How to solve JSF the vulnerability CVE-2008-1285 in JBoss EAP 7

Solution Verified - Updated -


The vulnerability CVE-2008-1285 enables remote attackers to inject code and is described as:

Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF) 1.2 before 1.2_08 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.


  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 7.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In