Vulnerable Library - spring-core-4.3.1.RELEASE.jar

null

path: C:\Users\lior.zilberg\.m2\repository\org\springframework\spring-core\4.3.1.RELEASE\spring-core-4.3.1.RELEASE.jar

Dependency Hierarchy:

• spring-web-4.3.1.RELEASE.jar (Root Library)
  • ❌ spring-core-4.3.1.RELEASE.jar (Vulnerable Library)

Vulnerability Details

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

Publish Date: 2018-04-06

URL: CVE-2018-1272

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://pivotal.io/security/cve-2018-1272

Fix Resolution: Users of affected versions should apply the following mitigation: 5.0.x users should upgrade to 5.0.5 4.3.x users should upgrade to 4.3.15 There are no other mitigation steps necessary.

Vulnerable Library - bcprov-jdk15on-1.50.jar

null

path: C:\Users\lior.zilberg\.m2\repository\org\bouncycastle\bcprov-jdk15on\1.50\bcprov-jdk15on-1.50.jar

Dependency Hierarchy:

• redline-1.2.1.jar (Root Library)
  • bcpg-jdk15on-1.50.jar
    • ❌ bcprov-jdk15on-1.50.jar (Vulnerable Library)

Vulnerability Details

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.

Publish Date: 2018-06-04

URL: CVE-2016-1000342

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Suggested Fix

Type: Change files

Origin: bcgit/bc-java@843c2e6#diff-25c3c78db788365f36839b3f2d3016b9

Release Date: 2016-10-14

Fix Resolution: Replace or update the following files: DSASigner.java, SignatureSpi.java, ASN1Enumerated.java, ECDSA5Test.java, MiscTest.java, DSATest.java, ASN1Integer.java

Vulnerable Library - mime-1.2.4.tgz

A comprehensive library for mime-type mapping

path: C:\Users\lior.zilberg\AppData\Local\Temp\git\fs-agent\test_input\ksa\ksa-web-root\ksa-web\src\main\webapp\rs\bootstrap\node_modules\mime\package.json

Library home page: http://registry.npmjs.org/mime/-/mime-1.2.4.tgz

Dependency Hierarchy:

• connect-2.1.3.tgz (Root Library)
  • ❌ mime-1.2.4.tgz (Vulnerable Library)

Vulnerability Details

Affected version of mime (1.0.0 throw 1.4.0 and 2.0.0 throw 2.0.2), are vulnerable to regular expression denial of service.

Publish Date: 2017-09-26

URL: WS-2017-0330

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Vulnerable Library - plexus-archiver-3.4.jar

null

path: odehaus/plexus/plexus-archiver/3.4/plexus-archiver-3.4.jar

Dependency Hierarchy:

• ❌ plexus-archiver-3.4.jar (Vulnerable Library)

Vulnerability Details

plexus-archiver prior to version 3.6.0 is vulnerable to path traversal issue in archive extraction.

Publish Date: 2018-06-26

URL: WS-2018-0137

CVSS 2 Score Details (8.5)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: codehaus-plexus/plexus-archiver@f8f4233

Release Date: 2018-05-05

Fix Resolution: Replace or update the following files: AbstractUnArchiver.java, ZipUnArchiverTest.java, zip-slip.zip

Vulnerable Library - bcprov-jdk15on-1.50.jar

null

path: C:\Users\lior.zilberg\.m2\repository\org\bouncycastle\bcprov-jdk15on\1.50\bcprov-jdk15on-1.50.jar

Dependency Hierarchy:

• redline-1.2.1.jar (Root Library)
  • bcpg-jdk15on-1.50.jar
    • ❌ bcprov-jdk15on-1.50.jar (Vulnerable Library)

Vulnerability Details

In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.

Publish Date: 2018-06-01

URL: CVE-2016-1000338

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Suggested Fix

Type: Change files

Origin: bcgit/bc-java@b0c3ce9#diff-3679f5a9d2b939d0d3ee1601a7774fb0

Release Date: 2016-10-13

Fix Resolution: Replace or update the following files: DSASigner.java, DSATest.java

Vulnerable Library - commons-collections-3.2.1.jar

Types that extend and augment the Java Collections Framework.

path: C:\Users\lior.zilberg\.m2\repository\commons-collections\commons-collections\3.2.1\commons-collections-3.2.1.jar

Library home page: http://commons.apache.org/collections/

Dependency Hierarchy:

• wss-agent-report-2.8.6.jar (Root Library)
  • velocity-1.7.jar
    • ❌ commons-collections-3.2.1.jar (Vulnerable Library)

Vulnerability Details

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.

Publish Date: 2015-11-18

URL: CVE-2015-4852

CVSS 2 Score Details (7.5)

Base Score Metrics not available

Vulnerable Library - commons-codec-1.10.jar

null

path: C:\Users\lior.zilberg\.m2\repository\commons-codec\commons-codec\1.10\commons-codec-1.10.jar

Dependency Hierarchy:

• wss-agent-api-client-2.8.6.jar (Root Library)
  • wss-agent-hash-calculator-2.8.6.jar
    • ❌ commons-codec-1.10.jar (Vulnerable Library)

Vulnerability Details

Not all "business" method implementations of public API in Apache Commons Codec 1.x are thread safe, which might disclose the wrong data or allow an attacker to change non-private fields.

Updated 2018-10-07 - an additional review by WhiteSource research team could not indicate on a clear security vulnerability

Publish Date: 2007-10-06

URL: WS-2009-0001

CVSS 2 Score Details (0.0)

Base Score Metrics not available

Vulnerable Library - bcprov-jdk15on-1.50.jar

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.7.

path: /root/.m2/repository/org/bouncycastle/bcprov-jdk15on/1.50/bcprov-jdk15on-1.50.jar

Library home page: http://www.bouncycastle.org/java.html

Dependency Hierarchy:

• redline-1.2.1.jar (Root Library)
  • bcpg-jdk15on-1.50.jar
    • ❌ bcprov-jdk15on-1.50.jar (Vulnerable Library)

Found in commit: 6e1c595a1d6fa46b27692f3c8aa708deb1bc3585

Vulnerability Details

In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.

Publish Date: 2018-06-01

URL: CVE-2016-1000338

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Suggested Fix

Type: Change files

Origin: bcgit/bc-java@b0c3ce9#diff-3679f5a9d2b939d0d3ee1601a7774fb0

Release Date: 2016-10-14

Fix Resolution: Replace or update the following files: DSASigner.java, DSATest.java

Vulnerable Library - connect-2.1.3.tgz

High performance middleware framework

path: it/fs-agent/test_input/ksa/ksa-web-root/ksa-web/src/main/webapp/rs/bootstrap/node_modules/connect/package.json

Library home page: http://registry.npmjs.org/connect/-/connect-2.1.3.tgz

Dependency Hierarchy:

• ❌ connect-2.1.3.tgz (Vulnerable Library)

Vulnerability Details

Because the user post input was not checked, req.method could contain any kind of value. Because the req.method did not match any common method VERB, connect answered with a 404 page containing the "Cannot [method] [url]" content. The method was not properly encoded for output in the browser.

Publish Date: 2013-06-30

URL: WS-2013-0003

CVSS 2 Score Details (6.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting

Release Date: 2013-06-30

Fix Resolution: Update to the newest version of Connect or disable methodOverride. It is not possible to avoid the vulnerability if you have enabled this middleware in the top of your stack.

Vulnerable Library - jquery-1.7.2.min.js

JavaScript library for DOM operations

path: it/fs-agent/test_input/ksa/ksa-web-root/ksa-web/src/main/webapp/rs/jquery/jquery-1.7.2.min.js

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js

Dependency Hierarchy:

• ❌ jquery-1.7.2.min.js (Vulnerable Library)

Vulnerability Details

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.

Publish Date: 2018-01-18

URL: CVE-2012-6708

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Change files

Origin: jquery/jquery@05531fc

Release Date: 2012-12-12

Fix Resolution: Replace or update the following files: selector.js, traversing.js, core.js, sizzle, core.js

Vulnerable Library - connect-2.1.3.tgz

High performance middleware framework

path: it/fs-agent/test_input/ksa/ksa-web-root/ksa-web/src/main/webapp/rs/bootstrap/node_modules/connect/package.json

Library home page: http://registry.npmjs.org/connect/-/connect-2.1.3.tgz

Dependency Hierarchy:

• ❌ connect-2.1.3.tgz (Vulnerable Library)

Vulnerability Details

Connect is a stack of middleware that is executed in order in each request.
The "methodOverride" middleware allows the http post to override the method of the request with the value of the "_method" post key or with the header "x-http-method-override".

Publish Date: 2013-06-30

URL: CVE-2013-7370

CVSS 2 Score Details (6.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting

Release Date: 2013-06-30

Fix Resolution: Update to the newest version of Connect or disable methodOverride. It is not possible to avoid the vulnerability if you have enabled this middleware in the top of your stack.

Vulnerable Library - qs-0.4.2.tgz

querystring parser

path: C:\Users\lior.zilberg\AppData\Local\Temp\git\fs-agent\test_input\ksa\ksa-web-root\ksa-web\src\main\webapp\rs\bootstrap\node_modules\qs\package.json

Library home page: http://registry.npmjs.org/qs/-/qs-0.4.2.tgz

Dependency Hierarchy:

• connect-2.1.3.tgz (Root Library)
  • ❌ qs-0.4.2.tgz (Vulnerable Library)

Vulnerability Details

Denial-of-Service Extended Event Loop Blocking.The qs module does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time

Publish Date: 2014-08-05

URL: WS-2014-0005

CVSS 2 Score Details (6.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/qs_dos_extended_event_loop_blocking

Release Date: 2014-08-06

Fix Resolution: Update qs to version 1.0.0 or greater

Vulnerable Library - bcprov-jdk15on-1.50.jar

null

path: C:\Users\lior.zilberg\.m2\repository\org\bouncycastle\bcprov-jdk15on\1.50\bcprov-jdk15on-1.50.jar

Dependency Hierarchy:

• redline-1.2.1.jar (Root Library)
  • bcpg-jdk15on-1.50.jar
    • ❌ bcprov-jdk15on-1.50.jar (Vulnerable Library)

Vulnerability Details

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs version prior to version 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code.. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application.. This vulnerability appears to have been fixed in 1.60 and later.

Publish Date: 2018-07-09

URL: CVE-2018-1000613

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Change files

Origin: bcgit/bc-java@4092ede#diff-2c06e2edef41db889ee14899e12bd574

Release Date: 2018-03-02

Fix Resolution: Replace or update the following files: XMSSMTPrivateKeyParameters.java, XMSSPrivateKeyParameters.java, BCXMSSMTPrivateKey.java, XMSSUtil.java, RainbowParameters.java, GF2nField.java, GMSSKeyPairGenerator.java, BCXMSSPrivateKey.java, XMSSMTPrivateKeyTest.java

Vulnerable Library - bcprov-jdk15on-1.50.jar

null

path: C:\Users\lior.zilberg\.m2\repository\org\bouncycastle\bcprov-jdk15on\1.50\bcprov-jdk15on-1.50.jar

Dependency Hierarchy:

• redline-1.2.1.jar (Root Library)
  • bcpg-jdk15on-1.50.jar
    • ❌ bcprov-jdk15on-1.50.jar (Vulnerable Library)

Vulnerability Details

In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well.

Publish Date: 2018-06-04

URL: CVE-2016-1000341

CVSS 3 Score Details (5.9)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Change files

Origin: bcgit/bc-java@acaac81#diff-e75226a9ca49217a7276b29242ec59ce

Release Date: 2016-10-14

Fix Resolution: Replace or update the following files: DSATest.java, DSASigner.java, DSATest.java

Vulnerable Library - jquery-1.7.2.min.js

JavaScript library for DOM operations

path: it/fs-agent/test_input/ksa/ksa-web-root/ksa-web/src/main/webapp/rs/jquery/jquery-1.7.2.min.js

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js

Dependency Hierarchy:

• ❌ jquery-1.7.2.min.js (Vulnerable Library)

Vulnerability Details

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Publish Date: 2018-01-18

URL: CVE-2015-9251

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Change files

Origin: jquery/jquery@f60729f

Release Date: 2015-10-11

Fix Resolution: Replace or update the following files: script.js, ajax.js

Vulnerable Library - qs-0.4.2.tgz

querystring parser

path: C:\Users\lior.zilberg\AppData\Local\Temp\git\fs-agent\test_input\ksa\ksa-web-root\ksa-web\src\main\webapp\rs\bootstrap\node_modules\qs\package.json

Library home page: http://registry.npmjs.org/qs/-/qs-0.4.2.tgz

Dependency Hierarchy:

• connect-2.1.3.tgz (Root Library)
  • ❌ qs-0.4.2.tgz (Vulnerable Library)

Vulnerability Details

The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array.

Publish Date: 2014-10-19

URL: CVE-2014-7191

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/qs_dos_memory_exhaustion

Release Date: 2014-08-06

Fix Resolution: Update qs to version 1.0.0 or greater

Vulnerable Library - commons-collections-3.2.1.jar

Types that extend and augment the Java Collections Framework.

path: C:\Users\lior.zilberg\.m2\repository\commons-collections\commons-collections\3.2.1\commons-collections-3.2.1.jar

Library home page: http://commons.apache.org/collections/

Dependency Hierarchy:

• wss-agent-report-2.8.6.jar (Root Library)
  • velocity-1.7.jar
    • ❌ commons-collections-3.2.1.jar (Vulnerable Library)

Vulnerability Details

Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Publish Date: 2015-12-15

URL: CVE-2015-6420

CVSS 2 Score Details (7.5)

Base Score Metrics not available

Vulnerable Library - bcprov-jdk15on-1.50.jar

null

path: C:\Users\lior.zilberg\.m2\repository\org\bouncycastle\bcprov-jdk15on\1.50\bcprov-jdk15on-1.50.jar

Dependency Hierarchy:

• redline-1.2.1.jar (Root Library)
  • bcpg-jdk15on-1.50.jar
    • ❌ bcprov-jdk15on-1.50.jar (Vulnerable Library)

Vulnerability Details

In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.

Publish Date: 2018-06-04

URL: CVE-2016-1000346

CVSS 3 Score Details (3.7)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Change files

Origin: bcgit/bc-java@1127131#diff-d525a20b8acaed791ae2f0f770eb5937

Release Date: 2016-10-28

Fix Resolution: Replace or update the following files: DHBasicAgreement.java, DHAgreement.java, KeyAgreementSpi.java, DHPublicKeyParameters.java, IESEngine.java

Vulnerable Library - spring-web-4.3.1.RELEASE.jar

Spring Web

path: 2/repository/org/springframework/spring-web/4.3.1.RELEASE/spring-web-4.3.1.RELEASE.jar

Library home page: https://github.com/spring-projects/spring-framework

Dependency Hierarchy:

• ❌ spring-web-4.3.1.RELEASE.jar (Vulnerable Library)

Found in commit: 6e1c595a1d6fa46b27692f3c8aa708deb1bc3585

Vulnerability Details

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.

Publish Date: 2018-06-25

URL: CVE-2018-11040

CVSS 3 Score Details (5.9)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://pivotal.io/security/cve-2018-11040

Fix Resolution: Users of affected versions should apply the following mitigation: 5.0.x users should upgrade to 5.0.7. 4.3.x users should upgrade to 4.3.18. Older versions should upgrade to a supported branch, or otherwise set MappingJacksonJsonView’s jsonpParameterNames property to an empty set. Applications that do require JSONP support will need to explicitly configure the jsonpParameterNames property of MappingJacksonJsonView following the upgrade. It is recommended that applications switch to using CORS instead of JSONP to enable cross-domain requests. JSONP support in the Spring Framework is deprecated as of 5.0.7 and 4.3.18 and will be removed in 5.1.

Vulnerable Library - bcprov-jdk15on-1.50.jar

null

path: C:\Users\lior.zilberg\.m2\repository\org\bouncycastle\bcprov-jdk15on\1.50\bcprov-jdk15on-1.50.jar

Dependency Hierarchy:

• redline-1.2.1.jar (Root Library)
  • bcpg-jdk15on-1.50.jar
    • ❌ bcprov-jdk15on-1.50.jar (Vulnerable Library)

Vulnerability Details

In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.

Publish Date: 2018-06-04

URL: CVE-2016-1000340

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Suggested Fix

Type: Change files

Origin: bcgit/bc-java@7906420#diff-e5934feac8203ca0104ab291a3560a31

Release Date: 2016-11-28

Fix Resolution: Replace or update the following files: Nat160.java, Nat256.java, Nat192.java, SecP256R1FieldTest.java, Nat128.java, Nat224.java, SecP384R1FieldTest.java

Vulnerable Library - mime-1.2.4.tgz

A comprehensive library for mime-type mapping

path: C:\Users\lior.zilberg\AppData\Local\Temp\git\fs-agent\test_input\ksa\ksa-web-root\ksa-web\src\main\webapp\rs\bootstrap\node_modules\mime\package.json

Library home page: http://registry.npmjs.org/mime/-/mime-1.2.4.tgz

Dependency Hierarchy:

• connect-2.1.3.tgz (Root Library)
  • ❌ mime-1.2.4.tgz (Vulnerable Library)

Vulnerability Details

The mime module is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.

Publish Date: 2018-06-07

URL: CVE-2017-16138

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Change files

Origin: broofa/mime@1df903f

Release Date: 2017-09-24

Fix Resolution: Replace or update the following file: Mime.js

Vulnerable Library - spring-web-4.3.1.RELEASE.jar

Spring Web

path: 2/repository/org/springframework/spring-web/4.3.1.RELEASE/spring-web-4.3.1.RELEASE.jar

Library home page: https://github.com/spring-projects/spring-framework

Dependency Hierarchy:

• ❌ spring-web-4.3.1.RELEASE.jar (Vulnerable Library)

Found in commit: 6e1c595a1d6fa46b27692f3c8aa708deb1bc3585

Vulnerability Details

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.

Publish Date: 2018-06-25

URL: CVE-2018-11039

CVSS 3 Score Details (5.9)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://pivotal.io/security/cve-2018-11039

Fix Resolution: Users of affected versions should apply the following mitigation: 5.0.x users should upgrade to 5.0.7 4.3.x users should upgrade to 4.3.18 Older versions should upgrade to a supported branch There are no other mitigation steps necessary. This attack applies to applications that: Use the HiddenHttpMethodFilter (it is enabled by default in Spring Boot) Allow HTTP TRACE requests to be handled by the application server This attack is not exploitable directly because an attacker would have to make a cross-domain request via HTTP POST, which is forbidden by the Same Origin Policy. This is why a pre-existing XSS (Cross Site Scripting) vulnerability in the web application itself is necessary to enable an escalation to XST.

Vulnerable Library - bcprov-jdk15on-1.50.jar

null

path: C:\Users\lior.zilberg\.m2\repository\org\bouncycastle\bcprov-jdk15on\1.50\bcprov-jdk15on-1.50.jar

Dependency Hierarchy:

• redline-1.2.1.jar (Root Library)
  • bcpg-jdk15on-1.50.jar
    • ❌ bcprov-jdk15on-1.50.jar (Vulnerable Library)

Vulnerability Details

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding.

Publish Date: 2018-06-04

URL: CVE-2016-1000345

CVSS 3 Score Details (5.9)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Change files

Origin: bcgit/bc-java@21dcb3d#diff-4439ce586bf9a13bfec05c0d113b8098

Release Date: 2016-08-26

Fix Resolution: Replace or update the following files: ECIESTest.java, IESCipher.java, BadBlockException.java, DHIESTest.java, IESEngine.java, IESCipher.java, CipherSpi.java

Vulnerable Library - bcprov-jdk15on-1.50.jar

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.7.

path: /root/.m2/repository/org/bouncycastle/bcprov-jdk15on/1.50/bcprov-jdk15on-1.50.jar

Library home page: http://www.bouncycastle.org/java.html

Dependency Hierarchy:

• redline-1.2.1.jar (Root Library)
  • bcpg-jdk15on-1.50.jar
    • ❌ bcprov-jdk15on-1.50.jar (Vulnerable Library)

Found in commit: 6e1c595a1d6fa46b27692f3c8aa708deb1bc3585

Vulnerability Details

In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate.

Publish Date: 2018-06-04

URL: CVE-2016-1000339

CVSS 3 Score Details (5.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Change files

Origin: bcgit/bc-java@413b42f#diff-54656f860db94b867ba7542430cd2ef0

Release Date: 2016-10-31

Fix Resolution: Replace or update the following files: IESCipher.java, KeyFactorySpi.java, AESEngine.java, DHTest.java, AES.java, DHUtil.java, DHPublicKeyParameters.java, BCDHPublicKey.java

Vulnerable Library - bcprov-jdk15on-1.50.jar

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.7.

path: /root/.m2/repository/org/bouncycastle/bcprov-jdk15on/1.50/bcprov-jdk15on-1.50.jar

Library home page: http://www.bouncycastle.org/java.html

Dependency Hierarchy:

• redline-1.2.1.jar (Root Library)
  • bcpg-jdk15on-1.50.jar
    • ❌ bcprov-jdk15on-1.50.jar (Vulnerable Library)

Found in commit: 6e1c595a1d6fa46b27692f3c8aa708deb1bc3585

Vulnerability Details

In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well.

Publish Date: 2018-06-04

URL: CVE-2016-1000341

CVSS 3 Score Details (5.9)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Change files

Origin: bcgit/bc-java@acaac81#diff-e75226a9ca49217a7276b29242ec59ce

Release Date: 2016-10-15

Fix Resolution: Replace or update the following files: DSATest.java, DSASigner.java, DSATest.java

Vulnerable Library - spring-core-4.3.1.RELEASE.jar

Spring Core

path: /root/.m2/repository/org/springframework/spring-core/4.3.1.RELEASE/spring-core-4.3.1.RELEASE.jar

Library home page: https://github.com/spring-projects/spring-framework

Dependency Hierarchy:

• spring-web-4.3.1.RELEASE.jar (Root Library)
  • ❌ spring-core-4.3.1.RELEASE.jar (Vulnerable Library)

Found in commit: 6e1c595a1d6fa46b27692f3c8aa708deb1bc3585

Vulnerability Details

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

Publish Date: 2018-04-06

URL: CVE-2018-1272

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://pivotal.io/security/cve-2018-1272

Fix Resolution: Users of affected versions should apply the following mitigation: 5.0.x users should upgrade to 5.0.5 4.3.x users should upgrade to 4.3.15 There are no other mitigation steps necessary.

Vulnerable Library - bootstrap-2.1.0.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

path: /fs-agent/test_input/ksa/ksa-web-root/ksa-web/src/main/webapp/rs/bootstrap/js/bootstrap.js

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/2.1.0/bootstrap.js

Dependency Hierarchy:

• ❌ bootstrap-2.1.0.js (Vulnerable Library)

Found in commit: 39df22d920b9e7c5ee1161e24bf8b651acfc1bc4

Vulnerability Details

XSS in data-target in bootstrap (3.3.7 and before)

Publish Date: 2017-06-27

URL: WS-2018-0021

CVSS 2 Score Details (6.5)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: twbs/bootstrap@d9be1da

Release Date: 2017-08-25

Fix Resolution: Replace or update the following files: alert.js, carousel.js, collapse.js, dropdown.js, modal.js

Vulnerable Library - netty-all-4.0.33.Final.jar

null

path: es-2/files-2.1/io.netty/netty-all/4.0.33.Final/119a52dd0818028dfe9ac92471ecebf3038f5cca/netty-all-4.0.33.Final.jar

Dependency Hierarchy:

• ❌ netty-all-4.0.33.Final.jar (Vulnerable Library)

Vulnerability Details

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).

Publish Date: 2017-04-13

URL: CVE-2016-4970

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Change files

Origin: netty/netty@bc8291c

Release Date: 2018-09-26

Fix Resolution: Replace or update the following file: OpenSslEngine.java

Vulnerable Library - connect-2.1.3.tgz

High performance middleware framework

path: it/fs-agent/test_input/ksa/ksa-web-root/ksa-web/src/main/webapp/rs/bootstrap/node_modules/connect/package.json

Library home page: http://registry.npmjs.org/connect/-/connect-2.1.3.tgz

Dependency Hierarchy:

• ❌ connect-2.1.3.tgz (Vulnerable Library)

Vulnerability Details

The "methodOverride" middleware allows the http post to override the method of the request with the value of the "_method" post key or with the header "x-http-method-override".

Publish Date: 2013-06-30

URL: WS-2013-0004

CVSS 2 Score Details (6.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting

Release Date: 2013-06-30

Fix Resolution: Update to the newest version of Connect or disable methodOverride. It is not possible to avoid the vulnerability if you have enabled this middleware in the top of your stack.

Vulnerable Library - connect-2.1.3.tgz

High performance middleware framework

path: it/fs-agent/test_input/ksa/ksa-web-root/ksa-web/src/main/webapp/rs/bootstrap/node_modules/connect/package.json

Library home page: http://registry.npmjs.org/connect/-/connect-2.1.3.tgz

Dependency Hierarchy:

• ❌ connect-2.1.3.tgz (Vulnerable Library)

Vulnerability Details

The "methodOverride" middleware in Connect before 2.8.1 allows the http post to override the method of the request with the value of the "_method" post key or with the header "x-http-method-override". Because the user post input was not checked, req.method could contain any kind of value. Because the req.method did not match any common method VERB, connect answered with a 404 page containing the "Cannot [method] [url]" content. The method was not properly encoded for output in the browser.

Publish Date: 2014-04-20

URL: CVE-2013-7371

CVSS 2 Score Details (4.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/3

Release Date: 2013-06-30

Fix Resolution: Update to the newest version of Connect or disable methodOverride. It is not possible to avoid the vulnerability if you have enabled this middleware in the top of your stack.

Vulnerable Library - zip4j-1.3.2.jar

null

path: ingala/zip4j/zip4j/1.3.2/zip4j-1.3.2.jar

Dependency Hierarchy:

• ❌ zip4j-1.3.2.jar (Vulnerable Library)

Vulnerability Details

zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

Publish Date: 2018-07-25

URL: CVE-2018-1002202

CVSS 3 Score Details (5.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Vulnerable Library - bcprov-jdk15on-1.50.jar

null

path: C:\Users\lior.zilberg\.m2\repository\org\bouncycastle\bcprov-jdk15on\1.50\bcprov-jdk15on-1.50.jar

Dependency Hierarchy:

• redline-1.2.1.jar (Root Library)
  • bcpg-jdk15on-1.50.jar
    • ❌ bcprov-jdk15on-1.50.jar (Vulnerable Library)

Vulnerability Details

In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate.

Publish Date: 2018-06-04

URL: CVE-2016-1000339

CVSS 3 Score Details (5.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Change files

Origin: bcgit/bc-java@413b42f#diff-54656f860db94b867ba7542430cd2ef0

Release Date: 2016-10-30

Fix Resolution: Replace or update the following files: IESCipher.java, KeyFactorySpi.java, AESEngine.java, DHTest.java, AES.java, DHUtil.java, DHPublicKeyParameters.java, BCDHPublicKey.java

Vulnerable Library - commons-collections-3.2.1.jar

Types that extend and augment the Java Collections Framework.

path: /root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar

Library home page: http://commons.apache.org/collections/

Dependency Hierarchy:

• wss-agent-report-2.8.6.jar (Root Library)
  • velocity-1.7.jar
    • ❌ commons-collections-3.2.1.jar (Vulnerable Library)

Found in commit: 6e1c595a1d6fa46b27692f3c8aa708deb1bc3585

Vulnerability Details

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Publish Date: 2017-11-09

URL: CVE-2015-7501

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7501

Release Date: 2017-12-31

Fix Resolution: Upgrade to version apache-commons-collections 4.1, apache-commons-collections 3.2.2 or greater

Vulnerable Library - commons-collections-3.2.1.jar

Types that extend and augment the Java Collections Framework.

path: C:\Users\lior.zilberg\.m2\repository\commons-collections\commons-collections\3.2.1\commons-collections-3.2.1.jar

Library home page: http://commons.apache.org/collections/

Dependency Hierarchy:

• wss-agent-report-2.8.6.jar (Root Library)
  • velocity-1.7.jar
    • ❌ commons-collections-3.2.1.jar (Vulnerable Library)

Vulnerability Details

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Publish Date: 2017-11-09

URL: CVE-2015-7501

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7501

Release Date: 2017-12-31

Fix Resolution: Upgrade to version apache-commons-collections 4.1, apache-commons-collections 3.2.2 or greater

Vulnerable Library - bcprov-jdk15on-1.50.jar

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.7.

path: /root/.m2/repository/org/bouncycastle/bcprov-jdk15on/1.50/bcprov-jdk15on-1.50.jar

Library home page: http://www.bouncycastle.org/java.html

Dependency Hierarchy:

• redline-1.2.1.jar (Root Library)
  • bcpg-jdk15on-1.50.jar
    • ❌ bcprov-jdk15on-1.50.jar (Vulnerable Library)

Found in commit: 6e1c595a1d6fa46b27692f3c8aa708deb1bc3585

Vulnerability Details

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."

Publish Date: 2015-11-09

URL: CVE-2015-7940

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: bcgit/bc-java@e25e94a

Release Date: 2014-07-25

Fix Resolution: Replace or update the following files: ECPoint.java, ECCurve.java

Vulnerable Library - bcprov-jdk15on-1.50.jar

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.7.

path: /root/.m2/repository/org/bouncycastle/bcprov-jdk15on/1.50/bcprov-jdk15on-1.50.jar

Library home page: http://www.bouncycastle.org/java.html

Dependency Hierarchy:

• redline-1.2.1.jar (Root Library)
  • bcpg-jdk15on-1.50.jar
    • ❌ bcprov-jdk15on-1.50.jar (Vulnerable Library)

Found in commit: 6e1c595a1d6fa46b27692f3c8aa708deb1bc3585

Vulnerability Details

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.

Publish Date: 2018-06-04

URL: CVE-2016-1000342

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Suggested Fix

Type: Change files

Origin: bcgit/bc-java@843c2e6#diff-25c3c78db788365f36839b3f2d3016b9

Release Date: 2016-10-15

Fix Resolution: Replace or update the following files: DSASigner.java, SignatureSpi.java, ASN1Enumerated.java, ECDSA5Test.java, MiscTest.java, DSATest.java, ASN1Integer.java

Vulnerable Library - commons-codec-1.10.jar

The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

path: /root/.m2/repository/commons-codec/commons-codec/1.10/commons-codec-1.10.jar

Library home page: http://commons.apache.org/proper/commons-codec/

Dependency Hierarchy:

• wss-agent-api-client-2.8.6.jar (Root Library)
  • wss-agent-hash-calculator-2.8.6.jar
    • ❌ commons-codec-1.10.jar (Vulnerable Library)

Found in commit: 6e1c595a1d6fa46b27692f3c8aa708deb1bc3585

Vulnerability Details

Not all "business" method implementations of public API in Apache Commons Codec 1.x are thread safe, which might disclose the wrong data or allow an attacker to change non-private fields.

Updated 2018-10-07 - an additional review by WhiteSource research team could not indicate on a clear security vulnerability

Publish Date: 2007-10-07

URL: WS-2009-0001

CVSS 2 Score Details (0.0)

Base Score Metrics not available

Vulnerable Library - bcprov-jdk15on-1.50.jar

null

path: C:\Users\lior.zilberg\.m2\repository\org\bouncycastle\bcprov-jdk15on\1.50\bcprov-jdk15on-1.50.jar

Dependency Hierarchy:

• redline-1.2.1.jar (Root Library)
  • bcpg-jdk15on-1.50.jar
    • ❌ bcprov-jdk15on-1.50.jar (Vulnerable Library)

Vulnerability Details

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

Publish Date: 2018-06-04

URL: CVE-2016-1000344

CVSS 3 Score Details (7.4)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: None

Suggested Fix

Type: Change files

Origin: bcgit/bc-java@9385b0e

Release Date: 2016-08-26

Fix Resolution: Replace or update the following files: ECIESTest.java, IESUtil.java, AlgorithmParametersSpi.java, EC.java, IESCipher.java, ECIESVectorTest.java, IESParameterSpec.java, DHIESTest.java, DH.java, IESCipher.java

Vulnerable Library - spring-web-4.3.1.RELEASE.jar

null

path: pringframework/spring-web/4.3.1.RELEASE/spring-web-4.3.1.RELEASE.jar

Dependency Hierarchy:

• ❌ spring-web-4.3.1.RELEASE.jar (Vulnerable Library)

Vulnerability Details

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.

Publish Date: 2018-06-25

URL: CVE-2018-11040

CVSS 3 Score Details (5.9)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://pivotal.io/security/cve-2018-11040

Fix Resolution: Users of affected versions should apply the following mitigation: 5.0.x users should upgrade to 5.0.7. 4.3.x users should upgrade to 4.3.18. Older versions should upgrade to a supported branch, or otherwise set MappingJacksonJsonView’s jsonpParameterNames property to an empty set. Applications that do require JSONP support will need to explicitly configure the jsonpParameterNames property of MappingJacksonJsonView following the upgrade. It is recommended that applications switch to using CORS instead of JSONP to enable cross-domain requests. JSONP support in the Spring Framework is deprecated as of 5.0.7 and 4.3.18 and will be removed in 5.1.

Vulnerable Library - log4j-core-2.6.1.jar

The Apache Log4j Implementation

path: es-2/files-2.1/org.apache.logging.log4j/log4j-core/2.6.1/2b557bf1023c3a3a0f7f200fafcd7641b89cbb83/log4j-core-2.6.1.jar

Library home page: http://logging.apache.org/log4j/2.x/log4j-core/

Dependency Hierarchy:

• ❌ log4j-core-2.6.1.jar (Vulnerable Library)

Vulnerability Details

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

Publish Date: 2017-04-17

URL: CVE-2017-5645

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Change files

Origin: jitsi/jitsi@7d66da6

Release Date: 2017-01-25

Fix Resolution: Replace or update the following file: OperationSetBasicInstantMessagingJabberImpl.java

Vulnerable Library - spring-web-4.3.1.RELEASE.jar

null

path: pringframework/spring-web/4.3.1.RELEASE/spring-web-4.3.1.RELEASE.jar

Dependency Hierarchy:

• ❌ spring-web-4.3.1.RELEASE.jar (Vulnerable Library)

Vulnerability Details

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.

Publish Date: 2018-06-25

URL: CVE-2018-11039

CVSS 3 Score Details (5.9)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://pivotal.io/security/cve-2018-11039

Fix Resolution: Users of affected versions should apply the following mitigation: 5.0.x users should upgrade to 5.0.7 4.3.x users should upgrade to 4.3.18 Older versions should upgrade to a supported branch There are no other mitigation steps necessary. This attack applies to applications that: Use the HiddenHttpMethodFilter (it is enabled by default in Spring Boot) Allow HTTP TRACE requests to be handled by the application server This attack is not exploitable directly because an attacker would have to make a cross-domain request via HTTP POST, which is forbidden by the Same Origin Policy. This is why a pre-existing XSS (Cross Site Scripting) vulnerability in the web application itself is necessary to enable an escalation to XST.

Vulnerable Library - guava-20.0.jar

Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.

Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.</p>

path: C:\Users\lior.zilberg\.m2\repository\com\google\guava\guava\20.0\guava-20.0.jar

Library home page: https://github.com/google/guava/guava

Dependency Hierarchy:

• maven-model-builder-3.5.2.jar (Root Library)
  • ❌ guava-20.0.jar (Vulnerable Library)

Vulnerability Details

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

Publish Date: 2018-04-26

URL: CVE-2018-10237

CVSS 3 Score Details (5.9)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Vulnerable Library - bcprov-jdk15on-1.50.jar

null

path: C:\Users\lior.zilberg\.m2\repository\org\bouncycastle\bcprov-jdk15on\1.50\bcprov-jdk15on-1.50.jar

Dependency Hierarchy:

• redline-1.2.1.jar (Root Library)
  • bcpg-jdk15on-1.50.jar
    • ❌ bcprov-jdk15on-1.50.jar (Vulnerable Library)

Vulnerability Details

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.

Publish Date: 2018-06-04

URL: CVE-2016-1000343

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Change files

Origin: bcgit/bc-java@50a5306#diff-5578e61500abb2b87b300d3114bdfd7d

Release Date: 2016-11-02

Fix Resolution: Replace or update the following files: KeyPairGeneratorSpi.java, DSATest.java

Vulnerable Library - bcprov-jdk15on-1.50.jar

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.7.

path: /root/.m2/repository/org/bouncycastle/bcprov-jdk15on/1.50/bcprov-jdk15on-1.50.jar

Library home page: http://www.bouncycastle.org/java.html

Dependency Hierarchy:

• redline-1.2.1.jar (Root Library)
  • bcpg-jdk15on-1.50.jar
    • ❌ bcprov-jdk15on-1.50.jar (Vulnerable Library)

Found in commit: 6e1c595a1d6fa46b27692f3c8aa708deb1bc3585

Vulnerability Details

In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.

Publish Date: 2018-06-04

URL: CVE-2016-1000340

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Suggested Fix

Type: Change files

Origin: bcgit/bc-java@7906420#diff-e5934feac8203ca0104ab291a3560a31

Release Date: 2016-11-29

Fix Resolution: Replace or update the following files: Nat160.java, Nat256.java, Nat192.java, SecP256R1FieldTest.java, Nat128.java, Nat224.java, SecP384R1FieldTest.java

Vulnerable Library - commons-collections-3.2.1.jar

Types that extend and augment the Java Collections Framework.

path: /root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar

Library home page: http://commons.apache.org/collections/

Dependency Hierarchy:

• wss-agent-report-2.8.6.jar (Root Library)
  • velocity-1.7.jar
    • ❌ commons-collections-3.2.1.jar (Vulnerable Library)

Found in commit: 6e1c595a1d6fa46b27692f3c8aa708deb1bc3585

Vulnerability Details

Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Publish Date: 2015-12-15

URL: CVE-2015-6420

CVSS 2 Score Details (7.5)

Base Score Metrics not available

Vulnerable Library - commons-collections-3.2.1.jar

Types that extend and augment the Java Collections Framework.

path: /root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar

Library home page: http://commons.apache.org/collections/

Dependency Hierarchy:

• wss-agent-report-2.8.6.jar (Root Library)
  • velocity-1.7.jar
    • ❌ commons-collections-3.2.1.jar (Vulnerable Library)

Found in commit: 6e1c595a1d6fa46b27692f3c8aa708deb1bc3585

Vulnerability Details

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.

Publish Date: 2015-11-18

URL: CVE-2015-4852

CVSS 2 Score Details (7.5)

Base Score Metrics not available

Vulnerable Library - bcprov-jdk15on-1.50.jar

null

path: C:\Users\lior.zilberg\.m2\repository\org\bouncycastle\bcprov-jdk15on\1.50\bcprov-jdk15on-1.50.jar

Dependency Hierarchy:

• redline-1.2.1.jar (Root Library)
  • bcpg-jdk15on-1.50.jar
    • ❌ bcprov-jdk15on-1.50.jar (Vulnerable Library)

Vulnerability Details

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."

Publish Date: 2015-11-09

URL: CVE-2015-7940

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: bcgit/bc-java@e25e94a

Release Date: 2014-07-24

Fix Resolution: Replace or update the following files: ECPoint.java, ECCurve.java

Vulnerable Library - minimatch-0.0.5.tgz

a glob matcher in javascript

path: C:\Users\lior.zilberg\AppData\Local\Temp\git\fs-agent\test_input\ksa\ksa-web-root\ksa-web\src\main\webapp\rs\bootstrap\node_modules\minimatch\package.json

Library home page: http://registry.npmjs.org/minimatch/-/minimatch-0.0.5.tgz

Dependency Hierarchy:

• jshint-0.6.1.tgz (Root Library)
  • ❌ minimatch-0.0.5.tgz (Vulnerable Library)

Vulnerability Details

Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. The primary function, minimatch(path, pattern) in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the pattern parameter.

Publish Date: 2018-05-31

URL: CVE-2016-10540

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/118

Release Date: 2016-06-20

Fix Resolution: Update to version 3.0.2 or later.

Vulnerable Library - jquery-1.7.2.min.js

JavaScript library for DOM operations

path: it/fs-agent/test_input/ksa/ksa-web-root/ksa-web/src/main/webapp/rs/jquery/jquery-1.7.2.min.js

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js

Dependency Hierarchy:

• ❌ jquery-1.7.2.min.js (Vulnerable Library)

Vulnerability Details

In v2.2.4 and previous, a lowercasing logic was used on the attribute names and was removed in v3.0.0.
Because of this, boolean attributes whose names were not all lowercase cause infinite recursion, and will exceed the stack call limit.

Publish Date: 2017-04-14

URL: WS-2017-0195

CVSS 2 Score Details (5.3)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: jquery/jquery@d12e13d

Release Date: 2016-05-28

Fix Resolution: Replace or update the following files: attr.js, attributes.js

Vulnerable Library - bcprov-jdk15on-1.50.jar

null

path: C:\Users\lior.zilberg\.m2\repository\org\bouncycastle\bcprov-jdk15on\1.50\bcprov-jdk15on-1.50.jar

Dependency Hierarchy:

• redline-1.2.1.jar (Root Library)
  • bcpg-jdk15on-1.50.jar
    • ❌ bcprov-jdk15on-1.50.jar (Vulnerable Library)

Vulnerability Details

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

Publish Date: 2018-06-04

URL: CVE-2016-1000352

CVSS 3 Score Details (7.4)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: None

Suggested Fix

Type: Change files

Origin: bcgit/bc-java@9385b0e

Release Date: 2016-08-26

Fix Resolution: Replace or update the following files: ECIESTest.java, IESUtil.java, AlgorithmParametersSpi.java, EC.java, IESCipher.java, ECIESVectorTest.java, IESParameterSpec.java, DHIESTest.java, DH.java, IESCipher.java