If you carefully read the security report for Tomcat 4, you'll see
that the bug exists in a deprecated connector. If you are using the
standard Coyote connector, then you are safe.
For completeness, these are the connectors that are vulnerable to this
issue:
org.apache.coyote.tomcat4.CoyoteConn
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Christopher,
On 2/7/12 3:01 PM, Christopher Restorff wrote:
> I have a question regarding CVE-2005-4836:
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4836
Wow. Blast from the past.
> The security bulletin, http://tomcat.apache.org/sec
On 2/7/12 12:01 PM, "Christopher Restorff"
wrote:
>Hello,
>
>I have a question regarding CVE-2005-4836:
>http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4836
>
>The security bulletin, http://tomcat.apache.org/security-4.html,
>mentions that it will not be fixed in 4.x. However, there is
Hello,
I have a question regarding CVE-2005-4836:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4836
The security bulletin, http://tomcat.apache.org/security-4.html,
mentions that it will not be fixed in 4.x. However, there is no
indication as to whether it affects 5.x or beyond. Is t
