Hi Chris, Did that as well, but the scanner still flagged but it is to say is a false positive result in their scan?
Regards with Thanks, Fang On Wed, 5 Aug 2020, 04:21 Christopher Schultz, <ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Fang, > > On 8/3/20 23:10, FANG YAP wrote: > > I have an issue on the subject mentioned as the vulnerability scan > > flagged out. > > > > Plugin: 12085 Plugin Text: Apache Tomcat Default Files Protocol: > > TCP Port: 8080 > > > > Apache Tomcat 8.5.55 (x64-bit machines) > > > > In my app folder (located in the webapp folder) I already had the > > necessary error pages. Also indicated the error jsp file in the > > app's web.xml. How to know what should be shown when they(user) > > enter the wrong site for tomcat? > > > > Should it be showing this page below or it should show my custom > > error page set in app's web.xml? HTTP 404 No Found The webpage > > cannot be found.. Most likely causes:... - There might be a typing > > error in the address - If you clicked on a link, it may be out of > > date > > > > What you can try: ..... > > This doesn't look like a vuln to me. Your scanner is being overzealous. > > But if you want to replace the 404 Not Found page when you request > /noapp and your application is deployed to /myapp then you can't fix > the problem in "myapp". You have to make other arrangements. > > The easiest thing to do is deploy a ROOT application with all errors > (including 404) pointing to a custom error page. You can do this in > your ROOT application's WEB-INF/web.xml file. > > - -chris > -----BEGIN PGP SIGNATURE----- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl8pwxQACgkQHPApP6U8 > pFieCA//T/Vr3DXF0AFJGPwo++x81iwy80VOSfRL6v0NNOxlKkBa7dPaUJuKYr+F > GzXaYf/FBH50dAVIfjkTtJQGvfCeEz9aqsYMCPpyzeFjtzU0FqUOrAmHJEzuBAYQ > 85Vy5MOsncDb/QhW9wMi0Vt5ffc3p4ZavF8fU1D4zJk5ecDXZtz45H4MlOp06KH0 > sUJX2wLPtWUuBLt9AvgxgXwqAmq1XJBulLAUcR8gUVkhmxB8KS/peR/eKcf11Nlk > FalhVIgHK2BkXouvaXMawbix6qt7+sd+AfmcW4dXcoiDLkuMz0MAx/FBxXP4nELF > +P5egFRE+wdTXLRr436ydhjGxhSw9nS9LiSpgSWLWBMw29/oSo+jhVQtuuVH133m > 9IWWYgneWGvXEo02MmmMbt1pZ0KVPeWVhjTDpo48xfutbRCAZCK1xwtUzz96wy2E > PRpEscyjQQzEJ11Rglu3gi/bq/YIKZLZd4n5qH2c0Z11mff2KXD5sDbZsEKRGCDR > i8EEPMss5RaRF7JyqjDU+r1FvbLDMSxOb3YeX/MvuKTPvqHuSkvNLMeKIKHxOZfC > hwLWYY9Cu9ARUj3LYpaDj8DGFf4Jotn4LREOhhlaC4XZZQ2yPIOaimvQKtOjmdqF > E9Dgqed9lutJ9n3vQysppaijUo9oEQ14pxeU+TKK6/JBcjD/sN4= > =YcwV > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
