1 Reply Latest reply on Oct 10, 2014 5:32 AM by jfclere

vulnerabilities in JbossWeb 2.1.3 - Jboss 5.1.0

lfoggy Oct 9, 2014 1:10 PM

Hi,

We are running JBoss 5.1.0 with JBossWeb 2.1.3. Could someone verify if the following vulnerabilities apply to this version of JBossWeb?

CVE-2010-5298

CVE-2014-0195

CVE-2014-0198

CVE-2014-0221

CVE-2014-0224

CVE-2014-3470

In general, are we able to upgrade JbossWeb in Jboss 5.1.0? If so, could you point me to any docs on how to?

Thanks,

1. Re: vulnerabilities in JbossWeb 2.1.3 - Jboss 5.1.0

jfclere Oct 10, 2014 5:32 AM (in response to lfoggy)

To upgrade jbossweb you need to compile jbossweb - Revision 2525: /branches/2.1.x and copy the jbossweb.jar file in your Jboss 5.1.0 installation..

Those issue seems to be openssl ones so you are only affected if you use native....
Actions