[jboss-user] [Beginner's Corner] - Re: updating Jbossweb.jars to fix hash collision

[Stephen Coy]

Stephen Coy [https://community.jboss.org/people/sfcoy] created the discussion

"Re: updating Jbossweb.jars to fix hash collision"

To view the discussion, visit: https://community.jboss.org/message/736120#736120

--------------------------------------------------------------
> Manjesh h wrote:
> 
> ... 
> 1. Is it possible to upgrade only the web-container part of Jboss 423  to  Jboss 7.x web container so that the vulnerability get addressed?
> If this is recommended,  along with jbossweb.jar which are all other jars needs to be  copied to Jboss 4.23.00 ? because I notice in Jboss’s7 web module  there are more number of jars this time.
> ...
I think this is unlikely to work

> Manjesh h also wrote:
> 
> 1. I have an alternate option to see the source code of Jboss 7.x ‘s  jbosspiweb.jar  to check how does it handles the workaround (setting .apache.tomcat.util.http.Parameters.MAX_COUNT)..then 
> Change the same code in Jboss 423’s jbossweb.src and rebuild locally to  address this security issue.
This is what I would be doing...
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/736120#736120]

Start a new discussion in Beginner's Corner at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2075]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20120516/c0962b55/attachment.html