[jboss-user] [Security] - JBoss AS 4.2.1 affected by

choonmengtan.sg do-not-reply at jboss.com
Thu Sep 10 00:14:03 EDT 2009


My company is currently using JBoss Application Server 4.2.1 GA.

May I know whether it will be affected by the security vulnerability "Jboss Enterprise Application Platform (EAP) Status Servlet Request Remote Information Disclosure"? (http://osvdb.org/show/osvdb/47551)

I understand that EAP 4.3 includes JBoss Application Server 4.2.1 as part of its components.
So I am not sure whether it is subjected to the vulnerability and if so, is there a seperate patch (or upgrade) for JBoss AS 4.2.1 that will remove the vulnerability?

I appreciate your help!!

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4254315#4254315

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4254315

More information about the jboss-user mailing list