Users of Eclipse Help Contents please be advised of a Cross Site Scripting (XSS) vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
Eclipse-SA-11/16/2010: Eclipse IDE | Help Server Local Cross Site Scripting (XSS) Vulnerability
VULNERABILITY DESCRIPTION
Eclipse Help Contents are served as a web application via the built-in
Jetty Web Server plugin. Cross Site Scripting vulnerabilities were
found in /help/index.jsp and /help/advanced/content.jsp URLs. XSS on
/help/advanced/content.jsp url makes the browser hang
but even after clicking "Stop Executing" button, users can still get XSS.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/9zcC8j
No comments:
Post a Comment