0 Replies Latest reply on Sep 10, 2009 12:14 AM by Choon Meng Tan

    JBoss AS 4.2.1 affected by

    Choon Meng Tan Newbie


      My company is currently using JBoss Application Server 4.2.1 GA.

      May I know whether it will be affected by the security vulnerability "Jboss Enterprise Application Platform (EAP) Status Servlet Request Remote Information Disclosure"? (http://osvdb.org/show/osvdb/47551)

      I understand that EAP 4.3 includes JBoss Application Server 4.2.1 as part of its components.
      So I am not sure whether it is subjected to the vulnerability and if so, is there a seperate patch (or upgrade) for JBoss AS 4.2.1 that will remove the vulnerability?

      I appreciate your help!!