
SHA1: 42a7f78f32704f586a9e41c5dc7a322f52d9cda1

Identifiers

  • maven: net.sf.ehcache.internal:ehcache-rest-agent:2.10.5  Confidence:High

powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-common/pom.xml

Description:

 A common library shared between different management-ehcache implementation versions

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-common/pom.xml
MD5: 383b233c28213073e24d5aea19b6d0a2
SHA1: 7d2ed69845fc8aa52d3faac12711553c3f62747d

Identifiers

  • maven: net.sf.ehcache:management-ehcache-common:2.10.5  Confidence:High

powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-impl-v1/pom.xml

Description:

 A product library integrating with ehcache to construct the relevant management resource entities V1

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-impl-v1/pom.xml
MD5: e3d1abd3db01f4bc3c5c636dde26e661
SHA1: edd0dac06a131f0028218cdcaac48f6cc562b73b

Identifiers

  • maven: net.sf.ehcache:management-ehcache-impl-v1:2.10.5  Confidence:High

powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-impl-v2/pom.xml

Description:

 A product library integrating with ehcache to construct the relevant management resource entities V1

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-impl-v2/pom.xml
MD5: affbef8837ad8184d86b7dc69334b8bd
SHA1: 5f4904c9e736351b0b3aa59ee70fa58ecee48284

Identifiers

  • maven: net.sf.ehcache:management-ehcache-impl-v2:2.10.5  Confidence:High

powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-v1/pom.xml

Description:

 A library defining the ehcache management resource services and resource entities, version 1

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-v1/pom.xml
MD5: e50950bf63c597d1e0458df3439d344d
SHA1: 6cecae4aeaa5535690a78097ddc6b802e58bafaf

Identifiers

  • maven: net.sf.ehcache:management-ehcache-v1:2.10.5  Confidence:High

powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-v2/pom.xml

Description:

 A library defining the ehcache management resource services and resource entities, version 2

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/net.sf.ehcache/management-ehcache-v2/pom.xml
MD5: 79bac553d7f60bf8408632c8c3501646
SHA1: 9db8fd15c6073614e89fefc36082f0407b112019

Identifiers

  • maven: net.sf.ehcache:management-ehcache-v2:2.10.5  Confidence:High

powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-continuation/pom.xml

Description:

 Asynchronous API

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-continuation/pom.xml
MD5: be93de218e005baf6aa7cbb242240e40
SHA1: 6985254ff36765166daa2c098eedcb37ecf14404

Identifiers

  • maven: org.eclipse.jetty:jetty-continuation:8.1.15.v20140411  Confidence:High
  • cpe: cpe:/a:jetty:jetty:8.1.15.v20140411  Confidence:Low  
  • cpe: cpe:/a:eclipse:jetty:8.1.15.v20140411  Confidence:Low  

CVE-2017-7656  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.

Vulnerable Software & Versions: (show all)

CVE-2017-7657  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-190 Integer Overflow or Wraparound

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.

Vulnerable Software & Versions: (show all)

CVE-2017-7658  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-19 Data Handling

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.

Vulnerable Software & Versions: (show all)

CVE-2017-9735  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Vulnerable Software & Versions:

powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-http/pom.xml

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-http/pom.xml
MD5: 54db4afff96d30fe1bb1761fce9d3abf
SHA1: 46ae188c5c92aadb0d9876b66270787f8af3e1ed

Identifiers

  • maven: org.eclipse.jetty:jetty-http:8.1.15.v20140411  Confidence:High
  • cpe: cpe:/a:jetty:jetty:8.1.15.v20140411  Confidence:Low  
  • cpe: cpe:/a:eclipse:jetty:8.1.15.v20140411  Confidence:Low  

CVE-2017-7656  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.

Vulnerable Software & Versions: (show all)

CVE-2017-7657  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-190 Integer Overflow or Wraparound

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.

Vulnerable Software & Versions: (show all)

CVE-2017-7658  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-19 Data Handling

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.

Vulnerable Software & Versions: (show all)

CVE-2017-9735  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Vulnerable Software & Versions:

powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-io/pom.xml

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-io/pom.xml
MD5: 5ccb45a1fb739e3c4547eb10a47b4ff7
SHA1: 8e69498dd5f7ed71790aa990f4bc1c72e5515234

Identifiers

  • maven: org.eclipse.jetty:jetty-io:8.1.15.v20140411  Confidence:High

powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-security/pom.xml

Description:

 Jetty security infrastructure

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-security/pom.xml
MD5: 128fb2a09f078fe188e52e9870fcb879
SHA1: 2c4e9d4080e638479110b358a61b879366154a71

Identifiers

  • maven: org.eclipse.jetty:jetty-security:8.1.15.v20140411  Confidence:High
  • cpe: cpe:/a:jetty:jetty:8.1.15.v20140411  Confidence:Low  
  • cpe: cpe:/a:eclipse:jetty:8.1.15.v20140411  Confidence:Low  

CVE-2017-7656  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.

Vulnerable Software & Versions: (show all)

CVE-2017-7657  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-190 Integer Overflow or Wraparound

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.

Vulnerable Software & Versions: (show all)

CVE-2017-7658  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-19 Data Handling

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.

Vulnerable Software & Versions: (show all)

CVE-2017-9735  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Vulnerable Software & Versions:

powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml

Description:

 The core jetty server artifact.

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml
MD5: c9c1985d6d077be13f5766f8abebe233
SHA1: efaf20cf56e85305c5bcb32168d80f7ad129bf66

Identifiers

  • maven: org.eclipse.jetty:jetty-server:8.1.15.v20140411  Confidence:High
  • cpe: cpe:/a:jetty:jetty:8.1.15.v20140411  Confidence:Low  
  • cpe: cpe:/a:eclipse:jetty:8.1.15.v20140411  Confidence:Low  

CVE-2017-7656  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.

Vulnerable Software & Versions: (show all)

CVE-2017-7657  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-190 Integer Overflow or Wraparound

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.

Vulnerable Software & Versions: (show all)

CVE-2017-7658  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-19 Data Handling

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.

Vulnerable Software & Versions: (show all)

CVE-2017-9735  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Vulnerable Software & Versions:

powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml

Description:

 Jetty Servlet Container

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml
MD5: 48a57e906d4b1d9fd65ea4505684e2de
SHA1: fca560fd1f8438f7a1120599e25a9518532e315b

Identifiers

  • maven: org.eclipse.jetty:jetty-servlet:8.1.15.v20140411  Confidence:High
  • cpe: cpe:/a:jetty:jetty:8.1.15.v20140411  Confidence:Low  
  • cpe: cpe:/a:eclipse:jetty:8.1.15.v20140411  Confidence:Low  

CVE-2017-7656  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.

Vulnerable Software & Versions: (show all)

CVE-2017-7657  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-190 Integer Overflow or Wraparound

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.

Vulnerable Software & Versions: (show all)

CVE-2017-7658  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-19 Data Handling

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.

Vulnerable Software & Versions: (show all)

CVE-2017-9735  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Vulnerable Software & Versions:

powerauth-java-server.war: ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml

Description:

 Utility classes for Jetty

File Path: /var/jenkins_home/workspace/pa-server/powerauth-java-server/target/powerauth-java-server.war/WEB-INF/lib/ehcache-2.10.5.jar/rest-management-private-classpath/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml
MD5: f3725d11f08b8ed8672633bf06f52659
SHA1: 9d51ebc5999e405faa35161f03acbcee1acc25ce

Identifiers

  • maven: org.eclipse.jetty:jetty-util:8.1.15.v20140411  Confidence:High
  • cpe: cpe:/a:jetty:jetty:8.1.15.v20140411  Confidence:Low  
  • cpe: cpe:/a:eclipse:jetty:8.1.15.v20140411  Confidence:Low  

CVE-2017-7656  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.

Vulnerable Software & Versions: (show all)

CVE-2017-7657  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-190 Integer Overflow or Wraparound

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.

Vulnerable Software & Versions: (show all)