Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-40980

A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise 9.8 SP5 could allow an attacker with access to the Management Server to delete files.

This issue was resolved in 9.8 SP5 Critical Patch 2.

CVE
#sql#vulnerability#web#ios#android#mac#windows#microsoft#apache#redis#git#intel#perl#pdf#auth#wifi#ssl

<> Trend Micro Incorporated November 19, 2021 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro™ Mobile Security for Enterprise 9.8 SP5 Critical Patch 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro’s website for documentation updates. http://www.trendmicro.com/download TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents ===================================================================== 1. About Trend Micro Mobile Security 1.1 Overview of this Release 1.2 Who Should Install this Release 2. What’s New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Pre-installation Preparation 6. Installation 7. Post-Installation Configuration 8. Known Issues 9. Release History 10. Contact Information 11. About Trend Micro 12. License Agreement ===================================================================== 1. About Trend Micro Mobile Security ======================================================================== Trend Micro Mobile Security for Enterprise 9.8 SP5 Critical Patch 2 uses the latest security technologies to defend against threats to mobile devices. Integrated filters can also block unwanted telephone calls and text messages. Mobile Security also provides Web Security that can help protect you from online fraud like phishing and pharming by blocking access to risky sites on the Web. The logon password protection helps protect your mobile device from an unauthorized access. 1.1 Overview of this Release ===================================================================== This version of Mobile Security offers the following features: - Supports latest iOS and Android operating systems. - Scheduled or manual component updates ensure up-to-date pattern, security policies, and program versions - Logon authentication prevents unauthorized access to mobile devices - Uninstallation protection using a preset password - Award-winning anti-malware scanning technology for mobile malware threats - Web Security ensures safe Internet browsing - SMS filtering blocks unwanted text messages - Call filtering blocks calls from unwanted and anonymous callers - Comprehensive logs track scan results, security threats found, text messages and calls filtered, and other events - Enables the administrator to: - provision Wi-Fi settings and control various features on mobile devices - enforce password authentication and configure password complexity - allow or block the installation of certain applications on mobile devices - create a list of apps for the users to install on mobile devices through Enterprise Applications - lock, locate, or wipe the data off mobile devices remotely - authenticate a batch of mobile devices using their IMEI numbers and/or Wi-Fi MAC addresses. - Supports full integration with Trend Micro Control Manager 7.0. - Supports scanning mobile devices for the following: - malicious SSL certificates - malicious iOS profiles (iOS only) - network traffic decryption - unsafe access points (Wi-Fi) - developer options and USB debugging (Android only) - modified applications - Introduces new widgets, administrator notifications and reports for malicious SSL certificate, malicious iOS profile, network traffic decryption, unsafe access point (Wi-Fi), developer options, USB debugging, modified applications, and rooted/jailbroken mobile devices. - Introduces an approved list for administrators to add the applications that are detected as malware, vulnerable, privacy risk or modified applications, as safe to allow the installation of such applications on mobile devices. 1.2 Who Should Install this Release ===================================================================== Those who want to set up Mobile Security for Enterprise version 9.8 SP5 Critical Patch 2 or upgrade Mobile Security for Enterprise from version 9.8 or later should install this release. 2. What’s New ======================================================================== 2.1 Resolved Known Issues Issue 1: A potential unauthenticated file deletion issue is detected on the Management Server. [VRTS-6254] Solution 1: This critical patch updates the Management Server program to remove this vulnerability. 3. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com In addition to this Readme file, the documentation set for this product includes the following: - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining Mobile Security for Enterprise. To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying Mobile Security for Enterprise. - Administrator’s Guide (AG): The Administrator’s Guide contains an overview of features and key concepts, and information on configuring and maintaining Mobile Security for Enterprise. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. System Requirements ======================================================================== Trend Micro Mobile Security for Enterprise requires the following hardware and software specifications on the computers where it is installed: 4.1 Mobile Security Management Server: ===================================================================== Hardware ~~~~~~~~ - 1 GHz Intel™ Pentium™ processor or equivalent - At least 1 GB of RAM - At least 400 MB of available disk space Platform ~~~~~~~~ - Windows 2012 Server Family - Windows 2012 R2 Server Family - Windows Server 2016 - Windows Server 2019 Recommended Platform ~~~~~~~~ - Windows Server 2012 - Windows Server 2012 R2 4.2 Mobile Security Communication Server ===================================================================== Hardware ~~~~~~~~ - 1 GHz Pentium processor or equivalent - At least 1 GB of RAM - At least 40 MB of available disk space Platform ~~~~~~~~ - Windows 2012 Server Family - Windows 2012 R2 Server Family - Windows Server 2016 - Windows Server 2019 Recommended Platform ~~~~~~~~~~~~~~~~~~~~ - Windows Server 2012 - Windows Server 2012 R2 4.3 Mobile Security Exchange Connector ===================================================================== Platform ~~~~~~~~ - Windows Server 2012 (64-bit) - Windows Server 2012 R2 (64-bit) Hardware ~~~~~~~~ - 1 GHz Pentium processor or equivalent - At least 1 GB of RAM - At least 200 MB of available disk space 4.4 SQL Server ===================================================================== Microsoft SQL Server 2008/2008 R2/2012/2008 Express/2008 R2 Express/ 2012 Express/2014/2014 Express/2016/2016 Express/2017/2017 Express 4.5 iOS Mobile Device ===================================================================== Operating System ~~~~~~~~~~~~~~~~ - iOS 11.x - iOS 12.x - iOS 13.x - iOS 14.x Storage Space ~~~~~~~~~~~~~ 3MB minimum 4.6 Android Mobile Device ===================================================================== Operating System ~~~~~~~~~~~~~~~~ - Android 5.0 Lollipop - Android 5.1 Lollipop - Android 6.0 Marshmallow - Android 7.0 Nougat - Android 7.1 Nougat - Android 8.0 Oreo - Android 9.0 Pie - Android 10.0 - Android 11.0 Storage Space ~~~~~~~~~~~~~ 8 MB minimum 5. Pre-installation Preparation ======================================================================== Refer to the “Installation and Deployment Guide” for the detailed pre-installation configuration and preparation. 6. Installation ======================================================================== This section explains the key steps for installing this product. For detailed installation steps, refer to the "Installation and Deployment Guide". Mobile Security for Enterprise consists of four components: - Mobile Security Management Server - Mobile Security Communication Server - Exchange Connector - Mobile Device Agents (the Mobile Security clients) Depending on your network topology and needs, you may install the necessary components only. Mobile Security Management Server --------------------------------------------------------------------- Mobile Security Management Server allows you to control Mobile Device Agents from the administration Web console. Once mobile devices are enrolled with the server, you can configure Mobile Device Agent policies and perform updates. Mobile Security Communication Server --------------------------------------------------------------------- Mobile Security Communication Server handles communications between the Mobile Security Management Server and Mobile Device Agents. Mobile Device Agents can connect to the public IP address of the Communication Server. Mobile Security for Enterprise supports two types of Communication Servers: Local Communication Server (which is installed in the local network) and the Cloud Communication Server (which is installed in the cloud and maintained by Trend Micro. Exchange Connector --------------------------------------------------------------------- You can install Exchange Connector if you want to manage Android or iOS mobile devices that use Exchange ActiveSync service. Mobile Device Agent (Mobile Security Client) --------------------------------------------------------------------- Install the Mobile Device Agent (the Mobile Security client program) on supported platforms using one of the following methods: - Email notification - Manual installation NOTES: - On a web browser where you have accessed Trend Micro Mobile Security web console, clear the web browser cache after upgrading to Mobile Security 9.8 SP5 Critical Patch 2. - Trend Micro cannot guarantee compatibility between Mobile Security and file system encryption software. Software products that offer similar features, such as anti-malware scanning, SMS management, and firewall protection, may also be incompatible with Mobile Security. You may be prompted to uninstall these software products before you can install Mobile Security on your mobile device. 7. Post-Installation Configuration ======================================================================== Refer to the “Administrator’s Guide” for the post-installation configuration. 8. Known Issues ======================================================================== Known issues in this release: 8.1 The status of a mobile device that is displayed in the Mobile Security server does not switch to "Inactive", even after: - the Android Mobile Device Agent is uninstalled. - the iOS “MDM Enrollment Profile” is removed from the mobile device. --------------------------------------------------------------------- This can happen if the Android Mobile Device Agent is uninstalled or the iOS “MDM Enrollment Profile” is removed from the mobile device when it was not connected to the network. As a result, the Mobile Security server keeps displaying the mobile device in the Device list even after the Mobile Security client is uninstalled on the mobile device. However, the mobile device status changes to "Out of Sync". 8.2 The Exchange ActiveSync provisioning policy does not contain user name and email address information. --------------------------------------------------------------------- This happens if the user name or email address is not configured for the iOS mobile device. To resolve this issue, configure the Active Directory from "Administrator > Active Directory Settings", and then add the user from the Active Directory again. 8.3 Mobile Security is unable to read the phone number from Android mobile devices. --------------------------------------------------------------------- Mobile Security requires the default Android API to read the phone number from the mobile device. If the mobile device does not use the default Android API, Mobile Security is unable to read the phone number. This can also happen if the phone number is not stored on the operator’s database instead of the SIM card. 8.4 Users are unable to upgrade from the non-customized application package to a customized application package. --------------------------------------------------------------------- Since the customized and non-customized application packages use different certificates for authentication, the non-customized application package cannot be upgraded to the customized one, or vice versa. To resolve this issue, manually remove Mobile Security from the mobile phone and then install the customized application package. 8.5 Sometimes the Android or iOS mobile device agents do not receive the policy update and/or remote lock/wipe/locate instruction from the server. --------------------------------------------------------------------- If the network connection between the client and the server is not stable, this known issue may occur. 8.6 Sometimes an Android mobile device using Exchange ActiveSync does not display the correct status in Exchange ActiveSync Devices tab in Mobile Security. --------------------------------------------------------------------- This happens if the Mobile Security Management Server is unable to get the correct mobile device identity from the Exchange Server. 8.7 The Mobile Device Agents are sometimes unable to connect to the Cloud Communication Server (CCS). --------------------------------------------------------------------- The Mobile Device Agents connect with the Cloud Communication Server through the Internet. This known issue may occur if the connection between the mobile device and the Cloud Communication Server is not stable. 8.8 Microsoft Internet Explorer™ crashes while using Trend Micro Mobile Security administration web console. --------------------------------------------------------------------- If the Mobile Security administration web console is not closed on Internet Explorer for some time (depending on the memory size), memory leak occurs and causes Internet Explorer to crash. For details, refer to the following link: http://support.microsoft.com/kb/982094/en-us 8.9 Mobile Security displays the Exchange Connector status as Connected, even when the Exchange Connector is uninstalled from the computer. Moreover, Mobile Security is unable to reinstall the Exchange Connector because the setup program is unable to connect to the Mobile Security server. --------------------------------------------------------------------- This happens when the Exchange Connector is uninstalled while it is disconnected from the Mobile Security Management Server. The Management Server is unable to receive the uninstallation notification from the Exchange Connector, and therefore displays the wrong status. If the Mobile Security displays the Exchange Connector status as Connected, it will not connect to another Exchange Connector. To resolve this known issue: 1. Log on to the Mobile Security administration web console. 2. Using the same web browser, open the following URL: https://:/mdm/cgi/web_service.dll? tmms_action=mdm_register_new_connector 3. Replace and with the actual Mobile Security Management Server host name/IP address and port number. 4. Press "Enter". The following message should appear. { “error_code” : 1, “message” : "Success", “timestamp” : xxxxxxxxxx } Where, xxxxxxxxxx displays the current timestamp. After performing the above steps, Mobile Security will reset the Exchange Server Integration settings, and you should be able to install the Exchange Connector. 8.10 Unable to access some external web services when Trend Micro Mobile Security is deployed in pure IPv6 environment. --------------------------------------------------------------------- This happens when the external web services do not support IPv6. 8.11 Unable to access SMTP server or Active Directory when Management Server connects these servers using IPv6. --------------------------------------------------------------------- The Management Server is unable to access the SMTP Server or Active Directory when using IPv6. 8.12 Sometimes, iOS Mobile Device Agents are unable to enroll with the Mobile Security server. --------------------------------------------------------------------- This happens when the SCEP server uses IPv6 numeric address to enroll iOS mobile devices. To resolve this known issue, configure SCEP using the domain name on Mobile Security Web console. 8.13 Mobile Security is unable to remove Microsoft Exchange email account on some mobile devices. --------------------------------------------------------------------- This known issue occurs when performing selective wipe on mobile devices running Android 5.0 or later, because of limitations in the operating system. 8.14 Mobile Security is unable to run a cloud scan and perform policy updates on Android devices that are on battery save mode. --------------------------------------------------------------------- This known issue affects devices running on Android 5.0 or later. When the device is on battery save mode, the network connection is disabled and Mobile Security is unable to run a cloud scan or perform policy updates. 8.15 Mobile Security is unable to acquire the Bluetooth MAC addresses of mobile devices running Android 6.0 or later. --------------------------------------------------------------------- This known issue occurs because of limitations on the operating system. As a result, Mobile Security does not display the Bluetooth MAC addresses of affected devices on Mobile Security web console. 8.16 Mobile Security is unable to acquire the Wi-Fi MAC addresses or IMEI of mobile devices running Android 7.0 or later. --------------------------------------------------------------------- This known issue occurs because of limitations on the operating system. As a result, Mobile Security does not display the IMEI or Wi-Fi MAC addresses of affected devices on Mobile Security web console. 8.17 Devices running Android 7.0 or later do not show the correct encryption status when the devices use Pattern mode as screen lock type. --------------------------------------------------------------------- This known issue occurs because of limitations on the Android 7.0 operating system. 8.18 Mobile Security is unable to reset the password of mobile devices running Android 7.0 or later. --------------------------------------------------------------------- This known issue occurs because of limitations on the Android 7.0 operating system. 8.19 Trend Micro Mobile Device Agent can be disabled for realtime scan on Android 8. --------------------------------------------------------------------- This known issue occurs because of limitations on the Android 8.0 operating system. This known issue occurs when performing system setting: Settings -> Apps & Notifications -> App info -> TMMS -> Battery -> Turn OFF Background activity on Android 8. On turning off the background activity, the Mobile Device Agent will be automatically stopped by the operating system, and therefore, cannot perform realtime scan. 8.20 Trend Micro Mobile Device Agent cannot display Wi-Fi MAC address on Android mobile devices. --------------------------------------------------------------------- This known issue occurs because of limitations on the Android 8.0 operating system. Therefore, the Mobile Device Agent cannot display the Wi-Fi MAC address on the About screen. 8.21 Mobile Security does not detect malicious iOS profiles on iOS 11. --------------------------------------------------------------------- This known issue occurs because of limitations on the iOS 11.0 operating system. 9. Release History ======================================================================== Previous releases include the following: - Mobile Security for Enterprise 9.8 Service Pack 5, November 2020 - Mobile Security for Enterprise 9.8 Service Pack 4, July 2020 - Mobile Security for Enterprise 9.8 Service Pack 3, December 2019 - Mobile Security for Enterprise 9.8 Service Pack 2 Patch 1, August 2019 - Mobile Security for Enterprise 9.8 Service Pack 2, June 2019 - Mobile Security for Enterprise 9.8 Service Pack 1, Mach 2018 - Mobile Security for Enterprise 9.8 November 2017 - Mobile Security for Enterprise 9.7 Service Pack 3, June 2017 - Mobile Security for Enterprise 9.6 Service Pack 1, May 2016 - Mobile Security for Enterprise 9.6, March 2016 - Mobile Security for Enterprise 9.5, September 2015 - Mobile Security for Enterprise 9.3, June 2015 - Mobile Security for Enterprise 9.2, March 2015 - Mobile Security for Enterprise 9.1, December 2014 - Mobile Security for Enterprise 9.0, July 2013 - Mobile Security for Enterprise 8.0, June 2012 - Mobile Security for Enterprise 7.1, December 2011 - Mobile Security for Enterprise 7.0, June 2011 10. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro’s then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2021, Trend Micro Incorporated. All rights reserved. Trend Micro and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/ license-agreements Third-party licensing agreements can be viewed: - By selecting the “About” option in the application user interface - By referring to the “Legal” page of the Administrator’s Guide OpenSSL License Agreement ~~~~~~~~~~~~~~~~~~~~~~~~~ OpenSSL License Copyright © 1998-2008 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 4. The names “OpenSSL Toolkit” and “OpenSSL Project” must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact [email protected]. 5. Products derived from this software may not be called “OpenSSL” nor may “OpenSSL” appear in their names without prior written permission of the OpenSSL Project. 6. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT “AS IS” AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ==================================================================== This product includes cryptographic software written by Eric Young ([email protected]). This product includes software written by Tim Hudson ([email protected]). Original SSLeay License ~~~~~~~~~~~~~~~~~~~~~~~ Copyright © 1995-1998 Eric Young ([email protected]) All rights reserved. This package is an SSL implementation written by Eric Young ([email protected]). The implementation was written so as to conform with Netscapes SSL. This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson ([email protected]). Copyright remains Eric Young’s, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: "This product includes cryptographic software written by Eric Young ([email protected])" The word “cryptographic” can be left out if the routines from the library being used are not cryptographic related :-). 4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson ([email protected])" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The license and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU Public License.] Boost License Agreement ~~~~~~~~~~~~~~~~~~~~~~~ Boost Software License - Version 1.0 - August 17th, 2003 Permission is hereby granted, free of charge, to any person or organization obtaining a copy of the software and accompanying documentation covered by this license (the “Software”) to use, reproduce, display, distribute, execute, and transmit the Software, and to prepare derivative works of the Software, and to permit third-parties to whom the Software is furnished to do so, all subject to the following: The copyright notices in the Software and this entire statement, including the above license grant, this restriction and the following disclaimer, must be included in all copies of the Software, in whole or in part, and all derivative works of the Software, unless such copies or derivative works are solely in the form of machine-executable object code generated by a source language processor. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Log4cxx License Agreement ~~~~~~~~~~~~~~~~~~~~~~~~~ Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. “License” shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. “Licensor” shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. “Legal Entity” shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, “control” means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. “You” (or “Your”) shall mean an individual or Legal Entity exercising permissions granted by this License. “Source” form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. “Object” form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. “Work” shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). “Derivative Works” shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. “Contribution” shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, “submitted” means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as “Not a Contribution.” “Contributor” shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s)with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and © You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a “NOTICE” text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don’t include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same “printed page” as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. gSOAP License Agreement ~~~~~~~~~~~~~~~~~~~~~~~ gSOAP Public License Version 1.3b The gSOAP public license is derived from the Mozilla Public License (MPL1.1). The sections that were deleted from the original MPL1.1 text are 1.0.1, 2.1.©,(d), 2.2.©,(d), 8.2.(b), 10, and 11. Section 3.8 was added. The modified sections are 2.1.(b), 2.2.(b), 3.2 (simplified), 3.5 (deleted the last sentence), and 3.6 (simplified). This license applies to the gSOAP software package, with the exception of the wsdl2h source code located in gsoap/wsdl, all code generated by wsdl2h, the UDDI source code gsoap/uddi2, and the Web server sample source code samples/webserver. To use all of the software commercially, a commercial license has to be obtained from www.genivia.com. 1 DEFINITIONS. 1.0.1. 1.1. “Contributor” means each entity that creates or contributes to the creation of Modifications. 1.2. “Contributor Version” means the combination of the Original Code, prior Modifications used by a Contributor, and the Modifications made by that particular Contributor. 1.3. “Covered Code” means the Original Code, or Modifications or the combination of the Original Code, and Modifications, in each case including portions thereof. 1.4. “Electronic Distribution Mechanism” means a mechanism generally accepted in the software development community for the electronic transfer of data. 1.5. “Executable” means Covered Code in any form other than Source Code. 1.6. “Initial Developer” means the individual or entity identified as the Initial Developer in the Source Code notice required by Exhibit A. 1.7. “Larger Work” means a work which combines Covered Code or portions thereof with code not governed by the terms of this License. 1.8. “License” means this document. 1.8.1. “Licensable” means having the right to grant, to the maximum extent possible, whether at the time of the initial grant or subsequently acquired, any and all of the rights conveyed herein. 1.9. “Modifications” means any addition to or deletion from the substance or structure of either the Original Code or any previous Modifications. When Covered Code is released as a series of files, a Modification is: A. Any addition to or deletion from the contents of a file containing Original Code or previous Modifications. B. Any new file that contains any part of the Original Code, or previous Modifications. 1.10. “Original Code” means Source Code of computer software code which is described in the Source Code notice required by Exhibit A as Original Code, and which, at the time of its release under this License is not already Covered Code governed by this License. 1.10.1. “Patent Claims” means any patent claim(s), now owned or hereafter acquired, including without limitation, method, process, and apparatus claims, in any patent Licensable by grantor. 1.11. “Source Code” means the preferred form of the Covered Code for making modifications to it, including all modules it contains, plus any associated interface definition files, scripts used to control compilation and installation of an Executable, or source code differential comparisons against either the Original Code or another well known, available Covered Code of the Contributor’s choice. The Source Code can be in a compressed or archival form, provided the appropriate decompression or de-archiving software is widely available for no charge. 1.12. “You” (or “Your”) means an individual or a legal entity exercising rights under, and complying with all of the terms of, this License or a future version of this License issued under Section 6.1. For legal entities, “You” includes any entity which controls, is controlled by, or is under common control with You. For purposes of this definition, “control” means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of such entity. 2 SOURCE CODE LICENSE. 2.1. The Initial Developer Grant. The Initial Developer hereby grants You a world-wide, royalty-free, non-exclusive license, subject to third party intellectual property claims: (a) under intellectual property rights (other than patent or trademark) Licensable by Initial Developer to use, reproduce, modify, display, perform, sublicense and distribute the Original Code (or portions thereof) with or without Modifications, and/or as part of a Larger Work; and (b) under patents now or hereafter owned or controlled by Initial Developer, to make, have made, use and sell (“offer to sell and import”) the Original Code, Modifications, or portions thereof, but solely to the extent that any such patent is reasonably necessary to enable You to utilize, alone or in combination with other software, the Original Code, Modifications, or any combination or portions thereof. © (d) 2.2. Contributor Grant. Subject to third party intellectual property claims, each Contributor hereby grants You a world-wide, royalty-free, non-exclusive license (a) under intellectual property rights (other than patent or trademark) Licensable by Contributor, to use, reproduce, modify, display, perform, sublicense and distribute the Modifications created by such Contributor (or portions thereof) either on an unmodified basis, with other Modifications, as Covered Code and/or as part of a Larger Work; and (b) under patents now or hereafter owned or controlled by Contributor, to make, have made, use and sell (“offer to sell and import”) the Contributor Version (or portions thereof), but solely to the extent that any such patent is reasonably necessary to enable You to utilize, alone or in combination with other software, the Contributor Version (or portions thereof). © (d) 3 DISTRIBUTION OBLIGATIONS. 3.1. Application of License. The Modifications which You create or to which You contribute are governed by the terms of this License, including without limitation Section 2.2. The Source Code version of Covered Code may be distributed only under the terms of this License or a future version of this License released under Section 6.1, and You must include a copy of this License with every copy of the Source Code You distribute. You may not offer or impose any terms on any Source Code version that alters or restricts the applicable version of this License or the recipients’ rights hereunder. However, You may include an additional document offering the additional rights described in Section 3.5. 3.2. Availability of Source Code. Any Modification created by You will be provided to the Initial Developer in Source Code form and are subject to the terms of the License. 3.3. Description of Modifications. You must cause all Covered Code to which You contribute to contain a file documenting the changes You made to create that Covered Code and the date of any change. You must include a prominent statement that the Modification is derived, directly or indirectly, from Original Code provided by the Initial Developer and including the name of the Initial Developer in (a) the Source Code, and (b) in any notice in an Executable version or related documentation in which You describe the origin or ownership of the Covered Code. 3.4. Intellectual Property Matters. (a) Third Party Claims. If Contributor has knowledge that a license under a third party’s intellectual property rights is required to exercise the rights granted by such Contributor under Sections 2.1 or 2.2, Contributor must include a text file with the Source Code distribution titled “LEGAL” which describes the claim and the party making the claim in sufficient detail that a recipient will know whom to contact. If Contributor obtains such knowledge after the Modification is made available as described in Section 3.2, Contributor shall promptly modify the LEGAL file in all copies Contributor makes available thereafter and shall take other steps (such as notifying appropriate mailing lists or newsgroups) reasonably calculated to inform those who received the Covered Code that new knowledge has been obtained. (b) Contributor APIs. If Contributor’s Modifications include an application programming interface and Contributor has knowledge of patent licenses which are reasonably necessary to implement that API, Contributor must also include this information in the LEGAL file. © Representations. Contributor represents that, except as disclosed pursuant to Section 3.4(a) above, Contributor believes that Contributor’s Modifications are Contributor’s original creation(s) and/or Contributor has sufficient rights to grant the rights conveyed by this License. 3.5. Required Notices. You must duplicate the notice in Exhibit A in each file of the Source Code. If it is not possible to put such notice in a particular Source Code file due to its structure, then You must include such notice in a location (such as a relevant directory) where a user would be likely to look for such a notice. If You created one or more Modification(s) You may add your name as a Contributor to the notice described in Exhibit A. You must also duplicate this License in any documentation for the Source Code where You describe recipients’ rights or ownership rights relating to Covered Code. You may choose to offer, and to charge a fee for, warranty, support, indemnity or liability obligations to one or more recipients of Covered Code. However, You may do so only on Your own behalf, and not on behalf of the Initial Developer or any Contributor. 3.6. Distribution of Executable Versions. You may distribute Covered Code in Executable form only if the requirements of Section 3.1-3.5 have been met for that Covered Code. You may distribute the Executable version of Covered Code or ownership rights under a license of Your choice, which may contain terms different from this License, provided that You are in compliance with the terms of this License and that the license for the Executable version does not attempt to limit or alter the recipient’s rights in the Source Code version from the rights set forth in this License. If You distribute the Executable version under a different license You must make it absolutely clear that any terms which differ from this License are offered by You alone, not by the Initial Developer or any Contributor. If you distribute executable versions containing Covered Code as part of a product, you must reproduce the notice in Exhibit B in the documentation and/or other materials provided with the product. 3.7. Larger Works. You may create a Larger Work by combining Covered Code with other code not governed by the terms of this License and distribute the Larger Work as a single product. In such a case, You must make sure the requirements of this License are fulfilled for the Covered Code. 3.8. Restrictions. You may not remove any product identification, copyright, proprietary notices or labels from gSOAP. 4 INABILITY TO COMPLY DUE TO STATUTE OR REGULATION. If it is impossible for You to comply with any of the terms of this License with respect to some or all of the Covered Code due to statute, judicial order, or regulation then You must: (a) comply with the terms of this License to the maximum extent possible; and (b) describe the limitations and the code they affect. Such description must be included in the LEGAL file described in Section 3.4 and must be included with all distributions of the Source Code. Except to the extent prohibited by statute or regulation, such description must be sufficiently detailed for a recipient of ordinary skill to be able to understand it. 5 APPLICATION OF THIS LICENSE. This License applies to code to which the Initial Developer has attached the notice in Exhibit A and to related Covered Code. 6 VERSIONS OF THE LICENSE. 6.1. New Versions. Grantor may publish revised and/or new versions of the License from time to time. Each version will be given a distinguishing version number. 6.2. Effect of New Versions. Once Covered Code has been published under a particular version of the License, You may always continue to use it under the terms of that version. You may also choose to use such Covered Code under the terms of any subsequent version of the License. 6.3. Derivative Works. If You create or use a modified version of this License (which you may only do in order to apply it to code which is not already Covered Code governed by this License), You must (a) rename Your license so that the phrase “gSOAP” or any confusingly similar phrase do not appear in your license (except to note that your license differs from this License) and (b) otherwise make it clear that Your version of the license contains terms which differ from the gSOAP Public License. (Filling in the name of the Initial Developer, Original Code or Contributor in the notice described in Exhibit A shall not of themselves be deemed to be modifications of this License.) 7 DISCLAIMER OF WARRANTY. COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN “AS IS” BASIS, WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, OF FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT OF THIRD PARTY INTELLECTUAL PROPERTY RIGHTS, AND ANY WARRANTY THAT MAY ARISE BY REASON OF TRADE USAGE, CUSTOM, OR COURSE OF DEALING. WITHOUT LIMITING THE FOREGOING, YOU ACKNOWLEDGE THAT THE SOFTWARE IS PROVIDED “AS IS” AND THAT THE AUTHORS DO NOT WARRANT THE SOFTWARE WILL RUN UNINTERRUPTED OR ERROR FREE. LIMITED LIABILITY THE ENTIRE RISK AS TO RESULTS AND PERFORMANCE OF THE SOFTWARE IS ASSUMED BY YOU. UNDER NO CIRCUMSTANCES WILL THE AUTHORS BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES OF ANY KIND OR NATURE WHATSOEVER, WHETHER BASED ON CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, ARISING OUT OF OR IN ANY WAY RELATED TO THE SOFTWARE, EVEN IF THE AUTHORS HAVE BEEN ADVISED ON THE POSSIBILITY OF SUCH DAMAGE OR IF SUCH DAMAGE COULD HAVE BEEN REASONABLY FORESEEN, AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY EXCLUSIVE REMEDY PROVIDED. SUCH LIMITATION ON DAMAGES INCLUDES, BUT IS NOT LIMITED TO, DAMAGES FOR LOSS OF GOODWILL, LOST PROFITS, LOSS OF DATA OR SOFTWARE, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION OR IMPAIRMENT OF OTHER GOODS. IN NO EVENT WILL THE AUTHORS BE LIABLE FOR THE COSTS OF PROCUREMENT OF SUBSTITUTE SOFTWARE OR SERVICES. YOU ACKNOWLEDGE THAT THIS SOFTWARE IS NOT DESIGNED FOR USE IN ON-LINE EQUIPMENT IN HAZARDOUS ENVIRONMENTS SUCH AS OPERATION OF NUCLEAR FACILITIES, AIRCRAFT NAVIGATION OR CONTROL, OR LIFE-CRITICAL APPLICATIONS. THE AUTHORS EXPRESSLY DISCLAIM ANY LIABILITY RESULTING FROM USE OF THE SOFTWARE IN ANY SUCH ON-LINE EQUIPMENT IN HAZARDOUS ENVIRONMENTS AND ACCEPTS NO LIABILITY IN RESPECT OF ANY ACTIONS OR CLAIMS BASED ON THE USE OF THE SOFTWARE IN ANY SUCH ON-LINE EQUIPMENT IN HAZARDOUS ENVIRONMENTS BY YOU. FOR PURPOSES OF THIS PARAGRAPH, THE TERM “LIFE-CRITICAL APPLICATION” MEANS AN APPLICATION IN WHICH THE FUNCTIONING OR MALFUNCTIONING OF THE SOFTWARE MAY RESULT DIRECTLY OR INDIRECTLY IN PHYSICAL INJURY OR LOSS OF HUMAN LIFE. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED CODE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER. 8 TERMINATION. 8.1. This License and the rights granted hereunder will terminate automatically if You fail to comply with terms herein and fail to cure such breach within 30 days of becoming aware of the breach. All sublicenses to the Covered Code which are properly granted shall survive any termination of this License. Provisions which, by their nature, must remain in effect beyond the termination of this License shall survive. 8.2. 8.3. If You assert a patent infringement claim against Participant alleging that such Participant’s Contributor Version directly or indirectly infringes any patent where such claim is resolved (such as by license or settlement) prior to the initiation of patent infringement litigation, then the reasonable value of the licenses granted by such Participant under Sections 2.1 or 2.2 shall be taken into account in determining the amount or value of any payment or license. 8.4. In the event of termination under Sections 8.1 or 8.2 above, all end user license agreements (excluding distributors and resellers) which have been validly granted by You or any distributor hereunder prior to termination shall survive termination. 9 LIMITATION OF LIABILITY. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL YOU, THE INITIAL DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF COVERED CODE, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH PARTY’S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. 10 U.S. GOVERNMENT END USERS. 11 MISCELLANEOUS. 12 RESPONSIBILITY FOR CLAIMS. As between Initial Developer and the Contributors, each party is responsible for claims and damages arising, directly or indirectly, out of its utilization of rights under this License and You agree to work with Initial Developer and Contributors to distribute such responsibility on an equitable basis. Nothing herein is intended or shall be deemed to constitute any admission of liability. EXHIBIT A. "The contents of this file are subject to the gSOAP Public License Version 1.3 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.cs.fsu.edu/ engelen/soaplicense.html Software distributed under the License is distributed on an “AS IS” basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for the specific language governing rights and limitations under the License. The Original Code of the gSOAP Software is: stdsoap.h, stdsoap2.h, stdsoap.c, stdsoap2.c, stdsoap.cpp, stdsoap2.cpp, soapcpp2.h, soapcpp2.c, soapcpp2_lex.l, soapcpp2_yacc.y, error2.h, error2.c, symbol2.c, init2.c, soapdoc2.html, and soapdoc2.pdf, httpget.h, httpget.c, stl.h, stldeque.h, stllist.h, stlvector.h, stlset.h. The Initial Developer of the Original Code is Robert A. van Engelen. Portions created by Robert A. van Engelen are Copyright © 2001-2004 Robert A. van Engelen, Genivia inc. All Rights Reserved. Contributor(s): “________________________.” [Note: The text of this Exhibit A may differ slightly form the text of the notices in the Source Code files of the Original code. You should use the text of this Exhibit A rather than the text found in the Original Code Source Code for Your Modifications.] EXHIBIT B. “Part of the software embedded in this product is gSOAP software. Portions created by gSOAP are Copyright © 2001-2009 Robert A. van Engelen, Genivia inc. All Rights Reserved. THE SOFTWARE IN THIS PRODUCT WAS IN PART PROVIDED BY GENIVIA INC AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.” zlib License Agreement ~~~~~~~~~~~~~~~~~~~~~~ Copyright © 1995-2005 Jean-loup Gailly and Mark Adler This software is provided "as-is", without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: 1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required. 2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software. 3. This notice may not be removed or altered from any source distribution.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907