[jboss-user] [Tomcat, HTTPD, Servlets & JSP] - CVE-2007-3382/3385 + JBoss 4.0.3SP1

Tuesday, 11 September 2007

Hi, 

We're deployed on JBoss 4.0.3SP1 - and are getting some questions about CVE-2007-3382
and CVE-2007-3385, which are Tomcat vulnerabilities. 

I see that this has been addressed in the 4.0.4/4.0.5 stream.
(http://jira.jboss.org/jira/browse/ASPATCH-286). 

Anyone have any information relating to 4.0.3 SP1? I believe the Tomcat version that
shipped with that is 5.5.0.0, which is affected by the vulnerability.  

If we are forced to upgrade, any advice on which version upgrade would have the least
impact?

Thanks,
-Dan

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4083091#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-user] [Tomcat, HTTPD, Servlets & JSP] - CVE-2007-3382/3385 + JBoss 4.0.3SP1