> On Jul 8, 2024, at 14:54, Pramod Kumar Adhi <pramodkumar.a...@servicenow.com> > wrote: > > We are using tomcat version 9.87 can you guide on the same.
Seriously? You can’t find the 9.0.x documentation on the Tomcat web site yourself? Ok… https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html - Chuck > From: Chuck Caldarale <n82...@gmail.com <mailto:n82...@gmail.com>> > Sent: Tuesday, July 9, 2024 12:31 AM > To: Tomcat Users List <users@tomcat.apache.org > <mailto:users@tomcat.apache.org>> > Subject: Re: Apache Tomcat Default Files - TEN-12085 > > [External Email] > > > > On Jul 8, 2024, at 13:56, Pramod Kumar Adhi > > <pramodkumar.a...@servicenow.com.INVALID > > <mailto:pramodkumar.a...@servicenow.com.INVALID>> wrote: > > > > We have one vulnerability related to the TEN-12085.Could you please advise > > on the below on how can we remediate this vulnerability. > > > > Vulnerability Description > > > > The server is not configured to return a custom page in the event of a > > client requesting a non-existent resource. > > This may result in a potential disclosure of sensitive information about > > the server to attackers. > > > > Vulnerability Summary > > > > The default error page, default index page, example JSPs and/or example > > servlets are installed on the remote Apache Tomcat server. These files > > should be removed as they may help an attacker uncover information about > > the remote Tomcat install or host itself. > > > > Vulnerability Threat > > The remote web server contains default files. > > Vulnerability Remediation notes > > Delete the default index page and remove the example JSP and servlets. > > Follow the Tomcat or OWASP instructions to replace or modify the default > > error page. > > > The above is fairly explicit about what to do to resolve this so-called > “vulnerability”. Just follow the instructions that the test gave you. > > For an even more explicit description, read this (which you should have > already done): > > https://tomcat.apache.org/tomcat-10.1-doc/security-howto.html > > - Chuck >
