Jboss 4.0.2/ windows CVE: CVE-2008-3273

bostanian Mar 26, 2014 7:47 AM

We are using jboss 4.0.2. on windows for a long time and recently we have found a security vulnerability CVE-2008-3273.

Could someone please let me know if there is a fix for it?

CVE: CVE-2009-0781

Thank you

1. Re: Jboss 4.0.2/ windows CVE: CVE-2008-3273

ctomc Mar 26, 2014 9:06 AM (in response to bostanian)

Moved to appropriate forum.

I am pretty sure there was no fix for that, you should really upgrade your app server.
As you can see from CVEs linked it was fixed in EAP 4.2 & 4.3 but that are commercial offerings.

Also this fixes are part of AS5 and later.
Actions
2. Re: Jboss 4.0.2/ windows CVE: CVE-2008-3273

bostanian Mar 26, 2014 10:09 AM (in response to ctomc)

Thank you for your quick response. Do you know how do I down that version? EAP 4.2?
Actions
3. Re: Jboss 4.0.2/ windows CVE: CVE-2008-3273

kuldeep11 Mar 27, 2014 5:50 AM (in response to bostanian)

For AS you can download from below :
http://sourceforge.net/projects/jboss/files/JBoss/JBoss-4.2.3.GA/jboss-4.2.3.GA-jdk6.zip/download
And for EAP you can find at https://access.redhat.com ,but for that you should have subscription from redhat.

Thanks!
Actions