On 26/06/2020 13:35, Kasteleijn, Wilco wrote: > Hello, we would like to know if this vulnerability is only applicable for > usage of the coyote http connector?
It only applies when using the HTTP/2 protocol. That is only available with an HTTP connector. > We are using Tomcat 8.5.55 in combination with a apache HTTPD proxy setup > that is connected via the AJP connector. Are we also affected in that case? No. AJP is not affected. Mark > Regards, Wilco. > > > This message contains confidential or privileged information and is intended > only for the individual named. If you have received it by mistake, please let > us know by e-mail reply and delete it from your system; you may not copy this > message or disclose its contents to anyone. Please note that any views or > opinions presented in this email are solely those of the author and do not > necessarily represent those of the company. Nothing in this email is intended > to bind Elemica, Inc., which only operates under the terms of written > agreements signed by an authorized officer. E-mail transmission cannot be > guaranteed to be secure or error-free as information could be intercepted, > corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. > The sender therefore does not accept liability for any errors or omissions in > the contents of this message, which arise as a result of e-mail transmission. > > Disclaimer > > The information contained in this communication from the sender is > confidential. It is intended solely for use by the recipient and others > authorized to receive it. If you are not the recipient, you are hereby > notified that any disclosure, copying, distribution or taking action in > relation of the contents of this information is strictly prohibited and may > be unlawful. > > This email has been scanned for viruses and malware, and may have been > automatically archived by Mimecast Ltd, an innovator in Software as a Service > (SaaS) for business. Providing a safer and more useful place for your human > generated data. Specializing in; Security, archiving and compliance. To find > out more visit the Mimecast website. > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org