Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: apache-nutch

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

DependencyCPECoordinatesHighest SeverityCVE CountCPE ConfidenceEvidence Count
activation-1.1.jarjavax.activation:activation:1.1  027
aopalliance-1.0.jaraopalliance:aopalliance:1.0  020
apacheds-i18n-2.0.0-M15.jarorg.apache.directory.server:apacheds-i18n:2.0.0-M15  038
apacheds-kerberos-codec-2.0.0-M15.jarorg.apache.directory.server:apacheds-kerberos-codec:2.0.0-M15  038
api-asn1-api-1.0.0-M20.jarorg.apache.directory.api:api-asn1-api:1.0.0-M20  038
api-util-1.0.0-M20.jarcpe:/a:apache:directory_ldap_api:1.0.0.m30org.apache.directory.api:api-util:1.0.0-M20Medium1Low23
args4j-2.0.16.jarargs4j:args4j:2.0.16 017
asm-3.3.1.jarasm:asm:3.3.1  021
avro-1.8.1.jarorg.apache.avro:avro:1.8.1  042
avro-compiler-1.8.1.jarorg.apache.avro:avro-compiler:1.8.1 027
avro-ipc-1.8.1.jarorg.apache.avro:avro-ipc:1.8.1 033
avro-mapred-1.8.1.jarcpe:/a:apache:hadoop:1.8.1org.apache.avro:avro-mapred:1.8.1High3Low22
bootstrap-3.0.3.jarorg.webjars:bootstrap:3.0.3 014
cglib-2.2.1-v20090111.jarorg.sonatype.sisu.inject:cglib:2.2.1-v20090111  024
cglib-2.2.2.jarcglib:cglib:2.2.2  022
closure-compiler-v20130603.jarcpe:/a:google:gmail:-com.google.javascript:closure-compiler:v20130603 Medium1Low27
commons-beanutils-1.7.0.jarcpe:/a:apache:commons_beanutils:1.7.0commons-beanutils:commons-beanutils:1.7.0 High1Low22
commons-beanutils-core-1.8.0.jarcpe:/a:apache:commons_beanutils:1.8.0commons-beanutils:commons-beanutils-core:1.8.0 High1Low30
commons-cli-1.2.jarcommons-cli:commons-cli:1.2 031
commons-codec-1.7.jarcommons-codec:commons-codec:1.7 033
commons-collections-3.2.1.jarcpe:/a:apache:commons_collections:3.2.1commons-collections:commons-collections:3.2.1High2Highest31
commons-collections4-4.0.jarcpe:/a:apache:commons_collections:4.0org.apache.commons:commons-collections4:4.0High1Highest33
commons-compress-1.4.1.jarcpe:/a:apache:commons-compress:1.4.1org.apache.commons:commons-compress:1.4.1 0Low35
commons-configuration-1.6.jarcommons-configuration:commons-configuration:1.6 031
commons-daemon-1.0.13.jarcpe:/a:apache:apache_commons_daemon:1.0.13commons-daemon:commons-daemon:1.0.13 0Low33
commons-digester-1.8.jarcommons-digester:commons-digester:1.8  034
commons-el-1.0.jartomcat:commons-el:5.5.23  035
commons-fileupload-1.3.jarcpe:/a:apache:commons_fileupload:1.3commons-fileupload:commons-fileupload:1.3High3Highest33
commons-httpclient-3.1.jarcpe:/a:apache:httpclient:3.1
cpe:/a:apache:commons-httpclient:3.1		commons-httpclient:commons-httpclient:3.1  0Low29
commons-io-2.4.jarcommons-io:commons-io:2.4 033
commons-lang-2.6.jarcommons-lang:commons-lang:2.6 031
commons-lang3-3.1.jarorg.apache.commons:commons-lang3:3.1 033
commons-logging-1.1.3.jarcommons-logging:commons-logging:1.1.3 033
commons-math3-3.1.1.jarorg.apache.commons:commons-math3:3.1.1 033
commons-net-3.1.jarcommons-net:commons-net:3.1 033
crawler-commons-0.10.jarcom.github.crawler-commons:crawler-commons:0.10 019
cxf-rt-core-2.5.2.jarcpe:/a:apache:cxf:2.5.2org.apache.cxf:cxf-rt-core:2.5.2High19Highest24
dom4j-1.6.1.jardom4j:dom4j:1.6.1  039
forbiddenapis-2.2.jarde.thetaphi:forbiddenapis:2.2  025
geronimo-javamail_1.4_spec-1.7.1.jarcpe:/a:sun:javamail:1.7.1org.apache.geronimo.specs:geronimo-javamail_1.4_spec:1.7.1 0Low28
gora-core-0.8.jarcpe:/a:apache:hadoop:0.8org.apache.gora:gora-core:0.8High4Low37
guava-14.0.1.jarcom.google.guava:guava:14.0.1 021
guice-3.0.jarcom.google.inject:guice:3.0  033
guice-servlet-3.0.jarcom.google.inject.extensions:guice-servlet:3.0  033
h2-1.4.180.jarcpe:/a:h2database:h2:1.4.180com.h2database:h2:1.4.180  0Low25
hadoop-mapreduce-client-core-2.5.2.jarcpe:/a:apache:hadoop:2.5.2org.apache.hadoop:hadoop-mapreduce-client-core:2.5.2High3Low19
hamcrest-core-1.3.jarorg.hamcrest:hamcrest-core:1.3  025
hsqldb-2.2.8.jarorg.hsqldb:hsqldb:2.2.8  035
httpclient-4.2.6.jarcpe:/a:apache:httpclient:4.2.6org.apache.httpcomponents:httpclient:4.2.6 0Low28
httpcore-4.2.5.jarorg.apache.httpcomponents:httpcore:4.2.5 028
httpmime-4.2.6.jarorg.apache.httpcomponents:httpmime:4.2.6 028
icu4j-55.1.jarcom.ibm.icu:icu4j:55.1  035
jackson-core-2.3.0.jarcpe:/a:fasterxml:jackson:2.3.0com.fasterxml.jackson.core:jackson-core:2.3.0 0Low33
jackson-core-asl-1.9.13.jarcpe:/a:fasterxml:jackson:1.9.13org.codehaus.jackson:jackson-core-asl:1.9.13  0Low34
jackson-databind-2.3.0.jarcpe:/a:fasterxml:jackson:2.3.0
cpe:/a:fasterxml:jackson-databind:2.3.0		com.fasterxml.jackson.core:jackson-databind:2.3.0High5Highest33
jackson-dataformat-csv-2.2.3.jarcpe:/a:fasterxml:jackson:2.2.3com.fasterxml.jackson.dataformat:jackson-dataformat-csv:2.2.3 0Low24
jackson-dataformat-xml-2.2.3.jarcpe:/a:fasterxml:jackson-databind:2.2.3
cpe:/a:fasterxml:jackson:2.2.3		com.fasterxml.jackson.dataformat:jackson-dataformat-xml:2.2.3High5Highest24
jasper-runtime-5.5.23.jarcpe:/a:jasper_project:jasper:5.5.23tomcat:jasper-runtime:5.5.23  0Low18
java-xmlbuilder-0.4.jarcom.jamesmurty.utils:java-xmlbuilder:0.4 019
javassist-3.12.1.GA.jarjavassist:javassist:3.12.1.GA 016
javax.inject-1.jarjavax.inject:javax.inject:1  020
javax.persistence-2.0.0.jarorg.eclipse.persistence:javax.persistence:2.0.0  034
javax.servlet-api-3.0.1.jarjavax.servlet:javax.servlet-api:3.0.1 035
jaxb-api-2.2.11.jarjavax.xml.bind:jaxb-api:2.2.11 035
jaxb-impl-2.2.3-1.jarcom.sun.xml.bind:jaxb-impl:2.2.3-1  041
jdom-1.1.jarorg.jdom:jdom:1.1  039
jersey-client-1.9.jarcom.sun.jersey:jersey-client:1.9 025
jersey-core-1.9.jarcom.sun.jersey:jersey-core:1.9 025
jersey-guice-1.9.jarcom.sun.jersey.contribs:jersey-guice:1.9 018
jersey-json-1.9.jarcom.sun.jersey:jersey-json:1.9 025
jersey-server-1.9.jarcom.sun.jersey:jersey-server:1.9 025
jettison-1.3.1.jarorg.codehaus.jettison:jettison:1.3.1 023
jetty-6.1.26.jarcpe:/a:mortbay_jetty:jetty:6.1.26
cpe:/a:mortbay:jetty:6.1.26
cpe:/a:jetty:jetty:6.1.26		org.mortbay.jetty:jetty:6.1.26Medium1Low29
joda-time-2.7.jarjoda-time:joda-time:2.7 031
jquery-2.0.3-1.jarorg.webjars:jquery:2.0.3-1 014
jquery-selectors-0.0.3.jarde.agilecoders.wicket:jquery-selectors:0.0.3 018
jquery-ui-1.10.2-1.jarorg.webjars:jquery-ui:1.10.2-1 014
jquerypp-1.0.1.jarorg.webjars:jquerypp:1.0.1 014
jsch-0.1.42.jarcpe:/a:jcraft:jsch:0.1.42com.jcraft:jsch:0.1.42 Medium1Low24
json-20090211.jarorg.json:json:20090211  022
jsp-api-2.1.jarjavax.servlet.jsp:jsp-api:2.1  024
jsr305-1.3.9.jarcom.google.code.findbugs:jsr305:1.3.9  020
jsr311-api-1.1.1.jarjavax.ws.rs:jsr311-api:1.1.1 025
junit-4.11.jarjunit:junit:4.11  022
juniversalchardet-1.0.3.jarcom.googlecode.juniversalchardet:juniversalchardet:1.0.3 019
leveldbjni-all-1.8.jarcpe:/a:id:id-software:1.8org.fusesource.leveldbjni:leveldbjni-all:1.8 0Low27
log4j-1.2.17.jarcpe:/a:apache:log4j:1.2.17log4j:log4j:1.2.17 0Low27
mail-1.4.2.jarcpe:/a:sun:javamail:1.4.2javax.mail:mail:1.4.2 0Low31
maven-parent-config-0.3.4.jarde.agilecoders.maven:maven-parent-config:0.3.4 010
mockito-all-1.9.5.jarorg.mockito:mockito-all:1.9.5  021
modernizr-2.6.2-1.jarorg.webjars:modernizr:2.6.2-1 014
neethi-3.0.1.jarcpe:/a:apache:apache_test:3.0.1org.apache.neethi:neethi:3.0.1 0Low35
netty-3.6.2.Final.jarcpe:/a:netty_project:netty:3.6.2io.netty:netty:3.6.2.FinalMedium3Highest25
noggit-0.5.jarorg.noggit:noggit:0.5 015
org.restlet-2.2.3.jarcpe:/a:restlet:restlet_framework:2.2.3
cpe:/a:restlet:restlet:2.2.3		 0Low7
org.restlet.lib.org.json-2.0.jarcpe:/a:restlet:restlet:2.0
cpe:/a:restlet:restlet_framework:2.0		High3Low5
ormlite-core-4.48.jarcom.j256.ormlite:ormlite-core:4.48 014
ormlite-jdbc-4.48.jarcom.j256.ormlite:ormlite-jdbc:4.48 014
paranamer-2.7.jarcom.thoughtworks.paranamer:paranamer:2.7 021
protobuf-java-2.5.0.jarcpe:/a:google:protobuf:2.5.0com.google.protobuf:protobuf-java:2.5.0Medium1Highest25
reflections-0.9.8.jarorg.reflections:reflections:0.9.8 019
serializer-2.7.1.jarcpe:/a:apache:xalan-java:2.7.1xalan:serializer:2.7.1 High1Highest31
servlet-api-2.5-20081211.jarcpe:/a:mortbay:jetty:2.5.200812
cpe:/a:mortbay_jetty:jetty:2.5.200812
cpe:/a:jetty:jetty:2.5.200812		org.mortbay.jetty:servlet-api:2.5-20081211Medium5Low28
servlet-api-2.5.jarjavax.servlet:servlet-api:2.5  035
slf4j-api-1.7.7.jarcpe:/a:slf4j:slf4j:1.7.7org.slf4j:slf4j-api:1.7.7 0Low27
slf4j-log4j12-1.7.5.jarcpe:/a:slf4j:slf4j:1.7.5org.slf4j:slf4j-log4j12:1.7.5 0Low27
snakeyaml-1.13.jarorg.yaml:snakeyaml:1.13 021
snappy-java-1.1.1.3.jarorg.xerial.snappy:snappy-java:1.1.1.3  029
solr-solrj-4.6.0.jarcpe:/a:apache:solr:4.6.0org.apache.solr:solr-solrj:4.6.0 Medium6Highest31
spring-core-4.0.4.RELEASE.jarcpe:/a:pivotal:spring_framework:4.0.4
cpe:/a:pivotal_software:spring_framework:4.0.4		org.springframework:spring-core:4.0.4.RELEASE High8Highest28
stax-api-1.0-2.jarjavax.xml.stream:stax-api:1.0-2  020
stax2-api-3.1.3.jarorg.codehaus.woodstox:stax2-api:3.1.3 025
tika-core-1.10.jarcpe:/a:apache:tika:1.10org.apache.tika:tika-core:1.10High3Highest35
typeaheadjs-0.9.3.jarorg.webjars:typeaheadjs:0.9.3 014
velocity-1.7.jarorg.apache.velocity:velocity:1.7  037
wicket-bootstrap-core-0.9.2.jarde.agilecoders.wicket:wicket-bootstrap-core:0.9.2 025
wicket-bootstrap-extensions-0.9.2.jarde.agilecoders.wicket:wicket-bootstrap-extensions:0.9.2 025
wicket-core-6.16.0.jarcpe:/a:apache:wicket:6.16.0org.apache.wicket:wicket-core:6.16.0Medium5Highest29
wicket-extensions-6.13.0.jarcpe:/a:apache:wicket:6.13.0org.apache.wicket:wicket-extensions:6.13.0Medium6Highest29
wicket-webjars-0.4.0.jarde.agilecoders.wicket.webjars:wicket-webjars:0.4.0 018
woodstox-core-asl-4.2.0.jarorg.codehaus.woodstox:woodstox-core-asl:4.2.0  034
wsdl4j-1.6.2.jarwsdl4j:wsdl4j:1.6.2  026
wstx-asl-3.2.7.jarwoodstox:wstx-asl:3.2.7  030
xercesImpl-2.9.1.jarcpe:/a:apache:xerces2_java:2.9.1xerces:xercesImpl:2.9.1 High1Low53
xml-apis-1.3.04.jarxml-apis:xml-apis:1.3.04  049
xmlParserAPIs-2.6.2.jarxerces:xmlParserAPIs:2.6.1  038
xmlenc-0.52.jarxmlenc:xmlenc:0.52  023
xmlschema-core-2.0.1.jarcpe:/a:ws_project:ws:2.0.1org.apache.ws.xmlschema:xmlschema-core:2.0.1 0Low23
xz-1.5.jarcpe:/a:tukaani:xz:1.5org.tukaani:xz:1.5 Medium1Low29
zookeeper-3.4.5.jarcpe:/a:apache:zookeeper:3.4.5org.apache.zookeeper:zookeeper:3.4.5 Medium4Highest23
creativecommons.jar 05
index-anchor.jar 08
index-basic.jar 08
index-html.jar 08
index-metadata.jar 08
index-more.jar 08
HdrHistogram-2.1.6.jarorg.hdrhistogram:HdrHistogram:2.1.6 025
commons-cli-1.3.1.jarcommons-cli:commons-cli:1.3.1 035
compress-lzf-1.0.2.jarcom.ning:compress-lzf:1.0.2 019
elasticsearch-2.2.0.jarcpe:/a:elasticsearch:elasticsearch:2.2.0org.elasticsearch:elasticsearch:2.2.0 0Low25
guava-18.0.jarcom.google.guava:guava:18.0 023
hppc-0.7.1.jarcom.carrotsearch:hppc:0.7.1 019
indexer-elastic2.jar 05
jackson-core-2.6.2.jarcpe:/a:fasterxml:jackson:2.6.2com.fasterxml.jackson.core:jackson-core:2.6.2 0Low35
jarjar-1.3.jarcpe:/a:links:links:1.3com.googlecode.jarjar:jarjar:1.3  0Low21
joda-convert-1.2.jarorg.joda:joda-convert:1.2 031
joda-time-2.8.2.jarjoda-time:joda-time:2.8.2 033
jsr166e-1.1.0.jarcpe:/a:twitter:twitter:1.1.0
cpe:/a:twitter_project:twitter:1.1.0		com.twitter:jsr166e:1.1.0 0Low17
lucene-analyzers-common-5.4.1.jarorg.apache.lucene:lucene-analyzers-common:5.4.1  030
lucene-backward-codecs-5.4.1.jarorg.apache.lucene:lucene-backward-codecs:5.4.1  030
lucene-core-5.4.1.jarorg.apache.lucene:lucene-core:5.4.1  028
lucene-grouping-5.4.1.jarorg.apache.lucene:lucene-grouping:5.4.1  031
lucene-highlighter-5.4.1.jarorg.apache.lucene:lucene-highlighter:5.4.1  030
lucene-join-5.4.1.jarorg.apache.lucene:lucene-join:5.4.1  031
lucene-memory-5.4.1.jarorg.apache.lucene:lucene-memory:5.4.1  031
lucene-misc-5.4.1.jarorg.apache.lucene:lucene-misc:5.4.1  028
lucene-queries-5.4.1.jarorg.apache.lucene:lucene-queries:5.4.1  031
lucene-queryparser-5.4.1.jarorg.apache.lucene:lucene-queryparser:5.4.1  031
lucene-sandbox-5.4.1.jarorg.apache.lucene:lucene-sandbox:5.4.1  028
lucene-spatial-5.4.1.jarorg.apache.lucene:lucene-spatial:5.4.1  030
lucene-spatial3d-5.4.1.jarorg.apache.lucene:lucene-spatial3d:5.4.1  030
lucene-suggest-5.4.1.jarorg.apache.lucene:lucene-suggest:5.4.1  031
netty-3.10.5.Final.jarcpe:/a:netty_project:netty:3.10.5io.netty:netty:3.10.5.Final 0Low25
securesm-1.0.jarorg.elasticsearch:securesm:1.0 013
snakeyaml-1.15.jarorg.yaml:snakeyaml:1.15 023
spatial4j-0.5.jarcom.spatial4j:spatial4j:0.5 015
t-digest-3.0.jarcom.tdunning:t-digest:3.0 019
commons-logging-1.1.1.jarcommons-logging:commons-logging:1.1.1 026
findbugs-annotations-1.3.9-1.jarcom.github.stephenc.findbugs:findbugs-annotations:1.3.9-1 020
guava-12.0.1.jarcom.google.guava:guava:12.0.1 021
hbase-client-0.98.8-hadoop2.jarcpe:/a:apache:hbase:0.98.8org.apache.hbase:hbase-client:0.98.8-hadoop2High1Highest21
htrace-core-2.04.jarorg.cloudera.htrace:htrace-core:2.04 019
indexer-hbase.jarcpe:/a:apache:hbase:- 0Low8
jackson-core-asl-1.8.8.jarcpe:/a:fasterxml:jackson:1.8.8org.codehaus.jackson:jackson-core-asl:1.8.8  0Low34
jcodings-1.0.8.jarorg.jruby.jcodings:jcodings:1.0.8 013
joni-2.1.2.jarcpe:/a:oniguruma_project:oniguruma:2.1.2org.jruby.joni:joni:2.1.2 0Low13
netty-3.6.6.Final.jarcpe:/a:netty_project:netty:3.6.6io.netty:netty:3.6.6.FinalMedium3Highest25
slf4j-api-1.6.4.jarcpe:/a:slf4j:slf4j:1.6.4org.slf4j:slf4j-api:1.6.4 0Low27
zookeeper-3.4.6.jarcpe:/a:apache:zookeeper:3.4.6org.apache.zookeeper:zookeeper:3.4.6 Medium4Highest25
commons-io-2.1.jarcommons-io:commons-io:2.1 033
indexer-solr.jarcpe:/a:apache:solr:-High8Low8
slf4j-api-1.6.6.jarcpe:/a:slf4j:slf4j:1.6.6org.slf4j:slf4j-api:1.6.6 0Low27
jsoup-1.10.2.jarcpe:/a:jsoup:jsoup:1.10.2org.jsoup:jsoup:1.10.2 0Low27
jsoup-extractor.jarcpe:/a:jsoup:jsoup:-Medium1Low8
language-identifier.jar 08
lib-http.jar 08
nekohtml-1.9.19.jarnet.sourceforge.nekohtml:nekohtml:1.9.19  023
lib-regex-filter.jar 08
jaxen-1.1.1.jarjaxen:jaxen:1.1.1  029
lib-xml.jar 02
microformats-reltag.jar 08
nutch-extensionpoints.jar 02
parse-html.jar 08
tagsoup-1.2.jarorg.ccil.cowan.tagsoup:tagsoup:1.2  022
parse-js.jar 08
parse-metatags.jar 08
apache-mime4j-core-0.7.2.jarcpe:/a:apache:james:0.7.2org.apache.james:apache-mime4j-core:0.7.2 0Low29
asm-debug-all-4.1.jarorg.ow2.asm:asm-debug-all:4.1  030
aspectjrt-1.8.0.jarorg.aspectj:aspectjrt:1.8.0  024
bcmail-jdk15on-1.52.jarorg.bouncycastle:bcmail-jdk15on:1.52  045
bcpkix-jdk15on-1.52.jarorg.bouncycastle:bcpkix-jdk15on:1.52  041
bcprov-jdk15on-1.52.jarcpe:/a:bouncycastle:bouncy_castle_crypto_package:1.52
cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.52		org.bouncycastle:bcprov-jdk15on:1.52  0Low41
boilerpipe-1.1.0.jarcpe:/a:html-pages_project:html-pages:1.1.0de.l3s.boilerpipe:boilerpipe:1.1.0  0Low22
bzip2-0.9.1.jarcpe:/a:bzip:bzip2:0.9.1org.itadaki:bzip2:0.9.1Medium3Low17
c3p0-0.9.1.1.jarc3p0:c3p0:0.9.1.1  026
cdm-4.5.5.jaredu.ucar:cdm:4.5.5 022
commons-codec-1.9.jarcommons-codec:commons-codec:1.9 033
commons-compress-1.9.jarcpe:/a:apache:commons-compress:1.9org.apache.commons:commons-compress:1.9 0Low35
commons-csv-1.0.jarorg.apache.commons:commons-csv:1.0 033
commons-exec-1.3.jarorg.apache.commons:commons-exec:1.3 035
commons-logging-api-1.1.jarcommons-logging:commons-logging-api:1.1  035
commons-vfs2-2.0.jarorg.apache.commons:commons-vfs2:2.0 029
ehcache-core-2.6.2.jarnet.sf.ehcache:ehcache-core:2.6.2 016
fontbox-1.8.10.jarcpe:/a:apache:pdfbox:1.8.10org.apache.pdfbox:fontbox:1.8.10High2Highest31
geoapi-3.0.0.jarorg.opengis:geoapi:3.0.0 025
grib-4.5.5.jaredu.ucar:grib:4.5.5 022
guava-11.0.2.jarcom.google.guava:guava:11.0.2 021
httpservices-4.5.5.jaredu.ucar:httpservices:4.5.5 020
isoparser-1.0.2.jarcpe:/a:boxes_project:boxes:1.0.2com.googlecode.mp4parser:isoparser:1.0.2 0Low19
jackcess-2.1.2.jarcom.healthmarketscience.jackcess:jackcess:2.1.2 025
jackcess-encrypt-2.1.0.jarcom.healthmarketscience.jackcess:jackcess-encrypt:2.1.0 025
java-libpst-0.8.1.jarcom.pff:java-libpst:0.8.1 015
jcip-annotations-1.0.jarnet.jcip:jcip-annotations:1.0  020
jcommander-1.35.jarcom.beust:jcommander:1.35 019
jdom-1.0.jarjdom:jdom:1.0  040
jdom2-2.0.4.jarorg.jdom:jdom2:2.0.4  043
jempbox-1.8.10.jarcpe:/a:apache:pdfbox:1.8.10org.apache.pdfbox:jempbox:1.8.10High2Highest29
jhighlight-1.0.2.jarorg.codelibs:jhighlight:1.0.2 019
jj2000-5.2.jaredu.ucar:jj2000:5.2 017
jmatio-1.0.jarnet.sourceforge.jmatio:jmatio:1.0 017
jna-4.1.0.jarnet.java.dev.jna:jna:4.1.0  034
joda-time-2.2.jarjoda-time:joda-time:2.2 031
json-simple-1.1.1.jarcom.googlecode.json-simple:json-simple:1.1.1 019
jsoup-1.7.2.jarcpe:/a:jsoup:jsoup:1.7.2org.jsoup:jsoup:1.7.2Medium1Low25
jsr-275-0.9.3.jarjavax.measure:jsr-275:0.9.3 023
junrar-0.7.jarcom.github.junrar:junrar:0.7 016
jwnl-1.3.3.jarcpe:/a:wordnet:wordnet:1.3.3net.sf.jwordnet:jwnl:1.3.3  0Low22
maven-scm-api-1.4.jarorg.apache.maven.scm:maven-scm-api:1.4 022
maven-scm-provider-svn-commons-1.4.jarorg.apache.maven.scm:maven-scm-provider-svn-commons:1.4 022
maven-scm-provider-svnexe-1.4.jarorg.apache.maven.scm:maven-scm-provider-svnexe:1.4 022
metadata-extractor-2.8.0.jarcpe:/a:id:id-software:2.8.0com.drewnoakes:metadata-extractor:2.8.0 0Low17
netcdf4-4.5.5.jaredu.ucar:netcdf4:4.5.5 018
opennlp-maxent-3.0.3.jarcpe:/a:apache:opennlp:3.0.3org.apache.opennlp:opennlp-maxent:3.0.3 0Low21
opennlp-tools-1.5.3.jarcpe:/a:apache:opennlp:1.5.3org.apache.opennlp:opennlp-tools:1.5.3High1Highest29
parse-tika.jarcpe:/a:apache:tika:-High1Low8
pdfbox-1.8.10.jarcpe:/a:apache:pdfbox:1.8.10org.apache.pdfbox:pdfbox:1.8.10High2Highest29
plexus-utils-1.5.6.jarorg.codehaus.plexus:plexus-utils:1.5.6  024
poi-3.13-beta1.jarcpe:/a:apache:poi:3.13.betaorg.apache.poi:poi:3.13-beta1 High2Low29
quartz-2.2.0.jarorg.quartz-scheduler:quartz:2.2.0 035
regexp-1.3.jarregexp:regexp:1.3  014
rome-0.9.jarrome:rome:0.9  034
sis-metadata-0.5.jarorg.apache.sis.core:sis-metadata:0.5  041
sis-netcdf-0.5.jarorg.apache.sis.storage:sis-netcdf:0.5  042
sis-referencing-0.5.jarorg.apache.sis.core:sis-referencing:0.5  041
sis-storage-0.5.jarorg.apache.sis.storage:sis-storage:0.5  042
sis-utility-0.5.jarorg.apache.sis.core:sis-utility:0.5  039
slf4j-api-1.7.12.jarcpe:/a:slf4j:slf4j:1.7.12org.slf4j:slf4j-api:1.7.12 0Low27
tagsoup-1.2.1.jarorg.ccil.cowan.tagsoup:tagsoup:1.2.1  022
tika-parsers-1.10.jarcpe:/a:apache:tika:1.10org.apache.tika:tika-parsers:1.10High3Highest33
udunits-4.5.5.jaredu.ucar:udunits:4.5.5 022
vorbis-java-core-0.6.jarorg.gagravarr:vorbis-java-core:0.6 017
vorbis-java-tika-0.6.jarcpe:/a:apache:tika:0.6
cpe:/a:flac_project:flac:0.6		org.gagravarr:vorbis-java-tika:0.6High4Highest19
xmlbeans-2.6.0.jarorg.apache.xmlbeans:xmlbeans:2.6.0  028
xmpcore-5.1.2.jarcom.adobe.xmp:xmpcore:5.1.2  034
protocol-file.jar 08
commons-net-1.2.2.jarcommons-net:commons-net:1.2.2  023
protocol-ftp.jar 08
protocol-http.jar 08
protocol-httpclient.jarcpe:/a:apache:httpclient:- 0Low8
jsch-0.1.41.jarcpe:/a:jcraft:jsch:0.1.41com.jcraft:jsch:0.1.41 Medium1Low24
protocol-sftp.jar 08
scoring-link.jar 08
scoring-opic.jar 08
subcollection.jar 06
tld.jar 06
automaton-1.11-8.jardk.brics.automaton:automaton:1.11-8  022
urlfilter-automaton.jar 08
urlfilter-domain.jar 08
urlfilter-prefix.jar 08
urlfilter-regex.jar 08
urlfilter-suffix.jar 08
urlfilter-validator.jar 08
urlnormalizer-basic.jar 08
urlnormalizer-pass.jar 08
urlnormalizer-regex.jar 08
leveldbjni-all-1.8.jar: leveldbjni.dll 02
leveldbjni-all-1.8.jar: leveldbjni.dll 02
snappy-java-1.1.1.3.jar: snappyjava.dll 02
snappy-java-1.1.1.3.jar: snappyjava.dll 02
ehcache-core-2.6.2.jar: sizeof-agent.jarnet.sf.ehcache:sizeof-agent:1.0.1 026
jna-4.1.0.jar: jnidispatch.dll 02
jna-4.1.0.jar: jnidispatch.dll 02
jna-4.1.0.jar: jnidispatch.dll 02
avro-1.8.1.jar (shaded: org.apache.avro:avro-guava-dependencies:1.8.1)org.apache.avro:avro-guava-dependencies:1.8.1 015
jackson-dataformat-yaml-2.2.3.jar (shaded: org.yaml:snakeyaml:1.10)org.yaml:snakeyaml:1.10 011
plexus-utils-1.5.6.jar (shaded: org.codehaus.plexus:plexus-interpolation:1.0)org.codehaus.plexus:plexus-interpolation:1.0 012

Dependencies

activation-1.1.jar

Description:

 
    JavaBeans Activation Framework (JAF) is a standard extension to the Java platform that lets you take advantage of standard services to: determine the type of an arbitrary piece of data; encapsulate access to it; discover the operations available on it; and instantiate the appropriate bean to perform the operation(s).

License:

Common Development and Distribution License (CDDL) v1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/activation-1.1.jar
MD5: 8ae38e87cd4f86059c0294a8fe3e0b18
SHA1: e6cb541461c2834bdea3eb920f1884d1eb508b50
SHA256:2881c79c9d6ef01c58e62beea13e9d1ac8b8baa16f2fc198ad6e6776defdcdd3

Identifiers

aopalliance-1.0.jar

Description:

 AOP Alliance

License:

Public Domain
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
SHA256:0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08

Identifiers

apacheds-i18n-2.0.0-M15.jar

Description:

 Internationalization of errors and other messages

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/apacheds-i18n-2.0.0-M15.jar
MD5: f5877c02fd56ade67713560e589c81b9
SHA1: 71c61c84683152ec2a6a65f3f96fe534e304fa22
SHA256:bd3b7cece7fc6364cbce32b9edd0e9628a3e889c6a93cdeff1b5e2131e2a007c

Identifiers

apacheds-kerberos-codec-2.0.0-M15.jar

Description:

 The Kerberos protocol encoder/decoder module

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/apacheds-kerberos-codec-2.0.0-M15.jar
MD5: 3118e22eac44e150c383df1d417772f4
SHA1: 1c16e4e477183641c5f0dd5cdecd27ec331bacb5
SHA256:4996f5b72497e94dd86d64a370158c4fb0049eea9b17ff8b27a4671d6c136ded

Identifiers

api-asn1-api-1.0.0-M20.jar

Description:

 ASN.1 API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/api-asn1-api-1.0.0-M20.jar
MD5: cf4561832dab76e9f37461342ec18d17
SHA1: 5e6486ffa3125ba44dc410ead166e1d6ba8ac76d
SHA256:484aaf4b888b0eb699d95bea265c2d5b6ebec951d70e5c5f7691cd52dd4c8298

Identifiers

api-util-1.0.0-M20.jar

Description:

 Utilities shared across this top level project

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/api-util-1.0.0-M20.jar
MD5: 2c5a6722666882024becdd64301be492
SHA1: a871abf060b3cf83fc6dc4d7e3d151fce50ac3cb
SHA256:fd32fd047ccf143c58d093b58811aa81e539f8cf83c1187809f1a241a1df12d1

Identifiers

  • maven: org.apache.directory.api:api-util:1.0.0-M20  Confidence:High
  • cpe: cpe:/a:apache:directory_ldap_api:1.0.0.m30  Confidence:Low  

CVE-2015-3250  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure 

Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors.

Vulnerable Software & Versions:

args4j-2.0.16.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/args4j-2.0.16.jar
MD5: 6571d69d142dd2a003c4ffae6138f0ee
SHA1: 9f00fb12820743b9e05c686eba543d64dd43f2b1
SHA256:c361d3741c1e79550c7fa04d01c699d66e0a16f18a1749eaa1b8b0df61cd0275

Identifiers

  • maven: args4j:args4j:2.0.16  Confidence:High

asm-3.3.1.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/asm-3.3.1.jar
MD5: 1ad1e8959324b0f680b8e62406955642
SHA1: 1d5f20b4ea675e6fab6ab79f1cd60ec268ddc015
SHA256:c2b39275f8e951bc74750080a1266cdabc39399bc5e13d642bf2d346449df7f3

Identifiers

avro-1.8.1.jar

Description:

 Avro core components

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/avro-1.8.1.jar
MD5: c63b9d628c09e3aa8f46a0ff4ca4129d
SHA1: f4e11d00055760dca33daab193192bd75cc87b59
SHA256:f0ae68f3aac3eddf2d5ec4d75d9fbe1c272d8bf26dea9b72ee9f6331d53cb764

Identifiers

avro-compiler-1.8.1.jar

Description:

 Compilers for Avro IDL and Avro Specific Java API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/avro-compiler-1.8.1.jar
MD5: e9ce07837cf4d6c11fe82810b15984c0
SHA1: a150c5bc9faba3ee4a060944b36d070939559a6b
SHA256:171dbe867ff21301614aca4825e7b0b5e4f8251c43b8fe9656232602e98794c5

Identifiers

  • maven: org.apache.avro:avro-compiler:1.8.1  Confidence:High

avro-ipc-1.8.1.jar

Description:

 Avro inter-process communication components

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/avro-ipc-1.8.1.jar
MD5: 9e82a0b2ec1161b45ee9be524fdbb3f0
SHA1: f3434bde10f24da6c0f525dcf928e4fda364e6b5
SHA256:c3f4106f7c5f183a0a142106732177f50500aae343b847f9fa45b82221f951ec

Identifiers

  • maven: org.apache.avro:avro-ipc:1.8.1  Confidence:High

avro-mapred-1.8.1.jar

Description:

 An org.apache.hadoop.mapred compatible API for using Avro Serializatin in Hadoop

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/avro-mapred-1.8.1.jar
MD5: 1fc5882ada660ac8a2f76ab369dc9929
SHA1: 9c513ca68090d1580df1790a12788d08fba81a91
SHA256:aa8e86f9f5494eb28d6176720e62bd721b85dd47ed105ea13261815aa991775d

Identifiers

  • maven: org.apache.avro:avro-mapred:1.8.1  Confidence:High
  • cpe: cpe:/a:apache:hadoop:1.8.1  Confidence:Low  

CVE-2016-5001  

Severity:Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure 

This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token.

Vulnerable Software & Versions: (show all)

CVE-2017-3161  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 

The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.

Vulnerable Software & Versions:

CVE-2017-3162  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation 

HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0.

Vulnerable Software & Versions:

bootstrap-3.0.3.jar

Description:

 WebJar for Bootstrap

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/bootstrap-3.0.3.jar
MD5: 8a2c981f25963903795453685babda0a
SHA1: 7297fe81dc0e82c44e15232014fd8e1180c0a3bc
SHA256:e84ad1718ab9f5eec39afcdeba0706497328f6e2394bab3dbb501fd367d12548

Identifiers

  • maven: org.webjars:bootstrap:3.0.3  Confidence:High

cglib-2.2.1-v20090111.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/cglib-2.2.1-v20090111.jar
MD5: 88af5931165ac8becab84a157c9bace0
SHA1: 07ce5e983fd0e6c78346f4c9cbfa39d83049dda2
SHA256:42e1dfb26becbf1a633f25b47e39fcc422b85e77e4c0468d9a44f885f5fa0be2

Identifiers

cglib-2.2.2.jar

Description:

 Code generation library

License:

ASF 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/cglib-2.2.2.jar
MD5: b3f681be48fce094cf01a045f5bdca6f
SHA1: a47a971686474124562bdd4a7ccbd8ac8c3e8b11
SHA256:a93e4485d274277177480c4afe6ddd8355cda1cacfe356c134e25d65193935fd

Identifiers

closure-compiler-v20130603.jar

Description:

 
    Closure Compiler is a JavaScript optimizing compiler. It parses your
    JavaScript, analyzes it, removes dead code and rewrites and minimizes
    what's left. It also checks syntax, variable references, and types, and
    warns about common JavaScript pitfalls. It is used in many of Google's
    JavaScript apps, including Gmail, Google Web Search, Google Maps, and
    Google Docs.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/closure-compiler-v20130603.jar
MD5: 49ce4295fcce117f5f242170ec48bd2e
SHA1: b150c1666154435f43bc4665e202dee7c3c95eb7
SHA256:6ca35497d82bb61fc779676c508178f79a2457d1b71466c6bae2aa7612fe7975

Identifiers

commons-beanutils-1.7.0.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/commons-beanutils-1.7.0.jar
MD5: 0f18acf5fa857f9959675e14d901a7ce
SHA1: 5675fd96b29656504b86029551973d60fb41339b
SHA256:24bcaa20ccbdc7c856ce0c0aea144566943403e2e9f27bd9779cda1d76823ef4

Identifiers

CVE-2014-0114  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation 

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Vulnerable Software & Versions: (show all)

commons-beanutils-core-1.8.0.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/commons-beanutils-core-1.8.0.jar
MD5: a33ba25ae637909a97a60ff1d1b38857
SHA1: 175dc721f87e4bc5cc0573f990e28c3cf9117508
SHA256:9038c7ddc61d3d8089eb5a52a24b430a202617d57d2d344a93b68e4eafefefde

Identifiers

CVE-2014-0114  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation 

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Vulnerable Software & Versions: (show all)

commons-cli-1.2.jar

Description:

 
    Commons CLI provides a simple API for presenting, processing and validating a command line interface.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/commons-cli-1.2.jar
MD5: bfdcae1ff93f0c07d733f03bdce28c9e
SHA1: 2bf96b7aa8b611c177d329452af1dc933e14501c
SHA256:e7cd8951956d349b568b7ccfd4f5b2529a8c113e67c32b028f52ffda371259d9

Identifiers

  • maven: commons-cli:commons-cli:1.2  Confidence:High

commons-codec-1.7.jar

Description:

 
     The codec package contains simple encoder and decoders for
     various formats such as Base64 and Hexadecimal.  In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/commons-codec-1.7.jar
MD5: e47ef8e1a0c11e0e7e41704816cda890
SHA1: 9cd61d269c88f9fb0eb36cea1efcd596ab74772f
SHA256:db82a948bc070414fcfd3880ebd1205c94df5f5c61558ccbc653ec2f820bf7a4

Identifiers

  • maven: commons-codec:commons-codec:1.7  Confidence:High

commons-collections-3.2.1.jar

Description:

 Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/commons-collections-3.2.1.jar
MD5: 13bc641afd7fd95e09b260f69c1e4c91
SHA1: 761ea405b9b37ced573d2df0d1e3a4e0f9edc668
SHA256:87363a4c94eaabeefd8b930cb059f66b64c9f7d632862f23de3012da7660047b

Identifiers

CVE-2015-6420  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data 

Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Vulnerable Software & Versions: (show all)

CVE-2017-15708  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') 

In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version.

Vulnerable Software & Versions: (show all)

commons-collections4-4.0.jar

Description:

 The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/commons-collections4-4.0.jar
MD5: a18f2d0153b5607dff8c5becbdd76dd1
SHA1: da217367fd25e88df52ba79e47658d4cf928b0d1
SHA256:93f8dfcd20831a28d092427723f696bceb70b28e7fb89d7914f14d5ea492ce5a

Identifiers

CVE-2015-6420  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data 

Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Vulnerable Software & Versions: (show all)

commons-compress-1.4.1.jar

Description:

 
Apache Commons Compress software defines an API for working with compression and archive formats.
These include: bzip2, gzip, pack200, xz and ar, cpio, jar, tar, zip, dump.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/commons-compress-1.4.1.jar
MD5: 7f7ff9255a831325f38a170992b70073
SHA1: b02e84a993d88568417536240e970c4b809126fd
SHA256:28a00d80716f073d644b9da76e94b5e8ff94de8e9323f06f558fba653fcf5f86

Identifiers

  • cpe: cpe:/a:apache:commons-compress:1.4.1  Confidence:Low  
  • maven: org.apache.commons:commons-compress:1.4.1  Confidence:High

commons-configuration-1.6.jar

Description:

 
        Tools to assist in the reading of configuration/preferences files in
        various formats

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/commons-configuration-1.6.jar
MD5: b099d9f9b4b99071cc52b259308df69a
SHA1: 32cadde23955d7681b0d94a2715846d20b425235
SHA256:46b71b9656154f6a16ea4b1dc84026b52a9305f8eff046a2b4655fa1738e5eee

Identifiers

  • maven: commons-configuration:commons-configuration:1.6  Confidence:High

commons-daemon-1.0.13.jar

Description:

 
     Apache Commons Daemon software provides an alternative invocation mechanism for unix-daemon-like Java code.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/commons-daemon-1.0.13.jar
MD5: 686f1a2cc85f8f4e939bd3cd28c9720b
SHA1: 750856a1fdb3ddf721ccf73c3518e4211cffc3a3
SHA256:fd63b583fd3e8baeae22efacbd5a4f91c1fd97f56248e62e2615efa7b81daeaa

Identifiers

  • cpe: cpe:/a:apache:apache_commons_daemon:1.0.13  Confidence:Low  
  • maven: commons-daemon:commons-daemon:1.0.13  Confidence:High

commons-digester-1.8.jar

Description:

 The Digester package lets you configure an XML->Java object mapping module
    which triggers certain actions called rules whenever a particular 
    pattern of nested XML elements is recognized.

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/commons-digester-1.8.jar
MD5: cf89c593f0378e9509a06fce7030aeba
SHA1: dc6a73fdbd1fa3f0944e8497c6c872fa21dca37e
SHA256:05662373044f3dff112567b7bb5dfa1174e91e074c0c727b4412788013f49d56

Identifiers

commons-el-1.0.jar

Description:

 JSP 2.0 Expression Language Interpreter Implementation

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/commons-el-1.0.jar
MD5: 7c98594df7c126f33688fa6d93169639
SHA1: 1df2c042b3f2de0124750241ac6c886dbfa2cc2c
SHA256:0d67550ec0022b653453c759f063a643c2fe64bc48faa8b25f95a220e2a282e2

Identifiers

commons-fileupload-1.3.jar

Description:

 
    The FileUpload component provides a simple yet flexible means of adding support for multipart
    file upload functionality to servlets and web applications.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/commons-fileupload-1.3.jar
MD5: fd24e83d8f62085f84c0622087872f36
SHA1: c89e540e4a12cb034fb973e12135839b5de9a87e
SHA256:bcea3f830ff3867c6700c1fc12282c219ecf77ae6b36cea445b8e9dc751449fe

Identifiers

CVE-2014-0050  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls 

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

Vulnerable Software & Versions: (show all)

CVE-2016-1000031  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-284 Improper Access Control 

Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution

Vulnerable Software & Versions:

CVE-2016-3092  

Severity:High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-20 Improper Input Validation 

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

Vulnerable Software & Versions: (show all)

commons-httpclient-3.1.jar

Description:

 The HttpClient  component supports the client-side of RFC 1945 (HTTP/1.0)  and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.

License:

Apache License: http://www.apache.org/licenses/LICENSE-2.0
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/commons-httpclient-3.1.jar
MD5: 8ad8c9229ef2d59ab9f59f7050e846a5
SHA1: 964cd74171f427720480efdec40a7c7f6e58426a
SHA256:dbd4953d013e10e7c1cc3701a3e6ccd8c950c892f08d804fabfac21705930443

Identifiers

  • cpe: cpe:/a:apache:httpclient:3.1  Confidence:Low  
  • cpe: cpe:/a:apache:commons-httpclient:3.1  Confidence:Low  
  • maven: commons-httpclient:commons-httpclient:3.1   Confidence:Highest

commons-io-2.4.jar

Description:

 
The Commons IO library contains utility classes, stream implementations, file filters, 
file comparators, endian transformation classes, and much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/commons-io-2.4.jar
MD5: 7f97854dc04c119d461fed14f5d8bb96
SHA1: b1b6ea3b7e4aa4f492509a4952029cd8e48019ad
SHA256:cc6a41dc3eaacc9e440a6bd0d2890b20d36b4ee408fe2d67122f328bb6e01581

Identifiers

  • maven: commons-io:commons-io:2.4  Confidence:High

commons-lang-2.6.jar

Description:

 
        Commons Lang, a package of Java utility classes for the
        classes that are in java.lang's hierarchy, or are considered to be so
        standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
SHA256:50f11b09f877c294d56f24463f47d28f929cf5044f648661c0f0cfbae9a2f49c

Identifiers

  • maven: commons-lang:commons-lang:2.6  Confidence:High

commons-lang3-3.1.jar

Description:

 
  Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/commons-lang3-3.1.jar
MD5: 71b48e6b3e1b1dc73fe705604b9c7584
SHA1: 905075e6c80f206bbe6cf1e809d2caa69f420c76
SHA256:131f0519a8e4602e47cf024bfd7e0834bcf5592a7207f9a2fdb711d4f5afc166

Identifiers

  • maven: org.apache.commons:commons-lang3:3.1  Confidence:High

commons-logging-1.1.3.jar

Description:

 Commons Logging is a thin adapter allowing configurable bridging to other,
    well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/commons-logging-1.1.3.jar
MD5: 92eb5aabc1b47287de53d45c086a435c
SHA1: f6f66e966c70a83ffbdb6f17a0919eaf7c8aca7f
SHA256:70903f6fc82e9908c8da9f20443f61d90f0870a312642991fe8462a0b9391784

Identifiers

  • maven: commons-logging:commons-logging:1.1.3  Confidence:High

commons-math3-3.1.1.jar

Description:

 The Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/commons-math3-3.1.1.jar
MD5: 505ece0d2261b037101e6c4bdf541ca7
SHA1: 6719d757a98ff24a83d9d727bef9cec83f59b6e1
SHA256:a07e39d31c46032879f0a48ae1bd0142b17dd67664c008b50216e9891f346c54

Identifiers

  • maven: org.apache.commons:commons-math3:3.1.1  Confidence:High

commons-net-3.1.jar

Description:

 
Apache Commons Net library contains a collection of network utilities and protocol implementations.
Supported protocols include: Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Telnet, Whois

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/commons-net-3.1.jar
MD5: 23c94d51e72f341fb412d6a015e16313
SHA1: 2298164a7c2484406f2aa5ac85b205d39019896f
SHA256:34a58d6d80a50748307e674ec27b4411e6536fd12e78bec428eb2ee49a123007

Identifiers

  • maven: commons-net:commons-net:3.1  Confidence:High

crawler-commons-0.10.jar

Description:

 crawler-commons is a set of reusable Java components that implement 
	functionality common to any web crawler.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/crawler-commons-0.10.jar
MD5: 9008c9876d7ad7e8a39a915120efe867
SHA1: 40a3cb267fd85959902fbbf4a652b6131bc06f8b
SHA256:77dcdc049b1b9481e5a2e4adee0ce0bb70c806b8be03cad72a04df754178490c

Identifiers

  • maven: com.github.crawler-commons:crawler-commons:0.10  Confidence:High

cxf-rt-core-2.5.2.jar

Description:

 Apache CXF Runtime Core

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/cxf-rt-core-2.5.2.jar
MD5: d1af5f0f841641cd336bcd570da3cbbf
SHA1: c33b3671b7dd939d7dfabe22232afd7314b97479
SHA256:9e60be8bd47fb45e833c241b5f610a672b35f46dd3f07c983f584ca88b36f0ea

Identifiers

  • maven: org.apache.cxf:cxf-rt-core:2.5.2  Confidence:High
  • cpe: cpe:/a:apache:cxf:2.5.2  Confidence:Highest  

CVE-2012-2378  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls 

Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.

Vulnerable Software & Versions: (show all)

CVE-2012-2379  

Severity:High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-3451  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-20 Improper Input Validation 

Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.

Vulnerable Software & Versions: (show all)

CVE-2012-5575  

Severity:Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-310 Cryptographic Issues 

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack."

Vulnerable Software & Versions: (show all)

CVE-2012-5633  

Severity:Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication 

The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.

Vulnerable Software & Versions: (show all)

CVE-2012-5786  

Severity:Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation 

The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF before 2.7.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Vulnerable Software & Versions:

CVE-2013-0239  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-287 Improper Authentication 

Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.

Vulnerable Software & Versions: (show all)

CVE-2013-2160  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors 

The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors.

Vulnerable Software & Versions: (show all)

CVE-2014-0034  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-20 Improper Input Validation 

The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token.

Vulnerable Software & Versions: (show all)

CVE-2014-0035  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues 

The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.

Vulnerable Software & Versions: (show all)

CVE-2014-0109  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors 

Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error.

Vulnerable Software & Versions: (show all)

CVE-2014-0110  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors 

Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message.

Vulnerable Software & Versions: (show all)

CVE-2014-3584  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors 

The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.

Vulnerable Software & Versions: (show all)

CVE-2015-5253  

Severity:Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls 

The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack."

Vulnerable Software & Versions: (show all)

CVE-2016-6812  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 

The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. The calculated base URL is used by FormattedServiceListWriter to build the service endpoint absolute URLs. If the unexpected matrix parameters have been injected into the request URL then these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client.

Vulnerable Software & Versions: (show all)

CVE-2016-8739  

Severity:High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE') 

The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk.

Vulnerable Software & Versions: (show all)

CVE-2017-3156  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-361 7PK - Time and State 

The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks.

Vulnerable Software & Versions: (show all)

CVE-2017-5656  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-384 Session Fixation 

Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.

Vulnerable Software & Versions: (show all)

CVE-2018-8039  

Severity:Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-254 7PK - Security Features 

It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks.

Vulnerable Software & Versions: (show all)

dom4j-1.6.1.jar

Description:

 dom4j: the flexible XML framework for Java

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/dom4j-1.6.1.jar
MD5: 4d8f51d3fe3900efc6e395be48030d6d
SHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94
SHA256:593552ffea3c5823c6602478b5002a7c525fd904a3c44f1abe4065c22edfac73

Identifiers

forbiddenapis-2.2.jar

Description:

 Allows to parse Java byte code to find invocations of method/class/field signatures and fail build (Apache Ant, Apache Maven, Gradle, or CLI)

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/forbiddenapis-2.2.jar
MD5: 1728891f75c9139cad3968aa92d1e82e
SHA1: 8a689543e4d7267398d803be1ff87a77b5cbe60b
SHA256:255f4193eb4a635cf07ea3c08a28a6d203e90a13fd2b95d3a0c90bf89184f207

Identifiers

geronimo-javamail_1.4_spec-1.7.1.jar

Description:

 Javamail 1.4 Specification

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/geronimo-javamail_1.4_spec-1.7.1.jar
MD5: f3b9d8c9a79eefdc0ebe07c34612646d
SHA1: 43ad4090b1a07a11c82ac40c01fc4e2fbad20013
SHA256:6f1e85d9c66135f5a9dbc9f78cbf8132e52f8a85884d618ccf0dbe9344c5a330

Identifiers

  • maven: org.apache.geronimo.specs:geronimo-javamail_1.4_spec:1.7.1  Confidence:High
  • cpe: cpe:/a:sun:javamail:1.7.1  Confidence:Low  

gora-core-0.8.jar

Description:

 The Apache Gora open source framework provides an in-memory data model and 
    persistence for big data. Gora supports persisting to column stores, key value stores, 
    document stores and RDBMSs, and analyzing the data with extensive Apache Hadoop MapReduce 
    support.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/gora-core-0.8.jar
MD5: 236629a938c1bfbce53fad83bd61bf2e
SHA1: ed404506b8ea1e8e3fefbe47a82d9fc57cf8cd7a
SHA256:6ef24871aeb1ce2d7c619b7950c9c8185b3361763cea0ff3840a535612d7b926

Identifiers

  • cpe: cpe:/a:apache:hadoop:0.8  Confidence:Low  
  • maven: org.apache.gora:gora-core:0.8  Confidence:High

CVE-2012-4449  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-327 Use of a Broken or Risky Cryptographic Algorithm 

Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack.

Vulnerable Software & Versions: (show all)

CVE-2016-5001  

Severity:Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure 

This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token.

Vulnerable Software & Versions: (show all)

CVE-2017-3161  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 

The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.

Vulnerable Software & Versions:

CVE-2017-3162  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation 

HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0.

Vulnerable Software & Versions:

guava-14.0.1.jar

Description:

 
    Guava is a suite of core and expanded libraries that include
    utility classes, google's collections, io classes, and much
    much more.

    Guava has two code dependencies - javax.annotation
    per the JSR-305 spec and javax.inject per the JSR-330 spec.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/guava-14.0.1.jar
MD5: 58553f87d83b9f8ec74bd3529083ee2f
SHA1: 69e12f4c6aeac392555f1ea86fab82b5e5e31ad4
SHA256:d69df3331840605ef0e5fe4add60f2d28e870e3820937ea29f713d2035d9ab97

Identifiers

  • maven: com.google.guava:guava:14.0.1  Confidence:High

guice-3.0.jar

Description:

 Guice is a lightweight dependency injection framework for Java 5 and above

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/guice-3.0.jar
MD5: ca1c7ba366884cfcd2cfb48d2395c400
SHA1: 9d84f15fe35e2c716a02979fb62f50a29f38aefa
SHA256:1a59d0421ffd355cc0b70b42df1c2e9af744c8a2d0c92da379f5fca2f07f1d22

Identifiers

guice-servlet-3.0.jar

Description:

 Guice is a lightweight dependency injection framework for Java 5 and above

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/guice-servlet-3.0.jar
MD5: c9f66a5f6a0d840d9057b30853f25b85
SHA1: 610cde0e8da5a8b7d8efb8f0b8987466ffebaaf9
SHA256:9e72a4b8582888d53c2f4297e93276a3c14c82880124490f2da7b16a9df1c618

Identifiers

h2-1.4.180.jar

Description:

 H2 Database Engine

License:

MPL 2.0, and EPL 1.0: http://h2database.com/html/license.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/h2-1.4.180.jar
MD5: cfed4ec6ae8fced8e135fe87699ac45f
SHA1: 155fd1e4926093df7b97b09a6954ab9964f6a54b
SHA256:16428fd1e6a3e5baa8067c1c2e777e1e99af68c6ef3ff7fbbf1938937a048a82

Identifiers

  • cpe: cpe:/a:h2database:h2:1.4.180  Confidence:Low  
  • maven: com.h2database:h2:1.4.180   Confidence:Highest

hadoop-mapreduce-client-core-2.5.2.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/hadoop-mapreduce-client-core-2.5.2.jar
MD5: aa9b658b762eb27611b0181d0c42f752
SHA1: a7168fb50e32ee16e926e28ba0459580c36b2548
SHA256:334d3dfddd47be4d5dfc177ca2d72e9289130980ddb0ca348edeaf6cde6eae09

Identifiers

  • maven: org.apache.hadoop:hadoop-mapreduce-client-core:2.5.2  Confidence:High
  • cpe: cpe:/a:apache:hadoop:2.5.2  Confidence:Low  

CVE-2016-5001  

Severity:Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure 

This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token.

Vulnerable Software & Versions: (show all)

CVE-2017-3161  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 

The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.

Vulnerable Software & Versions:

CVE-2017-3162  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation 

HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0.

Vulnerable Software & Versions:

hamcrest-core-1.3.jar

Description:

 
    This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/hamcrest-core-1.3.jar
MD5: 6393363b47ddcbba82321110c3e07519
SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0
SHA256:66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9

Identifiers

hsqldb-2.2.8.jar

Description:

 HSQLDB - Lightweight 100% Java SQL Database Engine

License:

HSQLDB License, a BSD open source license: http://hsqldb.org/web/hsqlLicense.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/hsqldb-2.2.8.jar
MD5: 92dfcd0b5d8b5d301c9350f69c3337fc
SHA1: 8231a3ff71ba5889f9e2d01ce13503cbdd4038e9
SHA256:364649da28ee95a43f3168d6f211fc1ea5f76946655e80aed1584e4058597f3d

Identifiers

httpclient-4.2.6.jar

Description:

 
   HttpComponents Client

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/httpclient-4.2.6.jar
MD5: 7bae53a30550dd3eb62db72ab08fcd94
SHA1: e4ca30a6a3a075053a61c6fc850d2432dc012ba7
SHA256:362e9324ee7c697e21279e20077b52737ddef3f1b2c1a7abe5ad34b465145550

Identifiers

  • cpe: cpe:/a:apache:httpclient:4.2.6  Confidence:Low  
  • maven: org.apache.httpcomponents:httpclient:4.2.6  Confidence:High

httpcore-4.2.5.jar

Description:

 
   HttpComponents Core (blocking I/O)

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/httpcore-4.2.5.jar
MD5: 7e23d35d533b24c1f385724e8b5ba623
SHA1: 472f0f5f8dba5d1962cb9d7739feed739a31c30d
SHA256:e5e82da4cc66c8d917bbf743e3c0752efe8522735e7fc9dbddb65bccea81cfe9

Identifiers

  • maven: org.apache.httpcomponents:httpcore:4.2.5  Confidence:High

httpmime-4.2.6.jar

Description:

 
   HttpComponents HttpClient - MIME coded entities

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/httpmime-4.2.6.jar
MD5: 291ec6eac9dfb76f2b8c4f1b647b9a21
SHA1: 270386011895bc6c7ee6496fd87511d6a98093c1
SHA256:d2dd4857b05d2050073e265987d8a63726fd42b979bb1f757dfa50b6c2d78be8

Identifiers

  • maven: org.apache.httpcomponents:httpmime:4.2.6  Confidence:High

icu4j-55.1.jar

Description:

 
    International Component for Unicode for Java (ICU4J) is a mature, widely used Java library
    providing Unicode and Globalization support

License:

ICU License: http://source.icu-project.org/repos/icu/icu/trunk/license.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/icu4j-55.1.jar
MD5: d2154c148fbd871c7ca1cf07d5d02f6f
SHA1: 670e165010677d0ae8ffaba6f3135895042b63b9
SHA256:85c049f0b096d74d5b1b33aa4dcfde24b74a9a57ff69711b856198950989376f

Identifiers

jackson-core-2.3.0.jar

Description:

 Core Jackson abstractions, basic JSON streaming API implementation

License:

http://www.apache.org/licenses/LICENSE-2.0.txt, http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/jackson-core-2.3.0.jar
MD5: 31cbd34f3afd5cac7bce4890130b4152
SHA1: 5e19d8381e01aa64c9dd47ff453e39abc441775c
SHA256:61f84f93e3f901134d7498b50119ee01074f10d59560e45ccd3e1d48cfec493b

Identifiers

  • cpe: cpe:/a:fasterxml:jackson:2.3.0  Confidence:Low  
  • maven: com.fasterxml.jackson.core:jackson-core:2.3.0  Confidence:High

jackson-core-asl-1.9.13.jar

Description:

 Jackson is a high-performance JSON processor (parser, generator)

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/jackson-core-asl-1.9.13.jar
MD5: 319c49a4304e3fa9fe3cd8dcfc009d37
SHA1: 3c304d70f42f832e0a86d45bd437f692129299a4
SHA256:440a9cb5ca95b215f953d3a20a6b1a10da1f09b529a9ddea5f8a4905ddab4f5a

Identifiers

jackson-databind-2.3.0.jar

Description:

 General data-binding functionality for Jackson: works on core streaming API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt, http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/jackson-databind-2.3.0.jar
MD5: 5b7a92b9d489c1d81d629d6a04ef77d8
SHA1: 76eb119e9f7769c5b124afbfa17ed0c63cab4920
SHA256:9b789c2de23ff5a1ae1fc8193ea79e34f16d74c64c51491fbe76ca277349e694

Identifiers

  • cpe: cpe:/a:fasterxml:jackson:2.3.0  Confidence:Low  
  • maven: com.fasterxml.jackson.core:jackson-databind:2.3.0  Confidence:High
  • cpe: cpe:/a:fasterxml:jackson-databind:2.3.0  Confidence:Highest  

CVE-2017-15095  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data 

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.

Vulnerable Software & Versions: (show all)

CVE-2017-17485  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data 

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.

Vulnerable Software & Versions: (show all)

CVE-2017-7525  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data 

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Vulnerable Software & Versions: (show all)

CVE-2018-5968  

Severity:Medium
CVSS Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
CWE: CWE-184 Incomplete Blacklist 

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.

Vulnerable Software & Versions: (show all)

CVE-2018-7489  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-184 Incomplete Blacklist 

FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.

Vulnerable Software & Versions: (show all)

jackson-dataformat-csv-2.2.3.jar

Description:

 Support for reading and writing CSV-encoded data via Jackson
abstractions.

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/jackson-dataformat-csv-2.2.3.jar
MD5: d22bb07e86066b2bf7880a9bba6c63f2
SHA1: 33f39a39225bd6ad6ffda1ac62dee841469adfc4
SHA256:714565c3631476e6836d5d54f8b61acc2aacf498c5e880f7b4eb515d6f4163ee

Identifiers

  • cpe: cpe:/a:fasterxml:jackson:2.2.3  Confidence:Low  
  • maven: com.fasterxml.jackson.dataformat:jackson-dataformat-csv:2.2.3  Confidence:High

jackson-dataformat-xml-2.2.3.jar

Description:

 Data format extension for Jackson (http://jackson.codehaus.org) to offer
alternative support for serializing POJOs as XML and deserializing XML as pojos.
Support implemented on top of Stax API (javax.xml.stream), by implementing core Jackson Streaming API types like JsonGenerator, JsonParser and JsonFactory.
Some data-binding types overridden as well (ObjectMapper sub-classed as XmlMapper).

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/jackson-dataformat-xml-2.2.3.jar
MD5: cc188e1f2d979160acf5eb4bbd65a1e0
SHA1: 7e3bc1b0ce8074cee1e0a2c2403baee2b1034215
SHA256:e1ec43c2774631cd841535dc6fc9c4ca1d4a2c9abc5684cb200fac4c388b32ac

Identifiers

  • cpe: cpe:/a:fasterxml:jackson-databind:2.2.3  Confidence:Highest  
  • cpe: cpe:/a:fasterxml:jackson:2.2.3  Confidence:Low  
  • maven: com.fasterxml.jackson.dataformat:jackson-dataformat-xml:2.2.3  Confidence:High

CVE-2016-3720  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.

Vulnerable Software & Versions:

CVE-2016-7051  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-918 Server-Side Request Forgery (SSRF) 

XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.

Vulnerable Software & Versions: (show all)

CVE-2017-15095  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data 

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.

Vulnerable Software & Versions: (show all)

CVE-2017-17485  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data 

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.

Vulnerable Software & Versions: (show all)

CVE-2017-7525  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data 

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Vulnerable Software & Versions: (show all)

jasper-runtime-5.5.23.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/jasper-runtime-5.5.23.jar
MD5: 00e6f385adab8441f27e75d6038ea2ae
SHA1: 96ca5528a93ab47b001476b74320c644beb89dde
SHA256:3564c35fa738e2e683af8b7ae28c4345a32e2bd97ff88498f17423f329975890

Identifiers

java-xmlbuilder-0.4.jar

Description:

 XML Builder is a utility that creates simple XML documents using relatively sparse Java code

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/java-xmlbuilder-0.4.jar
MD5: 0fa474213a6a0282cd9264f6e0dd3658
SHA1: ac5962e48cdee3a0a6e1f8e00fcb594747ac5aaf
SHA256:681e53c4ffd59fa12068803b259e3a83d43f07a47c112e748a187dee179eb31f

Identifiers

  • maven: com.jamesmurty.utils:java-xmlbuilder:0.4  Confidence:High

javassist-3.12.1.GA.jar

Description:

 Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
     simple.  It is a class library for editing bytecodes in Java.

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/javassist-3.12.1.GA.jar
MD5: 30d9d95456d43005da78d7281accccd1
SHA1: 526633327faa61aee448a519e8a4d53ec3057885
SHA256:3f5780dacb4b28ad147100f74361bb338a45069d8034b24735bb8292d2856614

Identifiers

  • maven: javassist:javassist:3.12.1.GA  Confidence:High

javax.inject-1.jar

Description:

 The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
SHA256:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff

Identifiers

javax.persistence-2.0.0.jar

Description:

 EclipseLink subversion revision 5939

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/javax.persistence-2.0.0.jar
MD5: db6ff1c72a5babef16b604df6791b678
SHA1: bff9b1d9de629095001f1a4e77f450b2d6487b07
SHA256:4e2e0187251332c4bed1e206b4701837dacd9ca927076bca027ea427447a94e2

Identifiers

javax.servlet-api-3.0.1.jar

Description:

 Java.net - The Source for Java Technology Collaboration

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/javax.servlet-api-3.0.1.jar
MD5: 3ef236ac4c24850cd54abff60be25f35
SHA1: 6bf0ebb7efd993e222fc1112377b5e92a13b38dd
SHA256:377d8bde87ac6bc7f83f27df8e02456d5870bb78c832dac656ceacc28b016e56

Identifiers

  • maven: javax.servlet:javax.servlet-api:3.0.1  Confidence:High

jaxb-api-2.2.11.jar

Description:

 JAXB (JSR 222) API

License:

CDDL 1.1: https://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/jaxb-api-2.2.11.jar
MD5: 5983d1e2ec1a9b0604575cd9e9582591
SHA1: 32274d4244967ff43e7a5d967743d94ed3d2aea7
SHA256:273d82f8653b53ad9d00ce2b2febaef357e79a273560e796ff3fcfec765f8910

Identifiers

  • maven: javax.xml.bind:jaxb-api:2.2.11  Confidence:High

jaxb-impl-2.2.3-1.jar

Description:

 JAXB (JSR 222) reference implementation

License:

CDDL 1.1: https://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/jaxb-impl-2.2.3-1.jar
MD5: 1b689e7f87caf2615c0f6a47831d0342
SHA1: 56baae106392040a45a06d4a41099173425da1e6
SHA256:fa3e1499b192c310312bf02881274b68394aaea4c9563e6c554cc406ae644ff8

Identifiers

jdom-1.1.jar

Description:

 
    JDOM is, quite simply, a Java representation of an XML document. JDOM provides a way to represent that document for
    easy and efficient reading, manipulation, and writing. It has a straightforward API, is a lightweight and fast, and
    is optimized for the Java programmer. It's an alternative to DOM and SAX, although it integrates well with both DOM
    and SAX.

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/jdom-1.1.jar
MD5: adf67fc5dcf48e1593640ad7e02f6ad4
SHA1: 1d04c0f321ea337f3661cf7ede8f4c6f653a8fdd
SHA256:3c167654499436ee9c19674b519d04e7364085533f6facada1bf90b16ad34897

Identifiers

jersey-client-1.9.jar

Description:

 Jersey is the open source (under dual CDDL+GPL license) JAX-RS (JSR 311)        production quality Reference Implementation for building        RESTful Web services.

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html, http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/jersey-client-1.9.jar
MD5: cdbba85f9cb7ce5e0ca51d610f0228e9
SHA1: d3c4b2b5f89db32c96ceddcb863684821910a7bb
SHA256:8ae03af0d06c46a51b65d123ec40f245da690991aa3669cef4767db8f36fbe68

Identifiers

  • maven: com.sun.jersey:jersey-client:1.9  Confidence:High

jersey-core-1.9.jar

Description:

 Jersey is the open source (under dual CDDL+GPL license) JAX-RS (JSR 311)        production quality Reference Implementation for building        RESTful Web services.

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html, http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/jersey-core-1.9.jar
MD5: 73d196595f5e410a37c0a4337350ceb7
SHA1: 8341846f18187013bb9e27e46b7ee00a6395daf4
SHA256:2c6d0ec88fc8c36cb41637d9c00d0698c22cb6b6a137fa526ef782e00d2265bc

Identifiers

  • maven: com.sun.jersey:jersey-core:1.9  Confidence:High

jersey-guice-1.9.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/jersey-guice-1.9.jar
MD5: a81140d246f420c1e2eabe649417c5b1
SHA1: 5963c28c47df7e5d6ad34cec80c071c368777f7b
SHA256:544fc92d2625332a9a8eeaa7a7274cf1af6703936a50afa80d92a78200a7de34

Identifiers

  • maven: com.sun.jersey.contribs:jersey-guice:1.9  Confidence:High

jersey-json-1.9.jar

Description:

 Jersey is the open source (under dual CDDL+GPL license) JAX-RS (JSR 311)        production quality Reference Implementation for building        RESTful Web services.

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html, http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/jersey-json-1.9.jar
MD5: 17ca6b0d49ed8db159b7827b6defa6b6
SHA1: 1aa73e1896bcc7013fed247157d7f676226eb432
SHA256:cc5d535f43cef0d1c467240961aae35801a837ab010319e741b2c7a6658f3fd6

Identifiers

  • maven: com.sun.jersey:jersey-json:1.9  Confidence:High

jersey-server-1.9.jar

Description:

 Jersey is the open source (under dual CDDL+GPL license) JAX-RS (JSR 311)        production quality Reference Implementation for building        RESTful Web services.

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html, http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/jersey-server-1.9.jar
MD5: 0c98f6cca5df8197b310a0d1d89bb34a
SHA1: 3a6ea7cc5e15c824953f9f3ece2201b634d90d18
SHA256:3ded91b198077561bd51f6c0442c9cd70b754d8b31b61afaf448bda9d01848f0

Identifiers

  • maven: com.sun.jersey:jersey-server:1.9  Confidence:High

jettison-1.3.1.jar

Description:

 A StAX implementation for JSON.

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/jettison-1.3.1.jar
MD5: ff4330f064a5eddcdc24a29d344a21cc
SHA1: 056dcc8480ecd2c03ec004aa76278d1f2d621561
SHA256:e69372aa9d5fdf002c48d2e8490cf7515f6dcf6903282c935ac91cafb6a843cc

Identifiers

  • maven: org.codehaus.jettison:jettison:1.3.1  Confidence:High

jetty-6.1.26.jar

Description:

 Jetty server core

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/jetty-6.1.26.jar
MD5: 12b65438bbaf225102d0396c21236052
SHA1: 2f546e289fddd5b1fab1d4199fbb6e9ef43ee4b0
SHA256:21091d3a9c1349f640fdc421504a604c040ed89087ecc12afbe32353326ed4e5

Identifiers

  • cpe: cpe:/a:mortbay_jetty:jetty:6.1.26  Confidence:Low  
  • maven: org.mortbay.jetty:jetty:6.1.26  Confidence:High
  • cpe: cpe:/a:mortbay:jetty:6.1.26  Confidence:Low  
  • cpe: cpe:/a:jetty:jetty:6.1.26  Confidence:Low  

CVE-2011-4461  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-310 Cryptographic Issues 

Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Vulnerable Software & Versions: (show all)

joda-time-2.7.jar

Description:

 Date and time library to replace JDK date handling

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/joda-time-2.7.jar
MD5: 4f29e832878694d7096249c5c32f8fe9
SHA1: 5599707a3eaad13e889f691b3af78c8c03842195
SHA256:f0f5720b333cd62b2b4f6164b1a0cde0a582f497798e8eea033f5d25f9d6f590

Identifiers

  • maven: joda-time:joda-time:2.7  Confidence:High

jquery-2.0.3-1.jar

Description:

 WebJar for jQuery

License:

MIT License: https://github.com/jquery/jquery/blob/master/MIT-LICENSE.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/jquery-2.0.3-1.jar
MD5: 732cfed87e366dd90b2a975ad74366bb
SHA1: 9be7beefd7c17933d68640da261e3e05d46f3b45
SHA256:a43d569f4ec10a9383719bec2185d10959623345688b5be28ca8ea3856a82d17

Identifiers

  • maven: org.webjars:jquery:2.0.3-1  Confidence:High

jquery-selectors-0.0.3.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/jquery-selectors-0.0.3.jar
MD5: a2f60c4f980351d48d9415fb01fdf1b7
SHA1: 00b658478b70ef120c434054d7a07790e2aff3bb
SHA256:7191f3a436b2302841d927ef5b95a1aaac4df514836174ff7f7963384b95978f

Identifiers

  • maven: de.agilecoders.wicket:jquery-selectors:0.0.3  Confidence:High

jquery-ui-1.10.2-1.jar

Description:

 WebJar for jQuery UI

License:

MIT License: https://github.com/jquery/jquery-ui/blob/master/MIT-LICENSE.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/jquery-ui-1.10.2-1.jar
MD5: 8514b666fa516423c426cb4857c94745
SHA1: 4767035496f7b4ecf2cfb9aea39003dc2eeecd59
SHA256:277d7a47ba2cd0912eae32aeb662896264e2e3b4d0d10815c4d1433fc6e435b5

Identifiers

  • maven: org.webjars:jquery-ui:1.10.2-1  Confidence:High

jquerypp-1.0.1.jar

Description:

 WebJar for jQuery++

License:

MIT License: https://github.com/jupiterjs/jquerypp/blob/master/license.md
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/jquerypp-1.0.1.jar
MD5: 653b09bd62701f3544f1a8e9a28d4625
SHA1: 8ad527112c0d70fc140475d0f04802c3567c77fe
SHA256:834febdee3ae60e13178ed1f945c0fb5141b1534c4799584bf25939c0730f828

Identifiers

  • maven: org.webjars:jquerypp:1.0.1  Confidence:High

jsch-0.1.42.jar

Description:

 JSch is a pure Java implementation of SSH2

License:

BSD: http://www.jcraft.com/jsch/LICENSE.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/jsch-0.1.42.jar
MD5: 74ea920580077b4c0b51101a8292a529
SHA1: a86104b0f2e0c0bab5b0df836065823a99b5e334
SHA256:74297550aecc3b566ee19e49befb9cd49e2326c9d8d71ad5071bacc655b760dc

Identifiers

  • cpe: cpe:/a:jcraft:jsch:0.1.42  Confidence:Low  
  • maven: com.jcraft:jsch:0.1.42   Confidence:Highest

CVE-2016-5725  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 

Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.

Vulnerable Software & Versions:

json-20090211.jar

Description:

 
    JSON (JavaScript Object Notation) is a lightweight data-interchange format.
    It is easy for humans to read and write. It is easy for machines to parse and generate.
    It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition
    - December 1999. JSON is a text format that is completely language independent but uses
    conventions that are familiar to programmers of the C-family of languages, including C, C++, C#,
    Java, JavaScript, Perl, Python, and many others.
    These properties make JSON an ideal data-interchange language.

License:

provided without support or warranty: http://www.json.org/license.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/json-20090211.jar
MD5: 333139fffc6c9d4bc3d2495d9613f092
SHA1: c183aa3a2a6250293808bba12262c8920ce5a51c
SHA256:055be110a570f9cda3eba8d70a006ff46c77a048bc67868524879211c48b330a

Identifiers

jsp-api-2.1.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/jsp-api-2.1.jar
MD5: b8a34113a3a1ce29c8c60d7141f5a704
SHA1: 63f943103f250ef1f3a4d5e94d145a0f961f5316
SHA256:545f4e7dc678ffb4cf8bd0fd40b4a4470a409a787c0ea7d0ad2f08d56112987b

Identifiers

jsr305-1.3.9.jar

Description:

 JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/jsr305-1.3.9.jar
MD5: 1d5a772e400b04bb67a7ef4a0e0996d8
SHA1: 40719ea6961c0cb6afaeb6a921eaa1f6afd4cfdf
SHA256:905721a0eea90a81534abb7ee6ef4ea2e5e645fa1def0a5cd88402df1b46c9ed

Identifiers

jsr311-api-1.1.1.jar

License:

                CDDL License
            : http://www.opensource.org/licenses/cddl1.php
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/jsr311-api-1.1.1.jar
MD5: c9803468299ec255c047a280ddec510f
SHA1: 59033da2a1afd56af1ac576750a8d0b1830d59e6
SHA256:ab1534b73b5fa055808e6598a5e73b599ccda28c3159c3c0908977809422ee4a

Identifiers

  • maven: javax.ws.rs:jsr311-api:1.1.1  Confidence:High

junit-4.11.jar

Description:

 
        JUnit is a regression testing framework written by Erich Gamma and Kent Beck.
        It is used by the developer who implements unit tests in Java.

License:

Common Public License Version 1.0: http://www.opensource.org/licenses/cpl1.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/junit-4.11.jar
MD5: 3c42be5ea7cbf3635716abbb429cb90d
SHA1: 4e031bb61df09069aeb2bffb4019e7a5034a4ee0
SHA256:90a8e1603eeca48e7e879f3afbc9560715322985f39a274f6f6070b43f9d06fe

Identifiers

juniversalchardet-1.0.3.jar

Description:

 Java port of universalchardet

License:

Mozilla Public License 1.1 (MPL 1.1): http://www.mozilla.org/MPL/MPL-1.1.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/juniversalchardet-1.0.3.jar
MD5: d9ea0a9a275336c175b343f2e4cd8f27
SHA1: cd49678784c46aa8789c060538e0154013bb421b
SHA256:757bfe906193b8b651e79dc26cd67d6b55d0770a2cdfb0381591504f779d4a76

Identifiers

  • maven: com.googlecode.juniversalchardet:juniversalchardet:1.0.3  Confidence:High

leveldbjni-all-1.8.jar

Description:

 An uber jar which contains all the leveldbjni platform libraries and dependencies

License:

http://www.opensource.org/licenses/BSD-3-Clause
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/leveldbjni-all-1.8.jar
MD5: 6944e9bc03c7938868e53c96726ae914
SHA1: 707350a2eeb1fa2ed77a32ddb3893ed308e941db
SHA256:c297213b0e6f9392305952753f3099a4c02e70b3656266fe01867e7b6c160ffe

Identifiers

  • maven: org.fusesource.leveldbjni:leveldbjni-all:1.8  Confidence:High
  • cpe: cpe:/a:id:id-software:1.8  Confidence:Low  

log4j-1.2.17.jar

Description:

 Apache Log4j 1.2

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/log4j-1.2.17.jar
MD5: 04a41f0a068986f0f73485cf507c0f40
SHA1: 5af35056b4d257e4b64b9e8069c0746e8b08629f
SHA256:1d31696445697720527091754369082a6651bd49781b6005deb94e56753406f9

Identifiers

  • cpe: cpe:/a:apache:log4j:1.2.17  Confidence:Low  
  • maven: log4j:log4j:1.2.17  Confidence:High

mail-1.4.2.jar

Description:

 JavaMail API

License:

http://www.sun.com/cddl, https://glassfish.dev.java.net/public/CDDL+GPL.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/mail-1.4.2.jar
MD5: 81e2cd97e84fb814dfd0018bb8782c81
SHA1: 6a1d836b6a4c77ec11ac46d2ea8557ca574cd428
SHA256:be03dd1caa2f93d7f75d06637ea11e4c1b1ea322a7afd057cbf8b08f87932987

Identifiers

maven-parent-config-0.3.4.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/maven-parent-config-0.3.4.jar
MD5: aaf25e6f75341a109323d00ed823c596
SHA1: b2ac776e18fda81b7e1487d32e13a5618281c4d8
SHA256:9a087f524b7d8f049b49c88e9b097b3101eea624ad04a93c638de63701fa81e4

Identifiers

  • maven: de.agilecoders.maven:maven-parent-config:0.3.4  Confidence:High

mockito-all-1.9.5.jar

Description:

 Mock objects library for java

License:

The MIT License: http://code.google.com/p/mockito/wiki/License
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/mockito-all-1.9.5.jar
MD5: 50faa79d126d0213ab14ccb112a8b76d
SHA1: 79a8984096fc6591c1e3690e07d41be506356fa5
SHA256:b2a63307d1dce3aa1623fdaacb2327a4cd7795b0066f31bf542b1e8f2683239e

Identifiers

modernizr-2.6.2-1.jar

Description:

 WebJar for Modernizr

License:

MIT License: http://en.wikipedia.org/wiki/MIT_License
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/modernizr-2.6.2-1.jar
MD5: 6fb51714f12c1cc66763fd5467abfdb4
SHA1: 86cc31cc6a32f81be5074f9fa27cf53d5e210198
SHA256:7076ac7d1e598173386608a207bde0ac0a9bc51f86c4e92583281a69d0abfb63

Identifiers

  • maven: org.webjars:modernizr:2.6.2-1  Confidence:High

neethi-3.0.1.jar

Description:

 Apache Neethi provides general framework for the programmers to use WS Policy. It is compliant with latest WS Policy specification which was published in March 2006. This framework is specifically written to enable the Apache Web services stack to use WS Policy as a way of expressing it's requirements and capabilities.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/neethi-3.0.1.jar
MD5: bf9e9783665575a7465f112e1a5594ca
SHA1: 9e4a9d3ebab53720bccbafacc7495e801a6256c6
SHA256:cad5f8a6327679a90552597dc4f65e6c472ffcf268223212c13626dc9d7e1a43

Identifiers

  • maven: org.apache.neethi:neethi:3.0.1  Confidence:High
  • cpe: cpe:/a:apache:apache_test:3.0.1  Confidence:Low  

netty-3.6.2.Final.jar

Description:

 
    The Netty project is an effort to provide an asynchronous event-driven
    network application framework and tools for rapid development of
    maintainable high performance and high scalability protocol servers and
    clients.  In other words, Netty is a NIO client server framework which
    enables quick and easy development of network applications such as protocol
    servers and clients. It greatly simplifies and streamlines network
    programming such as TCP and UDP socket server.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/netty-3.6.2.Final.jar
MD5: 65546c0885e83ba36f1f4d9ff9f8c776
SHA1: 69be11c61427f0604a30539755add84ad9e37e5e
SHA256:d4ff9f0a2959633e062edd0e678d8187bbe95ad19195384ac524fd41f00f5a44

Identifiers

CVE-2014-0193  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors 

WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames.

Vulnerable Software & Versions: (show all)

CVE-2014-3488  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer 

The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

Vulnerable Software & Versions: (show all)

CVE-2015-2156  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-20 Improper Input Validation 

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.

Vulnerable Software & Versions: (show all)

noggit-0.5.jar

Description:

 Fast streaming JSON parser for Java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/noggit-0.5.jar
MD5: c999a28fd0788cca79fb64460a36b0af
SHA1: 8e6e65624d2e09a30190c6434abe23b7d4e5413c
SHA256:3ded7e6cff8702e3bcde8bf34d359c9c576cfe3d7a90dd38fa743d582b566ab6

Identifiers

  • maven: org.noggit:noggit:0.5  Confidence:High

org.restlet-2.2.3.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/org.restlet-2.2.3.jar
MD5: 0ca74b39e833efc4bc67dd494b4cfa88
SHA1: b5743deba825f3b4bf54c87b9cfa4fc952e0ff74
SHA256:a1bcc6ec92955721f4df65c649a0b67e218cdd876f3694b8104b54f085684ae6

Identifiers

  • cpe: cpe:/a:restlet:restlet_framework:2.2.3  Confidence:Low  
  • cpe: cpe:/a:restlet:restlet:2.2.3  Confidence:Low  

org.restlet.lib.org.json-2.0.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/org.restlet.lib.org.json-2.0.jar
MD5: c8f97873c021adc0771e2348eb2c50f2
SHA1: aa0e3bef5e0c3660a3e69529a3d8b71b4ecd291a
SHA256:2beae160ea6c32e0cb9a4e2fdc14b0ec7c5d0013107c516e111d978b5c3487cf

Identifiers

  • cpe: cpe:/a:restlet:restlet:2.0  Confidence:Low  
  • cpe: cpe:/a:restlet:restlet_framework:2.0  Confidence:Low  

CVE-2013-4221  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-16 Configuration 

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.

Vulnerable Software & Versions: (show all)

CVE-2013-4271  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data 

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221.

Vulnerable Software & Versions: (show all)

CVE-2014-1868  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion (XEE) attack.

Vulnerable Software & Versions: (show all)

ormlite-core-4.48.jar

Description:

 Lightweight Object Relational Model (ORM) for persisting objects to SQL databases.

License:

ISC License: http://ormlite.com/docs/license
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/ormlite-core-4.48.jar
MD5: 74d1b09c4d0e3e216b0584485208c515
SHA1: e579bd2905d0399af5029aaaf9817d5fa0ca88a5
SHA256:2beb9bd890a705fe25f6d74c7b1fdb5667da09f7063ba8e8eb501cb899dd5002

Identifiers

  • maven: com.j256.ormlite:ormlite-core:4.48  Confidence:High

ormlite-jdbc-4.48.jar

Description:

 Lightweight Object Relational Model (ORM) JDBC classes

License:

ISC License: http://ormlite.com/docs/license
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/ormlite-jdbc-4.48.jar
MD5: aa6e8074f3cfc64a417fc6efa7004b56
SHA1: b915ebd2c4b901eec32e4df44e5503752e92ce38
SHA256:be89e2433f2b3528666d2845177237545d75d5183ce45709885f6edac9c53f58

Identifiers

  • maven: com.j256.ormlite:ormlite-jdbc:4.48  Confidence:High

paranamer-2.7.jar

Description:

 Paranamer allows runtime access to constructor and method parameter names for Java classes

License:

LICENSE.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/paranamer-2.7.jar
MD5: 5707a297363249fffe38e8189cd6f9cb
SHA1: 3ed64c69e882a324a75e890024c32a28aff0ade8
SHA256:63e3f53f8f70784b65c25b2ee475813979d6d0e7f7b2510b364c4e1f4a803ccc

Identifiers

  • maven: com.thoughtworks.paranamer:paranamer:2.7  Confidence:High

protobuf-java-2.5.0.jar

Description:

 
    Protocol Buffers are a way of encoding structured data in an efficient yet
    extensible format.

License:

New BSD license: http://www.opensource.org/licenses/bsd-license.php
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/protobuf-java-2.5.0.jar
MD5: a44473b98947e2a54c54e0db1387d137
SHA1: a10732c76bfacdbd633a7eb0f7968b1059a65dfa
SHA256:e0c1c64575c005601725e7c6a02cebf9e1285e888f756b2a1d73ffa8d725cc74

Identifiers

reflections-0.9.8.jar

Description:

 Reflections - a Java runtime metadata analysis

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/reflections-0.9.8.jar
MD5: 46192a2539fbe9e1fb69f8e5764e3aaa
SHA1: f723abb59bf512952bfc503838f70f81487a6993
SHA256:790492c3d177c4121d7ed84edad57c591569d124a58a5c503420004e7a95f9d6

Identifiers

  • maven: org.reflections:reflections:0.9.8  Confidence:High

serializer-2.7.1.jar

Description:

 
    Serializer to write out XML, HTML etc. as a stream of characters from an input DOM or from input
    SAX events.

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/serializer-2.7.1.jar
MD5: a6b64dfe58229bdd810263fa0cc54cff
SHA1: 4b4b18df434451249bb65a63f2fb69e215a6a020
SHA256:a15078d243d4a20b6b4e8ae2f61ed4655e352054e121aada6f7441f1ed445a3c

Identifiers

CVE-2014-0107  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls 

The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.

Vulnerable Software & Versions: (show all)

servlet-api-2.5-20081211.jar

Description:

 Servlet Specification API

License:

http://www.apache.org/licenses/LICENSE-2.0
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/servlet-api-2.5-20081211.jar
MD5: 083898d794cc261853922ca941aee390
SHA1: 22bff70037e1e6fa7e6413149489552ee2064702
SHA256:068756096996fe00f604ac3b6672d6f663dc777ea4a83056e240d0456e77e472

Identifiers

  • cpe: cpe:/a:mortbay:jetty:2.5.200812  Confidence:Low  
  • maven: org.mortbay.jetty:servlet-api:2.5-20081211  Confidence:High
  • cpe: cpe:/a:mortbay_jetty:jetty:2.5.200812  Confidence:Low  
  • cpe: cpe:/a:jetty:jetty:2.5.200812  Confidence:Low  

CVE-2005-3747  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure 

Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash ("%5C") characters.  NOTE: this might be the same issue as CVE-2006-2758.

Vulnerable Software & Versions: (show all)

CVE-2007-5615  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection') 

CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Vulnerable Software & Versions:

CVE-2009-1523  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 

Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.

Vulnerable Software & Versions: (show all)

CVE-2009-1524  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 

Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before 6.1.17 allows remote attackers to inject arbitrary web script or HTML via a directory listing request containing a ; (semicolon) character.

Vulnerable Software & Versions: (show all)

CVE-2011-4461  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-310 Cryptographic Issues 

Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Vulnerable Software & Versions: (show all)

servlet-api-2.5.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/servlet-api-2.5.jar
MD5: 69ca51af4e9a67a1027a7f95b52c3e8f
SHA1: 5959582d97d8b61f4d154ca9e495aafd16726e34
SHA256:c658ea360a70faeeadb66fb3c90a702e4142a0ab7768f9ae9828678e0d9ad4dc

Identifiers

slf4j-api-1.7.7.jar

Description:

 The slf4j API

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/slf4j-api-1.7.7.jar
MD5: ca4280bf93d64367723ae5c8d42dd0b9
SHA1: 2b8019b6249bb05d81d3a3094e468753e2b21311
SHA256:69980c038ca1b131926561591617d9c25fabfc7b29828af91597ca8570cf35fe

Identifiers

  • cpe: cpe:/a:slf4j:slf4j:1.7.7  Confidence:Low  
  • maven: org.slf4j:slf4j-api:1.7.7  Confidence:High

slf4j-log4j12-1.7.5.jar

Description:

 SLF4J LOG4J-12 Binding

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/slf4j-log4j12-1.7.5.jar
MD5: 371e35747d6bd35e3800034bdac4150e
SHA1: 6edffc576ce104ec769d954618764f39f0f0f10d
SHA256:e3393b87604eeab24d72d71d0bfceb3436658ab0593f48f16523ad90f270c88f

Identifiers

  • maven: org.slf4j:slf4j-log4j12:1.7.5  Confidence:High
  • cpe: cpe:/a:slf4j:slf4j:1.7.5  Confidence:Low  

snakeyaml-1.13.jar

Description:

 YAML 1.1 parser and emitter for Java

License:

Apache License Version 2.0: LICENSE.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/snakeyaml-1.13.jar
MD5: 88e239ab48632e2eab576ee86f56c47e
SHA1: 73cbb494a912866c4c831a178c3a2a9169f4eaad
SHA256:eebdfdc186a16cc52301d05e63730d3cf60b4eca62d9259e945025580dc274a9

Identifiers

  • maven: org.yaml:snakeyaml:1.13  Confidence:High

snappy-java-1.1.1.3.jar

Description:

 snappy-java: A fast compression/decompression library

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/snappy-java-1.1.1.3.jar
MD5: a73387268491e264935ea46e49011ed0
SHA1: fbd7b0b8400ebd0d6a2c61493f39530a93d9c4b6
SHA256:4882736281544083b7d140d03b7346b9ecda834df886561ad3eae25375034592

Identifiers

solr-solrj-4.6.0.jar

Description:

 Apache Solr Solrj

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/solr-solrj-4.6.0.jar
MD5: 675a97ea155a073aa83708dcb6b06d14
SHA1: 708abed2f1403b4e320ba060d1d9b3377dc4b9ba
SHA256:78da47e5e0de71f4111348bc20941c0cd27a1667bae265344623c3c6d99f41c1

Identifiers

CVE-2014-3628  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 

Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object.

Vulnerable Software & Versions: (show all)

CVE-2015-8795  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 

Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js.

Vulnerable Software & Versions:

CVE-2015-8796  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 

Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL.

Vulnerable Software & Versions:

CVE-2015-8797  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 

Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI.

Vulnerable Software & Versions:

CVE-2017-3163  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.

Vulnerable Software & Versions: (show all)

CVE-2018-1308  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE') 

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.

Vulnerable Software & Versions: (show all)

spring-core-4.0.4.RELEASE.jar

Description:

 Spring Core

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/spring-core-4.0.4.RELEASE.jar
MD5: 6a3fe08a36ecfc491b87a48906111bd2
SHA1: 1e49cd206349aa6d1ee272acd67cb56c05452b95
SHA256:2625daf3e22aa03fcc7a5229036041e1b54ae6b7145ca56865caa2a5bf2333f5

Identifiers

CVE-2014-0225  

Severity:Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE') 

When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.

Vulnerable Software & Versions: (show all)

CVE-2014-3578  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

Vulnerable Software & Versions: (show all)

CVE-2014-3625  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

Vulnerable Software & Versions: (show all)

CVE-2015-5211  

Severity:High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-20 Improper Input Validation 

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.

Vulnerable Software & Versions: (show all)

CVE-2016-5007  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls 

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.

Vulnerable Software & Versions: (show all)

CVE-2018-1270  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-358 Improperly Implemented Security Check for Standard 

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Vulnerable Software & Versions: (show all)

CVE-2018-1271  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.

Vulnerable Software & Versions: (show all)

CVE-2018-1272  

Severity:Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls 

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

Vulnerable Software & Versions: (show all)

stax-api-1.0-2.jar

Description:

 
    StAX is a standard XML processing API that allows you to stream XML data from and to your application.

License:

GNU General Public Library: http://www.gnu.org/licenses/gpl.txt
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: http://www.sun.com/cddl/cddl.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/stax-api-1.0-2.jar
MD5: 7d18b63063580284c3f5734081fdc99f
SHA1: d6337b0de8b25e53e81b922352fbea9f9f57ba0b
SHA256:e8c70ebd76f982c9582a82ef82cf6ce14a7d58a4a4dca5cb7b7fc988c80089b7

Identifiers

stax2-api-3.1.3.jar

Description:

 tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API.

License:

The BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/stax2-api-3.1.3.jar
MD5: f1e0b1c8e10ddfc32e48c86ede69a991
SHA1: 7b6af25588e281dd7ffe3750ea121b28add8800e
SHA256:67d77c5afa51415a76a96dead24a5af32138181494ec0368045728c8498961b1

Identifiers

  • maven: org.codehaus.woodstox:stax2-api:3.1.3  Confidence:High

tika-core-1.10.jar

Description:

 This is the core Apache Tika™ toolkit library from which all other modules inherit functionality. It also
    includes the core facades for the Tika API.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/tika-core-1.10.jar
MD5: 9fccc95cc1ef109c339a89215a26cbf9
SHA1: feeac0d2758775b721b5c3e700ce8e4f5c0d9eb2
SHA256:9687d0b0c40bb3b9374ac386fad001558ebadf1b2f73321b4ac5db3f33484d74

Identifiers

  • cpe: cpe:/a:apache:tika:1.10  Confidence:Highest  
  • maven: org.apache.tika:tika-core:1.10  Confidence:High

CVE-2016-6809  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data 

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.

Vulnerable Software & Versions:

CVE-2018-1338  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors 

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18.

Vulnerable Software & Versions: (show all)

CVE-2018-1339  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors 

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18.

Vulnerable Software & Versions: (show all)

typeaheadjs-0.9.3.jar

Description:

 WebJar for typeahead.js

License:

MIT: https://github.com/twitter/typeahead.js/blob/master/LICENSE
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/typeaheadjs-0.9.3.jar
MD5: ed3081f15195e21c9b0a76f9bef9e405
SHA1: f7c38c931dcdb7bff0e309f9dcdd6f4281200440
SHA256:36f4ee8f639bf7ed8f155d4c24a1d5d10c9f13104909be7486825c7555ba6974

Identifiers

  • maven: org.webjars:typeaheadjs:0.9.3  Confidence:High

velocity-1.7.jar

Description:

 Apache Velocity is a general purpose template engine.

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/velocity-1.7.jar
MD5: 3692dd72f8367cb35fb6280dc2916725
SHA1: 2ceb567b8f3f21118ecdec129fe1271dbc09aa7a
SHA256:ec92dae810034f4b46dbb16ef4364a4013b0efb24a8c5dd67435cae46a290d8e

Identifiers

wicket-bootstrap-core-0.9.2.jar

Description:

 wicket with twitter bootstrap integration

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/wicket-bootstrap-core-0.9.2.jar
MD5: 526b085ebd563375c9b920f80734f149
SHA1: 9860c6da4ee063cf64b83d9678bfe17bae7a4d5c
SHA256:2591413c23e927bd17f87892d44de6d8341c9d02791087866ea002ac698b2e00

Identifiers

  • maven: de.agilecoders.wicket:wicket-bootstrap-core:0.9.2  Confidence:High

wicket-bootstrap-extensions-0.9.2.jar

Description:

 wicket with twitter bootstrap integration

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/wicket-bootstrap-extensions-0.9.2.jar
MD5: 848c862ad76f24f425718a999ae7ff2f
SHA1: 7dadadc64d2f8db8b4dd4fc2df910f693cfb9006
SHA256:04d308a2694ab8bfe1915e3a8855e05de0240c88f8ae1e41c3395a071774574d

Identifiers

  • maven: de.agilecoders.wicket:wicket-bootstrap-extensions:0.9.2  Confidence:High

wicket-core-6.16.0.jar

Description:

 
		Wicket is a Java web application framework that takes simplicity, 
		separation of concerns and ease of development to a whole new level. 
		Wicket pages can be mocked up, previewed and later revised using 
		standard WYSIWYG HTML design tools. Dynamic content processing and 
		form handling is all handled in Java code using a first-class 
		component model backed by POJO data beans that can easily be 
		persisted using your favorite technology.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/wicket-core-6.16.0.jar
MD5: 4515a635b3e984515a09cc8737e3e617
SHA1: 85dd5611907b269f6a25569d9df45513bd0b1b5a
SHA256:375040a1ed7faaa62e5533706db6495bff2d7bee1bdce621c163a5ea77dbafd4

Identifiers

CVE-2014-3526  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure 

Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions.

Vulnerable Software & Versions: (show all)

CVE-2014-7808  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues 

Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider.

Vulnerable Software & Versions: (show all)

CVE-2015-5347  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 

Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 might allow remote attackers to inject arbitrary web script or HTML via a ModalWindow title.

Vulnerable Software & Versions: (show all)

CVE-2015-7520  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 

Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a <input> element.

Vulnerable Software & Versions: (show all)

CVE-2016-6793  

Severity:Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data 

The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.7 allows remote attackers to cause a denial of service (infinite loop) and write to, move, and delete files with the permissions of DiskFileItem, and if running on a Java VM before 1.3.1, execute arbitrary code via a crafted serialized Java object.

Vulnerable Software & Versions: (show all)

wicket-extensions-6.13.0.jar

Description:

 Wicket Extensions is a rich component library for the Wicket framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/wicket-extensions-6.13.0.jar
MD5: bb473c8a26b60b9229b55b7bb8f2af81
SHA1: 6541b82ae1ef81cbe78bbd16de0bf94d65eeb79e
SHA256:31b3a630c20fe4b115aafc294c3f705319f54ba52b3f0470cb37188852459062

Identifiers

  • cpe: cpe:/a:apache:wicket:6.13.0  Confidence:Highest  
  • maven: org.apache.wicket:wicket-extensions:6.13.0  Confidence:High

CVE-2014-0043  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure 

In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.

Vulnerable Software & Versions: (show all)

CVE-2014-3526  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure 

Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions.

Vulnerable Software & Versions: (show all)

CVE-2014-7808  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues 

Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider.

Vulnerable Software & Versions: (show all)

CVE-2015-5347  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 

Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 might allow remote attackers to inject arbitrary web script or HTML via a ModalWindow title.

Vulnerable Software & Versions: (show all)

CVE-2015-7520  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 

Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a <input> element.

Vulnerable Software & Versions: (show all)

CVE-2016-6793  

Severity:Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data 

The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.7 allows remote attackers to cause a denial of service (infinite loop) and write to, move, and delete files with the permissions of DiskFileItem, and if running on a Java VM before 1.3.1, execute arbitrary code via a crafted serialized Java object.

Vulnerable Software & Versions: (show all)

wicket-webjars-0.4.0.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/wicket-webjars-0.4.0.jar
MD5: f06ad74c487b7743bee5e447d30ed85f
SHA1: 962c559b498fbc7617ba40658a60d156473db146
SHA256:5e695e6d8ac8eb75512da86146dbd0145e8525ddaa7334c97043d98ff91bf0c5

Identifiers

  • maven: de.agilecoders.wicket.webjars:wicket-webjars:0.4.0  Confidence:High

woodstox-core-asl-4.2.0.jar

Description:

 Woodstox is a high-performance XML processor that
implements Stax (JSR-173) and SAX2 APIs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/woodstox-core-asl-4.2.0.jar
MD5: ac7e73fcf52654c0642afdfccc7d9f57
SHA1: 7a3784c65cfa5c0553f31d000b43346feb1f4ee3
SHA256:5ccb662b21ed218aaf06fc0a46f8b78338bc4992a236b62b471fa3f2671ed0ae

Identifiers

wsdl4j-1.6.2.jar

Description:

 Java stub generator for WSDL

License:

CPL: http://www.opensource.org/licenses/cpl1.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/wsdl4j-1.6.2.jar
MD5: 2608a8ea3f07b0c08de8a7d3d0d3fc09
SHA1: dec1669fb6801b7328e01ad72fc9e10b69ea06c1
SHA256:e90120d26f1a163c5843c7a758d0a0c950d1b0970268ad0770d6c1cc50508c43

Identifiers

wstx-asl-3.2.7.jar

Description:

 Woodstox is a high-performance XML processor that implements Stax (JSR-173) API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/wstx-asl-3.2.7.jar
MD5: 5ca667e626a1b2f3e5522cb431370cc6
SHA1: 252c7faae9ce98cb9c9d29f02db88f7373e7f407
SHA256:939f591b445c83f285191cef7603731ed373eaf000da005f49769a283110dd2d

Identifiers

xercesImpl-2.9.1.jar

Description:

 
    Xerces2 is the next generation of high performance, fully compliant XML parsers in the
    Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI),
    a complete framework for building parser components and configurations that is extremely
    modular and easy to program.

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/xercesImpl-2.9.1.jar
MD5: f807f86d7d9db25edbfc782aca7ca2a9
SHA1: 7bc7e49ddfe4fb5f193ed37ecc96c12292c8ceb6
SHA256:6ae540a7c85c814ac64bea48016b3a6f45c95d4765f547fcc0053dc36c94ed5c

Identifiers

  • maven: xerces:xercesImpl:2.9.1   Confidence:Highest
  • cpe: cpe:/a:apache:xerces2_java:2.9.1  Confidence:Low  

CVE-2012-0881  

Severity:High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-399 Resource Management Errors 

Apache Xerces2 Java allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.

Vulnerable Software & Versions:

xml-apis-1.3.04.jar

Description:

 xml-commons provides an Apache-hosted set of DOM, SAX, and 
    JAXP interfaces for use in other xml-based projects. Our hope is that we 
    can standardize on both a common version and packaging scheme for these 
    critical XML standards interfaces to make the lives of both our developers 
    and users easier. The External Components portion of xml-commons contains 
    interfaces that are defined by external standards organizations. For DOM, 
    that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for 
    JAXP it's Sun.

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/xml-apis-1.3.04.jar
MD5: 9ae9c29e4497fc35a3eade1e6dd0bbeb
SHA1: 90b215f48fe42776c8c7f6e3509ec54e84fd65ef
SHA256:d404aa881eb9c5f7a4fb546e84ea11506cd417a72b5972e88eff17f43f9f8a64

Identifiers

xmlParserAPIs-2.6.2.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/xmlParserAPIs-2.6.2.jar
MD5: 2651f9f7c39e3524f3e2c394625ac63a
SHA1: 065acede1e5305bd2b92213d7b5761328c6f4fd9
SHA256:1c2867be1faa73c67e9232631241eb1df4cd0763048646e7bb575a9980e9d7e5

Identifiers

xmlenc-0.52.jar

Description:

 xmlenc Library

License:

The BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/xmlenc-0.52.jar
MD5: c962b6bc3c8de46795b0ed94851fa9c7
SHA1: d82554efbe65906d83b3d97bd7509289e9db561a
SHA256:282ae185fc2ff27da7714af9962897c09cfefafb88072219c4a2f9c73616c026

Identifiers

xmlschema-core-2.0.1.jar

Description:

 Commons XMLSchema is a light weight schema object model that can be used to manipulate or
        generate XML schema.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/xmlschema-core-2.0.1.jar
MD5: b7f3197aebdcf95fa429e1c0e4c6f086
SHA1: e9f802631794bd9f8ad90c4234b50440dfbdb21e
SHA256:e31aff00d8eb77f91604f6758c02b5d7452937ccfd00c84ca0fc285bfc516e0e

Identifiers

  • cpe: cpe:/a:ws_project:ws:2.0.1  Confidence:Low  
  • maven: org.apache.ws.xmlschema:xmlschema-core:2.0.1  Confidence:High

xz-1.5.jar

Description:

 XZ data compression

License:

Public Domain
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/xz-1.5.jar
MD5: 51050e595b308c4aec8ac314f66e18bc
SHA1: 9c64274b7dbb65288237216e3fae7877fd3f2bee
SHA256:86f30fa8775fa3a62cdb39d1ed78a6019164c1058864048d42cbee244e26e840

Identifiers

  • maven: org.tukaani:xz:1.5   Confidence:Highest
  • cpe: cpe:/a:tukaani:xz:1.5  Confidence:Low  

CVE-2015-4035  

Severity:Medium
CVSS Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation 

scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name.

Vulnerable Software & Versions:

zookeeper-3.4.5.jar

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/zookeeper-3.4.5.jar
MD5: 00b9db19ad7f18681761edc6db524ceb
SHA1: c0f69fb36526552a8f0bc548a6c33c49cf08e562
SHA256:fadea8ad970ea76500db9fe8826a89dc66705a14e794389ea507fe4f5d090f55

Identifiers

CVE-2014-0085  

Severity:Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-255 Credentials Management 

JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.

Vulnerable Software & Versions: (show all)

CVE-2016-5017  

Severity:Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer 

Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string.

Vulnerable Software & Versions: (show all)

CVE-2017-5637  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors 

Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.

Vulnerable Software & Versions: (show all)

CVE-2018-8012  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-285 Improper Authorization 

No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.

Vulnerable Software & Versions: (show all)

creativecommons.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/creativecommons/creativecommons.jar
MD5: 9b611e8f9893409a94d7ace9f1ff73d2
SHA1: 05ef359b6cc0153f08429d313eb413e8eb46168c
SHA256:64bb3ebbb899e64403c23ac0f57a56ff8b3aec134d25b3426a0fa5af4884ba48

Identifiers

  • None

index-anchor.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/index-anchor/index-anchor.jar
MD5: d3b869aea522c93bf13133afcb2f2cfe
SHA1: 5edda05d9b9539c67c7050c3cf7fa4e1ffb327ed
SHA256:252072abf7e6c9edfd117a4203bcd6d5acaeb3aae6966de043f1a537cd3ff9d3

Identifiers

  • None

index-basic.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/index-basic/index-basic.jar
MD5: 3e70463ddcea4c15a4e63b5b6021ed82
SHA1: 348f95fa3760dd21f728022c8af2b9aee0eb02d4
SHA256:4b7f71385833ea40cfb9728427cba58b0d6eae5d00808e3a5a43b92102c1c7c4

Identifiers

  • None

index-html.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/index-html/index-html.jar
MD5: 3588474bbbcd41c9d5687142a3f1f2a8
SHA1: 138813b40fb6f233c60e9c9306a7c57bdbd1cfd6
SHA256:f1520f23bc856176ad4ee3be294e6309a15c0fbe18def5ebd907353b0a9dad89

Identifiers

  • None

index-metadata.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/index-metadata/index-metadata.jar
MD5: 70c07d077680bc7d89926f396028a3dd
SHA1: da874e0bb58ef449723d9b39aec3bd43abb4e50b
SHA256:922200d40eba5fa51140a6a7674abad670dea3cab3597330a6214eee226a9014

Identifiers

  • None

index-more.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/index-more/index-more.jar
MD5: 402b4b193b4cc100fe96bf4b17fc9b7c
SHA1: 4a5385828696e2a4633d42c528a18e8700a76200
SHA256:fcbf1a2749f40852653cb13abd6c76ca5ea67a45f7a49b06b9425cd0fee35d13

Identifiers

  • None

HdrHistogram-2.1.6.jar

Description:

 
        HdrHistogram supports the recording and analyzing sampled data value
        counts across a configurable integer value range with configurable value
        precision within the range. Value precision is expressed as the number of
        significant digits in the value recording, and provides control over value
        quantization behavior across the value range and the subsequent value
        resolution at any given level.

License:

Public Domain, per Creative Commons CC0: http://creativecommons.org/publicdomain/zero/1.0/
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/HdrHistogram-2.1.6.jar
MD5: 565bf21a1fec0dc39e8b9d5eb0642344
SHA1: 7495feb7f71ee124bd2a7e7d83590e296d71d80e
SHA256:1d44b3a32d268aa453ee7a9bb89650dfccb159a3160df49d92f299f2b72e9988

Identifiers

  • maven: org.hdrhistogram:HdrHistogram:2.1.6  Confidence:High

commons-cli-1.3.1.jar

Description:

 
    Apache Commons CLI provides a simple API for presenting, processing and validating a command line interface.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/commons-cli-1.3.1.jar
MD5: 8d5fa2a42fef17d9034b35a9ac9cc750
SHA1: 1303efbc4b181e5a58bf2e967dc156a3132b97c0
SHA256:3a2f057041aa6a8813f5b59b695f726c5e85014a703d208d7e1689098e92d8c0

Identifiers

  • maven: commons-cli:commons-cli:1.3.1  Confidence:High

compress-lzf-1.0.2.jar

Description:

  
Compression codec for LZF encoding for particularly encoding/decoding, with reasonable compression.
Compressor is basic Lempel-Ziv codec, without Huffman (deflate/gzip) or statistical post-encoding.
See "http://oldhome.schmorp.de/marc/liblzf.html" for more on original LZF package.

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/compress-lzf-1.0.2.jar
MD5: cfdf61e17e8b2f4f00ef58d9443aae5e
SHA1: 62896e6fca184c79cc01a14d143f3ae2b4f4b4ae
SHA256:98f374ddd7c6bb8b5ad67ba3bf96dc0f7bac71b090ee28fdb130ba46167119c0

Identifiers

  • maven: com.ning:compress-lzf:1.0.2  Confidence:High

elasticsearch-2.2.0.jar

Description:

 Elasticsearch - Open Source, Distributed, RESTful Search Engine

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/elasticsearch-2.2.0.jar
MD5: b7fe75d93bfedff58f56ae62b334d7c1
SHA1: 9b4096cb3b175d0d3a643b70fe95b6a1c8e48553
SHA256:f273e3bdcdd675213e7136160fdd4b666d5105e69821e1585057713abeee07d8

Identifiers

  • cpe: cpe:/a:elasticsearch:elasticsearch:2.2.0  Confidence:Low  
  • maven: org.elasticsearch:elasticsearch:2.2.0  Confidence:High

guava-18.0.jar

Description:

 
    Guava is a suite of core and expanded libraries that include
    utility classes, google's collections, io classes, and much
    much more.

    Guava has only one code dependency - javax.annotation,
    per the JSR-305 spec.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/guava-18.0.jar
MD5: 947641f6bb535b1d942d1bc387c45290
SHA1: cce0823396aa693798f8882e64213b1772032b09
SHA256:d664fbfc03d2e5ce9cab2a44fb01f1d0bf9dfebeccc1a473b1f9ea31f79f6f99

Identifiers

  • maven: com.google.guava:guava:18.0  Confidence:High

hppc-0.7.1.jar

Description:

 High Performance Primitive Collections. 
  Fundamental data structures (maps, sets, lists, stacks, queues) generated for
  combinations of object and primitive types to conserve JVM memory and speed
  up execution.

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/hppc-0.7.1.jar
MD5: 2ff89be5b49144c330190cf7137c3a26
SHA1: 8b5057f74ea378c0150a1860874a3ebdcb713767
SHA256:40d2a57f59e9eae7b018d3b4841954087ee40a5c1db6a54c3ea87742e3890391

Identifiers

  • maven: com.carrotsearch:hppc:0.7.1  Confidence:High

indexer-elastic2.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/indexer-elastic2.jar
MD5: 429f0bea8db193fb76b9be2e8aa3f742
SHA1: b3288b0723a40d2164f18676439c13fe3399a1b2
SHA256:cdd19db20454a5904e7ba9f228d2e4ab9a7a5b79da2f67af271998e3bfbe6e7f

Identifiers

  • None

jackson-core-2.6.2.jar

Description:

 Core Jackson abstractions, basic JSON streaming API implementation

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/jackson-core-2.6.2.jar
MD5: 5478388129427723d00ac8013b5b44a6
SHA1: 123f29333b2c6b3516b14252b6e93226bfcd6e37
SHA256:d7602c2afd4b2a184b21a1fddb0dc1552eadfc56ad79845a40a68ecd85d37634

Identifiers

  • cpe: cpe:/a:fasterxml:jackson:2.6.2  Confidence:Low  
  • maven: com.fasterxml.jackson.core:jackson-core:2.6.2  Confidence:High

jarjar-1.3.jar

Description:

 Jar Jar Links is a utility that makes it easy to repackage Java libraries and embed them into your own distribution.

License:

Apache License version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/jarjar-1.3.jar
MD5: 3948597624eed18ddc8cb628b08f536d
SHA1: b81c2719c63fa8e6f3eca5b11b8e9b5ad79463db
SHA256:4225c8ee1bf3079c4b07c76fe03c3e28809a22204db6249c9417efa4f804b3a7

Identifiers

joda-convert-1.2.jar

Description:

 Library to convert Objects to and from String

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/joda-convert-1.2.jar
MD5: b0da47d5736aa6c16c0da7fd4fcfb8ba
SHA1: 35ec554f0cd00c956cc69051514d9488b1374dec
SHA256:5703e1a2ac1969fe90f87076c1f1136822bf31d8948252159c86e6d0535c81a8

Identifiers

  • maven: org.joda:joda-convert:1.2  Confidence:High

joda-time-2.8.2.jar

Description:

 Date and time library to replace JDK date handling

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/joda-time-2.8.2.jar
MD5: 59644e5f2e55a55ae8ccf2ca65a73b81
SHA1: d27c24204c5e507b16fec01006b3d0f1ec42aed4
SHA256:7c71ac7b4c0e6b7e49bcc93c135825d23f427aba62397b313c7fdcd2c19c42cb

Identifiers

  • maven: joda-time:joda-time:2.8.2  Confidence:High

jsr166e-1.1.0.jar

Description:

 JSR166e

License:

CC0 1.0 Universal: http://creativecommons.org/publicdomain/zero/1.0/
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/jsr166e-1.1.0.jar
MD5: 3fcf5c9feec7c8331de1c6101dcf818f
SHA1: 233098147123ee5ddcd39ffc57ff648be4b7e5b2
SHA256:abd9acc93b3c93fc5534b63e5f7cccf29c488cdcfd9084dc19c0fe71631b564b

Identifiers

  • cpe: cpe:/a:twitter:twitter:1.1.0  Confidence:Low  
  • cpe: cpe:/a:twitter_project:twitter:1.1.0  Confidence:Low  
  • maven: com.twitter:jsr166e:1.1.0  Confidence:High

lucene-analyzers-common-5.4.1.jar

Description:

 Additional Analyzers

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/lucene-analyzers-common-5.4.1.jar
MD5: eab8af490c260d70638ed028d2e52ad9
SHA1: c2aa2c4e00eb9cdeb5ac00dc0495e70c441f681e
SHA256:298f16d4e65b0c43b101983c1366c8dbb17ae7980257a3b38b3ef17cd0f5bc6e

Identifiers

lucene-backward-codecs-5.4.1.jar

Description:

 
    Codecs for older versions of Lucene.

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/lucene-backward-codecs-5.4.1.jar
MD5: 3d8d9c2a8d8a36b8a3e8ef02118a851b
SHA1: 5273da96380dfab302ad06c27fe58100db4c4e2f
SHA256:130ba1ae781063148831c9b38110df335561180ee1ffd89a3353e80da777b3e3

Identifiers

lucene-core-5.4.1.jar

Description:

 Apache Lucene Java Core

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/lucene-core-5.4.1.jar
MD5: f0f646aa1b57a3c37b251c92a2ff0fe2
SHA1: c52b2088e2c30dfd95fd296ab6fb9cf8de9855ab
SHA256:3518557dbe06f0aedc8c737b3d53de77ad60e46ebe8e81cc56f7a793a38bdf29

Identifiers

lucene-grouping-5.4.1.jar

Description:

 Lucene Grouping Module

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/lucene-grouping-5.4.1.jar
MD5: 2b0c04347f9c5c6c4b18f152e76d5a1f
SHA1: de757064b78b275583378501e9c18be563b6ae44
SHA256:d6b434fc0a875209945fc960aaa8ea8097e97c88f4e1db662b95207326e97990

Identifiers

lucene-highlighter-5.4.1.jar

Description:

 
    This is the highlighter for apache lucene java

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/lucene-highlighter-5.4.1.jar
MD5: ced2d944c32fa24b21724d42b6a17ccf
SHA1: cf8b79f71cb5f36ecf1bbfbc380089e4640a74c2
SHA256:7e9c574562a291dd21a2ea287eee68561d7a3dd427edb4b0e8c2bff64b4239af

Identifiers

lucene-join-5.4.1.jar

Description:

 Lucene Join Module

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/lucene-join-5.4.1.jar
MD5: 55f2895837fe475a29431d7dbcd67a14
SHA1: 41c28c524b44395ebecdaf5e7cede904d9e4d2e4
SHA256:cc786b259146238b5ed3d72e7a0013c865d53b36f3728167dd2c69fbe01532ad

Identifiers

lucene-memory-5.4.1.jar

Description:

 
    High-performance single-document index to compare against Query

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/lucene-memory-5.4.1.jar
MD5: af77dccd783d4b8151011c9b5d31091f
SHA1: 806841bb63660530ccafc6fcb4dd239722547429
SHA256:c8ad21de68ed8d5f79657ea70729c0a4c1573fd0a274a3bd34bca4f4c92c4585

Identifiers

lucene-misc-5.4.1.jar

Description:

 Miscellaneous Lucene extensions

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/lucene-misc-5.4.1.jar
MD5: 24095d90fd69bc6df26a92960c51f497
SHA1: 95f433b9d7dd470cc0aa5076e0f233907745674b
SHA256:068ce23565513abc221367f07b8249c81b652b29bc2ea2fe3ed5982d0504b332

Identifiers

lucene-queries-5.4.1.jar

Description:

 Lucene Queries Module

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/lucene-queries-5.4.1.jar
MD5: 5b8017254369add8b47d3af0fe4d94e9
SHA1: cbb34afcf0596e75731a493227eece69ac117522
SHA256:415f479ce93682a6b0feb078f0b35f18a42f7e9e403fec4d63a2e68b06b15566

Identifiers

lucene-queryparser-5.4.1.jar

Description:

 Lucene QueryParsers module

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/lucene-queryparser-5.4.1.jar
MD5: 5af2fc046fda801f560bb6a24d1d7d79
SHA1: dccd5279bfa656dec21af444a7a66820eb1cd618
SHA256:1085bb30cb6caf36ca1d6d14a095d161de829b4611c5c2f6759d5153197950ed

Identifiers

lucene-sandbox-5.4.1.jar

Description:

 Lucene Sandbox

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/lucene-sandbox-5.4.1.jar
MD5: 6b5076344f91626fb001379dd2bf9f6d
SHA1: a2d8767abd7865048e6150bc689f5c942fc64048
SHA256:7df66192ff70eea5cfc9b2049befb1f9317306ae55565b8c44311adf46352b9d

Identifiers

lucene-spatial-5.4.1.jar

Description:

     
  	Spatial Strategies for Apache Lucene

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/lucene-spatial-5.4.1.jar
MD5: b223509aa034e6b3d15fe9a1120a3d58
SHA1: 68630557355cf7b4b0c51b210d6aec3d599ec43f
SHA256:f90173cc1600dd54e321c24d92e36116f7383922dcb45db69ec72b28d8281ff6

Identifiers

lucene-spatial3d-5.4.1.jar

Description:

 
    Lucene Spatial shapes implemented using 3D planar geometry

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/lucene-spatial3d-5.4.1.jar
MD5: f6bfb560e7966cbb397cce30679b1ee9
SHA1: ba3ad781a4b586898533ce928bff51b430a55e6a
SHA256:2cd581effd577df61fecd503dad800c563bc800e68c3cce30b88f701a469c438

Identifiers

lucene-suggest-5.4.1.jar

Description:

 Lucene Suggest Module

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/lucene-suggest-5.4.1.jar
MD5: f05a38e8b2712a94d6489549ae07cd85
SHA1: af6458f132b0974c4f40b82f9c7adde94a872f9b
SHA256:fffee2c10ee96ea8ff1b50f43c7574818167f01939d442312e90f46f10a78c16

Identifiers

netty-3.10.5.Final.jar

Description:

 
    The Netty project is an effort to provide an asynchronous event-driven
    network application framework and tools for rapid development of
    maintainable high performance and high scalability protocol servers and
    clients.  In other words, Netty is a NIO client server framework which
    enables quick and easy development of network applications such as protocol
    servers and clients. It greatly simplifies and streamlines network
    programming such as TCP and UDP socket server.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/netty-3.10.5.Final.jar
MD5: 14466fef5f114f444c688f7977e9dbce
SHA1: 9ca7d55d246092bddd29b867706e2f6c7db701a0
SHA256:eb031acf8a00733481bcd60807925ecfc9ce3840f13823d4b96cdcb1132db1da

Identifiers

  • maven: io.netty:netty:3.10.5.Final  Confidence:High
  • cpe: cpe:/a:netty_project:netty:3.10.5  Confidence:Low  

securesm-1.0.jar

Description:

 SecurityManager implementation that works around design flaws in Java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/securesm-1.0.jar
MD5: 5c02fec76c6ac560f103da6586674a41
SHA1: c0c6cf986ba0057390bfcc80c366a0e3157f944b
SHA256:c1c017c7a267fc3815a3dcfd3c0959e4d665eacf08fca0b6494112b70134449f

Identifiers

  • maven: org.elasticsearch:securesm:1.0  Confidence:High

snakeyaml-1.15.jar

Description:

 YAML 1.1 parser and emitter for Java

License:

Apache License Version 2.0: LICENSE.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/snakeyaml-1.15.jar
MD5: c6502713ff649a557b767b990830c786
SHA1: 3b132bea69e8ee099f416044970997bde80f4ea6
SHA256:79ea8aac6590f49ee8390c2f17ed9343079e85b44158a097b301dfee42af86ec

Identifiers

  • maven: org.yaml:snakeyaml:1.15  Confidence:High

spatial4j-0.5.jar

Description:

 
    Spatial4j is a general purpose spatial / geospatial ASL licensed open-source Java library. It's
    core capabilities are 3-fold: to provide common geospatially-aware shapes, to provide distance
    calculations and other math, and to read shape formats like WKT and GeoJSON.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/spatial4j-0.5.jar
MD5: f46efeafb997d3099238fe4f3ad0b1dc
SHA1: 6e16edaf6b1ba76db7f08c2f3723fce3b358ecc3
SHA256:a14338e0acc21793183f3dca6d8e7b1f036d9fa084169b9d94cf5cf81fbb4e3c

Identifiers

  • maven: com.spatial4j:spatial4j:0.5  Confidence:High

t-digest-3.0.jar

Description:

 Data structure which allows accurate estimation of quantiles and related rank statistics

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-elastic2/t-digest-3.0.jar
MD5: e7ede835f73c70cc662ca4d241250f1a
SHA1: 84ccf145ac2215e6bfa63baa3101c0af41017cfc
SHA256:5271fc25f94c01fa7a0e30a522118705bf3db7441a0b9636e5122b05a3d9c35d

Identifiers

  • maven: com.tdunning:t-digest:3.0  Confidence:High

commons-logging-1.1.1.jar

Description:

 Commons Logging is a thin adapter allowing configurable bridging to other,
    well known logging systems.

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-hbase/commons-logging-1.1.1.jar
MD5: ed448347fc0104034aa14c8189bf37de
SHA1: 5043bfebc3db072ed80fbd362e7caf00e885d8ae
SHA256:ce6f913cad1f0db3aad70186d65c5bc7ffcc9a99e3fe8e0b137312819f7c362f

Identifiers

  • maven: commons-logging:commons-logging:1.1.1  Confidence:High

findbugs-annotations-1.3.9-1.jar

Description:

 A clean room implementation of the Findbugs Annotations based entirely on the specification provided
    by the javadocs and at http://findbugs.sourceforge.net/manual/annotations.html.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-hbase/findbugs-annotations-1.3.9-1.jar
MD5: 70fda5202eb9d9ce4f250f2c2ba71152
SHA1: a6b11447635d80757d64b355bed3c00786d86801
SHA256:1e651066ed9ae35d7e3001d635d1dbba1c2965db0e4e33e2c14ad610543f225c

Identifiers

  • maven: com.github.stephenc.findbugs:findbugs-annotations:1.3.9-1  Confidence:High

guava-12.0.1.jar

Description:

 
    Guava is a suite of core and expanded libraries that include
    utility classes, google's collections, io classes, and much
    much more.

    Guava has only one code dependency - javax.annotation,
    per the JSR-305 spec.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-hbase/guava-12.0.1.jar
MD5: aeb6ae1449548bbbce1bda0f8ecc746c
SHA1: b8e78b9af7bf45900e14c6f958486b6ca682195f
SHA256:ec7f9928bc0cd5ca36b32bc3965055c49843d69ac1a9ccf380fdcc3f686af7fc

Identifiers

  • maven: com.google.guava:guava:12.0.1  Confidence:High

hbase-client-0.98.8-hadoop2.jar

Description:

 Client of HBase

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-hbase/hbase-client-0.98.8-hadoop2.jar
MD5: a4aeeb216e73ba855ec59fd83002270c
SHA1: 2c07bd0ee9bace297a1ff644da0c4684061904dd
SHA256:617babd99c7b113537c45a3c5c630eacb6172859f61198f72f8584649b01d3cd

Identifiers

  • cpe: cpe:/a:apache:hbase:0.98.8  Confidence:Highest  
  • maven: org.apache.hbase:hbase-client:0.98.8-hadoop2  Confidence:High

htrace-core-2.04.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-hbase/htrace-core-2.04.jar
MD5: bb871c7a6541ca3dc726e765a5301a54
SHA1: 80f30d70dfa29c78b1db994b6d9124ae271e0249
SHA256:f92be09ba209655cf7a81db9803004b808e068c7ee3e6ef4fad1c94cc98bb709

Identifiers

  • maven: org.cloudera.htrace:htrace-core:2.04  Confidence:High

indexer-hbase.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-hbase/indexer-hbase.jar
MD5: 3e2b47307357036cbc20d9d5d2a6d4f9
SHA1: e107416c12047f9ac094149128a13521cd5f1626
SHA256:b4434bc7bcf1dd84565e98eee1be92a3c126d1fd5c487e081da1933045067574

Identifiers

  • cpe: cpe:/a:apache:hbase:-  Confidence:Low  

jackson-core-asl-1.8.8.jar

Description:

 Jackson is a high-performance JSON processor (parser, generator)

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-hbase/jackson-core-asl-1.8.8.jar
MD5: a65a9709da8186ed9a1c739355414460
SHA1: dd2e90bb710ea3bc4610e24299d6a4c8dac5049b
SHA256:96b394f135bf396679681aca6716d8bea14a97cf306d3738a053c43d07a1308b

Identifiers

jcodings-1.0.8.jar

Description:

 
    Byte based encoding support library for java

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-hbase/jcodings-1.0.8.jar
MD5: 002720c095efbad852e2d3c896565c4b
SHA1: 33fa45fd853c277b888e3d5a2e6a4604b7c11e2c
SHA256:897793ca4a37583082a6ceeaca4ff83874da6448f651a914d1bbc7fd51d75442

Identifiers

  • maven: org.jruby.jcodings:jcodings:1.0.8  Confidence:High

joni-2.1.2.jar

Description:

 
    Java port of Oniguruma: http://www.geocities.jp/kosako3/oniguruma
    that uses byte arrays directly instead of java Strings and chars

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-hbase/joni-2.1.2.jar
MD5: 56152e96fb4811f5017a65b3314d1acb
SHA1: 1f08024ec70e86a716188b7d069b0c2d2f183e14
SHA256:d6f254480ea62cd1587c4bdd23736e4d3ad3773ae445fc5f5c3c8cfbe82ffa2a

Identifiers

  • cpe: cpe:/a:oniguruma_project:oniguruma:2.1.2  Confidence:Low  
  • maven: org.jruby.joni:joni:2.1.2  Confidence:High

netty-3.6.6.Final.jar

Description:

 
    The Netty project is an effort to provide an asynchronous event-driven
    network application framework and tools for rapid development of
    maintainable high performance and high scalability protocol servers and
    clients.  In other words, Netty is a NIO client server framework which
    enables quick and easy development of network applications such as protocol
    servers and clients. It greatly simplifies and streamlines network
    programming such as TCP and UDP socket server.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-hbase/netty-3.6.6.Final.jar
MD5: e7e3ab10dcbe07972afe68cfa1bfcabe
SHA1: e4e40738ce9bee0a92389cb739c94d7839778647
SHA256:8d9373e00c4e485cc9613c89fd7c05066c8be65adde8526474916a1bb1cc1797

Identifiers

CVE-2014-0193  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors 

WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames.

Vulnerable Software & Versions: (show all)

CVE-2014-3488  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer 

The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

Vulnerable Software & Versions: (show all)

CVE-2015-2156  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-20 Improper Input Validation 

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.

Vulnerable Software & Versions: (show all)

slf4j-api-1.6.4.jar

Description:

 The slf4j API

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-hbase/slf4j-api-1.6.4.jar
MD5: 75e1a2a3b84c59bf9d4f42de57a533b1
SHA1: 2396d74b12b905f780ed7966738bb78438e8371a
SHA256:367b909030f714ee1176ab096b681e06348f03385e98d1bce0ed801b5452357e

Identifiers

  • maven: org.slf4j:slf4j-api:1.6.4  Confidence:High
  • cpe: cpe:/a:slf4j:slf4j:1.6.4  Confidence:Low  

zookeeper-3.4.6.jar

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-hbase/zookeeper-3.4.6.jar
MD5: 7d01d317c717268725896cfb81b18152
SHA1: 01b2502e29da1ebaade2357cd1de35a855fa3755
SHA256:8a375a1ef98cbc0e1f6e9dfd0d96d914b74d37ad00b4bf81beb77fa8f34d33ae

Identifiers

CVE-2014-0085  

Severity:Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-255 Credentials Management 

JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.

Vulnerable Software & Versions: (show all)

CVE-2016-5017  

Severity:Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer 

Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string.

Vulnerable Software & Versions: (show all)

CVE-2017-5637  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors 

Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.

Vulnerable Software & Versions: (show all)

CVE-2018-8012  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-285 Improper Authorization 

No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.

Vulnerable Software & Versions: (show all)

commons-io-2.1.jar

Description:

 
        The Commons IO library contains utility classes, stream implementations, file filters, file comparators and endian classes.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-solr/commons-io-2.1.jar
MD5: 4854c2344aa182ad4f37976e83348aa0
SHA1: fd51f906669f49a4ffd06650666c3b8147a6106e
SHA256:88dff860b1983f9640979196a4dfd9ae6cddd4a88119c81ce3a61de2f28cc927

Identifiers

  • maven: commons-io:commons-io:2.1  Confidence:High

indexer-solr.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-solr/indexer-solr.jar
MD5: 4606795c34a426404abbc380186dbb4b
SHA1: 81728bfcc1226225d75300c0c8e6f01f474e6620
SHA256:8a8adb5251fc4bbdd56f78befd42228328bf454ca752c5d515a50e4d67f3789d

Identifiers

  • cpe: cpe:/a:apache:solr:-  Confidence:Low  

CVE-2012-6612  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.

Vulnerable Software & Versions: (show all)

CVE-2013-6397  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT.  NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.

Vulnerable Software & Versions: (show all)

CVE-2013-6407  

Severity:Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2013-6408  

Severity:Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.

Vulnerable Software & Versions: (show all)

CVE-2015-8795  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 

Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js.

Vulnerable Software & Versions:

CVE-2015-8796  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 

Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL.

Vulnerable Software & Versions:

CVE-2015-8797  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 

Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI.

Vulnerable Software & Versions:

CVE-2017-3163  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.

Vulnerable Software & Versions: (show all)

slf4j-api-1.6.6.jar

Description:

 The slf4j API

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/indexer-solr/slf4j-api-1.6.6.jar
MD5: 17ba6715f5defd50b2e781201f57b408
SHA1: ce53b0a0e2cfbb27e8a59d38f79a18a5c6a8d2b0
SHA256:43456b2ee31529a9c512d581e53e285c65feddec204a2c146945e032b07810ba

Identifiers

  • maven: org.slf4j:slf4j-api:1.6.6  Confidence:High
  • cpe: cpe:/a:slf4j:slf4j:1.6.6  Confidence:Low  

jsoup-1.10.2.jar

Description:

 jsoup is a Java library for working with real-world HTML. It provides a very convenient API for extracting and manipulating data, using the best of DOM, CSS, and jquery-like methods. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do.

License:

The MIT License: https://jsoup.org/license
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/jsoup-extractor/jsoup-1.10.2.jar
MD5: 36145fee38e79b81035787f1be296a52
SHA1: 33ee82e324f4b1e40167f3dc5e01234a1c5cab61
SHA256:6ebe6abd7775c10a49407ae22db45c840cd2cdaf715866a5b0b5af70941c3f4a

Identifiers

  • cpe: cpe:/a:jsoup:jsoup:1.10.2  Confidence:Low  
  • maven: org.jsoup:jsoup:1.10.2  Confidence:High

jsoup-extractor.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/jsoup-extractor/jsoup-extractor.jar
MD5: 581b50456564cdea2b32ae0fd909b165
SHA1: d92fe7bbd33866544f42746195415dbce0b25ecc
SHA256:530e01b145a344c51adf704b36833693e4c1c52833a06ab5bb0d57d1c8a64e0d

Identifiers

  • cpe: cpe:/a:jsoup:jsoup:-  Confidence:Low  

CVE-2015-6748  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 

Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3.

Vulnerable Software & Versions:

language-identifier.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/language-identifier/language-identifier.jar
MD5: 3a0409effc14dfebafaea58919de1126
SHA1: bcbbc2df39abfa751455fd23e2cf4c51da07b5bf
SHA256:ebdead330badccc890a83ba6d172abb3ba7b8e562031d80c5975eca24f442f8f

Identifiers

  • None

lib-http.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/lib-http/lib-http.jar
MD5: b51154c27f3f7bd3c1de94179e10fa9f
SHA1: be359b59bb77a6eaa65402a681dfdf5781a3661e
SHA256:4a57cab95d11b39640034f93c8d36ae06a1d1ad7727281d758e8fd0fa2bf5909

Identifiers

  • None

nekohtml-1.9.19.jar

Description:

 An HTML parser and tag balancer.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/lib-nekohtml/nekohtml-1.9.19.jar
MD5: 62aa02563ef8a3e0aaafe0f9cefa4d38
SHA1: 8a49406347d345bade1e6152e05e5f4dcbf7def5
SHA256:c60dd5e2e6fe77c715bb12b82358aaf94ab7687b7565d197a98e79c128517bc3

Identifiers

lib-regex-filter.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/lib-regex-filter/lib-regex-filter.jar
MD5: 77b10d1a3032fd3799bbf51224191788
SHA1: 75b2c4b7b2e8cb10c6065c20454910a5535b9b81
SHA256:a887aec760e29dc59ac4a2bf54a8467396d6bcc9e957481d0cf35ee17df87ef6

Identifiers

  • None

jaxen-1.1.1.jar

Description:

 Jaxen is a universal Java XPath engine.

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/lib-xml/jaxen-1.1.1.jar
MD5: 261d1aa59865842ecc32b3848b0c6538
SHA1: 9f5d3c5974dbe5cf69c2c2ec7d8a4eb6e0fce7f9
SHA256:160958f42f60fff817d6c0b1b02fd9284b3f0fcb46e61d38866f65b7af4d329d

Identifiers

lib-xml.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/lib-xml/lib-xml.jar
MD5: 967eb986592109dffe4ff17786ef2869
SHA1: 0202dc22cce86640920486ea2605c0e16e1cfe44
SHA256:346e9eab58adfe9b456dcc4c3ac853f5d86bfee8e66798107cad430303184097

Identifiers

  • None

microformats-reltag.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/microformats-reltag/microformats-reltag.jar
MD5: 1f76deab4516dbe2a401009c6fd81817
SHA1: 58bdd6a819ae063423a5387cd2fd745060506681
SHA256:564de25c57ec999579e8c4079a8c66e6375e878452fe09286519806fd5b43b69

Identifiers

  • None

nutch-extensionpoints.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/nutch-extensionpoints/nutch-extensionpoints.jar
MD5: 5491c59c46c19fe3741a4f14083a4f32
SHA1: 7f054ea0494f4d2b719b528a88151f3df4a9e66e
SHA256:582299a71ab2edb2eae2a7ef2c5e0520bceac9b3bff98107a2a70e6a811f9332

Identifiers

  • None

parse-html.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-html/parse-html.jar
MD5: 5439e0c7825afa1b65eaa93a7b4a80d3
SHA1: 7363a8bc9d939e057e004c7a74186b7a87562cea
SHA256:9ca041e1e6cfb172a02fcddb699ef325a31dee87f0f44ccec33797e3fd03b1fc

Identifiers

  • None

tagsoup-1.2.jar

Description:

 TagSoup is a SAX-compliant parser written in Java that, instead of parsing well-formed or valid XML, parses HTML as it is found in the wild: poor, nasty and brutish, though quite often far from short. TagSoup is designed for people who have to process this stuff using some semblance of a rational application design. By providing a SAX interface, it allows standard XML tools to be applied to even the worst HTML. TagSoup also includes a command-line processor that reads HTML files and can generate either clean HTML or well-formed XML that is a close approximation to XHTML.

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-html/tagsoup-1.2.jar
MD5: b11b44149277505c8eea5fc60e9c81d5
SHA1: 639fd364750d7363c85797dc944b4a80f78fa684
SHA256:10d12b82c9a58a7842765a1152a56fbbd11eac9122a621f5a86a087503297266

Identifiers

parse-js.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-js/parse-js.jar
MD5: f0b046ce4e9408a2a7a65d77558796d6
SHA1: 443a9d25b5f85299b791e4b9e107f3a8711b96fe
SHA256:c34225b58abd61069a9015984feac662ee8877d8d89e1ae4e98df49e702a712d

Identifiers

  • None

parse-metatags.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-metatags/parse-metatags.jar
MD5: 75abb75797e656d87869d16f6df7e425
SHA1: 410d497f0ec82be2f0b8a639345b016a17755685
SHA256:80393a3fb00ad82e2dc44b3ccf9da446d550f875e3509ae59fc37609c1a09d42

Identifiers

  • None

apache-mime4j-core-0.7.2.jar

Description:

 Java stream based MIME message parser

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/apache-mime4j-core-0.7.2.jar
MD5: 88f799546eca803c53eee01a4ce5edcd
SHA1: a81264fe0265ebe8fd1d8128aad06dc320de6eef
SHA256:4d7434c68f94b81a253c12f28e6bbb4d6239c361d6086a46e22e594bb43ac660

Identifiers

  • maven: org.apache.james:apache-mime4j-core:0.7.2  Confidence:High
  • cpe: cpe:/a:apache:james:0.7.2  Confidence:Low  

asm-debug-all-4.1.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/asm-debug-all-4.1.jar
MD5: 6c3a8842f484dd3d620002b361e3610e
SHA1: dd6ba5c392d4102458494e29f54f70ac534ec2a2
SHA256:c0f582e1eb589315a62939197116b24412c5f4386c5b78aee7b017a4532312ba

Identifiers

aspectjrt-1.8.0.jar

Description:

 The runtime needed to execute a program using AspectJ

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/aspectjrt-1.8.0.jar
MD5: 038daf8a4723e6f34cdd2cad7e023e4f
SHA1: 302d0fe0abba26bbf5f31c3cd5337b3125c744e3
SHA256:946978e12c8431fdbd046633d5e9675329c2ea0ab92cad3402f1fe1f8478950d

Identifiers

bcmail-jdk15on-1.52.jar

Description:

 The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed.

License:

Bouncy Castle Licence: http://www.bouncycastle.org/licence.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/bcmail-jdk15on-1.52.jar
MD5: 858597d61d2398a895c612f9df913dae
SHA1: 4995a870400e1554d1c7ed2afcb5d198fae12db9
SHA256:343554ee6432655cab672a0e95bcb1ec929ebd9fe8839fce95d5a91aafbc4e6c

Identifiers

bcpkix-jdk15on-1.52.jar

Description:

 The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.

License:

Bouncy Castle Licence: http://www.bouncycastle.org/licence.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/bcpkix-jdk15on-1.52.jar
MD5: 72104264eec0fd299cca4b07eada5d5b
SHA1: b8ffac2bbc6626f86909589c8cc63637cc936504
SHA256:8e8e9ac258051ec8d6f7f1128d0ddec800ed87b14e7a55023d0f2850b8049615

Identifiers

bcprov-jdk15on-1.52.jar

Description:

 The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.

License:

Bouncy Castle Licence: http://www.bouncycastle.org/licence.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/bcprov-jdk15on-1.52.jar
MD5: 873ac611cb0d7160c0a3d30eee964454
SHA1: 88a941faf9819d371e3174b5ed56a3f3f7d73269
SHA256:0dc4d181e4d347893c2ddbd2e6cd5d7287fc651c03648fa64b2341c7366b1773

Identifiers

  • cpe: cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.52  Confidence:Low  
  • maven: org.bouncycastle:bcprov-jdk15on:1.52   Confidence:Highest
  • cpe: cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.52  Confidence:Low  

boilerpipe-1.1.0.jar

Description:

 The boilerpipe library provides algorithms to detect and remove the surplus "clutter" (boilerplate, templates) around the main textual content of a web page.

The library already provides specific strategies for common tasks (for example: news article extraction) and may also be easily extended for individual problem settings.

Extracting content is very fast (milliseconds), just needs the input document (no global or site-level information required) and is usually quite accurate.

Boilerpipe is a Java library written by Christian Kohlschütter. It is released under the Apache License 2.0.

The algorithms used by the library are based on (and extending) some concepts of the paper "Boilerplate Detection using Shallow Text Features" by Christian Kohlschütter et al., presented at WSDM 2010 -- The Third ACM International Conference on Web Search and Data Mining New York City, NY USA.

License:

Apache License 2.0
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/boilerpipe-1.1.0.jar
MD5: 0616568083786d0f49e2cb07a5d09fe4
SHA1: f62cb75ed52455a9e68d1d05b84c500673340eb2
SHA256:088203df4326c4dcc42cec1253a2b41e03dc8904984eae744543b48e2cc63846

Identifiers

bzip2-0.9.1.jar

Description:

 jbzip2 is a Java bzip2 compression/decompression library. It can be used as a replacement for the Apache CBZip2InputStream / CBZip2OutputStream classes.

License:

MIT License (MIT): http://opensource.org/licenses/mit-license.php
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/bzip2-0.9.1.jar
MD5: ddd5eb3a035655cbbb536e9b86907a00
SHA1: 47ca95f71e3ccae756c4a24354d48069c58f475c
SHA256:865a7a13dd33ef0388f675993adaf4c6f95632ba80d609d42e9d42e6343aae77

Identifiers

CVE-2005-1260  

Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").

Vulnerable Software & Versions:

CVE-2010-0405  

Severity:Medium
CVSS Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
CWE: CWE-189 Numeric Errors 

Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.

Vulnerable Software & Versions: (show all)

CVE-2011-4089  

Severity:Medium
CVSS Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls 

The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.

Vulnerable Software & Versions: (show all)

c3p0-0.9.1.1.jar

Description:

 
    c3p0 is an easy-to-use library for augmenting traditional (DriverManager-based) JDBC drivers with JNDI-bindable DataSources,
    including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 std extension.

License:

GNU LESSER GENERAL PUBLIC LICENSE: http://www.gnu.org/licenses/lgpl.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/c3p0-0.9.1.1.jar
MD5: 640c58226e7bb6beacc8ac3f6bb533d1
SHA1: 302704f30c6e7abb7a0457f7771739e03c973e80
SHA256:a3c772033d43c85f2635596e2421496d55840abbde64ad64b8d0298cacbba466

Identifiers

cdm-4.5.5.jar

Description:

 
    The NetCDF-Java Library is a Java interface to NetCDF files,
    as well as to many other types of scientific data formats.

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/cdm-4.5.5.jar
MD5: 7770c86aabbd0ec5e12ed1f0600d5492
SHA1: af1748a3d024069cb7fd3fc2591efe806c914589
SHA256:74ea183cda0f7aa06fae2f3cfa8c3c6c64d013ce8cb87bde4a06de6676eacfdb

Identifiers

  • maven: edu.ucar:cdm:4.5.5  Confidence:High

commons-codec-1.9.jar

Description:

 
     The Apache Commons Codec package contains simple encoder and decoders for
     various formats such as Base64 and Hexadecimal.  In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/commons-codec-1.9.jar
MD5: 75615356605c8128013da9e3ac62a249
SHA1: 9ce04e34240f674bc72680f8b843b1457383161a
SHA256:ad19d2601c3abf0b946b5c3a4113e226a8c1e3305e395b90013b78dd94a723ce

Identifiers

  • maven: commons-codec:commons-codec:1.9  Confidence:High

commons-compress-1.9.jar

Description:

 
Apache Commons Compress software defines an API for working with
compression and archive formats.
These include: bzip2, gzip, pack200, lzma, xz, Snappy, traditional
Unix Compress, DEFLATE and ar, cpio, jar, tar, zip, dump, 7z, arj.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/commons-compress-1.9.jar
MD5: 6c9ce8534b9e4c17e5dea7a97425245c
SHA1: cc18955ff1e36d5abd39a14bfe82b19154330a34
SHA256:b8e0a1700023359a2b4d9f04b9287d7b9aa200f4feac1079812337eef2dcb8e2

Identifiers

  • maven: org.apache.commons:commons-compress:1.9  Confidence:High
  • cpe: cpe:/a:apache:commons-compress:1.9  Confidence:Low  

commons-csv-1.0.jar

Description:

 
The Apache Commons CSV library provides a simple interface for reading and writing
CSV files of various types.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/commons-csv-1.0.jar
MD5: eb687d26cfef4382d01f28d5d5c2ad13
SHA1: 8a0796ad6541a144eb1c00b93e06fbac03a9f313
SHA256:ef368c9fa003963da78399b8f5a41ddfbef6b206f505f52293005730d87e7295

Identifiers

  • maven: org.apache.commons:commons-csv:1.0  Confidence:High

commons-exec-1.3.jar

Description:

 Apache Commons Exec is a library to reliably execute external processes from within the JVM.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/commons-exec-1.3.jar
MD5: 8bb8fa2edfd60d5c7ed6bf9923d14aa8
SHA1: 8dfb9facd0830a27b1b5f29f84593f0aeee7773b
SHA256:cb49812dc1bfb0ea4f20f398bcae1a88c6406e213e67f7524fb10d4f8ad9347b

Identifiers

  • maven: org.apache.commons:commons-exec:1.3  Confidence:High

commons-logging-api-1.1.jar

Description:

 Commons Logging is a thin adapter allowing configurable bridging to other,
    well known logging systems.

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/commons-logging-api-1.1.jar
MD5: 4374238076ab08e60e0d296234480837
SHA1: 7d4cf5231d46c8524f9b9ed75bb2d1c69ab93322
SHA256:33a4dd47bb4764e4eb3692d86386d17a0d9827f4f4bb0f70121efab6bc03ba35

Identifiers

commons-vfs2-2.0.jar

Description:

 VFS is a Virtual File System library.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/commons-vfs2-2.0.jar
MD5: a2cabc6a91a9de9e3d5d460b06d65b45
SHA1: b5af3b9c96b060d77c68fa5ac9384b402dd58013
SHA256:5af37bc47f6bcce94e740b9793115ff135dda54f9ccf98e057938c2c98765f4d

Identifiers

  • maven: org.apache.commons:commons-vfs2:2.0  Confidence:High

ehcache-core-2.6.2.jar

Description:

 This is the ehcache core module. Pair it with other modules for added functionality.

License:

The Apache Software License, Version 2.0: src/assemble/EHCACHE-CORE-LICENSE.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/ehcache-core-2.6.2.jar
MD5: b6abecd2c01070700a9001b33b94b3f4
SHA1: 3baecd92015a9f8fe4cf51c8b5d3a5bddcdd3e86
SHA256:df61f1a1724aa674d922dce21965b907df8f77e730679ae1abe92679390a2fd6

Identifiers

  • maven: net.sf.ehcache:ehcache-core:2.6.2  Confidence:High

fontbox-1.8.10.jar

Description:

 
    The Apache FontBox library is an open source Java tool to obtain low level information
    from font files. FontBox is a subproject of Apache PDFBox.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/fontbox-1.8.10.jar
MD5: 010dcae8a1d4d9b1623d6c37ee228f6e
SHA1: 41776c7713e3f3a1ce688bd96459fc597298c340
SHA256:d0e866da54a51ed732487d4019b813102e554741ee1a9eea4a1f5d10fadc03c6

Identifiers

CVE-2016-2175  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.

Vulnerable Software & Versions: (show all)

CVE-2018-8036  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors 

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.

Vulnerable Software & Versions: (show all)

geoapi-3.0.0.jar

Description:

 

The development community in building GIS solutions is sustaining an enormous level
 of effort. The GeoAPI project aims to reduce duplication and increase interoperability
 by providing neutral, interface-only APIs derived from OGC/ISO Standards.

License:

https://geoapi.svn.sourceforge.net/svnroot/geoapi/branches/3.0.x/LICENSE.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/geoapi-3.0.0.jar
MD5: 97b6baee0cf3402e8360203bf6c23b3f
SHA1: 0a04e0f361627fb33a140b5aa4c019741f905577
SHA256:95e171231c72d16ee60ca309456a72a5c774a657c5700f6fc6f50a7babf4731a

Identifiers

  • maven: org.opengis:geoapi:3.0.0  Confidence:High

grib-4.5.5.jar

Description:

 
    Decoder for the GRIB format.

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/grib-4.5.5.jar
MD5: 0cb80276d8ea89cacc1d5632dbf39fe9
SHA1: cfe552910e9a8d57ce71134796abb281a74ead16
SHA256:1e0492135f421f554c4651a95225f27f2a3230e993329f69348110f8521c32d9

Identifiers

  • maven: edu.ucar:grib:4.5.5  Confidence:High

guava-11.0.2.jar

Description:

 
    Guava is a suite of core and expanded libraries that include
    utility classes, google's collections, io classes, and much
    much more.

    This project is a complete packaging of all the Guava libraries
    into a single jar.  Individual portions of Guava can be used
    by downloading the appropriate module and its dependencies.

    Guava (complete) has only one code dependency - javax.annotation,
    per the JSR-305 spec.

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/guava-11.0.2.jar
MD5: bed5977336ea1279d2bad3bb258dc8c3
SHA1: 35a3c69e19d72743cac83778aecbee68680f63eb
SHA256:e144a0ec7f5139c58d4f3729ccfb4240f9c576a1aa43790e4090e09316129ee1

Identifiers

  • maven: com.google.guava:guava:11.0.2  Confidence:High

httpservices-4.5.5.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/httpservices-4.5.5.jar
MD5: c5207827b8b7e6045b2af7e1e8c5b1d4
SHA1: ee5f217be599e5e03f7f0e55e03f9e721a154f62
SHA256:8334da7adc9ed7a7b941a780f4d22054f8a11d03973be83ae8399400d55300e4

Identifiers

  • maven: edu.ucar:httpservices:4.5.5  Confidence:High

isoparser-1.0.2.jar

Description:

 A generic parser and writer for all ISO 14496 based files (MP4, Quicktime, DCF, PDCF, ...)

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/isoparser-1.0.2.jar
MD5: ea67895a456476d6848a13b41a843bd0
SHA1: 6d9a5c5814ec67178dd1d5a25bae874d4697a5b8
SHA256:151674d83665bbf39240531d8c8ae506747811d4766cb1d2d3962d294f9d7957

Identifiers

  • maven: com.googlecode.mp4parser:isoparser:1.0.2  Confidence:High
  • cpe: cpe:/a:boxes_project:boxes:1.0.2  Confidence:Low  

jackcess-2.1.2.jar

Description:

 A pure Java library for reading from and writing to MS Access databases.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/jackcess-2.1.2.jar
MD5: 08f01ae3bb03c73d29954d4b23e43fac
SHA1: b7f61fbb78919cb851868ce177d8fe626a6b4370
SHA256:785df69c67240a90d31228ef1a018ba5b733102d9696266ba4cd73544bdb94b3

Identifiers

  • maven: com.healthmarketscience.jackcess:jackcess:2.1.2  Confidence:High

jackcess-encrypt-2.1.0.jar

Description:

 An add-on to the Jackcess library for handling encryption in MS Access files.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/jackcess-encrypt-2.1.0.jar
MD5: be37c31ae7f40b2a1c5f470db6879189
SHA1: 84160bd02d773d42acdfb165b84cce227c006bc9
SHA256:425066fc931cdfdcf2a3f478a808c9006f98c044a8d14e086c1c7aa8bcf661ec

Identifiers

  • maven: com.healthmarketscience.jackcess:jackcess-encrypt:2.1.0  Confidence:High

java-libpst-0.8.1.jar

Description:

 A library to read PST files with java, without need for external libraries.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/java-libpst-0.8.1.jar
MD5: 6be27662e0b06154e5f05938937d16b7
SHA1: ad31986653dac9cb5132ea5b2999c20b4b286255
SHA256:a3f7b3c934f477b0fc3c0eadebc3d24872bbebc3ac5a22ab575e5f476ea34757

Identifiers

  • maven: com.pff:java-libpst:0.8.1  Confidence:High

jcip-annotations-1.0.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/jcip-annotations-1.0.jar
MD5: 9d5272954896c5a5d234f66b7372b17a
SHA1: afba4942caaeaf46aab0b976afd57cc7c181467e
SHA256:be5805392060c71474bf6c9a67a099471274d30b83eef84bfc4e0889a4f1dcc0

Identifiers

jcommander-1.35.jar

Description:

 A Java framework to parse command line options with annotations.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/jcommander-1.35.jar
MD5: 90216444fab67357c5bdf3293b47107e
SHA1: 47592e181b0bdbbeb63029e08c5e74f6803c4edd
SHA256:019c12fec1ce5c02cbabb150f6ac8a86d92a0ecc9c89a549e5537283e863000c

Identifiers

  • maven: com.beust:jcommander:1.35  Confidence:High

jdom-1.0.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/jdom-1.0.jar
MD5: 0b8f97de82fc9529b1028a77125ce4f8
SHA1: a2ac1cd690ab4c80defe7f9bce14d35934c35cec
SHA256:3b23bc3979aec14a952a12aafc483010dc57579775f2ffcacef5256a90eeda02

Identifiers

jdom2-2.0.4.jar

Description:

 
		A complete, Java-based solution for accessing, manipulating, 
		and outputting XML data

License:

Similar to Apache License but with the acknowledgment clause removed: https://raw.github.com/hunterhacker/jdom/master/LICENSE.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/jdom2-2.0.4.jar
MD5: e51c9485a3a38525a7df4bd25a05dec6
SHA1: 4b65e55cc61b34bc634b25f0359d1242e4c519de
SHA256:ca379b0ad57499c9d35066b7018ce868a225db9c8d2143eeb31cc8e396b2919c

Identifiers

jempbox-1.8.10.jar

Description:

 
    The Apache JempBox library is an open source Java tool that implements Adobe's XMP(TM)
    specification. JempBox is a subproject of Apache PDFBox.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/jempbox-1.8.10.jar
MD5: 903a0f2729626ce8fa0d74566732a738
SHA1: 40df4e4ca884aadc20b82d5abd0a3679774c55a6
SHA256:6b246dcc8c38c0f9f2c5608198fa55c7edff9bc76abf7ffca9be81ebdf918981

Identifiers

CVE-2016-2175  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.

Vulnerable Software & Versions: (show all)

CVE-2018-8036  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors 

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.

Vulnerable Software & Versions: (show all)

jhighlight-1.0.2.jar

Description:

 
    JHighlight is an embeddable pure Java syntax highlighting
    library that supports Java, HTML, XHTML, XML and LZX
    languages and outputs to XHTML.
    
    It also supports RIFE templates tags and highlights them
    clearly so that you can easily identify the difference
    between your RIFE markup and the actual marked up source.

License:

CDDL, v1.0: http://www.opensource.org/licenses/cddl1.php
LGPL, v2.1 or later: http://www.opensource.org/licenses/lgpl-license.php
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/jhighlight-1.0.2.jar
MD5: 867f23891848a72f1284ff3aaf18d94e
SHA1: 992a8a8add10468930efc1f110f2895f68258a1e
SHA256:db48fddb05ece10834158e62b2d272eb3fdcb8cb1dd3482f3aebf5cc7065ca1e

Identifiers

  • maven: org.codelibs:jhighlight:1.0.2  Confidence:High

jj2000-5.2.jar

Description:

 Fork of jpeg2k code from https://code.google.com/p/jj2000/. 
		This is a dependency for support of compression in Grib2 files in netCDF-java and TDS.
		We welcome bug fixes and other contributions to this code.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/jj2000-5.2.jar
MD5: 61bc76a853403e6566975699194ab981
SHA1: b857c9bdf12fe17d8ef98218eaa39e6a0c6ff493
SHA256:da2a8d287a2c1f724560841108fdb4af25648a6352474c5a269e8e14080b1919

Identifiers

  • maven: edu.ucar:jj2000:5.2  Confidence:High

jmatio-1.0.jar

Description:

 
        Matlab's MAT-file I/O API in JAVA. Supports Matlab 5 MAT-flie format reading and writing. Written in pure JAVA.

License:

BSD: http://www.linfo.org/bsdlicense.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/jmatio-1.0.jar
MD5: 43be2be98c772ac63fb9d7c958fed6ca
SHA1: df72993ea17d34c3bacd983558d2970a866abaf6
SHA256:ce61d45b2a8669f65cbf9df1a4520439e5b18c7721fe5d823588bb12441ab1b5

Identifiers

  • maven: net.sourceforge.jmatio:jmatio:1.0  Confidence:High

jna-4.1.0.jar

Description:

 Java Native Access

License:

LGPL, version 2.1: http://www.gnu.org/licenses/licenses.html
ASL, version 2: http://www.apache.org/licenses/
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/jna-4.1.0.jar
MD5: b0e08c9936dc52aa40439c71fcad6297
SHA1: 1c12d070e602efd8021891cdd7fd18bc129372d4
SHA256:1aa37e9ea6baa0ee152d89509f758f0847eac66ec179b955cafe0919e540a92e

Identifiers

joda-time-2.2.jar

Description:

 Date and time library to replace JDK date handling

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/joda-time-2.2.jar
MD5: 226f5207543c490f10f234e82108b998
SHA1: a5f29a7acaddea3f4af307e8cf2d0cc82645fd7d
SHA256:e5183ca131f7195bde5b27e4cd18deeb6d14f8bc5c483b1431421132927240af

Identifiers

  • maven: joda-time:joda-time:2.2  Confidence:High

json-simple-1.1.1.jar

Description:

 A simple Java toolkit for JSON

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/json-simple-1.1.1.jar
MD5: 5cc2c478d73e8454b4c369cee66c5bc7
SHA1: c9ad4a0850ab676c5c64461a05ca524cdfff59f1
SHA256:4e69696892b88b41c55d49ab2fdcc21eead92bf54acc588c0050596c3b75199c

Identifiers

  • maven: com.googlecode.json-simple:json-simple:1.1.1  Confidence:High

jsoup-1.7.2.jar

Description:

 jsoup HTML parser

License:

The MIT License: http://jsoup.com/license
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/jsoup-1.7.2.jar
MD5: 06cca626f92fca16f8d2dd9994ff9ab0
SHA1: d7e275ba05aa380ca254f72d0c0ffebaedc3adcf
SHA256:bdd2f2b281dae829915fbd1802c09269f7f5add5a886242eaa0d1ae362d329cc

Identifiers

  • cpe: cpe:/a:jsoup:jsoup:1.7.2  Confidence:Low  
  • maven: org.jsoup:jsoup:1.7.2  Confidence:High

CVE-2015-6748  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 

Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3.

Vulnerable Software & Versions:

jsr-275-0.9.3.jar

Description:

 
    JSR-275 specifies Java packages for the programmatic handling
    of physical quantities and their expression as numbers of units.

License:

Specification License: LICENSE.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/jsr-275-0.9.3.jar
MD5: e7a135baa55ec464055d75e4fd4d6b6f
SHA1: ab2fb094fc5297ae5636ef6ed0d6051d5a656588
SHA256:bab7f6456c79790362b0669aab20d511d3ad99dc22e020bafb5a708f2b18d78e

Identifiers

  • maven: javax.measure:jsr-275:0.9.3  Confidence:High

junrar-0.7.jar

Description:

 rar decompression library in plain java

License:

UnRar License: https://raw.github.com/junrar/junrar/master/license.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/junrar-0.7.jar
MD5: 75a215b9e921044cd2c88e73f6cb9745
SHA1: 18cc717b85af0b12ba922abf415c2ff4716f8219
SHA256:7c764fa1af319b98ff452189ab31bb722ea74ed7a52b17b0c6282249c10a61fc

Identifiers

  • maven: com.github.junrar:junrar:0.7  Confidence:High

jwnl-1.3.3.jar

Description:

 
  	JWNL is an API for accessing WordNet-style relational dictionaries. It also provides 
  	functionality beyond data access, such as relationship discovery and morphological 
  	processing.

License:

BSD 3-Clause License: http://jwordnet.svn.sourceforge.net/svnroot/jwordnet/trunk/jwnl/license.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/jwnl-1.3.3.jar
MD5: 5332f834387eddf0206a48ba65b1e792
SHA1: 7108e5b6a8875fe0488d942238575407c7ab8649
SHA256:3d0d84238717727ed66aa339907c2456e08d5dd01e1aa243f5d92811581c5830

Identifiers

maven-scm-api-1.4.jar

Description:

 The SCM API provides mechanisms to manage all SCM tools.

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/maven-scm-api-1.4.jar
MD5: bc840a6620ec3d3c56ce58b10076cef4
SHA1: e294693ce217bd6f470b728127854e6ca787fd29
SHA256:8603b43b7f6cd3d11785acd9f2d507ab6bdccda5cbd2c316a23979e7822fe64f

Identifiers

  • maven: org.apache.maven.scm:maven-scm-api:1.4  Confidence:High

maven-scm-provider-svn-commons-1.4.jar

Description:

 Common library for SCM SVN Provider.

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/maven-scm-provider-svn-commons-1.4.jar
MD5: 09e3cb24fa48c3d6427e1d2b79b42d26
SHA1: 54bc1dc24c5d205b4d251a83f4ea63808c21a628
SHA256:dfce4e5f3e5273df241f1848eaa7c18d73de766f127d4a6b5727193c4c30d40d

Identifiers

  • maven: org.apache.maven.scm:maven-scm-provider-svn-commons:1.4  Confidence:High

maven-scm-provider-svnexe-1.4.jar

Description:

 Executable library for SCM SVN Provider.

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/maven-scm-provider-svnexe-1.4.jar
MD5: 6624c9c3324f88619205c2b8c60e583b
SHA1: b3213b40157b701ba079b738baac391e41418c18
SHA256:03580d8d7f8c0061bc784aaccdb9460c3dbd8a31c1944453fa30a98e2bd7d36d

Identifiers

  • maven: org.apache.maven.scm:maven-scm-provider-svnexe:1.4  Confidence:High

metadata-extractor-2.8.0.jar

Description:

 Java library for extracting EXIF, IPTC, XMP, ICC and other metadata from image files.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/metadata-extractor-2.8.0.jar
MD5: ad99c1e862666b05723da6d952d4df41
SHA1: c771dba842e459b704081212c66182eb351728de
SHA256:cad026495cb5c5bd92f4daf6ad278cb1f4db1ec76ff05f1530e6bb701c486edc

Identifiers

  • cpe: cpe:/a:id:id-software:2.8.0  Confidence:Low  
  • maven: com.drewnoakes:metadata-extractor:2.8.0  Confidence:High

netcdf4-4.5.5.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/netcdf4-4.5.5.jar
MD5: 5f14df469295650fd65748a003c9ba56
SHA1: 0675d63ecc857c50dd50858011b670160aa30b62
SHA256:131e3983dcf001677be069a7471797a4a9ad2c9783e88db56e32506cf1039635

Identifiers

  • maven: edu.ucar:netcdf4:4.5.5  Confidence:High

opennlp-maxent-3.0.3.jar

Description:

 The Apache Software Foundation provides support for the Apache community of open-source software projects.    The Apache projects are characterized by a collaborative, consensus based development process, an open and    pragmatic software license, and a desire to create high quality software that leads the way in its field.    We consider ourselves not simply a group of projects sharing a server, but rather a community of developers    and users.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/opennlp-maxent-3.0.3.jar
MD5: 4fb8e129416ef5ef838d4aa77050d1bd
SHA1: 55e39e6b46e71f35229cdd6950e72d8cce3b5fd4
SHA256:6e99fa57b1f3645b4992ab3cfaa8b24abca0921cf2f575d63fca43cd84dd44e6

Identifiers

  • maven: org.apache.opennlp:opennlp-maxent:3.0.3  Confidence:High
  • cpe: cpe:/a:apache:opennlp:3.0.3  Confidence:Low  

opennlp-tools-1.5.3.jar

Description:

 The Apache Software Foundation provides support for the Apache community of open-source software projects.    The Apache projects are characterized by a collaborative, consensus based development process, an open and    pragmatic software license, and a desire to create high quality software that leads the way in its field.    We consider ourselves not simply a group of projects sharing a server, but rather a community of developers    and users.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/opennlp-tools-1.5.3.jar
MD5: 2cd1835ad00c26fc978b691b52563afd
SHA1: 826d34168b0e4870c9f599ed7f2b8fee4194ba3b
SHA256:5a7eae0b545ff517c8010440ccc4144cfcf83baac2b67a21a1af668e6022d5d2

Identifiers

CVE-2017-12620  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE') 

When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6.0, 1.7.0 to 1.7.2, 1.8.0 to 1.8.1 of Apache OpenNLP are affected.

Vulnerable Software & Versions: (show all)

parse-tika.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/parse-tika.jar
MD5: 51185e4c129f63d83d8fdaf0b6e58113
SHA1: 461cb552e2fea283143b18037b6b75dc27cf7ead
SHA256:a91434236ec5f45f64ea6b29500e12c65e16f7e89b5eeb89b3170301a902c592

Identifiers

  • cpe: cpe:/a:apache:tika:-  Confidence:Low  

CVE-2016-6809  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data 

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.

Vulnerable Software & Versions:

pdfbox-1.8.10.jar

Description:

 
        The Apache PDFBox library is an open source Java tool for working with PDF documents.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/pdfbox-1.8.10.jar
MD5: e597e15826739a22b262924f0f091a84
SHA1: bc5d1254495be36d0a3b3d6c35f88d05200b9311
SHA256:71a7d23980ca386719d2e8dce79735b2d1ca066a1b122ff3f6129824de2c984d

Identifiers

CVE-2016-2175  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.

Vulnerable Software & Versions: (show all)

CVE-2018-8036  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors 

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.

Vulnerable Software & Versions: (show all)

plexus-utils-1.5.6.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/plexus-utils-1.5.6.jar
MD5: d6070c2e77ca56adafa953215ddf744b
SHA1: 8fb6b798a4036048b3005e058553bf21a87802ed
SHA256:6990ec1b05c978c9940ebf7ec1b4dd911d16c524ee9f4a386a14ec0b07016ab4

Identifiers

poi-3.13-beta1.jar

Description:

 Apache POI - Java API To Access Microsoft Format Files

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/poi-3.13-beta1.jar
MD5: 2f25ed53588219bc3442428dd22a46db
SHA1: 98598dda21aba14833bc015d13eece2c0f49ca01
SHA256:b079a9950ddd151b34892866c6acb953fbe9bdb3639d5181b5198578a17df26e

Identifiers

CVE-2016-5000  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE') 

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions:

CVE-2017-5644  

Severity:High
CVSS Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)
CWE: CWE-399 Resource Management Errors 

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

Vulnerable Software & Versions:

quartz-2.2.0.jar

Description:

 Enterprise Job Scheduler

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
Apache Software License, Version 2.0
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/quartz-2.2.0.jar
MD5: 56d748f33fa07cb50c86eb72f53141b5
SHA1: 2eb16fce055d5f3c9d65420f6fc4efd3a079a3d8
SHA256:ad9fbd38399b2c5c5931b9a9161ca07ec5ba916b22f4292bd9791259c5c1f1d6

Identifiers

  • maven: org.quartz-scheduler:quartz:2.2.0  Confidence:High

regexp-1.3.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/regexp-1.3.jar
MD5: 6dcdc325850e40b843cac2a25fb2121e
SHA1: 973df2b78b67bcd3144c3dbbb88da691065a3f8d
SHA256:27998732ecd5745924644f891f41adaf73736fe259a0a20843979452574f0385

Identifiers

rome-0.9.jar

Description:

 All Roads Lead to ROME.
      ROME is a set of Atom/RSS Java utilities that make it easy to work in Java with most syndication formats.
      Today it accepts all flavors of RSS (0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0) and Atom 0.3 feeds.
      Rome includes a set of parsers and generators for the various flavors of feeds, as well as converters to convert from one format to another.
      The parsers can give you back Java objects that are either specific for the format you want to work with, or a generic normalized SyndFeed object that lets you work on with the data without bothering about the underlying format.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/rome-0.9.jar
MD5: 19589699b01c59ccb4d5e61e4c78b311
SHA1: dee2705dd01e79a5a96a17225f5a1ae30470bb18
SHA256:89f6d95a52afdf448e7b278738fe79189ae26c8bc67da78db3230af0dd0754bd

Identifiers

sis-metadata-0.5.jar

Description:

 
  
Implementations of metadata derived from ISO 19115. This module provides both an implementation
 of the metadata interfaces defined in GeoAPI, and a framework for handling those metadata through
 Java reflection.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/sis-metadata-0.5.jar
MD5: 6d9ccec08cffd1ce52be1f9b50260cfc
SHA1: 1bbd65e52d27b61c64944b9275c44ccd79f267a7
SHA256:57945d86f1755121de3f8f0361c23fc596be6bf4186342014a3f4f25f6417604

Identifiers

sis-netcdf-0.5.jar

Description:

 
  
Bridge between NetCDF Climate and Forecast (CF) convention and ISO 19115 metadata.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/sis-netcdf-0.5.jar
MD5: 58f26afee7da53fa9ce07ef08ce7f306
SHA1: 2b416e4506caebe7df6dd21b878dae888e0eea39
SHA256:eb76dc565d2d75a401ba3a49a651f4da807939cde8e09bcb3ec30c5642541bdc

Identifiers

sis-referencing-0.5.jar

Description:

 
  
Implementations of Coordinate Reference Systems (CRS),
 conversion and transformation services derived from ISO 19111.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/sis-referencing-0.5.jar
MD5: f63fe6facd76480205141db7d605f10a
SHA1: 377246c70fd858346fab8a0e554bed3b3cfcde70
SHA256:bcbf4ae0bcde58aacebc7d92b6293e6bffd2bb8523030adeadfeb5d17e14ca6e

Identifiers

sis-storage-0.5.jar

Description:

 
  
Provides the interfaces and base classes to be implemented by various storage formats.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/sis-storage-0.5.jar
MD5: 24b522892175ec483d4db474bcf7309f
SHA1: 29d1ea6422b68fbfe1f1702f122019ae376ee2c8
SHA256:246b0faad5a5bcd8eb5750f2cbc03e38577f641246856e8412c2e53ed0395379

Identifiers

sis-utility-0.5.jar

Description:

 
  
Miscellaneous utilities.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/sis-utility-0.5.jar
MD5: d6b7770eb395a8c4bc3bf84c99563119
SHA1: aaea81deda0e3c7ca2602e7fb9459bcc19894ecf
SHA256:0b912ef7ee6eebe8b20c4b0282a25a37cb744edf6cd9b4e8a09a8990488def9f

Identifiers

slf4j-api-1.7.12.jar

Description:

 The slf4j API

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/slf4j-api-1.7.12.jar
MD5: 68910bf95dbcf90ce5859128f0f75d1e
SHA1: 8e20852d05222dc286bf1c71d78d0531e177c317
SHA256:0aee9a77a4940d72932b0d0d9557793f872e66a03f598e473f45e7efecdccf99

Identifiers

  • cpe: cpe:/a:slf4j:slf4j:1.7.12  Confidence:Low  
  • maven: org.slf4j:slf4j-api:1.7.12  Confidence:High

tagsoup-1.2.1.jar

Description:

 TagSoup is a SAX-compliant parser written in Java that, instead of parsing well-formed or valid XML, parses HTML as it is found in the wild: poor, nasty and brutish, though quite often far from short. TagSoup is designed for people who have to process this stuff using some semblance of a rational application design. By providing a SAX interface, it allows standard XML tools to be applied to even the worst HTML. TagSoup also includes a command-line processor that reads HTML files and can generate either clean HTML or well-formed XML that is a close approximation to XHTML.

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/tagsoup-1.2.1.jar
MD5: ae73a52cdcbec10cd61d9ef22fab5936
SHA1: 5584627487e984c03456266d3f8802eb85a9ce97
SHA256:ac97f7b4b1d8e9337edfa0e34044f8d0efe7223f6ad8f3a85d54cc1018ea2e04

Identifiers

tika-parsers-1.10.jar

Description:

 Apache Tika is a toolkit for detecting and extracting metadata and    structured text content from various documents using existing parser    libraries.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/tika-parsers-1.10.jar
MD5: d1eb2e0d4f4f74f72cde7fb2b0ec8242
SHA1: a8c3c882eaadbf26e9c3195ae19650a45de183a3
SHA256:8b08e6e83bd3e22bbd99be1e2697d7d52367ccd40415ae9993d6e367adc4bbdc

Identifiers

  • cpe: cpe:/a:apache:tika:1.10  Confidence:Highest  
  • maven: org.apache.tika:tika-parsers:1.10  Confidence:High

CVE-2016-6809  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data 

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.

Vulnerable Software & Versions:

CVE-2018-1338  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors 

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18.

Vulnerable Software & Versions: (show all)

CVE-2018-1339  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors 

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18.

Vulnerable Software & Versions: (show all)

udunits-4.5.5.jar

Description:

 The ucar.units Java package is for decoding and encoding
    formatted unit specifications (e.g. "m/s"), converting numeric values
    between compatible units (e.g. between "m/s" and "knot"), and for
    performing arithmetic operations on units (e.g. dividing one unit by
    another, raising a unit to a power).

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/udunits-4.5.5.jar
MD5: 025ffadf77de73601443c8262c995df0
SHA1: d8c8d65ade13666eedcf764889c69321c247f153
SHA256:fb641ad901d1526d53f2b13bc86baec703c57d58e6001cfa54ca7734c97fb30d

Identifiers

  • maven: edu.ucar:udunits:4.5.5  Confidence:High

vorbis-java-core-0.6.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/vorbis-java-core-0.6.jar
MD5: 724a557bf19d77f362b41f2796be158c
SHA1: 71deedbdfe6a1b0dcadd6c5ae335e3e9b427524c
SHA256:97924481cb27fc0fc6e5784d9d42ea5e21ada1ae703c88eb5d0bb8360b3b0b30

Identifiers

  • maven: org.gagravarr:vorbis-java-core:0.6  Confidence:High

vorbis-java-tika-0.6.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/vorbis-java-tika-0.6.jar
MD5: 9906a3a825381c64756962ebe99df47b
SHA1: be5b08ff4c45632975646f286a1d13e325bec59a
SHA256:3bb42a03241f6a30e11308d53bdb64de8785328862714e07bcd41c76edd63016

Identifiers

  • cpe: cpe:/a:apache:tika:0.6  Confidence:Highest  
  • cpe: cpe:/a:flac_project:flac:0.6  Confidence:Low  
  • maven: org.gagravarr:vorbis-java-tika:0.6  Confidence:High

CVE-2016-6809  

Severity:High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data 

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.

Vulnerable Software & Versions:

CVE-2017-6888  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors 

An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.

Vulnerable Software & Versions:

CVE-2018-1338  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors 

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18.

Vulnerable Software & Versions: (show all)

CVE-2018-1339  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors 

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18.

Vulnerable Software & Versions: (show all)

xmlbeans-2.6.0.jar

Description:

 XmlBeans main jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/xmlbeans-2.6.0.jar
MD5: 6591c08682d613194dacb01e95c78c2c
SHA1: 29e80d2dd51f9dcdef8f9ffaee0d4dc1c9bbfc87
SHA256:c77974359688b2823b48fa9a33da68559d64f8474441480d9df4f9e254332a96

Identifiers

xmpcore-5.1.2.jar

Description:

 
    The XMP Library for Java is based on the C++ XMPCore library
    and the API is similar.

License:

The BSD License: http://www.adobe.com/devnet/xmp/library/eula-xmp-library-java.html
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/xmpcore-5.1.2.jar
MD5: 0b2cf2a09d32abdedd17de864e93ad25
SHA1: 55615fa2582424e38705487d1d3969af8554f637
SHA256:0adcd63003aaff0a87b938f6accc2d890a2169c751a9b36881237f8546287090

Identifiers

protocol-file.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/protocol-file/protocol-file.jar
MD5: 3f26484ad5509f33e70507e0fc566194
SHA1: 7af15ecdbd291f612b7fc7838720ab1ae674269d
SHA256:f8c82c80b49ace7e45e140669cf759da1be019d4f1c4d8a9631feaba1c5e86f5

Identifiers

  • None

commons-net-1.2.2.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/protocol-ftp/commons-net-1.2.2.jar
MD5: 092ead7cc4989f3a14495f6006cf9d2f
SHA1: 57a100f070def45b3161783235df6ba8c610ba17
SHA256:4a0232e659088776082f3b0af0ba28bca9531bb5a92276abc0a5344635ad5928

Identifiers

protocol-ftp.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/protocol-ftp/protocol-ftp.jar
MD5: 4f7fac6823776bfc7b21f752581f7a24
SHA1: f22f2a0bbfff3f09776065fa030870c8ed096a2a
SHA256:d94b6f64ea580e3c5481b19046355d4c2db55c2ddebf62e57dab74d26ce0b91c

Identifiers

  • None

protocol-http.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/protocol-http/protocol-http.jar
MD5: 7dba65a228e8d12c24c70466fdb7a168
SHA1: a1dcc985b7bb2c9d51a9498aa6360fbff38c2962
SHA256:96bb1a5fcafcba443c682a26952134424dd3ac6df0ededf159102ad1565b229f

Identifiers

  • None

protocol-httpclient.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/protocol-httpclient/protocol-httpclient.jar
MD5: 96316f3ebc51f9bace0f6988b8a48559
SHA1: 6421b2b63f055b8948213d7b7d94032eeada6b68
SHA256:a3f03f3a8f0f10a5de231ca295d1f8fca80e62726087e8a5fae3f440bd9f11d7

Identifiers

  • cpe: cpe:/a:apache:httpclient:-  Confidence:Low  

jsch-0.1.41.jar

Description:

 JSch is a pure Java implementation of SSH2

License:

BSD: http://www.jcraft.com/jsch/LICENSE.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/protocol-sftp/jsch-0.1.41.jar
MD5: 5258a03131d0b0699e6371afa44891ce
SHA1: ddf7dd99e57004c9c871d35fd53943efef4bdb0e
SHA256:18b2333b33b78e8853f317c6e7361ace239c30d3f2c9bdd41723da8d9085d4ea

Identifiers

  • cpe: cpe:/a:jcraft:jsch:0.1.41  Confidence:Low  
  • maven: com.jcraft:jsch:0.1.41   Confidence:Highest

CVE-2016-5725  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 

Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.

Vulnerable Software & Versions:

protocol-sftp.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/protocol-sftp/protocol-sftp.jar
MD5: a72cf23be9ced0df077e0eb88b1cdc92
SHA1: 32344efff196e72c5b66e0f0ad65c23a117a118f
SHA256:70e50783531db769a316ca15345c4e2ccc8c1b639842cd86f4ad051f5a177fc7

Identifiers

  • None

scoring-link.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/scoring-link/scoring-link.jar
MD5: b517a0b9a3e0794d14049ffbf0b8b15f
SHA1: 4acaa5d5e88edfdc6c69a0cde947e015bdca26c5
SHA256:c1efdb612356bf1ff7b3ddea21165965dd39509dae2dbddbe3f1b41cd08081a8

Identifiers

  • None

scoring-opic.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/scoring-opic/scoring-opic.jar
MD5: c29b4a9c9b0da02bce6dfc51b9785150
SHA1: 6b45b7736b8ea3930aafe45b330ab2623f63aeba
SHA256:bef9f9bff6aa64d34f8a748893eb0f0c2c025ae3046defa8afab53b8423e8e53

Identifiers

  • None

subcollection.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/subcollection/subcollection.jar
MD5: b82c1ad15af3420e1d5c90f46c32267b
SHA1: e5df2de413b86d95003ac09122ff92f3757128b5
SHA256:1a22b589e9ff0956e8d74ff94a3b4b5106a3c02644486f3b78fc6676724bc4a3

Identifiers

  • None

tld.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/tld/tld.jar
MD5: 059e40effc86e03de9e4b4f6a1967d0e
SHA1: 5529768148b70f3597037c8c979a75dd3de085dd
SHA256:3a3081dadb931f6bba02eff790280fb72a67b8ad64435d07eb83191ac82fa9b7

Identifiers

  • None

automaton-1.11-8.jar

Description:

 A DFA/NFA (finite-state automata) implementation with
		Unicode alphabet (UTF16) and support for the standard regular
		expression operations (concatenation, union, Kleene star) and a number
		of non-standard ones (intersection, complement, etc.)

License:

BSD: http://www.opensource.org/licenses/bsd-license.php
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/urlfilter-automaton/automaton-1.11-8.jar
MD5: 3467dcbbba2fe68a4e07a5826988e034
SHA1: 6ebfa65eb431ff4b715a23be7a750cbc4cc96d0f
SHA256:a24475f6ccfe1cc7a4fe9e34e05ce687b0ce0c6e8cb781e0eced3b186482c61e

Identifiers

urlfilter-automaton.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/urlfilter-automaton/urlfilter-automaton.jar
MD5: 0f9aed027fec9ea84d7c78fcf0b64198
SHA1: 2692c0ba1b7c73b1de762412f1db6f3c006daffa
SHA256:e03af3bf3d5f71b9675e15eccec96b39fd0ac0baacc54bff7f50d4d8494c0584

Identifiers

  • None

urlfilter-domain.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/urlfilter-domain/urlfilter-domain.jar
MD5: 68e5d801c1f46623c6730cd492352fac
SHA1: 8bbcc85c347106c98955266e25eec6f7f4f5e1eb
SHA256:034b4299242acc32e355d89ac23a6d2cdda34a42b62a1f44c15cb2e419525899

Identifiers

  • None

urlfilter-prefix.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/urlfilter-prefix/urlfilter-prefix.jar
MD5: 59613c91a5bf728791b949fd3f107ead
SHA1: 379746262b6a619202db0a6cd4ae7701bbc0cd6c
SHA256:4c1b4af61857e755d5ee657550e2841dd2e87cb3a01fdc692f93dd3172eb71fe

Identifiers

  • None

urlfilter-regex.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/urlfilter-regex/urlfilter-regex.jar
MD5: ba4bc98103125651c04e0eae41441746
SHA1: a6f18dab3755d7792fe90b1fb89cd7f09c728561
SHA256:80e8c6c3795bf4c8405202209cf0e814e96bc0592b0e2fce8db257e860465d7a

Identifiers

  • None

urlfilter-suffix.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/urlfilter-suffix/urlfilter-suffix.jar
MD5: 95e25f1789c0b4f931717633b19a84ee
SHA1: 84627556b6087085569cd42206ecf87f580730f8
SHA256:8615592b4c6d1de478e046b307fa722e6d504d66464678bd0e243d646b443c11

Identifiers

  • None

urlfilter-validator.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/urlfilter-validator/urlfilter-validator.jar
MD5: 293ebd7f0fae3daad3bf8ba2e5fbae18
SHA1: 0b1a3ccb2d482c1cfadc9c1c4b27ad636b1f91f3
SHA256:7eb8041e52ed554403b229cd0a7f2d6e202e600bd7c74a65993a1a56395de3cc

Identifiers

  • None

urlnormalizer-basic.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/urlnormalizer-basic/urlnormalizer-basic.jar
MD5: 33aa32a908b82ad1230a9d433f2a4e3e
SHA1: 88e5b2194ea8800b237e2bf925b60dff8891504b
SHA256:4ef12a339468564db921c3c28b0217857fd354995725a5d537b81bcda1e0bd4f

Identifiers

  • None

urlnormalizer-pass.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/urlnormalizer-pass/urlnormalizer-pass.jar
MD5: dd568a8da7f999487b29bc52b3199520
SHA1: 16f9cdb3cba71b22890e7b2e33f5e76e76bf8f45
SHA256:266d4c5c28bdc6481ffeff5f7de3b75d037ae14a2e27fe35a27e5ff9cc88848c

Identifiers

  • None

urlnormalizer-regex.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/urlnormalizer-regex/urlnormalizer-regex.jar
MD5: 04b655c2d6e8711cb1d4dbfbdc9f80f7
SHA1: 9d0f1b2e12778228377fa1d56bf593ef85733e8e
SHA256:42cdb6f5b90339253266b96caeeae520868f3588e5025792b8835c4fb4fe3160

Identifiers

  • None

leveldbjni-all-1.8.jar: leveldbjni.dll

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/leveldbjni-all-1.8.jar/META-INF/native/windows32/leveldbjni.dll
MD5: 551b9310a9ed358359296a89715df2f4
SHA1: bba450e93688b872b3fcaa31e8457950e97d8429
SHA256:3cf3f6284f99acad369a15f0b4eca8e0dec2b0342651c519e4665570da8a68ee

Identifiers

  • None

leveldbjni-all-1.8.jar: leveldbjni.dll

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/leveldbjni-all-1.8.jar/META-INF/native/windows64/leveldbjni.dll
MD5: 4b6fa20009ca1eb556e752671461a3f2
SHA1: 978ca9c96c03eb220556ce5bc96c715f95a0967c
SHA256:7794f7bbc848d1a9ad98996f2c68a1cf12ac17562f646c6d7f5733404a7b5ef1

Identifiers

  • None

snappy-java-1.1.1.3.jar: snappyjava.dll

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/snappy-java-1.1.1.3.jar/org/xerial/snappy/native/Windows/x86/snappyjava.dll
MD5: c35f7d232d05fd0b8440153cb4224a5a
SHA1: 45b5f3fdd2bac156b8d100ce2c29ac7126454fef
SHA256:15fb95c2168bb78cf94f61bbff7fc0bb5611db9d8509dd1322a40d735c3109bc

Identifiers

  • None

snappy-java-1.1.1.3.jar: snappyjava.dll

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/snappy-java-1.1.1.3.jar/org/xerial/snappy/native/Windows/x86_64/snappyjava.dll
MD5: eae816277d795d3397f08ad43d236576
SHA1: 283068f6b5cd8bb3449867558624fe19c432d909
SHA256:dfcc13605edabf70e7bec87f68bc2a1c7d06bebecd72a0d4e122eee2e695948e

Identifiers

  • None

ehcache-core-2.6.2.jar: sizeof-agent.jar

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/ehcache-core-2.6.2.jar/net/sf/ehcache/pool/sizeof/sizeof-agent.jar
MD5: 5ad919b3ac0516897bdca079c9a222a8
SHA1: e86399a80ae6a6c7a563717eaa0ce9ba4708571c
SHA256:3bcd560ca5f05248db9b689244b043e9c7549e3791281631a64e5dfff15870d2

Identifiers

  • maven: net.sf.ehcache:sizeof-agent:1.0.1  Confidence:High

jna-4.1.0.jar: jnidispatch.dll

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/jna-4.1.0.jar/com/sun/jna/w32ce-arm/jnidispatch.dll
MD5: 57697cbdd321ae7d06f5da04e821f908
SHA1: 67167f2b2fce8db5f9f64a372b0da54730d3ee51
SHA256:361e173e6e50cb1bf8b7fab38c1ff99686ea819e58ee30348e7756cb0418a9f6

Identifiers

  • None

jna-4.1.0.jar: jnidispatch.dll

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/jna-4.1.0.jar/com/sun/jna/win32-x86-64/jnidispatch.dll
MD5: 06b2f1f909d2436dff20d7a668ef26a9
SHA1: bd1bdda9a91f3b0d9067e323f7394bef933f81f6
SHA256:e7864cb5509990ccf3f3d8a2ad1eaf41491ebb82df35408ee79957385d8355b3

Identifiers

  • None

jna-4.1.0.jar: jnidispatch.dll

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/jna-4.1.0.jar/com/sun/jna/win32-x86/jnidispatch.dll
MD5: 05a72ada9247aeb114a9ef01a394b6c4
SHA1: 8b32cc82740fc62afdf5ea211f1ca8bb72269bbf
SHA256:12c6ecdab2cab372548ebf059548873a2f414a1b7b4389502702b7ab912f9a39

Identifiers

  • None

avro-1.8.1.jar (shaded: org.apache.avro:avro-guava-dependencies:1.8.1)

Description:

 Temporary artifact of guava dependencies

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/avro-1.8.1.jar/META-INF/maven/org.apache.avro/avro-guava-dependencies/pom.xml
MD5: f702a593866e70ed9e6c08f9c2c4b43b
SHA1: 5cbe97248c4abd46b0f0ad1f9f6df89d6adcd844
SHA256:2bc58482748755d249fa47f0a7c0ecc211ae2c8888f8d8e1c756f6c510bfcf92

Identifiers

  • maven: org.apache.avro:avro-guava-dependencies:1.8.1  Confidence:High

jackson-dataformat-yaml-2.2.3.jar (shaded: org.yaml:snakeyaml:1.10)

Description:

 YAML 1.1 parser and emitter for Java

License:

Apache License Version 2.0: LICENSE.txt
File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/lib/jackson-dataformat-yaml-2.2.3.jar/META-INF/maven/org.yaml/snakeyaml/pom.xml
MD5: 6110aafa6505696f38b74815a7b9dee1
SHA1: d903ee39e4fefb9feedeef5072b5b1865d8dac59
SHA256:676deb1361bfbc306f8114067307b48a0d07849111decb96396fe9e3818b55a6

Identifiers

  • maven: org.yaml:snakeyaml:1.10  Confidence:High

plexus-utils-1.5.6.jar (shaded: org.codehaus.plexus:plexus-interpolation:1.0)

File Path: /mnt/data/wastl/proj/crawler/nutch/git/2.x/build/plugins/parse-tika/plexus-utils-1.5.6.jar/META-INF/maven/org.codehaus.plexus/plexus-interpolation/pom.xml
MD5: 61795135733295c9aa438fda7b923db8
SHA1: 1074eabfbcbfb0decfe6f9ed0541668e114b9311
SHA256:0749c012cf2271d466eb9aef9acc2e84c38a2a94d545e7108fd15302b21a1b82

Identifiers

  • maven: org.codehaus.plexus:plexus-interpolation:1.0  Confidence:High


This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the Node Security Platform.