Hi, We are using tomcat 8.5.14.
As this CVE-2017-5664 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5664> is applicable for current tomcat version, we are trying to evaluate whethere this CVE is applicable to our web application or not. We have couple of JSP error pages. Tested those all are severed as GET. Also we have custom error Servlet handler configured and in that also, we do handle it as GET only. There are no static error files configured in our web application. With these can be take this CVE is not application to our web application with 8.5.14 tomcat? Please suggest. Thanks, Durga Srinivasu
