If you carefully read the security report for Tomcat 4, you'll see
that the bug exists in a deprecated connector. If you are using the
standard Coyote connector, then you are safe.
For completeness, these are the connectors that are vulnerable to this
issue:
org.apache.coyote.tomcat4.CoyoteConn
Hello,
I have a question regarding CVE-2005-4836:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4836
The security bulletin, http://tomcat.apache.org/security-4.html,
mentions that it will not be fixed in 4.x. However, there is no
indication as to whether it affects 5.x or beyond. Is t
