Vulnerability Scanning is returning a false positive for CVE-2011-4605 when scanning EAP 5.2.0

Solution Unverified - Updated -

Environment

Issue

Seems that our Java Embedded Vulnerability Analyzer is returning a false-positive result for CVE-2011-4605 for jar files that are no longer affected.

The vulnerability is returned for jar files from JBoss EAP 5.2:

/common/lib/jbossha.jar VULNERABLE! CVE-2011-4605
/client/jboss-ha-legacy-client.jar VULNERABLE! CVE-2011-4605

Resolution

There is a private BZ opened in order to get it fixed. It is a false-positive since the vulnerability has been addressed in JBoss EAP 5.2, then the message can be ignored.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.