Vulnerabilites related to eclipse - eclipse_ide
CVE-2010-4647 (GCVE-0-2010-4647)
Vulnerability from cvelistv5
Published
2011-01-13 18:35
Modified
2024-08-07 03:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110106 Re: CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/06/16"
},
{
"name": "RHSA-2011:0568",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0568.html"
},
{
"name": "[oss-security] 20110106 CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/06/7"
},
{
"name": "FEDORA-2010-18990",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html"
},
{
"name": "MDVSA-2011:032",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:032"
},
{
"name": "FEDORA-2010-19006",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yehg.net/lab/pr0js/advisories/eclipse/%5Beclipse_help_server%5D_cross_site_scripting"
},
{
"name": "eclipseide-querystring-xss(64833)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64833"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110106 Re: CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/06/16"
},
{
"name": "RHSA-2011:0568",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0568.html"
},
{
"name": "[oss-security] 20110106 CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/06/7"
},
{
"name": "FEDORA-2010-18990",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html"
},
{
"name": "MDVSA-2011:032",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:032"
},
{
"name": "FEDORA-2010-19006",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://yehg.net/lab/pr0js/advisories/eclipse/%5Beclipse_help_server%5D_cross_site_scripting"
},
{
"name": "eclipseide-querystring-xss(64833)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64833"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4647",
"datePublished": "2011-01-13T18:35:00",
"dateReserved": "2011-01-03T00:00:00",
"dateUpdated": "2024-08-07T03:51:17.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4218 (GCVE-0-2023-4218)
Vulnerability from cvelistv5
Published
2023-11-09 08:26
Modified
2024-09-03 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Summary
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Eclipse Foundation | Eclipse IDE |
Version: 0 ≤ |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/8"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-pde/eclipse.pde/pull/632/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-pde/eclipse.pde/pull/667/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-platform/eclipse.platform/pull/761"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-platform/eclipse.platform.releng.buildtools/pull/45"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-platform/eclipse.platform.ui/commit/f243cf0a28785b89b7c50bf4e1cce48a917d89bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-jdt/eclipse.jdt.ui/commit/13675b1f8a74f47de4da89ed0ded6af7c21dfbec"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-jdt/eclipse.jdt.core/commit/38dd2a878f45cdb3d8d52090f1d6d1b532fd4c4d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-emf/org.eclipse.emf/issues/10"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-platform/eclipse.platform.swt/commit/bf71db5ddcb967c0863dad4745367b54f49e06ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-cdt/cdt/commit/c7169b3186d2fef20f97467c3e2ad78e2943ed1b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4218",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T19:23:43.910350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T19:26:14.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Eclipse IDE",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThan": "4.29",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Eclipse IDE",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThan": "2023-09",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "org.eclipse.core.runtime",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThan": "3.29.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "org.eclipse.pde",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "3.13.2400",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "J\u00f6rg Kubitz"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse IDE versions \u0026lt; 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).\u003cbr\u003e"
}
],
"value": "In Eclipse IDE versions \u003c 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-09T08:26:51.567Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/8"
},
{
"url": "https://github.com/eclipse-pde/eclipse.pde/pull/632/"
},
{
"url": "https://github.com/eclipse-pde/eclipse.pde/pull/667/"
},
{
"url": "https://github.com/eclipse-platform/eclipse.platform/pull/761"
},
{
"url": "https://github.com/eclipse-platform/eclipse.platform.releng.buildtools/pull/45"
},
{
"url": "https://github.com/eclipse-platform/eclipse.platform.ui/commit/f243cf0a28785b89b7c50bf4e1cce48a917d89bd"
},
{
"url": "https://github.com/eclipse-jdt/eclipse.jdt.ui/commit/13675b1f8a74f47de4da89ed0ded6af7c21dfbec"
},
{
"url": "https://github.com/eclipse-jdt/eclipse.jdt.core/commit/38dd2a878f45cdb3d8d52090f1d6d1b532fd4c4d"
},
{
"url": "https://github.com/eclipse-emf/org.eclipse.emf/issues/10"
},
{
"url": "https://github.com/eclipse-platform/eclipse.platform.swt/commit/bf71db5ddcb967c0863dad4745367b54f49e06ba"
},
{
"url": "https://github.com/eclipse-cdt/cdt/commit/c7169b3186d2fef20f97467c3e2ad78e2943ed1b"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XXE in eclipse.platform / Eclipse IDE",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2023-4218",
"datePublished": "2023-11-09T08:26:51.567Z",
"dateReserved": "2023-08-08T06:06:20.616Z",
"dateUpdated": "2024-09-03T19:26:14.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7271 (GCVE-0-2008-7271)
Vulnerability from cvelistv5
Published
2011-01-13 18:35
Modified
2024-09-16 20:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:35.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-13T18:35:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html",
"refsource": "MISC",
"url": "http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html"
},
{
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539",
"refsource": "MISC",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7271",
"datePublished": "2011-01-13T18:35:00Z",
"dateReserved": "2011-01-13T00:00:00Z",
"dateUpdated": "2024-09-16T20:17:41.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2011-01-13 19:00
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/01/06/16 | Exploit | |
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/01/06/7 | Exploit | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:032 | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2011-0568.html | ||
| secalert@redhat.com | http://yehg.net/lab/pr0js/advisories/eclipse/%5Beclipse_help_server%5D_cross_site_scripting | ||
| secalert@redhat.com | https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/64833 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/01/06/16 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/01/06/7 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:032 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2011-0568.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://yehg.net/lab/pr0js/advisories/eclipse/%5Beclipse_help_server%5D_cross_site_scripting | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/64833 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eclipse | eclipse_ide | * | |
| eclipse | eclipse_ide | 1.0 | |
| eclipse | eclipse_ide | 2.0 | |
| eclipse | eclipse_ide | 2.0.1 | |
| eclipse | eclipse_ide | 2.0.2 | |
| eclipse | eclipse_ide | 2.1 | |
| eclipse | eclipse_ide | 2.1.1 | |
| eclipse | eclipse_ide | 2.1.2 | |
| eclipse | eclipse_ide | 2.1.3 | |
| eclipse | eclipse_ide | 3.0 | |
| eclipse | eclipse_ide | 3.0.1 | |
| eclipse | eclipse_ide | 3.0.2 | |
| eclipse | eclipse_ide | 3.1 | |
| eclipse | eclipse_ide | 3.1.1 | |
| eclipse | eclipse_ide | 3.1.2 | |
| eclipse | eclipse_ide | 3.2 | |
| eclipse | eclipse_ide | 3.2.1 | |
| eclipse | eclipse_ide | 3.2.2 | |
| eclipse | eclipse_ide | 3.3 | |
| eclipse | eclipse_ide | 3.3.1 | |
| eclipse | eclipse_ide | 3.3.1.1 | |
| eclipse | eclipse_ide | 3.3.2 | |
| eclipse | eclipse_ide | 3.4 | |
| eclipse | eclipse_ide | 3.4.1 | |
| eclipse | eclipse_ide | 3.4.2 | |
| eclipse | eclipse_ide | 3.5 | |
| eclipse | eclipse_ide | 3.5.1 | |
| eclipse | eclipse_ide | 3.5.2 | |
| eclipse | eclipse_ide | 3.6 | |
| eclipse | eclipse_ide | 3.6 | |
| eclipse | eclipse_ide | 3.6 | |
| eclipse | eclipse_ide | 3.6 | |
| eclipse | eclipse_ide | 3.6 | |
| eclipse | eclipse_ide | 3.6 | |
| eclipse | eclipse_ide | 3.6 | |
| eclipse | eclipse_ide | 3.6 | |
| eclipse | eclipse_ide | 3.6 | |
| eclipse | eclipse_ide | 3.6 | |
| eclipse | eclipse_ide | 3.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C1BF21-969E-4678-93A9-77B9B498F2BA",
"versionEndIncluding": "3.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4885748-0EB1-40B1-B4AB-98E410126D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ECF677E-6117-4F0E-A092-1A2188B2ABF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D063DE9-3338-474B-97C9-C2E4F296E5CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D86750B2-3009-4191-B691-7E066260515A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "941AD1D7-680B-465C-B5B2-B6301560B97E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD3CF02-B949-4799-BB91-113A3CA41A7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "679006A3-7CC5-4D77-979C-8D22EDB4E4A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "66FA5EF5-86E2-4DA5-9E84-F3FC1EFCBBFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39FDE00-59B9-428C-857B-10DBC6CAD937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4038314-44C4-40AE-A558-74073F15750D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0837DD00-2778-4C34-99F4-4878FA537C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4C760BD-9E48-4EE5-93BA-8C1DC996B3AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2A5188-7229-4B19-9786-62E39FBF036D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10102CF1-F461-413C-AA3A-092556B9BF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5DD907-2A5A-4491-A517-2DDB34A580E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAD8B9BB-9568-44F4-9843-611FD6769AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3F0EC0E-AA65-4F9B-8FDD-CE4B1B4ACF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5907C6D0-4EA3-4F8E-9E3A-0505BA53F261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "873A33FA-FCF0-4007-94DE-523BF5842F0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D96F970-8948-4014-A18A-FA7C222C0B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5875CD2E-E28B-48BE-92F0-3C34F713C558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F8DF44-0068-48A9-8E1A-7399581AC91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0840E876-228B-4C85-BDF7-A4A38F16FBF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0F3C49-D729-4F54-AD5B-F4667275828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A74B911F-50F3-4C4A-BE1F-F3E331E2F3EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23E62335-6EDB-46CA-9502-0D013949BD0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A475BF-CEC9-4B0C-A9CF-FF5CD0198659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.6:m1:*:*:*:*:*:*",
"matchCriteriaId": "BF9561F4-FEA2-4A8F-A761-72F9C1D1E046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.6:m2:*:*:*:*:*:*",
"matchCriteriaId": "CB36BF12-8F04-4898-A31C-63031C99354F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.6:m3:*:*:*:*:*:*",
"matchCriteriaId": "07D83BF7-CF20-4898-B2D3-23B40D3F961D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.6:m4:*:*:*:*:*:*",
"matchCriteriaId": "80028C7A-F530-479E-8FD6-F3ADBBC2598C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.6:m5:*:*:*:*:*:*",
"matchCriteriaId": "74947CA6-5C06-4EB1-AF71-6A48AD25A84E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.6:m6:*:*:*:*:*:*",
"matchCriteriaId": "D1FF765B-13AA-4B3D-8B8C-BF41EFCD203C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.6:m7:*:*:*:*:*:*",
"matchCriteriaId": "95696770-BE8F-4D86-AEF4-A7102F154898",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0E740A0E-B314-4A01-9AB8-17B4EE45D4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3E784581-98AC-4341-B06F-3B861F313708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "871833EE-1CA1-4258-97B2-748ACD760AA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.6:rc4:*:*:*:*:*:*",
"matchCriteriaId": "7DCF21CF-8984-4C3A-BD30-BD7CDA188C35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Help Contents web (tambi\u00e9n conocido como Help Server), permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante el query string a (1) help/index.jsp o (2) help/advanced/content.jsp"
}
],
"id": "CVE-2010-4647",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-13T19:00:04.917",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2011/01/06/16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2011/01/06/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:032"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0568.html"
},
{
"source": "secalert@redhat.com",
"url": "http://yehg.net/lab/pr0js/advisories/eclipse/%5Beclipse_help_server%5D_cross_site_scripting"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2011/01/06/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2011/01/06/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0568.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://yehg.net/lab/pr0js/advisories/eclipse/%5Beclipse_help_server%5D_cross_site_scripting"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64833"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-09 09:15
Modified
2024-11-21 08:34
Severity ?
5.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
5.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
5.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Summary
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| emo@eclipse.org | https://github.com/eclipse-cdt/cdt/commit/c7169b3186d2fef20f97467c3e2ad78e2943ed1b | Patch | |
| emo@eclipse.org | https://github.com/eclipse-emf/org.eclipse.emf/issues/10 | Issue Tracking, Third Party Advisory | |
| emo@eclipse.org | https://github.com/eclipse-jdt/eclipse.jdt.core/commit/38dd2a878f45cdb3d8d52090f1d6d1b532fd4c4d | Patch | |
| emo@eclipse.org | https://github.com/eclipse-jdt/eclipse.jdt.ui/commit/13675b1f8a74f47de4da89ed0ded6af7c21dfbec | Patch | |
| emo@eclipse.org | https://github.com/eclipse-pde/eclipse.pde/pull/632/ | Patch | |
| emo@eclipse.org | https://github.com/eclipse-pde/eclipse.pde/pull/667/ | Patch | |
| emo@eclipse.org | https://github.com/eclipse-platform/eclipse.platform.releng.buildtools/pull/45 | Patch | |
| emo@eclipse.org | https://github.com/eclipse-platform/eclipse.platform.swt/commit/bf71db5ddcb967c0863dad4745367b54f49e06ba | Patch | |
| emo@eclipse.org | https://github.com/eclipse-platform/eclipse.platform.ui/commit/f243cf0a28785b89b7c50bf4e1cce48a917d89bd | Patch | |
| emo@eclipse.org | https://github.com/eclipse-platform/eclipse.platform/pull/761 | Patch | |
| emo@eclipse.org | https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/8 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/eclipse-cdt/cdt/commit/c7169b3186d2fef20f97467c3e2ad78e2943ed1b | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/eclipse-emf/org.eclipse.emf/issues/10 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/eclipse-jdt/eclipse.jdt.core/commit/38dd2a878f45cdb3d8d52090f1d6d1b532fd4c4d | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/eclipse-jdt/eclipse.jdt.ui/commit/13675b1f8a74f47de4da89ed0ded6af7c21dfbec | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/eclipse-pde/eclipse.pde/pull/632/ | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/eclipse-pde/eclipse.pde/pull/667/ | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/eclipse-platform/eclipse.platform.releng.buildtools/pull/45 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/eclipse-platform/eclipse.platform.swt/commit/bf71db5ddcb967c0863dad4745367b54f49e06ba | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/eclipse-platform/eclipse.platform.ui/commit/f243cf0a28785b89b7c50bf4e1cce48a917d89bd | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/eclipse-platform/eclipse.platform/pull/761 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/8 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eclipse | eclipse_ide | * | |
| eclipse | org.eclipse.core.runtime | * | |
| eclipse | pde | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8336F1-FA6C-46B0-B4D2-F5B01D3F64DD",
"versionEndExcluding": "4.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:org.eclipse.core.runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5577C-DC07-414F-AF2E-E45B65408680",
"versionEndExcluding": "3.29.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:pde:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81620F59-7825-4EAC-AF33-103FD0F203F9",
"versionEndExcluding": "3.13.2400",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse IDE versions \u003c 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).\n"
},
{
"lang": "es",
"value": "En las versiones de Eclipse IDE \u0026lt;2023-09 (4.29), algunos archivos con contenido xml se analizan como vulnerables a todo tipo de ataques XXE. El usuario s\u00f3lo necesita abrir cualquier proyecto maligno o actualizar un proyecto abierto con un archivo vulnerable (por ejemplo, para revisar un repositorio o parche externo)."
}
],
"id": "CVE-2023-4218",
"lastModified": "2024-11-21T08:34:38.737",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6,
"source": "emo@eclipse.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-09T09:15:08.320",
"references": [
{
"source": "emo@eclipse.org",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-cdt/cdt/commit/c7169b3186d2fef20f97467c3e2ad78e2943ed1b"
},
{
"source": "emo@eclipse.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/eclipse-emf/org.eclipse.emf/issues/10"
},
{
"source": "emo@eclipse.org",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-jdt/eclipse.jdt.core/commit/38dd2a878f45cdb3d8d52090f1d6d1b532fd4c4d"
},
{
"source": "emo@eclipse.org",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-jdt/eclipse.jdt.ui/commit/13675b1f8a74f47de4da89ed0ded6af7c21dfbec"
},
{
"source": "emo@eclipse.org",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-pde/eclipse.pde/pull/632/"
},
{
"source": "emo@eclipse.org",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-pde/eclipse.pde/pull/667/"
},
{
"source": "emo@eclipse.org",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-platform/eclipse.platform.releng.buildtools/pull/45"
},
{
"source": "emo@eclipse.org",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-platform/eclipse.platform.swt/commit/bf71db5ddcb967c0863dad4745367b54f49e06ba"
},
{
"source": "emo@eclipse.org",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-platform/eclipse.platform.ui/commit/f243cf0a28785b89b7c50bf4e1cce48a917d89bd"
},
{
"source": "emo@eclipse.org",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-platform/eclipse.platform/pull/761"
},
{
"source": "emo@eclipse.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-cdt/cdt/commit/c7169b3186d2fef20f97467c3e2ad78e2943ed1b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/eclipse-emf/org.eclipse.emf/issues/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-jdt/eclipse.jdt.core/commit/38dd2a878f45cdb3d8d52090f1d6d1b532fd4c4d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-jdt/eclipse.jdt.ui/commit/13675b1f8a74f47de4da89ed0ded6af7c21dfbec"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-pde/eclipse.pde/pull/632/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-pde/eclipse.pde/pull/667/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-platform/eclipse.platform.releng.buildtools/pull/45"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-platform/eclipse.platform.swt/commit/bf71db5ddcb967c0863dad4745367b54f49e06ba"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-platform/eclipse.platform.ui/commit/f243cf0a28785b89b7c50bf4e1cce48a917d89bd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-platform/eclipse.platform/pull/761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/8"
}
],
"sourceIdentifier": "emo@eclipse.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "emo@eclipse.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-13 19:00
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html | Exploit | |
| cve@mitre.org | https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eclipse | eclipse_ide | * | |
| eclipse | eclipse_ide | 3.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8F4AED-D3AE-43BB-A84E-7EEFC1F1C634",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5875CD2E-E28B-48BE-92F0-3C34F713C558",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la aplicaci\u00f3n web Help Contents (tambien conocida como Help Server) en Eclipse IDE, posiblemente v3.3.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de los par\u00e1metros (1) searchWord sobre help/advanced/searchView.jsp o (2) workingSet en una acci\u00f3n add sobre help/advanced/workingSetManager.jsp, en una vulnerabilidad distinta a CVE-2010-4647.\r\n"
}
],
"id": "CVE-2008-7271",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-01-13T19:00:01.260",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}