True that Mark, but unfortunately Management typically has a different thought process on that. ☹
Dream * Excel * Explore * Inspire Jon McAlexander Senior Infrastructure Engineer Asst. Vice President He/His Middleware Product Engineering Enterprise CIO | EAS | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com> This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. From: Mark Thomas <ma...@apache.org> Sent: Wednesday, April 10, 2024 3:13 PM To: users@tomcat.apache.org Subject: Re: Retrieve server.built, server.number On 10/04/2024 21: 15, Christopher Schultz wrote: > All, > > On 4/10/24 4: 00 AM, Mark Thomas wrote: >> On 09/04/2024 17: 17, prat 007 wrote: >>> Hi All, >>> >>> I would like to know is there a way to find On 10/04/2024 21:15, Christopher Schultz wrote: > All, > > On 4/10/24 4:00 AM, Mark Thomas wrote: >> On 09/04/2024 17:17, prat 007 wrote: >>> Hi All, >>> >>> I would like to know is there a way to find tomcat's server.built and >>> server.number remotely using tool loke curl or from browser? >> >> In a default installation, no. >> >> You'd have to write a servlet that reported that information and then >> request that page. > > ... and it might represent an information leakage vulnerability in your > application. Be Careful. Shall we start the flame war now on whether exposing the current version you are running represents a valid vulnerability or if hiding it is just security by obscurity? Or do you want to save it for Bratislava? :) More seriously, your time is likely to be better spent (in my view) keeping your Tomcat installations up to date with the latest releases than it is ensuring that you hide the version number. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org<mailto:users-unsubscr...@tomcat.apache.org> For additional commands, e-mail: users-h...@tomcat.apache.org<mailto:users-h...@tomcat.apache.org>