0 Replies Latest reply on Jul 23, 2014 7:48 AM by arun168403

    CVE-2014-3518 and Jboss 4.2.3




      We are using Jboss4.2.3 as application server. We implemented the remoting module for Jboss4.2.3 using jboss-remoting.jar provided along with the Jboss4.2.3-GA package.

      We need to confirm whether the remoting is still affected by CVE-2014-3518.


      On looking into the issue details, I see the vulnerability is only in Jboss5.x which implements jboss-remoting.sar.

      Is my understanding right?