Vulnerability Name:

CVE-2010-4647 (CCN-64833)

Assigned:2010-11-16
Published:2010-11-16
Updated:2023-02-13
Summary:Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
2.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2010-4647

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Exploit
secalert@redhat.com

Source: CCN
Type: oss-security Mailing List, Thu, 6 Jan 2011 17:14:30 +0800
Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS)

Source: secalert@redhat.com
Type: Exploit
secalert@redhat.com

Source: CCN
Type: RHSA-2011-0568
Low: eclipse security, bug fix, and enhancement update

Source: CCN
Type: SA42236
Eclipse Help Server Two Cross-Site Scripting Vulnerabilities

Source: CCN
Type: SA49624
IBM Lotus Expeditor Multiple Vulnerabilities

Source: CCN
Type: SA53667
IBM WebSphere Commerce Sales Center Multiple Vulnerabilities

Source: CCN
Type: IBM Security Bulletin 1575642
IBM Lotus Expeditor Security Advisory and Security Update Pack (CVE-2008-7271, CVE-2010-4647, CVE-2012-0186, CVE-2012-0191, CVE-2012-0187)

Source: CCN
Type: IBM Security Bulletin 1599620
IBM Support Assistant Security Advisory and Security Update Pack (CVE-2008-7271, CVE-2010-4647, CVE-2012-0186, CVE-2012-0191, CVE-2012-0187)

Source: CCN
Type: IBM Security Bulletin 1635863
Multiple security vulnerabilities in IBM Sales Center for WebSphere Commerce (CVE-2008-7271, CVE-2010-4647, CVE-2012-0186, CVE-2012-0191, CVE-2012-2159, CVE-2012-2161)

Source: CCN
Type: Eclipse Web site
Eclipse IDE

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: OSVDB ID: 69266
Eclipse Help Server help/index.jsp URI XSS

Source: CCN
Type: OSVDB ID: 69267
Eclipse Help Server help/advanced/content.jsp URI XSS

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: BID-45921
Eclipse IDE (CVE-2008-7271) Multiple Cross Site Scripting Vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: XF
Type: UNKNOWN
eclipseide-querystring-xss(64833)

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:eclipse:eclipse_ide:3.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.6:m1:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.6:m2:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.6:m3:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.6:m4:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.6:m5:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.6:m6:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.6:m7:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.6:rc1:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.6:rc2:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.6:rc3:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.6:rc4:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.4:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.3:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:eclipse_ide:1.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_expeditor:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_expeditor:6.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:23521
    P
    		ELSA-2011:0568: eclipse security, bug fix, and enhancement update (Low)
    2014-05-26
    oval:org.mitre.oval:def:21602
    P
    		RHSA-2011:0568: eclipse security, bug fix, and enhancement update (Low)
    2014-02-24
    oval:com.redhat.rhsa:def:20110568
    P
    		RHSA-2011:0568: eclipse security, bug fix, and enhancement update (Low)
    2011-05-19
    oval:com.ubuntu.precise:def:20104647000
    V
    		CVE-2010-4647 on Ubuntu 12.04 LTS (precise) - medium.
    2011-01-13
    BACK
    eclipse eclipse ide 3.3.2
    eclipse eclipse ide 3.6.1
    eclipse eclipse ide 3.6 m1
    eclipse eclipse ide 3.6 m2
    eclipse eclipse ide 3.6 m3
    eclipse eclipse ide 3.6 m4
    eclipse eclipse ide 3.6 m5
    eclipse eclipse ide 3.6 m6
    eclipse eclipse ide 3.6 m7
    eclipse eclipse ide 3.6 rc1
    eclipse eclipse ide 3.6 rc2
    eclipse eclipse ide 3.6 rc3
    eclipse eclipse ide 3.6 rc4
    eclipse eclipse ide 3.5.2
    eclipse eclipse ide 3.5.1
    eclipse eclipse ide 3.5
    eclipse eclipse ide 3.4.2
    eclipse eclipse ide 3.4.1
    eclipse eclipse ide 3.4
    eclipse eclipse ide 3.3.1.1
    eclipse eclipse ide 3.3.1
    eclipse eclipse ide 3.3
    eclipse eclipse ide 3.2.2
    eclipse eclipse ide 3.2.1
    eclipse eclipse ide 3.2
    eclipse eclipse ide 3.1.2
    eclipse eclipse ide 3.1.1
    eclipse eclipse ide 3.1
    eclipse eclipse ide 3.0.2
    eclipse eclipse ide 3.0.1
    eclipse eclipse ide 3.0
    eclipse eclipse ide 2.1.3
    eclipse eclipse ide 2.1.2
    eclipse eclipse ide 2.1.1
    eclipse eclipse ide 2.1
    eclipse eclipse ide 2.0.2
    eclipse eclipse ide 2.0.1
    eclipse eclipse ide 2.0
    eclipse eclipse ide 1.0
    redhat enterprise linux 6
    redhat enterprise linux 6
    ibm lotus expeditor 6.1
    ibm lotus expeditor 6.2