This content has been marked as final.
Show 2 replies
-
1. Re: CVE-2007-3382/3385 + JBoss 4.0.3SP1
jfclere Sep 12, 2007 3:15 AM (in response to dabramov)4.0.3 SP1 was shipped with 5.5.9 (See http://wiki.jboss.org/wiki/Wiki.jsp?page=VersionOfTomcatInJBossAS).
Use http://repository.jboss.com/apache-tomcat/5.5.9.patch03-brew/ -
2. Re: CVE-2007-3382/3385 + JBoss 4.0.3SP1
dabramov Sep 24, 2007 4:50 PM (in response to dabramov)
Can you confirm JBAS-2866 addresses these vulnerabilities since neither the description of the patch or JBAS-2866 explicitly reference either CVE-2007-3382 or CVE-2007-3385. (though JBAS-2866 is related to the use of quotes in cookies)
"Tomcat 5.5 servlet 2.4 web container with a fix for the JBAS-2866, as well as backported fixes for CVE-2005-2090, CVE-2006-3835, CVE-2006-7195, CVE-2007-0450, CVE-2007-1858, CVE-2005-3510, plus fixes for CVE-2007-2450 and CVE-2007-3386"