The Eclipse software development environment provides a set of tools forC/C++ and Java development.A cross-site scripting (XSS) flaw was found in the Eclipse Help Contentsweb application. An attacker could use this flaw to perform a cross-sitescripting attack against victims by tricking them into visiting aspecially-crafted Eclipse Help URL. (CVE-2010-4647)The following Eclipse packages have been upgraded to the versions found inthe official upstream Eclipse Helios SR1 release, providing a number ofbug fixes and enhancements over the previous versions:In addition, the following updates were made to the dependencies of theEclipse packages above:This update includes numerous upstream bug fixes and enhancements, such as:This update also fixes the following bugs:Users of eclipse should upgrade to these updated packages, which correctthese issues and add these enhancements.
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center