Mandrake Local Security Checks : Mandriva Update for eclipse MDVSA-2011:032 (eclipse)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.831332

Categoría: Mandrake Local Security Checks

Título: Mandriva Update for eclipse MDVSA-2011:032 (eclipse)

Resumen: The remote host is missing an update for the 'eclipse'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'eclipse'
package(s) announced via the referenced advisory.

Vulnerability Insight:
A vulnerability has been found and corrected in eclipse:

Multiple cross-site scripting (XSS) vulnerabilities in the Help
Contents web application (aka the Help Server) in Eclipse IDE before
3.6.2 allow remote attackers to inject arbitrary web script or HTML via
the query string to (1) help/index.jsp or (2) help/advanced/content.jsp
(CVE-2010-4647).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. The updated packages have been patched to correct this issue.

Affected Software/OS:
eclipse on Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Linux 2010.0,
Mandriva Linux 2010.0/X86_64,
Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64

Solution:
Please Install the Updated Packages.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4647
FEDORA-2010-18990
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html
FEDORA-2010-19006
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html
MDVSA-2011:032
http://www.mandriva.com/security/advisories?name=MDVSA-2011:032
RHSA-2011:0568
http://www.redhat.com/support/errata/RHSA-2011-0568.html
[oss-security] 20110106 CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS)
http://openwall.com/lists/oss-security/2011/01/06/7
[oss-security] 20110106 Re: CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS)
http://openwall.com/lists/oss-security/2011/01/06/16
eclipseide-querystring-xss(64833)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64833
http://yehg.net/lab/pr0js/advisories/eclipse/%5Beclipse_help_server%5D_cross_site_scripting
https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.831332
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for eclipse MDVSA-2011:032 (eclipse)
Resumen:	The remote host is missing an update for the 'eclipse'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'eclipse' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability has been found and corrected in eclipse: Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp (CVE-2010-4647). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been patched to correct this issue. Affected Software/OS: eclipse on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4647 FEDORA-2010-18990 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html FEDORA-2010-19006 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html MDVSA-2011:032 http://www.mandriva.com/security/advisories?name=MDVSA-2011:032 RHSA-2011:0568 http://www.redhat.com/support/errata/RHSA-2011-0568.html [oss-security] 20110106 CVE Request: Eclipse IDE Version: 3.6.1 \| Help Server Local Cross Site Scripting (XSS) http://openwall.com/lists/oss-security/2011/01/06/7 [oss-security] 20110106 Re: CVE Request: Eclipse IDE Version: 3.6.1 \| Help Server Local Cross Site Scripting (XSS) http://openwall.com/lists/oss-security/2011/01/06/16 eclipseide-querystring-xss(64833) https://exchange.xforce.ibmcloud.com/vulnerabilities/64833 http://yehg.net/lab/pr0js/advisories/eclipse/%5Beclipse_help_server%5D_cross_site_scripting https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582
Copyright	Copyright (C) 2011 Greenbone AG