Re: Tomcat Web Server ServerTokenNotSet Vulnerability
My long-time favorite is server=Microsoft-IIS/5.0 ;-). Mark Thomas [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] No idea. Try , , Tin foil hats R us or something similar. I am not even sure this is why your scanner is reporting a problem. Mark Gao, Frank wrote: What the server parameter value should be in order to pass the security scan? -Original Message- From: Mark Thomas [mailto:[EMAIL PROTECTED] Sent: Friday, June 10, 2005 2:14 PM To: Tomcat Users List Subject: Re: Tomcat Web Server ServerTokenNotSet Vulnerability Try setting the server parameter on the connector. See http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/http.html Mark Gao, Frank wrote: Hi, I have a Tomcat 5.5.7 standalone webserver running on my machine, recently I got a security scan warning of ApacheServerTokenNotSet. Does anyone know how to configure the Tomcat 5.5.7 to pass this security scan? I know there is a 'ServerTokens' directive for Apache Web Server that I can use to limit the information giving out. But I cann't find anything similar on Tomcat Web Server. Anyone has any idea about this? Thanks, Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat Web Server ServerTokenNotSet Vulnerability
Hi, I have a Tomcat 5.5.7 standalone webserver running on my machine, recently I got a security scan warning of ApacheServerTokenNotSet. Does anyone know how to configure the Tomcat 5.5.7 to pass this security scan? I know there is a 'ServerTokens' directive for Apache Web Server that I can use to limit the information giving out. But I cann't find anything similar on Tomcat Web Server. Anyone has any idea about this? Thanks, Frank
Re: Tomcat Web Server ServerTokenNotSet Vulnerability
Try setting the server parameter on the connector. See http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/http.html Mark Gao, Frank wrote: Hi, I have a Tomcat 5.5.7 standalone webserver running on my machine, recently I got a security scan warning of ApacheServerTokenNotSet. Does anyone know how to configure the Tomcat 5.5.7 to pass this security scan? I know there is a 'ServerTokens' directive for Apache Web Server that I can use to limit the information giving out. But I cann't find anything similar on Tomcat Web Server. Anyone has any idea about this? Thanks, Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat Web Server ServerTokenNotSet Vulnerability
What the server parameter value should be in order to pass the security scan? -Original Message- From: Mark Thomas [mailto:[EMAIL PROTECTED] Sent: Friday, June 10, 2005 2:14 PM To: Tomcat Users List Subject: Re: Tomcat Web Server ServerTokenNotSet Vulnerability Try setting the server parameter on the connector. See http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/http.html Mark Gao, Frank wrote: Hi, I have a Tomcat 5.5.7 standalone webserver running on my machine, recently I got a security scan warning of ApacheServerTokenNotSet. Does anyone know how to configure the Tomcat 5.5.7 to pass this security scan? I know there is a 'ServerTokens' directive for Apache Web Server that I can use to limit the information giving out. But I cann't find anything similar on Tomcat Web Server. Anyone has any idea about this? Thanks, Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat Web Server ServerTokenNotSet Vulnerability
No idea. Try , , Tin foil hats R us or something similar. I am not even sure this is why your scanner is reporting a problem. Mark Gao, Frank wrote: What the server parameter value should be in order to pass the security scan? -Original Message- From: Mark Thomas [mailto:[EMAIL PROTECTED] Sent: Friday, June 10, 2005 2:14 PM To: Tomcat Users List Subject: Re: Tomcat Web Server ServerTokenNotSet Vulnerability Try setting the server parameter on the connector. See http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/http.html Mark Gao, Frank wrote: Hi, I have a Tomcat 5.5.7 standalone webserver running on my machine, recently I got a security scan warning of ApacheServerTokenNotSet. Does anyone know how to configure the Tomcat 5.5.7 to pass this security scan? I know there is a 'ServerTokens' directive for Apache Web Server that I can use to limit the information giving out. But I cann't find anything similar on Tomcat Web Server. Anyone has any idea about this? Thanks, Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
