Hi there, my first post here. My security advisor (not to say security watch-dog) ask me if JBoss 4.2.2 is vulnerable to CVE-2008-2938 as stated in http://www.kb.cert.org/vuls/id/343355. This flaw applies to Tomcat 6.x prior to 6.0.18. jboss-4.2.2.GA/docs/licenses/thirdparty-licenses.xml says Tomcat 6.0.10 is used. Any hints on this?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4172312#4172312 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4172312 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
