2 Replies Latest reply on Sep 12, 2008 11:05 AM by darretta

    JBoss, Tomcat, CVE-2008-1232 and related

    darretta

      I am having difficulty determining if JBoss 4.0.3SPI is vulnerable to CVE-2008-1232 (and related) regarding the Tomcat XSS vulnerability. Is the embedded Tomcat server in JBoss 4.0.3SP1 affected by this CVE? If so, is there a patch aside from upgrading to the latest JBoss?

      Thank you.