Dependencycheck: Large number of false positives for New Relic Java Agent

Created on 2 Jul 2017  路  6Comments  路  Source: jeremylong/DependencyCheck

Our software bundles the New Relic Java Agent. Its analysis triggers a lot of false positives. Version we're currently using i.c.w. the Maven plugin: 

<dependency>
   <groupId>com.newrelic.agent.java</groupId>
   <artifactId>newrelic-agent</artifactId>
   <version>3.40.0</version>
</dependency>
CLI-based reproduction script: 
#!/bin/sh

curl -o /tmp/newrelic-agent.jar \
  https://repo1.maven.org/maven2/com/newrelic/agent/java/newrelic-agent/3.40.0/newrelic-agent-3.40.0.jar
bin/dependency-check.sh --project 'New Relic Agent' --out /tmp --format XML --scan /tmp/newrelic-agent.jar
xmlstarlet sel -T -N 'x=https://jeremylong.github.io/DependencyCheck/dependency-check.1.5.xsd' \
  -t -m '//x:vulnerability' -v 'concat(x:name, " - ", ../../x:fileName)' -nl \
  /tmp/dependency-check-report.xml | sort -u
The checker identifies the instrumentation files bundled inside the agent (each in their own JAR, for different versions of the various target libraries) as "the real deal":
Script output. 
CVE-2000-1210 - newrelic-agent.jar: tomcat-7-1.0.jar
CVE-2001-0407 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2001-0509 - newrelic-agent.jar: jdbc-sqlserver-1.0.jar
CVE-2001-0590 - newrelic-agent.jar: tomcat-7-1.0.jar
CVE-2001-1274 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2001-1275 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2001-1454 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2002-0493 - newrelic-agent.jar: tomcat-7-1.0.jar
CVE-2003-1331 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2004-0457 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2004-0835 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2004-0836 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2004-0837 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2005-3510 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2005-4838 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2005-4838 - newrelic-agent.jar: tomcat-7-1.0.jar
CVE-2006-3486 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2006-3486 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2006-4226 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2006-4226 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2006-7196 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2006-7196 - newrelic-agent.jar: tomcat-7-1.0.jar
CVE-2006-7232 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2006-7232 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2006-7232 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2007-0450 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2007-0450 - newrelic-agent.jar: tomcat-7-1.0.jar
CVE-2007-0556 - newrelic-agent.jar: jdbc-postgresql-9.4.1207-1.0.jar
CVE-2007-0556 - newrelic-agent.jar: jdbc-postgresql-9.4.1208-1.0.jar
CVE-2007-1358 - newrelic-agent.jar: tomcat-7-1.0.jar
CVE-2007-1420 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2007-1858 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2007-2138 - newrelic-agent.jar: jdbc-postgresql-9.4.1207-1.0.jar
CVE-2007-2138 - newrelic-agent.jar: jdbc-postgresql-9.4.1208-1.0.jar
CVE-2007-2449 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2007-2449 - newrelic-agent.jar: tomcat-7-1.0.jar
CVE-2007-2450 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2007-2582 - newrelic-agent.jar: jdbc-db2-1.0.jar
CVE-2007-2583 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2007-2691 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2007-2691 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2007-2691 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2007-2692 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2007-2692 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2007-3382 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2007-3385 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2007-3386 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2007-3676 - newrelic-agent.jar: jdbc-db2-1.0.jar
CVE-2007-4772 - newrelic-agent.jar: jdbc-postgresql-9.4.1207-1.0.jar
CVE-2007-4772 - newrelic-agent.jar: jdbc-postgresql-9.4.1208-1.0.jar
CVE-2007-5090 - newrelic-agent.jar: jdbc-db2-1.0.jar
CVE-2007-5090 - newrelic-agent.jar: jdbc-sqlserver-1.0.jar
CVE-2007-5333 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2007-5652 - newrelic-agent.jar: jdbc-db2-1.0.jar
CVE-2007-5925 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2007-5925 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2007-5925 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2007-5970 - newrelic-agent.jar: jdbc-mysql-6.0.2-1.0.jar
CVE-2007-6303 - newrelic-agent.jar: jdbc-mysql-6.0.2-1.0.jar
CVE-2007-6304 - newrelic-agent.jar: jdbc-mysql-6.0.2-1.0.jar
CVE-2008-0128 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2008-0128 - newrelic-agent.jar: tomcat-7-1.0.jar
CVE-2008-0226 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2008-0226 - newrelic-agent.jar: jdbc-mysql-6.0.2-1.0.jar
CVE-2008-0226 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2008-0226 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2008-0699 - newrelic-agent.jar: jdbc-db2-1.0.jar
CVE-2008-1232 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2008-1998 - newrelic-agent.jar: jdbc-db2-1.0.jar
CVE-2008-2079 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2008-2079 - newrelic-agent.jar: jdbc-mysql-6.0.2-1.0.jar
CVE-2008-2079 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2008-2079 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2008-2370 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2008-2462 - newrelic-agent.jar: resin-3-1.0.jar
CVE-2008-3958 - newrelic-agent.jar: jdbc-db2-1.0.jar
CVE-2008-3959 - newrelic-agent.jar: jdbc-db2-1.0.jar
CVE-2008-3963 - newrelic-agent.jar: jdbc-mysql-6.0.2-1.0.jar
CVE-2008-3963 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2008-3963 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2008-4098 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2008-4098 - newrelic-agent.jar: jdbc-mysql-6.0.2-1.0.jar
CVE-2008-4098 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2008-4098 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2008-4691 - newrelic-agent.jar: jdbc-db2-1.0.jar
CVE-2008-4692 - newrelic-agent.jar: jdbc-db2-1.0.jar
CVE-2008-4693 - newrelic-agent.jar: jdbc-db2-1.0.jar
CVE-2008-5515 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2008-5519 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2008-7247 - newrelic-agent.jar: jdbc-mysql-6.0.2-1.0.jar
CVE-2008-7247 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2008-7247 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2009-0033 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2009-0580 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2009-0781 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2009-0783 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2009-0819 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2009-0819 - newrelic-agent.jar: jdbc-mysql-6.0.2-1.0.jar
CVE-2009-0819 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2009-0819 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2009-1239 - newrelic-agent.jar: jdbc-db2-1.0.jar
CVE-2009-1905 - newrelic-agent.jar: jdbc-db2-1.0.jar
CVE-2009-2693 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2009-2696 - newrelic-agent.jar: tomcat-7-1.0.jar
CVE-2009-2858 - newrelic-agent.jar: jdbc-db2-1.0.jar
CVE-2009-2859 - newrelic-agent.jar: jdbc-db2-1.0.jar
CVE-2009-2860 - newrelic-agent.jar: jdbc-db2-1.0.jar
CVE-2009-2901 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2009-2902 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2009-3548 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2009-3821 - newrelic-agent.jar: solr-1.4.0-1.0.jar
CVE-2009-3821 - newrelic-agent.jar: solr-3.1.0-1.0.jar
CVE-2009-3821 - newrelic-agent.jar: solr-3.5.0-1.0.jar
CVE-2009-3821 - newrelic-agent.jar: solr-3.6.0-1.0.jar
CVE-2009-3821 - newrelic-agent.jar: solr-4.0.0-1.0.jar
CVE-2009-3821 - newrelic-agent.jar: solr-5.0.0-1.0.jar
CVE-2009-3821 - newrelic-agent.jar: solr-5.1.0-1.0.jar
CVE-2009-3821 - newrelic-agent.jar: solr-5.4.0-1.0.jar
CVE-2009-3821 - newrelic-agent.jar: solr-6.4.0-1.0.jar
CVE-2009-4019 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2009-4019 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2009-4028 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2009-4028 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2009-4028 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2009-4030 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2009-4030 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2009-4269 - newrelic-agent.jar: jdbc-embedded-derby-10.2.1.6-1.0.jar
CVE-2009-5026 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2009-5026 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2010-0733 - newrelic-agent.jar: jdbc-postgresql-9.4.1207-1.0.jar
CVE-2010-0733 - newrelic-agent.jar: jdbc-postgresql-9.4.1208-1.0.jar
CVE-2010-1151 - newrelic-agent.jar: solr-1.4.0-1.0.jar
CVE-2010-1151 - newrelic-agent.jar: solr-3.1.0-1.0.jar
CVE-2010-1151 - newrelic-agent.jar: solr-3.5.0-1.0.jar
CVE-2010-1151 - newrelic-agent.jar: solr-3.6.0-1.0.jar
CVE-2010-1151 - newrelic-agent.jar: solr-4.0.0-1.0.jar
CVE-2010-1157 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2010-1560 - newrelic-agent.jar: jdbc-db2-1.0.jar
CVE-2010-1621 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2010-1621 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2010-1621 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2010-1626 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2010-1626 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2010-1626 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2010-1848 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2010-1848 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2010-1849 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2010-1849 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2010-1850 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2010-1850 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2010-2008 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2010-2008 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2010-2008 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2010-2227 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2010-3676 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2010-3676 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2010-3677 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2010-3677 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2010-3677 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2010-3678 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2010-3678 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2010-3679 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2010-3679 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2010-3680 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2010-3680 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2010-3681 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2010-3681 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2010-3682 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2010-3682 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2010-3682 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2010-3683 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2010-3683 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2010-3718 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2010-3833 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2010-3833 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2010-3834 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2010-3834 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2010-3835 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2010-3835 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2010-3836 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2010-3836 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2010-3837 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2010-3837 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2010-3838 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2010-3838 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2010-3839 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2010-3839 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2010-3840 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2010-3840 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2011-0013 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2011-0731 - newrelic-agent.jar: jdbc-db2-1.0.jar
CVE-2011-0757 - newrelic-agent.jar: jdbc-db2-1.0.jar
CVE-2011-1184 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2011-1373 - newrelic-agent.jar: jdbc-db2-1.0.jar
CVE-2011-1498 - newrelic-agent.jar: solr-4.0.0-1.0.jar
CVE-2011-1846 - newrelic-agent.jar: jdbc-db2-1.0.jar
CVE-2011-1847 - newrelic-agent.jar: jdbc-db2-1.0.jar
CVE-2011-2204 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2011-2262 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2011-2262 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2011-2526 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2011-3190 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2011-5062 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2011-5063 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2011-5064 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2012-0022 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2012-0075 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-0075 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-0087 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-0087 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-0101 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-0101 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-0102 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-0102 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-0112 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-0112 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-0113 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-0113 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-0114 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-0114 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-0115 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-0115 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-0116 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-0116 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-0118 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-0118 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-0119 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-0119 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-0120 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-0120 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-0484 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-0484 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-0485 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-0485 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-0490 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-0490 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-0492 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-0492 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-0540 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-0540 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-0553 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-0553 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-0572 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-0572 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-0574 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-0574 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-0583 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-0583 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-0882 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-0882 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-1688 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-1688 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-1689 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-1689 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-1690 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-1690 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-1696 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-1696 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-1697 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-1697 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-1702 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-1702 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-1703 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-1703 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-1705 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-1705 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-1734 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-1734 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-1856 - newrelic-agent.jar: jdbc-sqlserver-1.0.jar
CVE-2012-2102 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-2102 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-2552 - newrelic-agent.jar: jdbc-sqlserver-1.0.jar
CVE-2012-2749 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-2749 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-2965 - newrelic-agent.jar: resin-3-1.0.jar
CVE-2012-2966 - newrelic-agent.jar: resin-3-1.0.jar
CVE-2012-2967 - newrelic-agent.jar: resin-3-1.0.jar
CVE-2012-2968 - newrelic-agent.jar: resin-3-1.0.jar
CVE-2012-2969 - newrelic-agent.jar: resin-3-1.0.jar
CVE-2012-3150 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-3150 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-3158 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-3158 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-3160 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-3160 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-3163 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-3163 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-3166 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-3166 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-3167 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-3167 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-3173 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-3173 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-3177 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-3177 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-3180 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-3180 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-3197 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-3197 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-3324 - newrelic-agent.jar: jdbc-db2-1.0.jar
CVE-2012-5060 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-5060 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-5568 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2012-5568 - newrelic-agent.jar: tomcat-7-1.0.jar
CVE-2012-5575 - newrelic-agent.jar: cxf-2.7-1.0.jar
CVE-2012-5627 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2012-5627 - newrelic-agent.jar: jdbc-mysql-6.0.2-1.0.jar
CVE-2012-5627 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2012-5627 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2012-5633 - newrelic-agent.jar: cxf-2.7-1.0.jar
CVE-2012-5783 - newrelic-agent.jar: httpclient-3.0-1.0.jar
CVE-2012-5786 - newrelic-agent.jar: cxf-2.7-1.0.jar
CVE-2012-5885 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2012-5886 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2012-5887 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2012-6153 - newrelic-agent.jar: httpclient-3.0-1.0.jar
CVE-2012-6153 - newrelic-agent.jar: httpclient-3.1-1.0.jar
CVE-2012-6153 - newrelic-agent.jar: solr-1.4.0-1.0.jar
CVE-2012-6153 - newrelic-agent.jar: solr-3.1.0-1.0.jar
CVE-2012-6153 - newrelic-agent.jar: solr-3.5.0-1.0.jar
CVE-2012-6153 - newrelic-agent.jar: solr-3.6.0-1.0.jar
CVE-2012-6612 - newrelic-agent.jar: solr-1.4.0-1.0.jar
CVE-2012-6612 - newrelic-agent.jar: solr-3.1.0-1.0.jar
CVE-2012-6612 - newrelic-agent.jar: solr-3.5.0-1.0.jar
CVE-2012-6612 - newrelic-agent.jar: solr-3.6.0-1.0.jar
CVE-2012-6612 - newrelic-agent.jar: solr-4.0.0-1.0.jar
CVE-2012-6612 - newrelic-agent.jar: solr-5.0.0-1.0.jar
CVE-2012-6612 - newrelic-agent.jar: solr-5.1.0-1.0.jar
CVE-2012-6612 - newrelic-agent.jar: solr-5.4.0-1.0.jar
CVE-2012-6612 - newrelic-agent.jar: solr-6.4.0-1.0.jar
CVE-2013-0239 - newrelic-agent.jar: cxf-2.7-1.0.jar
CVE-2013-0375 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2013-0375 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2013-0375 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2013-0383 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2013-0383 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2013-0384 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2013-0384 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2013-0385 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2013-0385 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2013-0389 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2013-0389 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2013-1492 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2013-1492 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2013-1506 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2013-1506 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2013-1521 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2013-1521 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2013-1548 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2013-1548 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2013-1552 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2013-1552 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2013-1555 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2013-1555 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2013-1768 - newrelic-agent.jar: openjpa-1.0-1.0.jar
CVE-2013-2160 - newrelic-agent.jar: cxf-2.7-1.0.jar
CVE-2013-2185 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2013-2185 - newrelic-agent.jar: tomcat-7-1.0.jar
CVE-2013-2378 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2013-2378 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2013-2389 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2013-2389 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2013-2391 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2013-2391 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2013-2392 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2013-2392 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2013-3802 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2013-3802 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2013-3804 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2013-3804 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2013-3808 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2013-3808 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2013-4286 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2013-4286 - newrelic-agent.jar: tomcat-7-1.0.jar
CVE-2013-4322 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2013-4322 - newrelic-agent.jar: tomcat-7-1.0.jar
CVE-2013-4444 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2013-4444 - newrelic-agent.jar: tomcat-7-1.0.jar
CVE-2013-4590 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2013-4590 - newrelic-agent.jar: tomcat-7-1.0.jar
CVE-2013-5908 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2013-5908 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2013-6357 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2013-6357 - newrelic-agent.jar: tomcat-7-1.0.jar
CVE-2013-6397 - newrelic-agent.jar: solr-1.4.0-1.0.jar
CVE-2013-6397 - newrelic-agent.jar: solr-3.1.0-1.0.jar
CVE-2013-6397 - newrelic-agent.jar: solr-3.5.0-1.0.jar
CVE-2013-6397 - newrelic-agent.jar: solr-3.6.0-1.0.jar
CVE-2013-6397 - newrelic-agent.jar: solr-4.0.0-1.0.jar
CVE-2013-6397 - newrelic-agent.jar: solr-5.0.0-1.0.jar
CVE-2013-6397 - newrelic-agent.jar: solr-5.1.0-1.0.jar
CVE-2013-6397 - newrelic-agent.jar: solr-5.4.0-1.0.jar
CVE-2013-6397 - newrelic-agent.jar: solr-6.4.0-1.0.jar
CVE-2013-6407 - newrelic-agent.jar: solr-1.4.0-1.0.jar
CVE-2013-6407 - newrelic-agent.jar: solr-3.1.0-1.0.jar
CVE-2013-6407 - newrelic-agent.jar: solr-3.5.0-1.0.jar
CVE-2013-6407 - newrelic-agent.jar: solr-3.6.0-1.0.jar
CVE-2013-6407 - newrelic-agent.jar: solr-4.0.0-1.0.jar
CVE-2013-6407 - newrelic-agent.jar: solr-5.0.0-1.0.jar
CVE-2013-6407 - newrelic-agent.jar: solr-5.1.0-1.0.jar
CVE-2013-6407 - newrelic-agent.jar: solr-5.4.0-1.0.jar
CVE-2013-6407 - newrelic-agent.jar: solr-6.4.0-1.0.jar
CVE-2013-6408 - newrelic-agent.jar: solr-1.4.0-1.0.jar
CVE-2013-6408 - newrelic-agent.jar: solr-3.1.0-1.0.jar
CVE-2013-6408 - newrelic-agent.jar: solr-3.5.0-1.0.jar
CVE-2013-6408 - newrelic-agent.jar: solr-3.6.0-1.0.jar
CVE-2013-6408 - newrelic-agent.jar: solr-4.0.0-1.0.jar
CVE-2013-6408 - newrelic-agent.jar: solr-5.0.0-1.0.jar
CVE-2013-6408 - newrelic-agent.jar: solr-5.1.0-1.0.jar
CVE-2013-6408 - newrelic-agent.jar: solr-5.4.0-1.0.jar
CVE-2013-6408 - newrelic-agent.jar: solr-6.4.0-1.0.jar
CVE-2014-0001 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2014-0001 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2014-0001 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2014-0001 - newrelic-agent.jar: jdbc-mysql-6.0.2-1.0.jar
CVE-2014-0001 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2014-0001 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2014-0034 - newrelic-agent.jar: cxf-2.7-1.0.jar
CVE-2014-0035 - newrelic-agent.jar: cxf-2.7-1.0.jar
CVE-2014-0060 - newrelic-agent.jar: jdbc-postgresql-9.4.1207-1.0.jar
CVE-2014-0060 - newrelic-agent.jar: jdbc-postgresql-9.4.1208-1.0.jar
CVE-2014-0061 - newrelic-agent.jar: jdbc-postgresql-9.4.1207-1.0.jar
CVE-2014-0061 - newrelic-agent.jar: jdbc-postgresql-9.4.1208-1.0.jar
CVE-2014-0062 - newrelic-agent.jar: jdbc-postgresql-9.4.1207-1.0.jar
CVE-2014-0062 - newrelic-agent.jar: jdbc-postgresql-9.4.1208-1.0.jar
CVE-2014-0063 - newrelic-agent.jar: jdbc-postgresql-9.4.1207-1.0.jar
CVE-2014-0063 - newrelic-agent.jar: jdbc-postgresql-9.4.1208-1.0.jar
CVE-2014-0064 - newrelic-agent.jar: jdbc-postgresql-9.4.1207-1.0.jar
CVE-2014-0064 - newrelic-agent.jar: jdbc-postgresql-9.4.1208-1.0.jar
CVE-2014-0065 - newrelic-agent.jar: jdbc-postgresql-9.4.1207-1.0.jar
CVE-2014-0065 - newrelic-agent.jar: jdbc-postgresql-9.4.1208-1.0.jar
CVE-2014-0066 - newrelic-agent.jar: jdbc-postgresql-9.4.1207-1.0.jar
CVE-2014-0066 - newrelic-agent.jar: jdbc-postgresql-9.4.1208-1.0.jar
CVE-2014-0067 - newrelic-agent.jar: jdbc-postgresql-9.4.1207-1.0.jar
CVE-2014-0067 - newrelic-agent.jar: jdbc-postgresql-9.4.1208-1.0.jar
CVE-2014-0075 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2014-0075 - newrelic-agent.jar: tomcat-7-1.0.jar
CVE-2014-0096 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2014-0096 - newrelic-agent.jar: tomcat-7-1.0.jar
CVE-2014-0099 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2014-0099 - newrelic-agent.jar: tomcat-7-1.0.jar
CVE-2014-0109 - newrelic-agent.jar: cxf-2.7-1.0.jar
CVE-2014-0110 - newrelic-agent.jar: cxf-2.7-1.0.jar
CVE-2014-0119 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2014-0119 - newrelic-agent.jar: tomcat-7-1.0.jar
CVE-2014-0386 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2014-0386 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2014-0393 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2014-0393 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2014-0401 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2014-0401 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2014-0402 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2014-0402 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2014-0412 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2014-0412 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2014-0437 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2014-0437 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2014-2966 - newrelic-agent.jar: resin-3-1.0.jar
CVE-2014-3577 - newrelic-agent.jar: httpclient-3.0-1.0.jar
CVE-2014-3577 - newrelic-agent.jar: httpclient-3.1-1.0.jar
CVE-2014-3577 - newrelic-agent.jar: solr-1.4.0-1.0.jar
CVE-2014-3577 - newrelic-agent.jar: solr-3.1.0-1.0.jar
CVE-2014-3577 - newrelic-agent.jar: solr-3.5.0-1.0.jar
CVE-2014-3577 - newrelic-agent.jar: solr-3.6.0-1.0.jar
CVE-2014-3577 - newrelic-agent.jar: solr-4.0.0-1.0.jar
CVE-2014-3581 - newrelic-agent.jar: solr-1.4.0-1.0.jar
CVE-2014-3584 - newrelic-agent.jar: cxf-2.7-1.0.jar
CVE-2014-3623 - newrelic-agent.jar: cxf-2.7-1.0.jar
CVE-2014-4061 - newrelic-agent.jar: jdbc-sqlserver-1.0.jar
CVE-2014-6464 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2014-6464 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2014-6469 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2014-6469 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2014-6491 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2014-6491 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2014-6494 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2014-6494 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2014-6496 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2014-6496 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2014-6500 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2014-6500 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2014-6507 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2014-6507 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2014-6559 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2014-6559 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2014-8180 - newrelic-agent.jar: mongodb-2.12-1.0.jar
CVE-2014-8180 - newrelic-agent.jar: mongodb-2.14-1.0.jar
CVE-2014-8180 - newrelic-agent.jar: mongodb-3.0-1.0.jar
CVE-2014-8180 - newrelic-agent.jar: mongodb-3.1-1.0.jar
CVE-2015-1761 - newrelic-agent.jar: jdbc-sqlserver-1.0.jar
CVE-2015-1762 - newrelic-agent.jar: jdbc-sqlserver-1.0.jar
CVE-2015-1763 - newrelic-agent.jar: jdbc-sqlserver-1.0.jar
CVE-2015-1832 - newrelic-agent.jar: jdbc-embedded-derby-10.10.1.1-1.0.jar
CVE-2015-1832 - newrelic-agent.jar: jdbc-embedded-derby-10.11.1.1-1.0.jar
CVE-2015-1832 - newrelic-agent.jar: jdbc-embedded-derby-10.2.1.6-1.0.jar
CVE-2015-2575 - newrelic-agent.jar: jdbc-mysql-3.0.8-1.0.jar
CVE-2015-2575 - newrelic-agent.jar: jdbc-mysql-connection-5.1.4-1.0.jar
CVE-2015-2575 - newrelic-agent.jar: jdbc-mysql-multihost-connections-5.1.3-1.0.jar
CVE-2015-3152 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2015-3152 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2015-3165 - newrelic-agent.jar: jdbc-postgresql-9.4.1207-1.0.jar
CVE-2015-3165 - newrelic-agent.jar: jdbc-postgresql-9.4.1208-1.0.jar
CVE-2015-3254 - newrelic-agent.jar: thrift-0.8-1.0.jar
CVE-2015-5253 - newrelic-agent.jar: cxf-2.7-1.0.jar
CVE-2015-5262 - newrelic-agent.jar: httpclient-3.0-1.0.jar
CVE-2015-5262 - newrelic-agent.jar: httpclient-3.1-1.0.jar
CVE-2015-5262 - newrelic-agent.jar: solr-1.4.0-1.0.jar
CVE-2015-5262 - newrelic-agent.jar: solr-3.1.0-1.0.jar
CVE-2015-5262 - newrelic-agent.jar: solr-3.5.0-1.0.jar
CVE-2015-5262 - newrelic-agent.jar: solr-3.6.0-1.0.jar
CVE-2015-5262 - newrelic-agent.jar: solr-4.0.0-1.0.jar
CVE-2015-5288 - newrelic-agent.jar: jdbc-postgresql-9.4.1207-1.0.jar
CVE-2015-5288 - newrelic-agent.jar: jdbc-postgresql-9.4.1208-1.0.jar
CVE-2015-5289 - newrelic-agent.jar: jdbc-postgresql-9.4.1207-1.0.jar
CVE-2015-5289 - newrelic-agent.jar: jdbc-postgresql-9.4.1208-1.0.jar
CVE-2015-8795 - newrelic-agent.jar: solr-1.4.0-1.0.jar
CVE-2015-8795 - newrelic-agent.jar: solr-3.1.0-1.0.jar
CVE-2015-8795 - newrelic-agent.jar: solr-3.5.0-1.0.jar
CVE-2015-8795 - newrelic-agent.jar: solr-3.6.0-1.0.jar
CVE-2015-8795 - newrelic-agent.jar: solr-4.0.0-1.0.jar
CVE-2015-8795 - newrelic-agent.jar: solr-5.0.0-1.0.jar
CVE-2015-8795 - newrelic-agent.jar: solr-5.1.0-1.0.jar
CVE-2015-8795 - newrelic-agent.jar: solr-5.4.0-1.0.jar
CVE-2015-8795 - newrelic-agent.jar: solr-6.4.0-1.0.jar
CVE-2015-8796 - newrelic-agent.jar: solr-1.4.0-1.0.jar
CVE-2015-8796 - newrelic-agent.jar: solr-3.1.0-1.0.jar
CVE-2015-8796 - newrelic-agent.jar: solr-3.5.0-1.0.jar
CVE-2015-8796 - newrelic-agent.jar: solr-3.6.0-1.0.jar
CVE-2015-8796 - newrelic-agent.jar: solr-4.0.0-1.0.jar
CVE-2015-8796 - newrelic-agent.jar: solr-5.0.0-1.0.jar
CVE-2015-8796 - newrelic-agent.jar: solr-5.1.0-1.0.jar
CVE-2015-8796 - newrelic-agent.jar: solr-5.4.0-1.0.jar
CVE-2015-8796 - newrelic-agent.jar: solr-6.4.0-1.0.jar
CVE-2015-8797 - newrelic-agent.jar: solr-1.4.0-1.0.jar
CVE-2015-8797 - newrelic-agent.jar: solr-3.1.0-1.0.jar
CVE-2015-8797 - newrelic-agent.jar: solr-3.5.0-1.0.jar
CVE-2015-8797 - newrelic-agent.jar: solr-3.6.0-1.0.jar
CVE-2015-8797 - newrelic-agent.jar: solr-4.0.0-1.0.jar
CVE-2015-8797 - newrelic-agent.jar: solr-5.0.0-1.0.jar
CVE-2015-8797 - newrelic-agent.jar: solr-5.1.0-1.0.jar
CVE-2015-8797 - newrelic-agent.jar: solr-5.4.0-1.0.jar
CVE-2015-8797 - newrelic-agent.jar: solr-6.4.0-1.0.jar
CVE-2016-0505 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-0505 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-0546 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-0546 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-0596 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-0596 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-0597 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-0597 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-0598 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-0598 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-0600 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-0600 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-0606 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-0606 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-0608 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-0608 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-0609 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-0609 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-0610 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-0610 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-0616 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-0616 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-0640 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-0640 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-0641 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-0641 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-0643 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-0643 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-0644 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-0644 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-0646 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-0646 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-0647 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-0647 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-0648 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-0648 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-0649 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-0649 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-0650 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-0650 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-0666 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-0666 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-0766 - newrelic-agent.jar: jdbc-postgresql-9.4.1207-1.0.jar
CVE-2016-0766 - newrelic-agent.jar: jdbc-postgresql-9.4.1208-1.0.jar
CVE-2016-0768 - newrelic-agent.jar: jdbc-postgresql-9.4.1207-1.0.jar
CVE-2016-0768 - newrelic-agent.jar: jdbc-postgresql-9.4.1208-1.0.jar
CVE-2016-0773 - newrelic-agent.jar: jdbc-postgresql-9.4.1207-1.0.jar
CVE-2016-0773 - newrelic-agent.jar: jdbc-postgresql-9.4.1208-1.0.jar
CVE-2016-3092 - newrelic-agent.jar: tomcat-8.5.0-1.0.jar
CVE-2016-3092 - newrelic-agent.jar: tomcat-8.5.2-1.0.jar
CVE-2016-3452 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-3452 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-3477 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-3477 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-3492 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-3492 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-3495 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-3495 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-3506 - newrelic-agent.jar: jdbc-ojdbc7-12.1.0.2-1.0.jar
CVE-2016-3521 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-3521 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-3615 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-3615 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-5388 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2016-5388 - newrelic-agent.jar: tomcat-7.0.70-1.0.jar
CVE-2016-5388 - newrelic-agent.jar: tomcat-7-1.0.jar
CVE-2016-5388 - newrelic-agent.jar: tomcat-8.5.0-1.0.jar
CVE-2016-5388 - newrelic-agent.jar: tomcat-8.5.2-1.0.jar
CVE-2016-5423 - newrelic-agent.jar: jdbc-postgresql-9.4.1207-1.0.jar
CVE-2016-5423 - newrelic-agent.jar: jdbc-postgresql-9.4.1208-1.0.jar
CVE-2016-5424 - newrelic-agent.jar: jdbc-postgresql-9.4.1207-1.0.jar
CVE-2016-5424 - newrelic-agent.jar: jdbc-postgresql-9.4.1208-1.0.jar
CVE-2016-5425 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2016-5425 - newrelic-agent.jar: tomcat-7.0.70-1.0.jar
CVE-2016-5425 - newrelic-agent.jar: tomcat-7-1.0.jar
CVE-2016-5425 - newrelic-agent.jar: tomcat-8.5.0-1.0.jar
CVE-2016-5425 - newrelic-agent.jar: tomcat-8.5.2-1.0.jar
CVE-2016-5440 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-5440 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-5444 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-5444 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-5507 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-5507 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-5584 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-5584 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-5609 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-5609 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-5612 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-5612 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-5625 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-5625 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-5626 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-5626 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-5627 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-5627 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-5628 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-5628 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-5629 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-5629 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-5630 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-5630 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-5631 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-5631 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-5632 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-5632 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-5633 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-5633 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-5634 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-5634 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-5635 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-5635 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-6325 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2016-6325 - newrelic-agent.jar: tomcat-7.0.70-1.0.jar
CVE-2016-6325 - newrelic-agent.jar: tomcat-7-1.0.jar
CVE-2016-6325 - newrelic-agent.jar: tomcat-8.5.0-1.0.jar
CVE-2016-6325 - newrelic-agent.jar: tomcat-8.5.2-1.0.jar
CVE-2016-6494 - newrelic-agent.jar: mongodb-2.12-1.0.jar
CVE-2016-6494 - newrelic-agent.jar: mongodb-2.14-1.0.jar
CVE-2016-6494 - newrelic-agent.jar: mongodb-3.0-1.0.jar
CVE-2016-6494 - newrelic-agent.jar: mongodb-3.1-1.0.jar
CVE-2016-6662 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-6662 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-6663 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-6663 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-6664 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2016-6664 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2016-6816 - newrelic-agent.jar: tomcat-7.0.70-1.0.jar
CVE-2016-6816 - newrelic-agent.jar: tomcat-8.5.0-1.0.jar
CVE-2016-6816 - newrelic-agent.jar: tomcat-8.5.2-1.0.jar
CVE-2016-8735 - newrelic-agent.jar: tomcat-7.0.70-1.0.jar
CVE-2016-8735 - newrelic-agent.jar: tomcat-8.5.0-1.0.jar
CVE-2016-8735 - newrelic-agent.jar: tomcat-8.5.2-1.0.jar
CVE-2017-3302 - newrelic-agent.jar: jdbc-mariadb-1.1.7-1.0.jar
CVE-2017-3302 - newrelic-agent.jar: jdbc-mariadb-1.3.0-1.0.jar
CVE-2017-5647 - newrelic-agent.jar: tomcat-7.0.70-1.0.jar
CVE-2017-5647 - newrelic-agent.jar: tomcat-8.5.0-1.0.jar
CVE-2017-5647 - newrelic-agent.jar: tomcat-8.5.2-1.0.jar
CVE-2017-5648 - newrelic-agent.jar: tomcat-7.0.70-1.0.jar
CVE-2017-5648 - newrelic-agent.jar: tomcat-8.5.0-1.0.jar
CVE-2017-5648 - newrelic-agent.jar: tomcat-8.5.2-1.0.jar
CVE-2017-5650 - newrelic-agent.jar: tomcat-8.5.0-1.0.jar
CVE-2017-5650 - newrelic-agent.jar: tomcat-8.5.2-1.0.jar
CVE-2017-5651 - newrelic-agent.jar: tomcat-8.5.0-1.0.jar
CVE-2017-5651 - newrelic-agent.jar: tomcat-8.5.2-1.0.jar
CVE-2017-5653 - newrelic-agent.jar: cxf-2.7-1.0.jar
CVE-2017-5656 - newrelic-agent.jar: cxf-2.7-1.0.jar
CVE-2017-5664 - newrelic-agent.jar: tomcat-7.0.70-1.0.jar
CVE-2017-5664 - newrelic-agent.jar: tomcat-8.5.0-1.0.jar
CVE-2017-5664 - newrelic-agent.jar: tomcat-8.5.2-1.0.jar
CVE-2017-5929 - newrelic-agent.jar/META-INF/maven/ch.qos.logback/logback-classic/pom.xml
CVE-2017-5929 - newrelic-agent.jar/META-INF/maven/ch.qos.logback/logback-core/pom.xml
CVE-2017-6056 - newrelic-agent.jar: tomcat-5.5-1.0.jar
CVE-2017-6056 - newrelic-agent.jar: tomcat-7.0.70-1.0.jar
CVE-2017-6056 - newrelic-agent.jar: tomcat-7-1.0.jar
CVE-2017-6056 - newrelic-agent.jar: tomcat-8.5.0-1.0.jar
CVE-2017-6056 - newrelic-agent.jar: tomcat-8.5.2-1.0.jar
CVE-2017-7484 - newrelic-agent.jar: jdbc-postgresql-9.4.1207-1.0.jar
CVE-2017-7484 - newrelic-agent.jar: jdbc-postgresql-9.4.1208-1.0.jar

In the list above, only the warning about CVE-2017-5929, related to the properly bundled Logback dependency, seems valid.

It'd be nice if the detector could "somehow" recognize that the following bundled JARs are not the actual libraries:


JAR listing.

$ jar tf /tmp/newrelic-agent.jar instrumentation/
instrumentation/
instrumentation/akka-2.0-1.0.jar
instrumentation/akka-2.1-1.0.jar
instrumentation/akka-2.2-1.0.jar
instrumentation/akka-http-1.0-1.0.jar
instrumentation/akka-http-2.0-M1-1.0.jar
instrumentation/akka-http-2.4.2-1.0.jar
instrumentation/akka-http-2.4.5-1.0.jar
instrumentation/akka-http-core-0.4-1.0.jar
instrumentation/akka-http-core-0.7-1.0.jar
instrumentation/akka-http-core-1.0-1.0.jar
instrumentation/anorm-2.0-1.0.jar
instrumentation/anorm-2.3-1.0.jar
instrumentation/anorm-2.4-1.0.jar
instrumentation/async-http-client-2.0.0-1.0.jar
instrumentation/aws-java-sdk-1.3.30-1.0.jar
instrumentation/aws-java-sdk-dynamodb-1.11.106-1.0.jar
instrumentation/aws-wrap-0.7.0-1.0.jar
instrumentation/cassandra-datastax-2.1.2-1.0.jar
instrumentation/cassandra-datastax-3.0.0-1.0.jar
instrumentation/cxf-2.7-1.0.jar
instrumentation/ejb-3.0-1.0.jar
instrumentation/glassfish-3-1.0.jar
instrumentation/grails-1.3-1.0.jar
instrumentation/grails-2-1.0.jar
instrumentation/grails-async-2.3-1.0.jar
instrumentation/hibernate-3.3-1.0.jar
instrumentation/hibernate-3.5-1.0.jar
instrumentation/hibernate-4.0-1.0.jar
instrumentation/hibernate-4.2-1.0.jar
instrumentation/hibernate-4.3-1.0.jar
instrumentation/httpclient-3.0-1.0.jar
instrumentation/httpclient-3.1-1.0.jar
instrumentation/httpclient-4.0-1.0.jar
instrumentation/httpurlconnection-1.0.jar
instrumentation/hystrix-1.0.2-1.0.jar
instrumentation/hystrix-1.2-1.0.jar
instrumentation/hystrix-1.3.0-1.0.jar
instrumentation/hystrix-1.3.15-1.0.jar
instrumentation/hystrix-1.4-1.0.jar
instrumentation/java-io-1.0.jar
instrumentation/java.completable-future-jdk8-1.0.jar
instrumentation/java.completable-future-jdk8u40-1.0.jar
instrumentation/javax.xml-1.0.jar
instrumentation/jax-rs-1.0-1.0.jar
instrumentation/jboss-7-1.0.jar
instrumentation/jcache-1.0.0-1.0.jar
instrumentation/jcache-datastore-1.0.0-1.0.jar
instrumentation/jdbc-db2-1.0.jar
instrumentation/jdbc-driver-1.0.jar
instrumentation/jdbc-embedded-derby-10.10.1.1-1.0.jar
instrumentation/jdbc-embedded-derby-10.11.1.1-1.0.jar
instrumentation/jdbc-embedded-derby-10.2.1.6-1.0.jar
instrumentation/jdbc-generic-1.0.jar
instrumentation/jdbc-h2-1.0.jar
instrumentation/jdbc-hsqldb-1.7.2.2-1.0.jar
instrumentation/jdbc-hsqldb-2.2.9-1.0.jar
instrumentation/jdbc-inet-merlia-1.0.jar
instrumentation/jdbc-inet-oranxo-1.0.jar
instrumentation/jdbc-jtds-1.0.jar
instrumentation/jdbc-mariadb-1.1.7-1.0.jar
instrumentation/jdbc-mariadb-1.3.0-1.0.jar
instrumentation/jdbc-mysql-3.0.8-1.0.jar
instrumentation/jdbc-mysql-6.0.2-1.0.jar
instrumentation/jdbc-mysql-connection-5.1.4-1.0.jar
instrumentation/jdbc-mysql-multihost-connections-5.1.3-1.0.jar
instrumentation/jdbc-mysql-multihost-connections-6.0.2-1.0.jar
instrumentation/jdbc-ojdbc-1.0.jar
instrumentation/jdbc-ojdbc-tns-1.0.jar
instrumentation/jdbc-ojdbc7-12.1.0.2-1.0.jar
instrumentation/jdbc-postgresql-8.0-312.jdbc3-1.0.jar
instrumentation/jdbc-postgresql-9.4.1207-1.0.jar
instrumentation/jdbc-postgresql-9.4.1208-1.0.jar
instrumentation/jdbc-resultset-1.0.jar
instrumentation/jdbc-socket-1.0.jar
instrumentation/jdbc-sqlserver-1.0.jar
instrumentation/jdbc-sybase-6-1.0.jar
instrumentation/jedis-1.4.0-1.0.jar
instrumentation/jedis-2.7.1-1.0.jar
instrumentation/jedis-2.7.2-1.0.jar
instrumentation/jersey-1-1.0.jar
instrumentation/jersey-2-1.0.jar
instrumentation/jets3t-0.8.0-1.0.jar
instrumentation/jets3t-0.9.0-1.0.jar
instrumentation/jetty-6-1.0.jar
instrumentation/jetty-7-1.0.jar
instrumentation/jetty-7.6-1.0.jar
instrumentation/jetty-9-1.0.jar
instrumentation/jetty-9.0.4-1.0.jar
instrumentation/jetty-9.1-1.0.jar
instrumentation/jetty-9.3-1.0.jar
instrumentation/jetty-servlet-9-1.0.jar
instrumentation/jms-1.1-1.0.jar
instrumentation/jsp-2.4-1.0.jar
instrumentation/mongodb-2.12-1.0.jar
instrumentation/mongodb-2.14-1.0.jar
instrumentation/mongodb-3.0-1.0.jar
instrumentation/mongodb-3.1-1.0.jar
instrumentation/mule-3.6-1.0.jar
instrumentation/mule-3.7-1.0.jar
instrumentation/mule-base-1.0.jar
instrumentation/mule-ei1-1.0.jar
instrumentation/mule-ei2-1.0.jar
instrumentation/netty-3.4-1.0.jar
instrumentation/netty-3.8-1.0.jar
instrumentation/netty-4.0.0-1.0.jar
instrumentation/netty-4.0.8-1.0.jar
instrumentation/ning-async-http-client-1.0-1.0.jar
instrumentation/ning-async-http-client-1.1-1.0.jar
instrumentation/ning-async-http-client-1.6.1-1.0.jar
instrumentation/okhttp-3.0-1.0.jar
instrumentation/okhttp-3.4-1.0.jar
instrumentation/okhttp-3.5-1.0.jar
instrumentation/okhttp-3.6-1.0.jar
instrumentation/openejb-3.0-1.0.jar
instrumentation/openjpa-1.0-1.0.jar
instrumentation/play-2.0-1.0.jar
instrumentation/play-2.1-1.0.jar
instrumentation/play-2.2-1.0.jar
instrumentation/play-2.3-1.0.jar
instrumentation/play-2.4-1.0.jar
instrumentation/play-2.5-1.0.jar
instrumentation/rabbit-amqp-2.7-1.0.jar
instrumentation/rabbit-amqp-3.5.0-1.0.jar
instrumentation/resin-3-1.0.jar
instrumentation/resin-4-1.0.jar
instrumentation/resteasy-2.2-1.0.jar
instrumentation/resteasy-3.0-1.0.jar
instrumentation/scala-2.9.3-1.0.jar
instrumentation/servlet-2.4-1.0.jar
instrumentation/servlet-user-1.0.jar
instrumentation/slick-3.0.0-1.0.jar
instrumentation/solr-1.4.0-1.0.jar
instrumentation/solr-3.1.0-1.0.jar
instrumentation/solr-3.5.0-1.0.jar
instrumentation/solr-3.6.0-1.0.jar
instrumentation/solr-4.0.0-1.0.jar
instrumentation/solr-5.0.0-1.0.jar
instrumentation/solr-5.1.0-1.0.jar
instrumentation/solr-5.4.0-1.0.jar
instrumentation/solr-6.4.0-1.0.jar
instrumentation/spray-can-1.3.1-1.0.jar
instrumentation/spray-can-client-1.3.1-1.0.jar
instrumentation/spray-client-1.3.1-1.0.jar
instrumentation/spray-http-1.3.1-1.0.jar
instrumentation/spring-3.0.0-1.0.jar
instrumentation/spring-4.0.0-1.0.jar
instrumentation/spring-4.2.0-1.0.jar
instrumentation/spring-aop-2-1.0.jar
instrumentation/spring-jms-2-1.0.jar
instrumentation/spring-ws-2.0-1.0.jar
instrumentation/spymemcached-2.12.0-1.0.jar
instrumentation/thrift-0.8-1.0.jar
instrumentation/tomcat-5.5-1.0.jar
instrumentation/tomcat-7-1.0.jar
instrumentation/tomcat-7.0.70-1.0.jar
instrumentation/tomcat-8.5.0-1.0.jar
instrumentation/tomcat-8.5.2-1.0.jar
instrumentation/tomcat-request-listener-1.0.jar
instrumentation/weblogic-10-1.0.jar
instrumentation/weblogic-12-1.0.jar
instrumentation/weblogic-12.2-1.0.jar
instrumentation/websphere-7-1.0.jar
instrumentation/websphere-8-1.0.jar
instrumentation/websphere-jmx-7-1.0.jar
instrumentation/websphere-liberty-profile-8.5.5.5-1.0.jar
instrumentation/websphere-liberty-profile-dispatcher-8.5.5.5-1.0.jar
instrumentation/websphere-liberty-profile-environment-8.5.5.5-1.0.jar
instrumentation/wildfly-8-1.0.jar
instrumentation/wildfly-8-CAT-1.0.jar
instrumentation/wildfly-8-PORT-1.0.jar

FP Report bug
Source
picture Stephan202

All 6 comments

Thanks for the report. Those CPE/CVEs can be removed by adding the following suppression rule:

    <suppress>
       <notes><![CDATA[
       newrelic-agent false positives due to the instrumentation package (see issue #781)
       ]]></notes>
       <filePath regex="true">.*newrelic-agent-.*\.jar[\\\/]instrumentation.*\.jar</filePath>
       <cpe regex="true">.*</cpe>
    </suppress>
jeremylong picture jeremylong on 3 Jul 2017

Cool, thanks for the quick response!

Any chance I can convince you to drop the dash from that regex? I.e. newrelic-agent.*\.jar instead of newrelic-agent-.*\.jar? Reason I ask is that we have an externally configured boot command containing the line -javaagent:/usr/share/tomcat8/webapps/ROOT/WEB-INF/lib/newrelic-agent.jar. By excluding the version number from the JAR we don't have to keep these two pieces of data in sync.

For reference, we package the New Relic Java Agent using a webapp overlay, configured thusly:

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-war-plugin</artifactId>
    <configuration>
        ...
        <outputFileNameMapping>@{artifactId}@.@{extension}@</outputFileNameMapping>
        <packagingIncludes>%regex[.*newrelic.*]</packagingIncludes>
        ...
    </configuration>
</plugin>
Stephan202 picture Stephan202 on 3 Jul 2017

done. This will be included in the next release.

jeremylong picture jeremylong on 3 Jul 2017
👍1

Thanks!

Stephan202 picture Stephan202 on 3 Jul 2017

2.0.1 was released that includes this patch

jeremylong picture jeremylong on 8 Jul 2017
👍1

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

lock[bot] picture lock[bot] on 28 Sep 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

rruizt picture rruizt  路  3Comments
dwvisser picture dwvisser  路  4Comments
mikehalmamoj picture mikehalmamoj  路  4Comments
chadlwilson picture chadlwilson  路  3Comments
THausherr picture THausherr  路  3Comments