[jboss-user] [Security] - JBoss AS 4.2.1 affected by
do-not-reply at jboss.com
Thu Sep 10 00:14:03 EDT 2009
My company is currently using JBoss Application Server 4.2.1 GA.
May I know whether it will be affected by the security vulnerability "Jboss Enterprise Application Platform (EAP) Status Servlet Request Remote Information Disclosure"? (http://osvdb.org/show/osvdb/47551)
I understand that EAP 4.3 includes JBoss Application Server 4.2.1 as part of its components.
So I am not sure whether it is subjected to the vulnerability and if so, is there a seperate patch (or upgrade) for JBoss AS 4.2.1 that will remove the vulnerability?
I appreciate your help!!
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4254315#4254315
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4254315
More information about the jboss-user