Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 1.4.5
Report Generated On: apr 1, 2017 at 22:53:58 +02:00
Dependencies Scanned: 10 (10 unique)
Vulnerable Dependencies: 2
Vulnerabilities Found: 3
Vulnerabilities Suppressed: 0
...
NVD CVE 2002: 19/02/2017 09:25:58
NVD CVE 2003: 19/02/2017 09:24:25
NVD CVE 2004: 19/02/2017 09:23:59
NVD CVE 2005: 24/02/2017 09:12:32
NVD CVE 2006: 19/02/2017 09:20:36
NVD CVE 2007: 19/02/2017 09:18:20
NVD CVE 2008: 16/03/2017 08:18:18
NVD CVE 2009: 19/02/2017 09:14:03
NVD CVE 2010: 16/03/2017 08:15:36
NVD CVE 2011: 19/02/2017 09:11:57
NVD CVE 2012: 16/03/2017 08:13:09
NVD CVE 2013: 16/03/2017 08:10:45
NVD CVE 2014: 16/03/2017 08:08:13
NVD CVE 2015: 16/03/2017 08:05:30
NVD CVE 2016: 16/03/2017 08:03:03
NVD CVE 2017: 16/03/2017 08:00:29
NVD CVE Checked: 01/04/2017 22:53:50
NVD CVE Modified: 01/04/2017 20:00:30
VersionCheckOn: 1489686180453

Display: Showing Vulnerable Dependencies (click to show all)

Dependency	CPE	GAV	Highest Severity	CVE Count	CPE Confidence	Evidence Count
guava-16.0.1.jar		com.google.guava:guava:16.0.1		0		16
protobuf-java-3.2.0.jar		com.google.protobuf:protobuf-java:3.2.0		0		18
json-simple-1.1.1.jar		com.googlecode.json-simple:json-simple:1.1.1		0		15
commons-codec-1.8.jar		commons-codec:commons-codec:1.8		0		24
commons-logging-1.1.3.jar		commons-logging:commons-logging:1.1.3		0		24
httpclient-4.3.3.jar	cpe:/a:apache:httpclient:4.3.3	org.apache.httpcomponents:httpclient:4.3.3	Medium	2	HIGHEST	22
httpcore-4.3.2.jar		org.apache.httpcomponents:httpcore:4.3.2		0		22
bcpkix-jdk15on-1.49.jar		org.bouncycastle:bcpkix-jdk15on:1.49		0		21
bcprov-jdk15on-1.49.jar	cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.49 cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.49	org.bouncycastle:bcprov-jdk15on:1.49	Medium	1	LOW	21
hamcrest-core-1.3.jar		org.hamcrest:hamcrest-core:1.3		0		17

Dependencies

guava-16.0.1.jar

Description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/capitol/.m2/repository/com/google/guava/guava/16.0.1/guava-16.0.1.jar
MD5: a68693df58191585d9af914cfbe6067a
SHA1: 5fa98cd1a63c99a44dd8d3b77e4762b066a5d0c5
Referenced In Project/Scope: ctlog:compile

Evidence

Source	Name	Value
central	artifactid	guava
central	groupid	com.google.guava
central	version	16.0.1
file	name	guava
file	version	16.0.1
manifest	Bundle-Description	Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec.
Manifest	Bundle-Name	Guava: Google Core Libraries for Java
Manifest	bundle-symbolicname	com.google.guava
pom	artifactid	guava
pom	description	Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec.
pom	groupid	com.google.guava
pom	groupid	google.guava
pom	name	Guava: Google Core Libraries for Java
pom	parent-artifactid	guava-parent
pom	parent-groupid	com.google.guava
pom	version	16.0.1

Identifiers

maven: com.google.guava:guava:16.0.1 Confidence:HIGHEST

protobuf-java-3.2.0.jar

Description: Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an efficient yet extensible format.

License:

http://www.opensource.org/licenses/bsd-license.php

File Path: /home/capitol/.m2/repository/com/google/protobuf/protobuf-java/3.2.0/protobuf-java-3.2.0.jar
MD5: 7e1df419eb1c8f993f221c49386c6b8b
SHA1: 62ccf171a106ff6791507f2d5364c275f9a3131d
Referenced In Project/Scope: ctlog:compile

Evidence

Source	Name	Value
central	artifactid	protobuf-java
central	groupid	com.google.protobuf
central	version	3.2.0
file	name	protobuf-java
file	version	3.2.0
manifest	Bundle-Description	Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an efficient yet extensible format.
Manifest	bundle-docurl	https://developers.google.com/protocol-buffers/
Manifest	Bundle-Name	Protocol Buffers [Core]
Manifest	bundle-symbolicname	com.google.protobuf
Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"
pom	artifactid	protobuf-java
pom	description	Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an efficient yet extensible format.
pom	groupid	com.google.protobuf
pom	groupid	google.protobuf
pom	name	Protocol Buffers [Core]
pom	parent-artifactid	protobuf-parent
pom	parent-groupid	com.google.protobuf
pom	version	3.2.0

Identifiers

maven: com.google.protobuf:protobuf-java:3.2.0 Confidence:HIGHEST

json-simple-1.1.1.jar

Description: A simple Java toolkit for JSON

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/capitol/.m2/repository/com/googlecode/json-simple/json-simple/1.1.1/json-simple-1.1.1.jar
MD5: 5cc2c478d73e8454b4c369cee66c5bc7
SHA1: c9ad4a0850ab676c5c64461a05ca524cdfff59f1
Referenced In Project/Scope: ctlog:compile

Evidence

Source	Name	Value
central	artifactid	json-simple
central	groupid	com.googlecode.json-simple
central	version	1.1.1
file	name	json-simple
file	version	1.1.1
manifest	Bundle-Description	A simple Java toolkit for JSON
Manifest	Bundle-Name	JSON.simple
Manifest	bundle-symbolicname	com.googlecode.json-simple
pom	artifactid	json-simple
pom	description	A simple Java toolkit for JSON
pom	groupid	com.googlecode.json-simple
pom	groupid	googlecode.json-simple
pom	name	JSON.simple
pom	url	http://code.google.com/p/json-simple/
pom	version	1.1.1

Identifiers

maven: com.googlecode.json-simple:json-simple:1.1.1 Confidence:HIGHEST

commons-codec-1.8.jar

Description: The codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/capitol/.m2/repository/commons-codec/commons-codec/1.8/commons-codec-1.8.jar
MD5: b87aa66fe75685c82d082e750ab51b2e
SHA1: af3be3f74d25fc5163b54f56a0d394b462dafafd
Referenced In Project/Scope: ctlog:compile

Evidence

Source	Name	Value
central	artifactid	commons-codec
central	groupid	commons-codec
central	version	1.8
file	name	commons-codec
file	version	1.8
manifest	Bundle-Description	The codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
Manifest	bundle-docurl	http://commons.apache.org/proper/commons-codec/
Manifest	Bundle-Name	Commons Codec
Manifest	bundle-symbolicname	org.apache.commons.codec
Manifest	implementation-build	tags/1.8-RC4@r1469894; 2013-04-23 08:55:15-0400
Manifest	Implementation-Title	Commons Codec
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	1.8
Manifest	specification-title	Commons Codec
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	commons-codec
pom	description	The codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
pom	groupid	commons-codec
pom	name	Commons Codec
pom	parent-artifactid	commons-parent
pom	parent-groupid	org.apache.commons
pom	url	http://commons.apache.org/proper/commons-codec/
pom	version	1.8

Identifiers

maven: commons-codec:commons-codec:1.8 Confidence:HIGHEST

commons-logging-1.1.3.jar

Description: Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/capitol/.m2/repository/commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar
MD5: 92eb5aabc1b47287de53d45c086a435c
SHA1: f6f66e966c70a83ffbdb6f17a0919eaf7c8aca7f
Referenced In Project/Scope: ctlog:compile

Evidence

Source	Name	Value
central	artifactid	commons-logging
central	groupid	commons-logging
central	version	1.1.3
file	name	commons-logging
file	version	1.1.3
manifest	Bundle-Description	Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.
Manifest	bundle-docurl	http://commons.apache.org/proper/commons-logging/
Manifest	Bundle-Name	Commons Logging
Manifest	bundle-symbolicname	org.apache.commons.logging
Manifest	implementation-build	tags/LOGGING_1_1_3_RC2@r1483540; 2013-05-16 22:04:41+0200
Manifest	Implementation-Title	Commons Logging
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	1.1.3
Manifest	specification-title	Commons Logging
Manifest	specification-vendor	The Apache Software Foundation
pom	artifactid	commons-logging
pom	description	Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.
pom	groupid	commons-logging
pom	name	Commons Logging
pom	parent-artifactid	commons-parent
pom	parent-groupid	org.apache.commons
pom	url	http://commons.apache.org/proper/commons-logging/
pom	version	1.1.3

Identifiers

maven: commons-logging:commons-logging:1.1.3 Confidence:HIGHEST

httpclient-4.3.3.jar

Description: HttpComponents Client

File Path: /home/capitol/.m2/repository/org/apache/httpcomponents/httpclient/4.3.3/httpclient-4.3.3.jar
MD5: 88cc3123fce88d61b7c2cdbfc33542c5
SHA1: 18f4247ff4572a074444572cee34647c43e7c9c7
Referenced In Project/Scope: ctlog:compile

Evidence

Source	Name	Value
central	artifactid	httpclient
central	groupid	org.apache.httpcomponents
central	version	4.3.3
file	name	httpclient
file	version	4.3.3
Manifest	implementation-build	tags/4.3.3-RC1/httpclient@r1570731; 2014-02-22 09:04:11-0500
Manifest	Implementation-Title	HttpComponents Apache HttpClient
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	4.3.3
Manifest	specification-title	HttpComponents Apache HttpClient
Manifest	specification-vendor	The Apache Software Foundation
Manifest	url	http://hc.apache.org/httpcomponents-client
pom	artifactid	httpclient
pom	description	HttpComponents Client
pom	groupid	apache.httpcomponents
pom	groupid	org.apache.httpcomponents
pom	name	Apache HttpClient
pom	parent-artifactid	httpcomponents-client
pom	parent-groupid	org.apache.httpcomponents
pom	url	http://hc.apache.org/httpcomponents-client
pom	version	4.3.3

Identifiers

cpe: cpe:/a:apache:httpclient:4.3.3 Confidence:HIGHEST
maven: org.apache.httpcomponents:httpclient:4.3.3 Confidence:HIGHEST

Published Vulnerabilities

CVE-2015-5262

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1626784
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1261538
CONFIRM - https://issues.apache.org/jira/browse/HTTPCLIENT-1478
FEDORA - FEDORA-2015-15588
FEDORA - FEDORA-2015-15589
FEDORA - FEDORA-2015-15590
SECTRACK - 1033743
UBUNTU - USN-2769-1

Vulnerable Software & Versions:

cpe:/a:apache:httpclient:4.3.5 and all previous versions

CVE-2014-3577

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.

BID - 69258
CONFIRM - https://access.redhat.com/solutions/1165533
CONFIRM - https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564
CONFIRM - https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05363782
FULLDISC - 20140818 CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack
MISC - http://packetstormsecurity.com/files/127913/Apache-HttpComponents-Man-In-The-Middle.html
OSVDB - 110143
REDHAT - RHSA-2014:1146
REDHAT - RHSA-2014:1166
REDHAT - RHSA-2014:1833
REDHAT - RHSA-2014:1834
REDHAT - RHSA-2014:1835
REDHAT - RHSA-2014:1836
REDHAT - RHSA-2014:1891
REDHAT - RHSA-2014:1892
REDHAT - RHSA-2015:0125
REDHAT - RHSA-2015:0158
REDHAT - RHSA-2015:0675
REDHAT - RHSA-2015:0720
REDHAT - RHSA-2015:0765
REDHAT - RHSA-2015:0850
REDHAT - RHSA-2015:0851
REDHAT - RHSA-2015:1176
REDHAT - RHSA-2015:1177
SECTRACK - 1030812
SECUNIA - 60466
UBUNTU - USN-2769-1
XF - apache-cve20143577-spoofing(95327)

Vulnerable Software & Versions: (show all)

httpcore-4.3.2.jar

Description: HttpComponents Core (blocking I/O)

File Path: /home/capitol/.m2/repository/org/apache/httpcomponents/httpcore/4.3.2/httpcore-4.3.2.jar
MD5: ee3d34dce4a30c7d3002cadf8c9172c1
SHA1: 31fbbff1ddbf98f3aa7377c94d33b0447c646b6e
Referenced In Project/Scope: ctlog:compile

Evidence

Source	Name	Value
central	artifactid	httpcore
central	groupid	org.apache.httpcomponents
central	version	4.3.2
file	name	httpcore
file	version	4.3.2
Manifest	implementation-build	UNKNOWN_BRANCH@r??????; 2014-02-12 21:43:05+0100
Manifest	Implementation-Title	HttpComponents Apache HttpCore
Manifest	Implementation-Vendor	The Apache Software Foundation
Manifest	Implementation-Vendor-Id	org.apache
Manifest	Implementation-Version	4.3.2
Manifest	specification-title	HttpComponents Apache HttpCore
Manifest	specification-vendor	The Apache Software Foundation
Manifest	url	http://hc.apache.org/httpcomponents-core-ga
pom	artifactid	httpcore
pom	description	HttpComponents Core (blocking I/O)
pom	groupid	apache.httpcomponents
pom	groupid	org.apache.httpcomponents
pom	name	Apache HttpCore
pom	parent-artifactid	httpcomponents-core
pom	parent-groupid	org.apache.httpcomponents
pom	url	http://hc.apache.org/httpcomponents-core-ga
pom	version	4.3.2

Identifiers

maven: org.apache.httpcomponents:httpcore:4.3.2 Confidence:HIGHEST

bcpkix-jdk15on-1.49.jar

Description: The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.7. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.

License:

Bouncy Castle Licence: http://www.bouncycastle.org/licence.html

File Path: /home/capitol/.m2/repository/org/bouncycastle/bcpkix-jdk15on/1.49/bcpkix-jdk15on-1.49.jar
MD5: cb025ef84fb991e14fdf62f6bef7be53
SHA1: 924cc7ad2f589630c97b918f044296ebf1bb6855
Referenced In Project/Scope: ctlog:compile

Evidence

Source	Name	Value
central	artifactid	bcpkix-jdk15on
central	groupid	org.bouncycastle
central	version	1.49
file	name	bcpkix-jdk15on
file	version	1.49
Manifest	Bundle-Name	bcpkix
Manifest	bundle-requiredexecutionenvironment	J2SE-1.5, JavaSE-1.6, JavaSE-1.7
Manifest	bundle-symbolicname	bcpkix
Manifest	extension-name	org.bouncycastle.bcpkix
Manifest	Implementation-Vendor	BouncyCastle.org
Manifest	Implementation-Vendor-Id	org.bouncycastle
Manifest	Implementation-Version	1.49.0
Manifest	originally-created-by	1.5.0_08-b03 (Sun Microsystems Inc.)
Manifest	specification-vendor	BouncyCastle.org
pom	artifactid	bcpkix-jdk15on
pom	description	The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.7. The APIs can be used in conjunction with a JCE/JCA provider ...
pom	groupid	bouncycastle
pom	groupid	org.bouncycastle
pom	name	Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs
pom	url	http://www.bouncycastle.org/java.html
pom	version	1.49

Identifiers

maven: org.bouncycastle:bcpkix-jdk15on:1.49 Confidence:HIGHEST

bcprov-jdk15on-1.49.jar

Description: The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.7.

License:

Bouncy Castle Licence: http://www.bouncycastle.org/licence.html

File Path: /home/capitol/.m2/repository/org/bouncycastle/bcprov-jdk15on/1.49/bcprov-jdk15on-1.49.jar
MD5: 20f367d41a546f2c844314da5d97ea12
SHA1: f5155f04330459104b79923274db5060c1057b99
Referenced In Project/Scope: ctlog:compile

Evidence

Source	Name	Value
central	artifactid	bcprov-jdk15on
central	groupid	org.bouncycastle
central	version	1.49
file	name	bcprov-jdk15on
file	version	1.49
Manifest	Bundle-Name	bcprov
Manifest	bundle-requiredexecutionenvironment	J2SE-1.5, JavaSE-1.6, JavaSE-1.7
Manifest	bundle-symbolicname	bcprov
Manifest	extension-name	org.bouncycastle.bcprovider
Manifest	Implementation-Vendor	BouncyCastle.org
Manifest	Implementation-Vendor-Id	org.bouncycastle
Manifest	Implementation-Version	1.49.0
Manifest	originally-created-by	1.5.0_08-b03 (Sun Microsystems Inc.)
Manifest	specification-vendor	BouncyCastle.org
pom	artifactid	bcprov-jdk15on
pom	description	The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.7.
pom	groupid	bouncycastle
pom	groupid	org.bouncycastle
pom	name	Bouncy Castle Provider
pom	url	http://www.bouncycastle.org/java.html
pom	version	1.49

Identifiers

cpe: cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.49 Confidence:LOW
cpe: cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.49 Confidence:LOW
maven: org.bouncycastle:bcprov-jdk15on:1.49 Confidence:HIGHEST

Published Vulnerabilities

CVE-2015-7940

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."

BID - 79091
CONFIRM - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
DEBIAN - DSA-3417
FEDORA - FEDORA-2015-7d95466eda
MISC - http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
MLIST - [oss-security] 20151022 CVE Request: invalid curve attack on bouncycastle
MLIST - [oss-security] 20151022 Re: CVE Request: invalid curve attack on bouncycastle
SUSE - openSUSE-SU-2015:1911

Vulnerable Software & Versions: (show all)

hamcrest-core-1.3.jar

Description: This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.

File Path: /home/capitol/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar
MD5: 6393363b47ddcbba82321110c3e07519
SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0
Referenced In Project/Scope: ctlog:compile

Evidence

Source	Name	Value
central	artifactid	hamcrest-core
central	groupid	org.hamcrest
central	version	1.3
file	name	hamcrest-core
file	version	1.3
Manifest	built-date	2012-07-09 19:49:34
Manifest	Implementation-Title	hamcrest-core
Manifest	Implementation-Vendor	hamcrest.org
Manifest	Implementation-Version	1.3
pom	artifactid	hamcrest-core
pom	description	This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.
pom	groupid	hamcrest
pom	groupid	org.hamcrest
pom	name	Hamcrest Core
pom	parent-artifactid	hamcrest-parent
pom	parent-groupid	org.hamcrest
pom	version	1.3

Identifiers

maven: org.hamcrest:hamcrest-core:1.3 Confidence:HIGHEST

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: ctlog

Dependencies

guava-16.0.1.jar

Evidence

Identifiers

protobuf-java-3.2.0.jar

Evidence

Identifiers

json-simple-1.1.1.jar

Evidence

Identifiers

commons-codec-1.8.jar

Evidence

Identifiers

commons-logging-1.1.3.jar

Evidence

Identifiers

httpclient-4.3.3.jar

Evidence

Identifiers

Published Vulnerabilities

httpcore-4.3.2.jar

Evidence

Identifiers

bcpkix-jdk15on-1.49.jar

Evidence

Identifiers

bcprov-jdk15on-1.49.jar

Evidence

Identifiers

Published Vulnerabilities

hamcrest-core-1.3.jar

Evidence

Identifiers