My company is currently using JBoss Application Server 4.2.1 GA.
May I know whether it will be affected by the security vulnerability "Jboss Enterprise Application Platform (EAP) Status Servlet Request Remote Information Disclosure"? (http://osvdb.org/show/osvdb/47551)
I understand that EAP 4.3 includes JBoss Application Server 4.2.1 as part of its components. So I am not sure whether it is subjected to the vulnerability and if so, is there a seperate patch (or upgrade) for JBoss AS 4.2.1 that will remove the vulnerability?