> On Jul 8, 2024, at 13:56, Pramod Kumar Adhi > <pramodkumar.a...@servicenow.com.INVALID> wrote: > > We have one vulnerability related to the TEN-12085.Could you please advise on > the below on how can we remediate this vulnerability. > > Vulnerability Description > > The server is not configured to return a custom page in the event of a client > requesting a non-existent resource. > This may result in a potential disclosure of sensitive information about the > server to attackers. > > Vulnerability Summary > > The default error page, default index page, example JSPs and/or example > servlets are installed on the remote Apache Tomcat server. These files should > be removed as they may help an attacker uncover information about the remote > Tomcat install or host itself. > > Vulnerability Threat > The remote web server contains default files. > Vulnerability Remediation notes > Delete the default index page and remove the example JSP and servlets. Follow > the Tomcat or OWASP instructions to replace or modify the default error page.
The above is fairly explicit about what to do to resolve this so-called “vulnerability”. Just follow the instructions that the test gave you. For an even more explicit description, read this (which you should have already done): https://tomcat.apache.org/tomcat-10.1-doc/security-howto.html - Chuck
