{
  "threat_severity" : "Low",
  "public_date" : "2010-11-16T00:00:00Z",
  "bugzilla" : {
    "description" : "eclipse: Help Content web application vulnerable to multiple XSS",
    "id" : "661901",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=661901"
  },
  "cvss" : {
    "cvss_base_score" : "2.6",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-79",
  "details" : [ "Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-05-19T00:00:00Z",
    "advisory" : "RHSA-2011:0568",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "eclipse-1:3.6.1-6.13.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-05-19T00:00:00Z",
    "advisory" : "RHSA-2011:0568",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "eclipse-birt-0:2.6.0-1.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-05-19T00:00:00Z",
    "advisory" : "RHSA-2011:0568",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "eclipse-callgraph-0:0.6.1-1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-05-19T00:00:00Z",
    "advisory" : "RHSA-2011:0568",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "eclipse-cdt-1:7.0.1-4.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-05-19T00:00:00Z",
    "advisory" : "RHSA-2011:0568",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "eclipse-changelog-1:2.7.0-1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-05-19T00:00:00Z",
    "advisory" : "RHSA-2011:0568",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "eclipse-dtp-0:1.8.1-1.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-05-19T00:00:00Z",
    "advisory" : "RHSA-2011:0568",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "eclipse-emf-0:2.6.0-1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-05-19T00:00:00Z",
    "advisory" : "RHSA-2011:0568",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "eclipse-gef-0:3.6.1-3.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-05-19T00:00:00Z",
    "advisory" : "RHSA-2011:0568",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "eclipse-linuxprofilingframework-0:0.6.1-1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-05-19T00:00:00Z",
    "advisory" : "RHSA-2011:0568",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "eclipse-mylyn-0:3.4.2-9.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-05-19T00:00:00Z",
    "advisory" : "RHSA-2011:0568",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "eclipse-oprofile-0:0.6.1-1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-05-19T00:00:00Z",
    "advisory" : "RHSA-2011:0568",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "eclipse-rse-0:3.2-1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-05-19T00:00:00Z",
    "advisory" : "RHSA-2011:0568",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "eclipse-valgrind-0:0.6.1-1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-05-19T00:00:00Z",
    "advisory" : "RHSA-2011:0568",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "icu4j-1:4.2.1-5.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-05-19T00:00:00Z",
    "advisory" : "RHSA-2011:0568",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "jetty-eclipse-0:6.1.24-2.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-05-19T00:00:00Z",
    "advisory" : "RHSA-2011:0568",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "objectweb-asm-0:3.2-2.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-05-19T00:00:00Z",
    "advisory" : "RHSA-2011:0568",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "sat4j-0:2.2.0-4.0.el6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "eclipse",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2010-4647\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-4647" ],
  "name" : "CVE-2010-4647",
  "csaw" : false
}