Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: stacks.plugins

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE GAV Highest Severity CVE Count CPE Confidence Evidence Count
org.eclipse.osgi-3.12.0.v20170512-1932.jar org.eclipse.platform:org.eclipse.osgi:3.12.0    0 29
org.apache.commons.codec-1.9.0.v20170208-1614.jar org.eclipse.orbit.bundles:org.apache.commons.codec:1.9.0-SNAPSHOT   0 35
org.eclipse.osgi.services-3.6.0.v20170228-1906.jar org.eclipse.platform:org.eclipse.osgi.services:3.6.0    0 23
org.apache.commons.logging-1.1.1.v201101211721.jar org.eclipse.ecf:org.apache.commons.logging:1.1.1.v201101211721    0 22
org.apache.httpcomponents.httpcore-4.4.6.v20170210-0925.jar org.eclipse.orbit.bundles:org.apache.httpcomponents.httpcore:4.4.6-SNAPSHOT   0 35
org.apache.httpcomponents.httpclient-4.5.2.v20170210-0925.jar cpe:/a:apache:httpclient:4.5.2.v20170210 org.eclipse.orbit.bundles:org.apache.httpcomponents.httpclient:4.5.2-SNAPSHOT   0 Low 38
org.eclipse.core.contenttype-3.6.0.v20170207-1037.jar org.eclipse.platform:org.eclipse.core.contenttype:3.6.0    0 24
org.eclipse.equinox.preferences-3.7.0.v20170126-2132.jar org.eclipse.platform:org.eclipse.equinox.preferences:3.7.0    0 31
org.eclipse.equinox.registry-3.7.0.v20170222-1344.jar org.eclipse.platform:org.eclipse.equinox.registry:3.7.0    0 27
org.eclipse.equinox.common-3.9.0.v20170207-1454.jar org.eclipse.platform:org.eclipse.equinox.common:3.9.0    0 24
org.eclipse.core.expressions-3.6.0.v20170207-1037.jar org.eclipse.platform:org.eclipse.core.expressions:3.6.0    0 24
org.eclipse.core.runtime-3.13.0.v20170207-1030.jar org.eclipse.platform:org.eclipse.core.runtime:3.13.0    0 23
org.eclipse.core.filesystem-1.7.0.v20170406-1337.jar org.eclipse.platform:org.eclipse.core.filesystem:1.7.0    0 24
org.eclipse.core.jobs-3.9.0.v20170322-0013.jar org.eclipse.platform:org.eclipse.core.jobs:3.9.0    0 24
org.eclipse.core.net-1.3.100.v20170516-0820.jar org.eclipse.platform:org.eclipse.core.net:1.3.100    0 24
org.eclipse.equinox.security-1.2.300.v20170505-1235.jar org.eclipse.platform:org.eclipse.equinox.security:1.2.300    0 22
org.eclipse.core.resources-3.12.0.v20170417-1558.jar org.eclipse.platform:org.eclipse.core.resources:3.12.0    0 24
org.eclipse.equinox.app-1.3.400.v20150715-1528.jar org.eclipse.platform:org.eclipse.equinox.app:1.3.400    0 31
org.eclipse.e4.core.contexts-1.6.0.v20170322-1144.jar org.eclipse.platform:org.eclipse.e4.core.contexts:1.6.0    0 22
org.eclipse.e4.core.di-1.6.100.v20170421-1418.jar org.eclipse.platform:org.eclipse.e4.core.di:1.6.100    0 24
javax.inject-1.0.0.v20091030.jar   0 14
org.eclipse.e4.core.di.annotations-1.6.0.v20170119-2002.jar org.eclipse.platform:org.eclipse.e4.core.di.annotations:1.6.0    0 22
org.eclipse.ecf-3.8.0.v20170104-0657.jar cpe:/a:eclipse:eclipse_ide:3.8.0.v20170104 Medium 1 Low 22
org.eclipse.ecf.identity-3.8.0.v20161203-2153.jar cpe:/a:eclipse:eclipse_ide:3.8.0.v20161203 Medium 1 Low 25
org.eclipse.equinox.concurrent-1.1.0.v20130327-1442.jar org.eclipse.platform:org.eclipse.equinox.concurrent:1.1.0    0 22
org.eclipse.ecf.filetransfer-5.0.0.v20160817-1024.jar cpe:/a:file-transfer:file_transfer:5.0.0.v20160817   0 Low 18
org.eclipse.ecf.provider.filetransfer-3.2.300.v20161203-1840.jar cpe:/a:eclipse:eclipse_ide:3.2.300.v20161203 Medium 2 Low 19
org.eclipse.ecf.provider.filetransfer.httpclient4-1.1.200.v20170314-0133.jar cpe:/a:eclipse:eclipse_ide:1.1.200.v20170314 Medium 2 Low 19
org.eclipse.equinox.p2.core-2.4.100.v20160419-0834.jar cpe:/a:eclipse:eclipse_ide:2.0 org.eclipse.platform:org.eclipse.equinox.p2.core:2.4.100  Medium 2 Medium 26
org.eclipse.osgi.util-3.4.0.v20170111-1608.jar org.eclipse.platform:org.eclipse.osgi.util:3.4.0    0 25
org.jboss.tools.foundation.core-1.4.2-SNAPSHOT.jar org.jboss.tools.foundation.plugins:org.jboss.tools.foundation.core:1.4.2-SNAPSHOT   0 22
httpclient-4.0.1.jar cpe:/a:apache:httpclient:4.0.1 org.apache.httpcomponents:httpclient:4.0.1  Medium 3 Highest 30
org.eclipse.core.resources-3.12.0.v20170417-1558.jar: resources-ant.jar   0 8

Dependencies

org.eclipse.osgi-3.12.0.v20170512-1932.jar

Description: %systemBundle

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.eclipse.osgi\3.12.0.v20170512-1932\org.eclipse.osgi-3.12.0.v20170512-1932.jar
MD5: 440a6854c6a7fd2351b18ca8bfa763a1
SHA1: d06b54d6947e5956694deae4afec4538711a7d08
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

org.apache.commons.codec-1.9.0.v20170208-1614.jar

Description: The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.apache.commons.codec\1.9.0.v20170208-1614\org.apache.commons.codec-1.9.0.v20170208-1614.jar
MD5: c60100e0054e38097a3a3702738d38ed
SHA1: 319daace7828d342de91484e47e2fa0dbd08e148
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.commons.codec:1.9.0-SNAPSHOT   Confidence:High

org.eclipse.osgi.services-3.6.0.v20170228-1906.jar

Description: %osgiServicesDes

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.eclipse.osgi.services\3.6.0.v20170228-1906\org.eclipse.osgi.services-3.6.0.v20170228-1906.jar
MD5: 8f1ffb535cee3825b2da1367931beb29
SHA1: 112bb4fc7f05e766af565c14163e7fe957823e49
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

org.apache.commons.logging-1.1.1.v201101211721.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.apache.commons.logging\1.1.1.v201101211721\org.apache.commons.logging-1.1.1.v201101211721.jar
MD5: e1d5f3260cc59b73227929ba4e775e84
SHA1: a9802e0f122ba160d3d5ceba9793b83a8db329a4
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

org.apache.httpcomponents.httpcore-4.4.6.v20170210-0925.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.apache.httpcomponents.httpcore\4.4.6.v20170210-0925\org.apache.httpcomponents.httpcore-4.4.6.v20170210-0925.jar
MD5: ab907ef09fd266d99b3019604c237145
SHA1: f4eb28b2972097bbb86bf27ad84df4ecb7dfe7b2
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.httpcomponents.httpcore:4.4.6-SNAPSHOT   Confidence:High

org.apache.httpcomponents.httpclient-4.5.2.v20170210-0925.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.apache.httpcomponents.httpclient\4.5.2.v20170210-0925\org.apache.httpcomponents.httpclient-4.5.2.v20170210-0925.jar
MD5: 74d0a8407c8ff35a5d9d96baa38be405
SHA1: 3e15bc269e20bacabbe6dfe39e8dc8507da9025f
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

  • maven: org.eclipse.orbit.bundles:org.apache.httpcomponents.httpclient:4.5.2-SNAPSHOT   Confidence:High
  • cpe: cpe:/a:apache:httpclient:4.5.2.v20170210   Confidence:Low   

org.eclipse.core.contenttype-3.6.0.v20170207-1037.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.eclipse.core.contenttype\3.6.0.v20170207-1037\org.eclipse.core.contenttype-3.6.0.v20170207-1037.jar
MD5: 1de51a41302a7ab315d3d0f176e9f057
SHA1: 26b6171708e9c737bfe28382cea18fdd8a432ceb
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

org.eclipse.equinox.preferences-3.7.0.v20170126-2132.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.eclipse.equinox.preferences\3.7.0.v20170126-2132\org.eclipse.equinox.preferences-3.7.0.v20170126-2132.jar
MD5: 4306007fe9089b051f8447530d45ea63
SHA1: 78f9996fe3eafa560a09eee083c22154c689ffe1
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

org.eclipse.equinox.registry-3.7.0.v20170222-1344.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.eclipse.equinox.registry\3.7.0.v20170222-1344\org.eclipse.equinox.registry-3.7.0.v20170222-1344.jar
MD5: 87969fbfb35cee33c04d35761f0e50f0
SHA1: 9874e42c373d8f90338dbb9a38dab1dd81efffb5
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

org.eclipse.equinox.common-3.9.0.v20170207-1454.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.eclipse.equinox.common\3.9.0.v20170207-1454\org.eclipse.equinox.common-3.9.0.v20170207-1454.jar
MD5: d770eda2f43872ba17d6f0140ca0a42c
SHA1: a22125896ff8e25ce913371f54898af733953ecb
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

org.eclipse.core.expressions-3.6.0.v20170207-1037.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.eclipse.core.expressions\3.6.0.v20170207-1037\org.eclipse.core.expressions-3.6.0.v20170207-1037.jar
MD5: b8045b5e1cffec4e64b4282fe9ce409e
SHA1: d73bdd061bb36239e59015f917a25710e16d1cf9
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

org.eclipse.core.runtime-3.13.0.v20170207-1030.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.eclipse.core.runtime\3.13.0.v20170207-1030\org.eclipse.core.runtime-3.13.0.v20170207-1030.jar
MD5: a00b0766d631bcaf972fb981f5646f29
SHA1: 5a1b57e5c1753858b3ff36876014a547ee608129
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

org.eclipse.core.filesystem-1.7.0.v20170406-1337.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.eclipse.core.filesystem\1.7.0.v20170406-1337\org.eclipse.core.filesystem-1.7.0.v20170406-1337.jar
MD5: 5744964700d525ef06c890ab02dbf423
SHA1: 2e9b5c5b22d5a041c6151dd3f88bbad7311188c8
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

org.eclipse.core.jobs-3.9.0.v20170322-0013.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.eclipse.core.jobs\3.9.0.v20170322-0013\org.eclipse.core.jobs-3.9.0.v20170322-0013.jar
MD5: 230b8880248c056c3f7d6594ca5729d8
SHA1: 591a398580d6dfecda2ca18eda1a176c79875b7c
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

org.eclipse.core.net-1.3.100.v20170516-0820.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.eclipse.core.net\1.3.100.v20170516-0820\org.eclipse.core.net-1.3.100.v20170516-0820.jar
MD5: ff28ab5ac4f51348051f1708a36038ca
SHA1: 60a0b8927d017917546a76f091636da4da421dc9
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

org.eclipse.equinox.security-1.2.300.v20170505-1235.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.eclipse.equinox.security\1.2.300.v20170505-1235\org.eclipse.equinox.security-1.2.300.v20170505-1235.jar
MD5: 3c3c1c1f3e7be8ff5ffaea1a9f19945f
SHA1: 34ff7fb0878ee4297a6e99e5223d1f74d87d9c8d
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

org.eclipse.core.resources-3.12.0.v20170417-1558.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.eclipse.core.resources\3.12.0.v20170417-1558\org.eclipse.core.resources-3.12.0.v20170417-1558.jar
MD5: 2e7af9f5c4b98bfdb01913e904f3c276
SHA1: be793d60b94223ed8cd371f0b52576530a1977e1
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

org.eclipse.equinox.app-1.3.400.v20150715-1528.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.eclipse.equinox.app\1.3.400.v20150715-1528\org.eclipse.equinox.app-1.3.400.v20150715-1528.jar
MD5: 33d2a35dcf3cf48509cbe3ac70e1c548
SHA1: 04c01f677e982499789ffa78b628ea67693db949
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

org.eclipse.e4.core.contexts-1.6.0.v20170322-1144.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.eclipse.e4.core.contexts\1.6.0.v20170322-1144\org.eclipse.e4.core.contexts-1.6.0.v20170322-1144.jar
MD5: 720b268fffc24a2054ac3cb837c1b815
SHA1: 83e770014f1be890dff09b17b0d7b2343c3867f4
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

org.eclipse.e4.core.di-1.6.100.v20170421-1418.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.eclipse.e4.core.di\1.6.100.v20170421-1418\org.eclipse.e4.core.di-1.6.100.v20170421-1418.jar
MD5: 319482aedc4640787c2e44d4de6f325c
SHA1: 650ac92c831c224d7d4eada5fe744ef53575761e
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

javax.inject-1.0.0.v20091030.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\javax.inject\1.0.0.v20091030\javax.inject-1.0.0.v20091030.jar
MD5: 508774113f4ecc361d7a7ec5dc93c737
SHA1: bf39840bc3bc7fa50a0d5ab4fea74bc00e89f952
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

  • None

org.eclipse.e4.core.di.annotations-1.6.0.v20170119-2002.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.eclipse.e4.core.di.annotations\1.6.0.v20170119-2002\org.eclipse.e4.core.di.annotations-1.6.0.v20170119-2002.jar
MD5: bab3a10e064b5e61b2225afe32857cb6
SHA1: 433c70a9819c34bb3e3c4d3f01e863ce7a2589bf
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

org.eclipse.ecf-3.8.0.v20170104-0657.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.eclipse.ecf\3.8.0.v20170104-0657\org.eclipse.ecf-3.8.0.v20170104-0657.jar
MD5: 17d99d1f8feaab7ba9c121bdbb6b172a
SHA1: 5bcc054e126c9438ea4fc76d7744e5566290d89b
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

CVE-2008-7271  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.

Vulnerable Software & Versions: (show all)

org.eclipse.ecf.identity-3.8.0.v20161203-2153.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.eclipse.ecf.identity\3.8.0.v20161203-2153\org.eclipse.ecf.identity-3.8.0.v20161203-2153.jar
MD5: b49e2edbf0e80f6a06c445af620fc3d7
SHA1: 731aab22f8887973f46fb636a28df9c3ea0aff06
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

CVE-2008-7271  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.

Vulnerable Software & Versions: (show all)

org.eclipse.equinox.concurrent-1.1.0.v20130327-1442.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.eclipse.equinox.concurrent\1.1.0.v20130327-1442\org.eclipse.equinox.concurrent-1.1.0.v20130327-1442.jar
MD5: b4f18eac43008648e2f222867d1587b1
SHA1: be72cdfd3f44ff6c2ab84a13c56672ed848f75f5
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

org.eclipse.ecf.filetransfer-5.0.0.v20160817-1024.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.eclipse.ecf.filetransfer\5.0.0.v20160817-1024\org.eclipse.ecf.filetransfer-5.0.0.v20160817-1024.jar
MD5: d3d89a8f6dce52973aee0b2d6f3191ce
SHA1: e6f30d6cc08c39c687a23e9dfa61faaaa0923629
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

  • cpe: cpe:/a:file-transfer:file_transfer:5.0.0.v20160817   Confidence:Low   

org.eclipse.ecf.provider.filetransfer-3.2.300.v20161203-1840.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.eclipse.ecf.provider.filetransfer\3.2.300.v20161203-1840\org.eclipse.ecf.provider.filetransfer-3.2.300.v20161203-1840.jar
MD5: 4dfcefcad00261479f969474714091ee
SHA1: 6c98b21f2ce3f0d5c0f99c9ac3e8331ca057a5fe
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

CVE-2008-7271  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.

Vulnerable Software & Versions: (show all)

CVE-2010-4647  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.

Vulnerable Software & Versions: (show all)

org.eclipse.ecf.provider.filetransfer.httpclient4-1.1.200.v20170314-0133.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.eclipse.ecf.provider.filetransfer.httpclient4\1.1.200.v20170314-0133\org.eclipse.ecf.provider.filetransfer.httpclient4-1.1.200.v20170314-0133.jar
MD5: 215335f021468cfa5d692b8da1d4763d
SHA1: 2cbe416d41304ca048858d36d0a24555f337b107
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

CVE-2008-7271  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.

Vulnerable Software & Versions: (show all)

CVE-2010-4647  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.

Vulnerable Software & Versions: (show all)

org.eclipse.equinox.p2.core-2.4.100.v20160419-0834.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.eclipse.equinox.p2.core\2.4.100.v20160419-0834\org.eclipse.equinox.p2.core-2.4.100.v20160419-0834.jar
MD5: fedcd2ded80f7e26e8ebb2fdd4054703
SHA1: b881c588447d199ae37b9a1d4d36fcb0faac0469
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

CVE-2008-7271  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.

Vulnerable Software & Versions: (show all)

CVE-2010-4647  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.

Vulnerable Software & Versions: (show all)

org.eclipse.osgi.util-3.4.0.v20170111-1608.jar

Description: %osgiUtilDes

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.eclipse.osgi.util\3.4.0.v20170111-1608\org.eclipse.osgi.util-3.4.0.v20170111-1608.jar
MD5: df2ddb1699e95b60ce6ee17cde9b3c51
SHA1: b3939a872c43a4b1d3aae07e42f51bf848606e93
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

org.jboss.tools.foundation.core-1.4.2-SNAPSHOT.jar

File Path: C:\Users\JeffMAURY\.m2\repository\org\jboss\tools\foundation\plugins\org.jboss.tools.foundation.core\1.4.2-SNAPSHOT\org.jboss.tools.foundation.core-1.4.2-SNAPSHOT.jar
MD5: 997b7d7eecfa5c81259255a129001209
SHA1: 1ae025de1417ffc49f22131487c6a7319983f26a
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

  • maven: org.jboss.tools.foundation.plugins:org.jboss.tools.foundation.core:1.4.2-SNAPSHOT   Confidence:High

httpclient-4.0.1.jar

Description:  HttpComponents Client (base module)

License:

Apache License: ../LICENSE.txt
File Path: C:\work\tmp\jbosstools-base\stacks\plugins\org.jboss.tools.stacks.core\lib\httpclient-4.0.1.jar
MD5: 9ca98774860101c06ca9010efd6224a1
SHA1: 1d7d28fa738bdbfe4fbd895d9486308999bdf440
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

CVE-2011-1498  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.

Vulnerable Software & Versions: (show all)

CVE-2014-3577  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.

Vulnerable Software & Versions: (show all)

CVE-2015-5262  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.

Vulnerable Software & Versions:

org.eclipse.core.resources-3.12.0.v20170417-1558.jar: resources-ant.jar

File Path: C:\Users\JeffMAURY\.m2\repository\p2\osgi\bundle\org.eclipse.core.resources\3.12.0.v20170417-1558\org.eclipse.core.resources-3.12.0.v20170417-1558.jar\ant_tasks\resources-ant.jar
MD5: 6881e0a2ad28ed304e7841518224be42
SHA1: e8e45793842d7f094c572f4294132be783760903
Referenced In Project/Scope: org.jboss.tools.stacks.core:system

Identifiers

  • None


This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the Node Security Platform.