Hi,

We are using Jboss4.2.3 as application server. We implemented the remoting module for Jboss4.2.3 using jboss-remoting.jar provided along with the Jboss4.2.3-GA package.

We need to confirm whether the remoting is still affected by CVE-2014-3518.

On looking into the issue details, I see the vulnerability is only in Jboss5.x which implements jboss-remoting.sar.

Is my understanding right?