Eclipse IDE Help Contents Multiple Cross-site Scripting Vulnerabilities Network Vulnerability

Summary

This host is running Eclipse IDE is prone to multiple Cross-Site Scripting vulnerabilities.

Impact

Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected application. Impact Level: Application.

Solution

Upgrade to Eclipse IDE Version 3.6.2 or later For updates refer to http://www.eclipse.org/downloads/

Insight

- Input passed to the 'searchWord' parameter in 'help/advanced/searchView.jsp' and 'workingSet' parameter in 'help/advanced/workingSetManager.jsp' are not properly sanitised before being returned to the user.

Affected

Eclipse IDE Version 3.3.2

References

http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-7271
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache CouchDB Cross Site Request Forgery Vulnerability
Apache Tomcat DOS Device Name XSS
Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
Apache Archiva Multiple Vulnerabilities
Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities

Take action and discover your vulnerabilities