4 Replies Latest reply on Aug 27, 2008 3:54 AM by Rafael Sanchez Martinez

    JBoss 4.2.2 AS Vulnerability to CVE-2008-2938

    Francois Basquin Newbie

      Hi there,
      my first post here.
      My security advisor (not to say security watch-dog) ask me if JBoss 4.2.2 is vulnerable to CVE-2008-2938 as stated in http://www.kb.cert.org/vuls/id/343355. This flaw applies to Tomcat 6.x prior to 6.0.18.

      jboss-4.2.2.GA/docs/licenses/thirdparty-licenses.xml
      says Tomcat 6.0.10 is used. Any hints on this?