Patch Instructions:

PATCH NAME:
       BZ985266
PRODUCT NAME:
       JBoss Enterprise Application Server
VERSION:
         6.1.0
SHORT DESCRIPTION:
       CVE-2013-4182
LONG DESCRIPTION:
       CVE-2013-4128 JBoss remote-naming/ejb-client: Session fixation due improper connection caching
MANUAL INSTALL INSTRUCTIONS:
          Backup and remove $JBOSS_HOME/jboss-eap-6.1/bin/client/jboss-client.jar
          Backup $JBOSS_HOME/jboss-eap-6.1/modules/system/layers/base/org/jboss/remote-naming/main/module.xml
          Backup $JBOSS_HOME/jboss-eap-6.1/modules/system/layers/base/org/jboss/ejb-client/main/module.xml
          Backup and remove $JBOSS_HOME/jboss-eap-6.1/modules/system/layers/base/org/jboss/remote-naming/main/jboss-remote-naming-1.0.6.Final-redhat-2.jar
          Backup and remove $JBOSS_HOME/jboss-eap-6.1/modules/system/layers/base/org/jboss/ejb-client/main/jboss-ejb-client-1.0.21.Final-redhat-1.jar

          Unzip the attached zip (jboss-eap-6.1.0-BZ985266.zip) in the same location where jboss-eap-6.1.0.zip is extracted

CREATOR:
       Permaine Cheung
DATE:
       31-Jul-2013
