On Wed, Jun 3, 2020 at 11:14 AM FANG YAP <fangg...@gmail.com> wrote: > Hello Martin, > > It is to say that I have to declare something like this in web.xml file? > > <error-page> > <exception-type>java.lang.Exception</exception-type> > <location>/error.jsp</location> >
Better use the error-code ones from the StackOverflow link I gave you. Your approach will cover only error code 500 (for Exceptions, but not for java.lang.Error) and won't cover NotFound (404) and the others. I guess Nessus won't be totally happy with your approach. > > Regards with Thanks, > > Fang > > On Wed, 3 Jun 2020, 15:56 Martin Grigorov, <mgrigo...@apache.org> wrote: > > > Hi, > > > > On Wed, Jun 3, 2020 at 5:53 AM FANG YAP <fangg...@gmail.com> wrote: > > > > > Resend > > > > > > On Wed, 3 Jun 2020, 10:10 FANG YAP, <fangg...@gmail.com> wrote: > > > > > > > Hi Tomcat, > > > > > > > > Nessus scanned and found issue in Apache Tomcat Port 8080 > > > > > > > > Port: 8080 > > > > Plugin Text: > > > > The server is not configured to return a custom page in the event of > a > > > > client requesting a non-existent resource. This may result in a > > potential > > > > disclosure of sensitive information about the server to attacker. > > > > > > > > Apache Tomcat Version: 8.5.43 > > > > JDK 8: 1.8.0_212 (Will be upgrading to latest soon to latest > 1.8.0_251) > > > > > > > To configure custom error pages and thus to suppress this issue you can: > > 1) use ErrorReportValve > > < > > > https://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Error_Report_Valve > > > > > > > 2) configure error-page elements in your application web.xml - > > https://stackoverflow.com/a/7066536/497381 > > > > > > > > > > > > Your assistance would be greatly appreciated > > > > > > > > Rgs, > > > > Fang > > > > > > > > > >
