Is JBoss EAP affected by CVE-2015-5176
Issue
- Is
JBoss
EAP
affect byCVE-2015-5176
. - You have reported
CVE-2015-5176
to us as a vulnerability. From what I have read, it appears that JBoss EAP is vulnerable because it uses a web portal interface for control. - We have reviewed the patch information at
"https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=39003&product=jbportal&version=6.2.0&downloadType=securityPatches "
but do not find the "portletbridge" files referenced on our servers. We need to know if JBoss EAP 6.2.0 is impacted by this CVE.
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 6.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.