This content has been marked as final.
Show 2 replies
-
1. Re: JBoss, Tomcat, CVE-2008-1232 and related
jfclere Sep 12, 2008 2:32 AM (in response to darretta)Look in http://anonsvn.jboss.org/repos/jbossas/tags/JBoss_4_0_3_SP1/build/build-thirdparty.xml
It says:
+++
+++
So it uses the tomcat from http://repository.jboss.com/apache-tomcat/5.5.9jboss/src/
Looks a normal tc-5.5.9.
So look in http://tomcat.apache.org/security-5.html
Answer yes your are vulnerable. -
2. Re: JBoss, Tomcat, CVE-2008-1232 and related
darretta Sep 12, 2008 11:05 AM (in response to darretta)Thank you for the response. I was hoping that the embedded Tomcat was not the full version, but was obviously wrong.
So, I presume, the only solution is to upgrade JBoss? Is there a patch available to apply to 4.0.3SP1?
Thank you again.