First CVE has been addressed as part of Jboss EAP 5.2.0 and second one as part of JBEAP 6.4.
We are currently using Jboss Application Server 6.1.0 Final. We guess that the first CVE has no effect (since the CVE is raised against 5.2 version) on this version but still we need confirmation from you experts too.
Reg second CVE we have a slight clarification whether it affects Jboss AS releases if so, is there any Jboss AS releases which has the fix for this CVE. If not kindly direct us with the application server release version to which we can upgrade so that these security vulnerability are no more an issue.