Re: [EXTERNAL] Re: tomcat Finding!

Wed, 19 Dec 2018 00:06:47 -0800 

Danyaal,


> Am 18.12.2018 um 21:15 schrieb <danyaal.ha...@bcbssc.com> 
> <danyaal.ha...@bcbssc.com>:
> 
> Added following to the Server.xml, still showing in the latest scan.
> 
> <Valve className="org.apache.catalina.valves.ErrorReportValve"
> showReport=false" showServerInfo="false" />
> 
> Thank you,
> Danyaal 
> 
> -----Original Message-----
> From: John Palmer [mailto:johnpalm...@gmail.com] 
> Sent: Friday, December 14, 2018 6:26 PM
> To: Tomcat Users List
> Subject: [EXTERNAL] Re: tomcat Finding!
> 
> WARNING:This is an external email that originated outside of our email 
> system. DO NOT CLICK links or open attachments unless you recognize the 
> sender and know that the content is safe!
> 
> I found this to be easier to accomplish (and maintain):
> 
> add to the Host section of server.xml:
> <Valve className="org.apache.catalina.valves.ErrorReportValve"
> showReport=false" showServerInfo="false" />
> 
> (this will disable the tomcat version number and the stacktrace  - the
> defaults for these are "true")
> 
> 
>> On Fri, Dec 14, 2018 at 10:18 AM <danyaal.ha...@bcbssc.com> wrote:
>> 
>> Good Morning,
>> I'm encountering following scan finding errors and couldn't find way to
>> mitigate this.
>> 
>> Tomcat 8.5.32
>> 12085
>> Apache Tomcat Default Files
>> The following default files were found
>> :/nessus-check/default-404-error-page.html
>> Delete the default index page and remove the example JSP and servlets.

did you also remove the default files under webapps (examples, Root,...)?
This finding is not only for errorpages with version number!

Peter 

>> Follow the Tomcat or OWASP instructions to replace or modify the default
>> error page.
>> 
>> Thank you,
>> Danyaal
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
>> 
> B‹KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB•È[œÝXœØÜšX™KK[XZ[ˆ\Ù\œË][œÝXœØÜšX™PÛXØ]
> ˜\XÚK›Ü™ÃB‘›ÜˆY][Û˜[ÛÛ[X[™ËK[XZ[ˆ\Ù\œËZ[ÛXØ]˜\XÚK›Ü™ÃBƒ


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to