2 Replies Latest reply on Mar 27, 2012 2:03 AM by asoldano

Was CVE-2011-1483 fixed in JBoss AS 6?

rajesh_cres Sep 28, 2011 5:57 AM

We are using community version of JBoss AS 6. We would like to know whether the DoS vulnerability CVE-2011-1483 was fixed in this version.

Bug 692584 - (CVE-2011-1483) CVE-2011-1483 JBossWS remote Denial of Service

In https://bugzilla.redhat.com/show_bug.cgi?id=692584, I was able to see the list of jboss application packages that has the fix.

All concerned commercial packages are listed.

Do we have a place where we can check whether this vulnerability was fixed in JBoss AS 6 or yet to be fixed.

- Thanks,

Rajesh.

1. Re: Was CVE-2011-1483 fixed in JBoss AS 6?

ndipiazza Mar 26, 2012 5:47 PM (in response to rajesh_cres)

I'm wondering myself how I can search SVN/Git for CVE-2011-1483 #'s fixed in versions of JBoss AS community. I need to know at what point CVE's were fixed for not just the EAP versions of JBoss.
Actions
2. Re: Was CVE-2011-1483 fixed in JBoss AS 6?

asoldano Mar 27, 2012 2:03 AM (in response to ndipiazza)

The JBossWS-CXF stack was not affected by this, so any vanilla AS 6 M4 or greater is fine (unless you manually installed jbossws-native).
In the jbossws-native stack, this has been fixed in 4.0.0.Beta1.
Actions