He's a contractor, what do you expect? At best someone logs in via SSH and solves the problem for him.
On 2024/07/08 19:58:42 Chuck Caldarale wrote: > > > On Jul 8, 2024, at 14:54, Pramod Kumar Adhi > > <pramodkumar.a...@servicenow.com> wrote: > > > > We are using tomcat version 9.87 can you guide on the same. > > > Seriously? You can’t find the 9.0.x documentation on the Tomcat web site > yourself? Ok… > > https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html > > - Chuck > > > > > From: Chuck Caldarale <n82...@gmail.com <mailto:n82...@gmail.com>> > > Sent: Tuesday, July 9, 2024 12:31 AM > > To: Tomcat Users List <users@tomcat.apache.org > > <mailto:users@tomcat.apache.org>> > > Subject: Re: Apache Tomcat Default Files - TEN-12085 > > > > [External Email] > > > > > > > On Jul 8, 2024, at 13:56, Pramod Kumar Adhi > > > <pramodkumar.a...@servicenow.com.INVALID > > > <mailto:pramodkumar.a...@servicenow.com.INVALID>> wrote: > > > > > > We have one vulnerability related to the TEN-12085.Could you please > > > advise on the below on how can we remediate this vulnerability. > > > > > > Vulnerability Description > > > > > > The server is not configured to return a custom page in the event of a > > > client requesting a non-existent resource. > > > This may result in a potential disclosure of sensitive information about > > > the server to attackers. > > > > > > Vulnerability Summary > > > > > > The default error page, default index page, example JSPs and/or example > > > servlets are installed on the remote Apache Tomcat server. These files > > > should be removed as they may help an attacker uncover information about > > > the remote Tomcat install or host itself. > > > > > > Vulnerability Threat > > > The remote web server contains default files. > > > Vulnerability Remediation notes > > > Delete the default index page and remove the example JSP and servlets. > > > Follow the Tomcat or OWASP instructions to replace or modify the default > > > error page. > > > > > > The above is fairly explicit about what to do to resolve this so-called > > “vulnerability”. Just follow the instructions that the test gave you. > > > > For an even more explicit description, read this (which you should have > > already done): > > > > https://tomcat.apache.org/tomcat-10.1-doc/security-howto.html > > > > - Chuck > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
