1 2 Previous Next 22 Replies Latest reply on Jan 20, 2011 4:35 AM by jfclere

    How to fix Jboss 4.2.3 CVE-2010-2227 vulnerability issue

    sinha1981

      Hi,

       

      I am using Jboss 4.2.3 AS in production. Security scanner founds this issue CVE-2010-2227.

       

      Apache Tomcat Transfer-Encoding Header Vulnerability :


      The remote Apache Tomcat service is vulnerable to information disclosure or a denial of service attack due to a mishandling of invalid values for the 'Transfer-Encoding' HTTP header as sent by a client.

       

      As far as I know, Jboss 4.2.3 has tomcat 6.0.13.This issue is fixed in 6.0.28 OR greater.

       

      Can anybody please let me know if there is any patch version available for Jboss 4.2.3 having tomcat 6.0.28 OR greater OR is there any other way to fix this issue?

       

      Thanks in advance.

       

      Sinha.

        1 2 Previous Next