Hello, We just installed a JBOSS server in our production Environment... Apparently JBOSS came bundled with Apache Tomcat/5.5.9
Our current environment is: Windows 2003 SP1 JBOSS 4.0.2 JVM Version: 1.4.2_11-b06 Apache Tomcat/5.5.9 Our security scanner has picked up 2 security vulnerabilities on this server. "Apache Cookie Buffer Overflow" "HTTP Buffer Overflows" Our security scanner indicated that we need to upgrade from Apache v1.1.1 to v1.3.2... but since we are already on Apache Tomcat/5.5.9... I don't think that is correct. The scanner also indicated that we may be able to change a field in Apache called LimitRequestFieldsize... Thus far I have been unable to find this LimitRequestFieldsize field in any of our config files... Is the LimitRequestFieldsize in Apache V.1.1.1 the same as maxHttpHeaderSize in Apache Tomcat/5.5.9? Any suggestions would be appreciated. Thank you --Doug CONFIDENTIALITY NOTICE: This message (including any attachments) may contain Molex confidential information, protected by law. If this message is confidential, forwarding it to individuals, other than those with a need to know, without the permission of the sender, is prohibited. This message is also intended for a specific individual. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message or taking of any action based upon it, is strictly prohibited. Chinese Japanese www.molex.com/confidentiality.html
