Eclipse IDE Multiple Cross-site Scripting Vulnerabilities Network Vulnerability

Summary

This host is running Eclipse IDE is prone to multiple Cross-Site Scripting vulnerabilities.

Impact

Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected application. Impact Level: Application.

Solution

Upgrade to Eclipse IDE Version 3.6.2 or later For updates refer to http://www.eclipse.org/downloads/

Insight

- Input passed to the 'onload' parameter in 'help/index.jsp' and 'help/advanced/content.jsp' are not properly sanitised before being returned to the user.

Affected

Eclipse IDE Version 3.6.1 and prior

References

http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html
http://xforce.iss.net/xforce/xfdb/64833
http://yehg.net/lab/pr0js/advisories/eclipse/[eclipse_help_server]_cross_site_scripting

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4647

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat Login Constraints Security Bypass Vulnerability
Apache Tomcat source.jsp malformed request information disclosure
APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
Apache Struts2 'XWork' Information Disclosure Vulnerability
AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities