Known Eclipse Security Vulnerabilities

• 317055 Platform: [Webapp][Security] URLEncode url requests from local users (3.6.1)
• 319344 Platform: [Webapp][Security] Phishing on help application (3.6.1)
• 320547 Platform: [Webapp][Security] Misuse of /topic/file (3.6.1)
• 320548 Platform: [Webapp][Security] Ability to read files not in bundles (3.6.1)
• 320967 Platform: [Test][Security] Tests for security related bugs (3.7 M6)
• 325902 Equinox: [launcher] Windows LoadLibrary search cwd DLL exploit (3.6.2)
• 328795 Equinox: [Webapp] Possible security issue with JSP code exposure. (3.7 M4)
• 328975 Equinox: [Webapp] Possible security issue with JSP code exposure. (3.6.2)
• 329193 Equinox: [Webapp] Possible security issue with JSP code exposure. (3.6.2)
• 329582 Platform: [Webapp][Security] Eclipse Help Server XSS (3.7 M4)
• 330026 Platform: [Webapp][Security] Fix for Eclipse 3.6.2 Eclipse Help Server XSS (3.6.2)
• 333959 Virgo: cross-site scripting vulnerability (3.0.0.RELEASE)
• 336767 BIRT: Security Issue in BIRT Viewer (2.6.2)
• 361316 Jetty: DoS attack from similar hash values (7.5.x)
• 367533 Community: Reset Password allows to hijack accounts for SSH access (and other options) (---)
• 367638 Jetty: Denial of Service attack ocert-2011-003 / CVE-2011-4461 (7.5.x)
• 378977 Equinox: [Webapp] Possible security issue with JSP code exposure. - backport to 3.5.2+ (3.5.2+)
• 378979 Equinox: [Webapp] Possible security issue with JSP code exposure. backport for 3.4.2+ (3.4.2+)
• 390491 Equinox: [Webapp] Possible security issue with JSP code exposure. (3.4.2+)
• 395246 Gemini.Web: Access to forbidden directories can be granted (2.2.0.M03)
• 421097 Community: Open redirect (---)
• 421700 Community: Reflected XSS - https://dev.eclipse.org/portal/myfoundation/tests/explore.php (---)
• 421726 Community: [Security] SQL injection in http://www.eclipse.org/membership/scripts/get_image.php (---)
• 421759 Community: [security] SQL injection in [http://eclipse.org/membership/showMember.php] By Shahmeer Amir and Rafay Baloch (---)
• 421875 Community: Vulnerabilities on http://www.eclipse.org/‏ (---)
• 424827 Community: Potential XSS vulnerability on /downloads page. (---)
• 427830 Community: XSS vulnerability on www.eclipse.org (---)
• 428032 Community: Multiple XSS on site_login (---)
• 435095 Data Tools: HIPP jobs are SSHing to build.eclipse.org and storing passwords in config files (---)
• 438006 ECF: [XMPP] Update to Smack 4 (---)
• 438901 Platform: Style PASSWORD | READ_ONLY without BORDER displays plain text password (4.4.1)
• 443883 Community: [site_login] Password change should invalidate all active sessions (---)
• 463809 EMFStore: [Security] addInitialParticipant remote method allows privilege escalation (1.4.3)
• 474575 Community: The website may allow automated account creation. (---)
• 513268 Community: Open Redirection vulnerability in wiki.eclipse.org (---)