If you carefully read the security report for Tomcat 4, you'll see
that the bug exists in a deprecated connector. If you are using the
standard Coyote connector, then you are safe.
For completeness, these are the connectors that are vulnerable to this
issue:
org.apache.coyote.tomcat4.CoyoteConnector
org.apache.catalina.connector.http.HttpConnector
Neither of these classes are included in the current 5.5 line
(5.5.35), nor are they included in the current 6.0 line (6.0.35), nor
are they included in the current 7.0 line (7.0.25).
If you are using a currently-supported version of Tomcat and you are
up to date, then you are not vulnerable to this ancient vulnerability.
Thanks! That was the information I needed. I was unable to find the
information on which connectors and was at a lost. I've now looked into
them.
Thank you both Chris and Leon for your help.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
