[jboss-user] [Tomcat, HTTPD, Servlets & JSP] - Re: JBoss 4.2.2 AS Vulnerability to CVE-2008-2938

jfrederic.clere@jboss.com do-not-reply at jboss.com
Tue Aug 26 10:01:44 EDT 2008

You can also check out http://anonsvn.jboss.org/repos/jbossweb/branches/JBOSSWEB_2_0_0_GA_CP/ and build JBossWEB then you need to copy the jbossweb jar files to replace your 4.2.2 version.

If you don't have URIEncoding="UTF-8" in the connector entries of server.xml you aren't at risk with CVE-2008-2938.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4172590#4172590

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4172590

More information about the jboss-user mailing list