Hi, I suggest to follow this guide: https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
On 11/5/19 2:29 PM, thulasiram k wrote: > Hi, > > we have installed tomcat 7.0.94 on windows 2016 and no SSL enabled. But > while qualys scan we found the below vulnerability. can you guide how can > we fix it. > > 1) > QID : 86763 - Web Server Uses Plain Text Basic Authentication > Impact : Using Readable Clear Text can help eavesdropping and thereby > compromise confidentiality. > An attacker can successfully exploit this issue when the 401 error is > returned when authentication is required. Also, an attacker can find out > that the Basic Authentication scheme is used using the WWW-authenticate > header. > > I can see requests are redirecting to 8443 from server.xml > > <Connector port="8080" protocol="HTTP/1.1" > > connectionTimeout="20000" > > redirectPort="8443" /> > let me know if you have any suggestions. > > Thanks > Ram > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
