I need to patch jboss 5.1.0GA for the vulnerabilities associated with these two CVE's....which are for jboss5.1.0 EAP. Anyone know if there is a GA patch available or any way to back-port these CVE's to GA? Are the EAP CVE's directly compatible with GA without modification? Thanks