Hi, I have standalone Tomcat version 5.5 running on my production machine (Windows 2003 server). I think in this case vulnerability CVE-2007-0774 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774) does not apply as there is no other Webserver (apache etc.) to which tomcat talks to. So there is no connector. But I read on the web that, tomcat comes with default connector to serve Static content. I am not sure which connector it is. But this vulnerability is about mod_jk, which is not in tomcat but is part of apache. So I still think I do need to take care of this vulnerability. But would like to confirm with you before informing my team. thanks, shishir
--------------------------------- Don't be flakey. Get Yahoo! Mail for Mobile and always stay connected to friends.
