[jboss-user] [Tomcat, HTTPD, Servlets & JSP] - JBoss 4.2.2 AS Vulnerability to CVE-2008-2938

frabas1967 do-not-reply at jboss.com
Mon Aug 25 10:08:03 EDT 2008

Hi there,
my first post here.
My security advisor (not to say security watch-dog) ask me if JBoss 4.2.2 is vulnerable to CVE-2008-2938  as stated in http://www.kb.cert.org/vuls/id/343355. This flaw applies to Tomcat 6.x prior to 6.0.18. jboss-4.2.2.GA/docs/licenses/thirdparty-licenses.xml says Tomcat 6.0.10 is used. Any hints on this?

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4172312#4172312

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4172312

More information about the jboss-user mailing list