5. Issues

This section covers the issues relevant to JBoss Communications Platform 5.1.1 components.

5.1. Fixed Issues

CVE-2011-1484
It was found that JBoss Seam 2 did not properly block access to JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework.

Note

A properly configured and enabled Java Security Manager would prevent exploitation of this flaw. (CVE-2011-1484)
Red Hat would like to thank Martin Kouba from IT SYSTEMS a.s. for reporting this issue.

Table 3. Issue List

Ticket ID Summary
JBCP-1974 [MSS HA] When app call setExpires, it is not propagated to the failover node
JBCP-2325 DIGEST authentication on Mobicents Sip Servlets 1.5.0 JBoss 5.1.0 is not working
JBCP-2367 JDK Classes keep references to Timer even though they are cancelled
JBCP-2437 Concurrent transactions from different directions in proxy cause leaks in a race condition
JBCP-2464 SipSession invalidation throws exception on race condition
JBCP-2588 lastaccesstime not updated when sending ACK
JBCP-2598 NPE seen when replicating
JBCP-2623 Proxying between different transports doesn't work
JBCP-2667 SipServletMessage.setContent() with MimeMultipart is badly handled
JBCP-2668 getRemoteAddress() returns null
JBCP-2699 SipFactoryImpl.createApplicationSessionByKey is not compliant with Sip Servlets spec
JBCP-2739 Null returned for B2BUAHelperImpl.getLinkedSipServletRequest() in Early Dailog Failover
JBCP-2740 outboundProxy not working for MSS without an LB
JBCP-2745 wrong transport parameter in record-route header
JBCP-2783 Proxying to non-UDP transport is broken.
JBCP-2789 Reorder initialization in JBoss 5 to guard for EJBTHREE-2056