We are using Jboss4.2.3 as application server. We implemented the remoting module for Jboss4.2.3 using jboss-remoting.jar provided along with the Jboss4.2.3-GA package.
We need to confirm whether the remoting is still affected by CVE-2014-3518.
On looking into the issue details, I see the vulnerability is only in Jboss5.x which implements jboss-remoting.sar.
Is my understanding right?
Retrieving data ...