Can anyone help me with this problem please?
I am using Jboss 4.2.2 GA and JDK 1.5. Which, I think, uses Jbossweb 2.0.1. It have "JBoss Enterprise Application Platform Status Servlet Request Remote Information Disclosure" vulnerability ( CVE-2010-1429). It is mentioned in many places that it is fixed in "Jboss EAP 4.2.0.CP09". I haven't found any liknk to download this version.
So, is there any patch for Jbossweb 2.0.1 in which this issue is fixed? Or is there any version of Jboss which support JDK 1.5 and does not have critical vulnerabilities? I just want to remove all vulnerabilities from my application. The version of Jboss will not matter as long as it support JDK 1.5.