I am having difficulty determining if JBoss 4.0.3SPI is vulnerable to CVE-2008-1232 (and
related) regarding the Tomcat XSS vulnerability. Is the embedded Tomcat server in JBoss
4.0.3SP1 affected by this CVE? If so, is there a patch aside from upgrading to the latest
JBoss?
Thank you.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4175916#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...