-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Fang,
On 8/3/20 23:10, FANG YAP wrote: > I have an issue on the subject mentioned as the vulnerability scan > flagged out. > > Plugin: 12085 Plugin Text: Apache Tomcat Default Files Protocol: > TCP Port: 8080 > > Apache Tomcat 8.5.55 (x64-bit machines) > > In my app folder (located in the webapp folder) I already had the > necessary error pages. Also indicated the error jsp file in the > app's web.xml. How to know what should be shown when they(user) > enter the wrong site for tomcat? > > Should it be showing this page below or it should show my custom > error page set in app's web.xml? HTTP 404 No Found The webpage > cannot be found.. Most likely causes:... - There might be a typing > error in the address - If you clicked on a link, it may be out of > date > > What you can try: ..... This doesn't look like a vuln to me. Your scanner is being overzealous. But if you want to replace the 404 Not Found page when you request /noapp and your application is deployed to /myapp then you can't fix the problem in "myapp". You have to make other arrangements. The easiest thing to do is deploy a ROOT application with all errors (including 404) pointing to a custom error page. You can do this in your ROOT application's WEB-INF/web.xml file. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl8pwxQACgkQHPApP6U8 pFieCA//T/Vr3DXF0AFJGPwo++x81iwy80VOSfRL6v0NNOxlKkBa7dPaUJuKYr+F GzXaYf/FBH50dAVIfjkTtJQGvfCeEz9aqsYMCPpyzeFjtzU0FqUOrAmHJEzuBAYQ 85Vy5MOsncDb/QhW9wMi0Vt5ffc3p4ZavF8fU1D4zJk5ecDXZtz45H4MlOp06KH0 sUJX2wLPtWUuBLt9AvgxgXwqAmq1XJBulLAUcR8gUVkhmxB8KS/peR/eKcf11Nlk FalhVIgHK2BkXouvaXMawbix6qt7+sd+AfmcW4dXcoiDLkuMz0MAx/FBxXP4nELF +P5egFRE+wdTXLRr436ydhjGxhSw9nS9LiSpgSWLWBMw29/oSo+jhVQtuuVH133m 9IWWYgneWGvXEo02MmmMbt1pZ0KVPeWVhjTDpo48xfutbRCAZCK1xwtUzz96wy2E PRpEscyjQQzEJ11Rglu3gi/bq/YIKZLZd4n5qH2c0Z11mff2KXD5sDbZsEKRGCDR i8EEPMss5RaRF7JyqjDU+r1FvbLDMSxOb3YeX/MvuKTPvqHuSkvNLMeKIKHxOZfC hwLWYY9Cu9ARUj3LYpaDj8DGFf4Jotn4LREOhhlaC4XZZQ2yPIOaimvQKtOjmdqF E9Dgqed9lutJ9n3vQysppaijUo9oEQ14pxeU+TKK6/JBcjD/sN4= =YcwV -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org