We received an alert regarding the coyote connector version (CVE-2005-2090). I would like to know if the virtual appliance with version > 9.3 is affected by this CVE.
Please follow this KB to move pass this finding: Changing the Server Header From “Apache-Coyote/1.1 - CA Knowledge
I found coyote-6.0.41.jar was included in API Gateway 9.3 (no CR).
According to ASF, CVE-2005-2090 was fixed completely in 6.0.39. (Apache Tomcat® - Apache Tomcat 6 vulnerabilities )
I don't think 9.3 is affected by CVE-2005-2090.