Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
pentestitBlackPENTESTIT:30AA332D5D04A4C69FDE4D187314152E
HistoryJun 10, 2019 - 6:03 a.m.

UPDATE: OWASP Dependency-Check 5.0.0

2019-06-1006:03:45
Black
pentestit.com
596

0.033 Low

EPSS

Percentile

90.4%

JSON

PenTestIT RSS Feed

My first post about this open source OWASP project was about an older version. About 18 hours ago, a new version was released. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 5.0.0, which includes a lot of bug fixes and enhancements.

OWASP Dependency-Check 5.0.0

What is OWASP Dependency-Check?

> OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies. It can currently be used to scan Java and .NET applications to identify the use of known vulnerable components with experimental analyzers for Python, Ruby, PHP (composer), and Node.js applications. Additionally, OWASP Dependency-Check has experimental analyzers that can be used to scan some C/C++ source code, including OpenSSL source code and projects that use Autoconf or CMake.

The OWASP Dependency-Check 5.0.0 release is a major release with many breaking changes;

  • Updated to use the NVD JSON data feeds
  • OSS Index Integration
  • .NET analysis now requires dotnet core
  • Add caching of OSS-Index, Central Analyzer, and Node Audit analysis results.
  • General bug fixes identified in the previous milestone releases; such as:
    • False Positive on spring-boot-starter-security 2.1.5 - CPE for spring_security:2.1.5
    • Documentation of <until> feature is missing
    • CPEAnalyzer fails to identify products with “-” in product name
    • HTML Report uses vulnerable jquery version
    • Add support for suppressionURL (with default)
    • False Positive on micrometer-registry-prometheus
    • False Positive on auth0/jwks-rsa-java
    • False Positive on spring-boot
    • False Positive on [mysql-connector-java] - server vulnerabilities listed
    • False Positive on hazelcast-kubernetes
    • Maybe false negatives [CVE-2015-1796, CVE-2016-4977, CVE-2017-7536]
    • Implement Package URL into all standard reports

Download OWASP Dependency-Check 5.0.0:

Download OWASP Dependency-Check 5.0.0 (DependencyCheck-5.0.0.zip/DependencyCheck-5.0.0.tar.gz) and other related plugins here.

The post UPDATE: OWASP Dependency-Check 5.0.0 appeared first on PenTestIT.

Related

nuclei 1
checkpoint_advisories 1
osv 5
cve 3
prion 3
seebug 1
github 3
veracode 1
redhatcve 1
debiancve 1
ubuntucve 2
ibm 4
nessus 10
redhat 17
oracle 1
nuclei
nuclei
Spring Security OAuth2 Remote Command Execution
2022-01-05 08:37:28
checkpoint_advisories
checkpoint_advisories
Pivotal Spring Security OAuth SpelView Code Execution (CVE-2016-4977)
2016-11-20 00:00:00
osv
osv
Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views
2018-10-18 18:06:22
CVE-2016-4977
2017-05-25 17:29:00
Privilege Escalation in Hibernate Validator
2020-06-15 19:57:48
cve
cve
CVE-2016-4977
2017-05-25 17:29:00
CVE-2017-7536
2018-01-10 15:29:00
CVE-2015-1796
2015-07-08 15:59:00
prion
prion
Design/Logic Flaw
2017-05-25 17:29:00
Privilege escalation
2018-01-10 15:29:00
Design/Logic Flaw
2015-07-08 15:59:00
seebug
seebug
Spring Security Oauth remote code execution vulnerability
2016-10-17 00:00:00
github
github
Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views
2018-10-18 18:06:22
Privilege Escalation in Hibernate Validator
2020-06-15 19:57:48
Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML
2022-05-17 03:38:17
veracode
veracode
Privilege Escalation
2017-09-27 07:15:18
redhatcve
redhatcve
CVE-2017-7536
2020-04-09 07:03:17
debiancve
debiancve
CVE-2017-7536
2018-01-10 15:29:00
ubuntucve
ubuntucve
CVE-2017-7536
2018-01-10 00:00:00
CVE-2015-1796
2015-07-08 00:00:00
ibm
ibm
Security Bulletin: IBM Resilient SOAR is using opensaml-2.6.4.jar that could be vulnerable to bypass security restrictions (CVE-2015-1796)
2021-02-25 14:37:56
Security Bulletin: IBM Tivoli Netcool Impact is affected by open source vulnerabilities
2018-07-18 09:46:57
Security Bulletin: Multiple Vulnerabilities identified in IBM StoredIQ
2020-02-20 12:42:12
nessus
nessus
RHEL 7 : rhvm-appliance (RHSA-2017:3141)
2017-11-10 00:00:00
RHEL 7 : JBoss EAP (RHSA-2018:2741)
2018-09-27 00:00:00
RHEL 6 : JBoss EAP (RHSA-2018:2743)
2018-09-27 00:00:00
redhat
redhat
(RHSA-2017:3141) Important: rhvm-appliance security, bug fix, and enhancement update
2017-11-07 17:03:46
(RHSA-2018:3817) Important: Red Hat JBoss Fuse/A-MQ 6.3 R10 security and bug fix update
2018-12-11 14:11:01
(RHSA-2018:2742) Important: Red Hat JBoss Enterprise Application Platform 6.4.21 security update
2018-09-24 21:45:31
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00

0.033 Low

EPSS

Percentile

90.4%

JSON
Related for PENTESTIT:30AA332D5D04A4C69FDE4D187314152E
nuclei1checkpoint_advisories1osv5cve3prion3seebug1github3veracode1redhatcve1debiancve1ubuntucve2ibm4nessus10redhat17oracle1