製品・ソフトウェアに関する情報

JVN脆弱性詳細

Eclipse IDE の Eclipse Help Contents Web Application におけるクロスサイトスクリプティングの脆弱性

Title	Eclipse IDE の Eclipse Help Contents Web Application におけるクロスサイトスクリプティングの脆弱性
Summary	Eclipse IDE の Eclipse Help Contents Web Application には、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	第三者により、help/index.jsp または help/advanced/content.jsp へのクエリ文字列を介して、任意の Web スクリプトまたは HTML を挿入される可能性があります。
Solution	ベンダ情報及び参考情報を参照して適切な対策を実施してください。
Publication Date	Jan. 13, 2011, midnight
Registration Date	June 1, 2011, 10:27 a.m.
Last Update	May 24, 2013, 5:58 p.m.

CVSS2.0 : 警告
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:N

Affected System

レッドハット

Red Hat Enterprise Linux Server 6

Red Hat Enterprise Linux Workstation 6

IBM

IBM Lotus Expeditor 6.1

IBM Lotus Expeditor 6.2

Eclipse Foundation

Eclipse IDE 3.6.2 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-4647	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4647
National Vulnerability Database (NVD)
2	CVE-2010-4647	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4647

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

ベンダー情報

No	Name	URL
Eclipse Project Release Notes
1	Release 3.6.2	http://www.eclipse.org/eclipse/development/readme_eclipse_3.6.2.html
IBM Support Document
2	1575642	http://www-01.ibm.com/support/docview.wss?uid=swg21575642
IBM サポート & ダウンロード
3	1599432	http://www-01.ibm.com/support/docview.wss?uid=swg21599432
Red Hat Security Advisory
4	RHSA-2011:0586	https://rhn.redhat.com/errata/RHSA-2011-0568.html

その他

No	Name	URL
ISS X-Force Database
1	64833	http://xforce.iss.net/xforce/xfdb/64833
SecurityFocus
2	44883	http://www.securityfocus.com/bid/44883

Change Log

No	Changed Details	Date of change
0	[2011年06月01日] 掲載 [2013年05月24日] 影響を受けるシステム：IBM (1575642) の情報を追加ベンダ情報：IBM (1575642) を追加ベンダ情報：IBM (1599432) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-4647

Summary	Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.
Publication Date	Jan. 14, 2011, 4 a.m.
Registration Date	Jan. 29, 2021, 11:09 a.m.
Last Update	Nov. 21, 2024, 10:21 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:eclipse:eclipse_ide:3.6:m5::::::
cpe:2.3:a:eclipse:eclipse_ide:3.0:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.2:::::::*
cpe:2.3:a:eclipse:eclipse_ide:2.1.2:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.1:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.3:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.5.2:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.6:m4::::::
cpe:2.3:a:eclipse:eclipse_ide:2.1.3:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.5.1:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.3.1.1:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.3.1:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.4.2:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.6:m6::::::
cpe:2.3:a:eclipse:eclipse_ide:2.0.1:::::::*
cpe:2.3:a:eclipse:eclipse_ide:2.0:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.4.1:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.1.2:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.6:rc1::::::
cpe:2.3:a:eclipse:eclipse_ide:3.1.1:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.3.2:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.6:rc2::::::
cpe:2.3:a:eclipse:eclipse_ide:3.6:m2::::::
cpe:2.3:a:eclipse:eclipse_ide:3.6:m3::::::
cpe:2.3:a:eclipse:eclipse_ide:3.4:::::::*
cpe:2.3:a:eclipse:eclipse_ide:2.1.1:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.6:rc4::::::
cpe:2.3:a:eclipse:eclipse_ide::::::::		3.6.1
cpe:2.3:a:eclipse:eclipse_ide:3.2.1:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.5:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.6:m7::::::
cpe:2.3:a:eclipse:eclipse_ide:3.2.2:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.0.2:::::::*
cpe:2.3:a:eclipse:eclipse_ide:1.0:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.6:rc3::::::
cpe:2.3:a:eclipse:eclipse_ide:2.0.2:::::::*
cpe:2.3:a:eclipse:eclipse_ide:2.1:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.6:m1::::::
cpe:2.3:a:eclipse:eclipse_ide:3.0.1:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html
2	http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html
3	http://openwall.com/lists/oss-security/2011/01/06/16	Exploit
4	http://openwall.com/lists/oss-security/2011/01/06/7	Exploit
5	http://www.mandriva.com/security/advisories?name=MDVSA-2011:032
6	http://www.redhat.com/support/errata/RHSA-2011-0568.html
7	http://yehg.net/lab/pr0js/advisories/eclipse/%5Beclipse_help_server%5D_cross_site_scripting
8	https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582
9	https://exchange.xforce.ibmcloud.com/vulnerabilities/64833
10	http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html
11	https://exchange.xforce.ibmcloud.com/vulnerabilities/64833
12	https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582
13	http://yehg.net/lab/pr0js/advisories/eclipse/%5Beclipse_help_server%5D_cross_site_scripting
14	http://www.redhat.com/support/errata/RHSA-2011-0568.html
15	http://www.mandriva.com/security/advisories?name=MDVSA-2011:032
16	http://openwall.com/lists/oss-security/2011/01/06/7	Exploit
17	http://openwall.com/lists/oss-security/2011/01/06/16	Exploit
18	http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:eclipse:eclipse_ide:3.6:m5::::::
cpe:2.3:a:eclipse:eclipse_ide:3.0:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.2:::::::*
cpe:2.3:a:eclipse:eclipse_ide:2.1.2:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.1:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.3:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.5.2:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.6:m4::::::
cpe:2.3:a:eclipse:eclipse_ide:2.1.3:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.5.1:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.3.1.1:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.3.1:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.4.2:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.6:m6::::::
cpe:2.3:a:eclipse:eclipse_ide:2.0.1:::::::*
cpe:2.3:a:eclipse:eclipse_ide:2.0:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.4.1:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.1.2:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.6:rc1::::::
cpe:2.3:a:eclipse:eclipse_ide:3.1.1:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.3.2:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.6:rc2::::::
cpe:2.3:a:eclipse:eclipse_ide:3.6:m2::::::
cpe:2.3:a:eclipse:eclipse_ide:3.6:m3::::::
cpe:2.3:a:eclipse:eclipse_ide:3.4:::::::*
cpe:2.3:a:eclipse:eclipse_ide:2.1.1:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.6:rc4::::::
cpe:2.3:a:eclipse:eclipse_ide::::::::		3.6.1
cpe:2.3:a:eclipse:eclipse_ide:3.2.1:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.5:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.6:m7::::::
cpe:2.3:a:eclipse:eclipse_ide:3.2.2:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.0.2:::::::*
cpe:2.3:a:eclipse:eclipse_ide:1.0:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.6:rc3::::::
cpe:2.3:a:eclipse:eclipse_ide:2.0.2:::::::*
cpe:2.3:a:eclipse:eclipse_ide:2.1:::::::*
cpe:2.3:a:eclipse:eclipse_ide:3.6:m1::::::
cpe:2.3:a:eclipse:eclipse_ide:3.0.1:::::::*