Re: Tomcat Error Value/server info

2019-01-08 Thread Zamani, Karim
are exposed in a 500 response for example? IMHO, Tomcat's default settings should be more "restrictive" unless it causes problems. Karim On 1/8/19, 7:09 PM, "Mark Thomas" wrote: On 08/01/2019 23:30, Zamani, Karim wrote: > Hi, > >

Tomcat Error Value/server info

2019-01-08 Thread Zamani, Karim
Hi, Tomcat’s default error handler has showServerInfo set to true by default. This is not a good security practice because it exposes Tomcat’s version (version disclosure). Is there a reason why this property is not set to false by default? Thanks, Karim