[jboss-user] [Tomcat, HTTPD, Servlets & JSP] - CVE-2007-3382/3385 + JBoss 4.0.3SP1
dabramov
do-not-reply at jboss.com
Tue Sep 11 11:45:42 EDT 2007
Hi,
We're deployed on JBoss 4.0.3SP1 - and are getting some questions about CVE-2007-3382 and CVE-2007-3385, which are Tomcat vulnerabilities.
I see that this has been addressed in the 4.0.4/4.0.5 stream. (http://jira.jboss.org/jira/browse/ASPATCH-286).
Anyone have any information relating to 4.0.3 SP1? I believe the Tomcat version that shipped with that is 5.5.0.0, which is affected by the vulnerability.
If we are forced to upgrade, any advice on which version upgrade would have the least impact?
Thanks,
-Dan
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4083091#4083091
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4083091
More information about the jboss-user
mailing list