Vulnerability Scanning is returning a false positive for CVE-2011-4605 when scanning EAP 5.2.0
Environment
- Java Embedded Vulnerability Analyzer
- Red Hat JBoss Enterprise Application Platform (EAP) 5.2
Issue
Seems that our Java Embedded Vulnerability Analyzer is returning a false-positive result for CVE-2011-4605 for jar files that are no longer affected.
The vulnerability is returned for jar files from JBoss EAP 5.2:
/common/lib/jbossha.jar VULNERABLE! CVE-2011-4605
/client/jboss-ha-legacy-client.jar VULNERABLE! CVE-2011-4605
Resolution
There is a private BZ opened in order to get it fixed. It is a false-positive since the vulnerability has been addressed in JBoss EAP 5.2, then the message can be ignored.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
