Manjesh h wrote:
- Is it possible to upgrade only the web-container part of Jboss 423 to Jboss 7.x web container so that the vulnerability get addressed?
If this is recommended, along with jbossweb.jar which are all other jars needs to be copied to Jboss 4.23.00 ? because I notice in Jboss’s7 web module there are more number of jars this time.
I think this is unlikely to work
Manjesh h also wrote:
- I have an alternate option to see the source code of Jboss 7.x ‘s jbosspiweb.jar to check how does it handles the workaround (setting .apache.tomcat.util.http.Parameters.MAX_COUNT)..then
Change the same code in Jboss 423’s jbossweb.src and rebuild locally to address this security issue.
This is what I would be doing...