tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Restorff <>
Subject Re: Question regarding mappings for CVE-2005-4836
Date Wed, 08 Feb 2012 16:18:40 GMT

> If you carefully read the security report for Tomcat 4, you'll see
> that the bug exists in a deprecated connector. If you are using the
> standard Coyote connector, then you are safe.
> For completeness, these are the connectors that are vulnerable to this
> issue:
> org.apache.coyote.tomcat4.CoyoteConnector
> org.apache.catalina.connector.http.HttpConnector
> Neither of these classes are included in the current 5.5 line
> (5.5.35), nor are they included in the current 6.0 line (6.0.35), nor
> are they included in the current 7.0 line (7.0.25).
> If you are using a currently-supported version of Tomcat and you are
> up to date, then you are not vulnerable to this ancient vulnerability.
Thanks! That was the information I needed. I was unable to find the 
information on which connectors and was at a lost. I've now looked into 

Thank you both Chris and Leon for your help.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message