-
15. Re: How to fix Jboss 4.2.3 CVE-2010-2227 vulnerability issue
geetadesai Jan 16, 2011 11:42 PM (in response to jfclere)Hi,
I am not sure about what answer of jbossas you are expecting, we are using jboss 4.2.3 .Could you please be little more elaborate on what answer of jbossas you expect?
Thanks,
Geeta
-
16. Re: How to fix Jboss 4.2.3 CVE-2010-2227 vulnerability issue
jfclere Jan 17, 2011 2:52 AM (in response to geetadesai)i meant the request is:
+++
GET / HTTP/1.1 Host: 148.147.162.243 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* Date: Thu, 13 Jan 2011 06:24:58 GMT User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1 Pragma: no-cache Transfer-Encoding: NESSUS Accept-Language: en Connection: Close
+++
What is the answer to the request?
-
17. How to fix Jboss 4.2.3 CVE-2010-2227 vulnerability issue
geetadesai Jan 20, 2011 2:01 AM (in response to jfclere)Hi,
I tried the giving same request manually with the Fiddler (Http Debugger), the response obtained is 501.
Please see the request and response
Request
GET https://pdev6vm4.platform.avaya.com/harvesting/faces/harvest/harvestProfile.xhtml HTTP/1.1
User-Agent: Fiddler
Host: pdev6vm4.platform.avaya.com
Transfer-Encoding: NESSUS
Response
HTTP/1.1 501 Not Implemented
Server: Apache-Coyote/1.1
Transfer-Encoding: chunked
Date: Wed, 10 Nov 2010 14:25:35 GMT
Connection: close
0
Does this indicate the issue got fixed? Do we have to try with more tools ?
Thanks,
Geeta
-
18. How to fix Jboss 4.2.3 CVE-2010-2227 vulnerability issue
jfclere Jan 20, 2011 2:46 AM (in response to geetadesai)The test is wrong.
-
19. How to fix Jboss 4.2.3 CVE-2010-2227 vulnerability issue
geetadesai Jan 20, 2011 2:48 AM (in response to jfclere)Hi,
Could you please suggest the correct way of testing this issue
Thanks,
Geeta
-
20. How to fix Jboss 4.2.3 CVE-2010-2227 vulnerability issue
jfclere Jan 20, 2011 3:04 AM (in response to geetadesai)If you think you can fix nor test it you should contact Red Hat and get a subcription.
I cant explain how to trigger a vulnerability that affects users that are not able to upgrade or fix their installation...
-
21. How to fix Jboss 4.2.3 CVE-2010-2227 vulnerability issue
geetadesai Jan 20, 2011 4:11 AM (in response to jfclere)Hi,
Could you please give us Red Hat subscription details
Thanks,
Geeta