I am having difficulty determining if JBoss 4.0.3SPI is vulnerable to CVE-2008-1232 (and related) regarding the Tomcat XSS vulnerability. Is the embedded Tomcat server in JBoss 4.0.3SP1 affected by this CVE? If so, is there a patch aside from upgrading to the latest JBoss?
Thank you. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4175916#4175916 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4175916 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user