CVE-2010-4647 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 93%

Affected Products (NVD)

Vendor	Product	Version
eclipse	eclipse_ide	𝑥 ≤ 3.6.1
eclipse	eclipse_ide	1.0
eclipse	eclipse_ide	2.0
eclipse	eclipse_ide	2.0.1
eclipse	eclipse_ide	2.0.2
eclipse	eclipse_ide	2.1
eclipse	eclipse_ide	2.1.1
eclipse	eclipse_ide	2.1.2
eclipse	eclipse_ide	2.1.3
eclipse	eclipse_ide	3.0
eclipse	eclipse_ide	3.0.1
eclipse	eclipse_ide	3.0.2
eclipse	eclipse_ide	3.1
eclipse	eclipse_ide	3.1.1
eclipse	eclipse_ide	3.1.2
eclipse	eclipse_ide	3.2
eclipse	eclipse_ide	3.2.1
eclipse	eclipse_ide	3.2.2
eclipse	eclipse_ide	3.3
eclipse	eclipse_ide	3.3.1
eclipse	eclipse_ide	3.3.1.1
eclipse	eclipse_ide	3.3.2
eclipse	eclipse_ide	3.4
eclipse	eclipse_ide	3.4.1
eclipse	eclipse_ide	3.4.2
eclipse	eclipse_ide	3.5
eclipse	eclipse_ide	3.5.1
eclipse	eclipse_ide	3.5.2
eclipse	eclipse_ide	3.6:m1
eclipse	eclipse_ide	3.6:m2
eclipse	eclipse_ide	3.6:m3
eclipse	eclipse_ide	3.6:m4
eclipse	eclipse_ide	3.6:m5
eclipse	eclipse_ide	3.6:m6
eclipse	eclipse_ide	3.6:m7
eclipse	eclipse_ide	3.6:rc1
eclipse	eclipse_ide	3.6:rc2
eclipse	eclipse_ide	3.6:rc3
eclipse	eclipse_ide	3.6:rc4

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

eclipse

dapper	ignored
hardy	ignored
karmic	ignored
lucid	ignored
maverick	ignored
natty	ignored
oneiric	not-affected
precise	not-affected
quantal	not-affected
raring	not-affected
saucy	not-affected

Red Hat Enterprise Linux Releases

Red Hat Product

Release

eclipse-birt

RHEL 6

0:2.6.0-1.1.el6

fixed

eclipse-callgraph

RHEL 6

0:0.6.1-1.el6

fixed

eclipse-cdt

RHEL 6

1:7.0.1-4.el6

fixed

eclipse-cdt-parsers

RHEL 6

1:7.0.1-4.el6

fixed

eclipse-cdt-sdk

RHEL 6

1:7.0.1-4.el6

fixed

eclipse-changelog

RHEL 6

1:2.7.0-1.el6

fixed

eclipse-dtp

RHEL 6

0:1.8.1-1.1.el6

fixed

eclipse-emf

RHEL 6

0:2.6.0-1.el6

fixed

eclipse-emf-examples

RHEL 6

0:2.6.0-1.el6

fixed

eclipse-emf-sdk

RHEL 6

0:2.6.0-1.el6

fixed

eclipse-emf-xsd

RHEL 6

0:2.6.0-1.el6

fixed

eclipse-emf-xsd-sdk

RHEL 6

0:2.6.0-1.el6

fixed

eclipse-gef

RHEL 6

0:3.6.1-3.el6

fixed

eclipse-gef-examples

RHEL 6

0:3.6.1-3.el6

fixed

eclipse-gef-sdk

RHEL 6

0:3.6.1-3.el6

fixed

eclipse-jdt

RHEL 6

1:3.6.1-6.13.el6

fixed

eclipse-linuxprofilingframework

RHEL 6

0:0.6.1-1.el6

fixed

eclipse-mylyn

RHEL 6

0:3.4.2-9.el6

fixed

eclipse-mylyn-cdt

RHEL 6

0:3.4.2-9.el6

fixed

eclipse-mylyn-java

RHEL 6

0:3.4.2-9.el6

fixed

eclipse-mylyn-pde

RHEL 6

0:3.4.2-9.el6

fixed

eclipse-mylyn-trac

RHEL 6

0:3.4.2-9.el6

fixed

eclipse-mylyn-webtasks

RHEL 6

0:3.4.2-9.el6

fixed

eclipse-mylyn-wikitext

RHEL 6

0:3.4.2-9.el6

fixed

eclipse-oprofile

RHEL 6

0:0.6.1-1.el6

fixed

eclipse-pde

RHEL 6

1:3.6.1-6.13.el6

fixed

eclipse-platform

RHEL 6

1:3.6.1-6.13.el6

fixed

eclipse-rcp

RHEL 6

1:3.6.1-6.13.el6

fixed

eclipse-rse

RHEL 6

0:3.2-1.el6

fixed

eclipse-swt

RHEL 6

1:3.6.1-6.13.el6

fixed

eclipse-valgrind

RHEL 6

0:0.6.1-1.el6

fixed

icu4j

RHEL 6

1:4.2.1-5.el6

fixed

icu4j-eclipse

RHEL 6

1:4.2.1-5.el6

fixed

icu4j-javadoc

RHEL 6

1:4.2.1-5.el6

fixed

jetty-eclipse

RHEL 6

0:6.1.24-2.el6

fixed

objectweb-asm

RHEL 6

0:3.2-2.1.el6

fixed

objectweb-asm-javadoc

RHEL 6

0:3.2-2.1.el6

fixed

sat4j

RHEL 6

0:2.2.0-4.0.el6

fixed

Known Exploits!

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html

http://openwall.com/lists/oss-security/2011/01/06/16

http://openwall.com/lists/oss-security/2011/01/06/7

http://www.mandriva.com/security/advisories?name=MDVSA-2011:032

http://www.redhat.com/support/errata/RHSA-2011-0568.html

http://yehg.net/lab/pr0js/advisories/eclipse/%5Beclipse_help_server%5D_cross_site_scripting

https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582

https://exchange.xforce.ibmcloud.com/vulnerabilities/64833

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html

http://openwall.com/lists/oss-security/2011/01/06/16

http://openwall.com/lists/oss-security/2011/01/06/7

http://www.mandriva.com/security/advisories?name=MDVSA-2011:032

http://www.redhat.com/support/errata/RHSA-2011-0568.html

http://yehg.net/lab/pr0js/advisories/eclipse/%5Beclipse_help_server%5D_cross_site_scripting

https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582

https://exchange.xforce.ibmcloud.com/vulnerabilities/64833