0 Replies Latest reply on Jul 23, 2014 7:48 AM by Arun Varadharajan

    CVE-2014-3518 and Jboss 4.2.3

    Arun Varadharajan Newbie

      Hi,

       

      We are using Jboss4.2.3 as application server. We implemented the remoting module for Jboss4.2.3 using jboss-remoting.jar provided along with the Jboss4.2.3-GA package.

      We need to confirm whether the remoting is still affected by CVE-2014-3518.

       

      On looking into the issue details, I see the vulnerability is only in Jboss5.x which implements jboss-remoting.sar.

      Is my understanding right?