[jboss-user] [Security] - JBoss AS 4.2.1 affected by

Hi, My company is currently using JBoss Application Server 4.2.1 GA. May I know whether it will be affected by the security vulnerability "Jboss Enterprise Application Platform (EAP) Status Servlet Request Remote Information Disclosure"? (http://osvdb.org/show/osvdb/47551) I understand that EAP 4.3 includes JBoss Application Server 4.2.1 as part of its components. So I am not sure whether it is subjected to the vulnerability and if so, is there a seperate patch (or upgrade) for JBoss AS 4.2.1 that will remove the vulnerability? I appreciate your help!! Thanks! View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4254315#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...