On Sat, Jan 11, 2014 at 9:01 AM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:
> > From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com]
> > Subject: Re: "exception-message" header reveals path to document root in
> 404 response.
>
> > Wow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Chuck,
On 1/11/14, 9:01 AM, Caldarale, Charles R wrote:
>> From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com]
>> Subject: Re: "exception-message" header reveals path to document
>> root in 404 response.
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
August,
On 1/10/14, 7:48 PM, August Kleimo wrote:
> Hi All, Thanks for all your replies. Turns out it was in fact
> Railo. I searched the Railo repo on GitHub and found a reference
> to that header. I was able to overwrite it with a blank string
> From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com]
> Subject: Re: "exception-message" header reveals path to document root in 404
> response.
> Wow, when I saw this last night, I shook my head and said to myself,
> Server: Apache-Coyote/1.1
> this may
On Fri, Jan 10, 2014 at 7:02 PM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:
> Here's Tomcat's standard 404 response:
>
> HTTP/1.1 404 Not Found
> Server: Apache-Coyote/1.1
> Content-Type: text/html;charset=utf-8
> Content-Length: 1027
> Date: Fri, 10 Jan 2014 23:59:34 GMT
>
Wow, wh
On 11/01/2014 00:02, Caldarale, Charles R wrote:
>> From: August Kleimo [mailto:aug...@kleimo.com]
>> Subject: "exception-message" header reveals path to document root in 404
>> response.
>
>> I'm failing a PCI compliance scan because my Tomcat Version 7.0.20 server
>> is revealing the path to t
Thanks August, good to know.
Warm Regards,
Jordan Michaels
On 01/10/2014 04:48 PM, August Kleimo wrote:
Hi All, Thanks for all your replies. Turns out it was in fact Railo. I
searched the Railo repo on GitHub and found a reference to that header. I
was able to overwrite it with a blank stri
Hi All, Thanks for all your replies. Turns out it was in fact Railo. I
searched the Railo repo on GitHub and found a reference to that header. I
was able to overwrite it with a blank string using this line of code.
On Fri, Jan 10, 2014 at 4:36 PM, Jordan Michaels wrote:
> It may also be
It may also be useful to know if you get this same "exception-message"
header when you get a 404 from the Railo servlet (from a request for a
.cfm file).
It may help determine if Railo is involved or not.
Warm Regards,
Jordan Michaels
On 01/10/2014 04:02 PM, Caldarale, Charles R wrote:
From:
Although I suppose it's possible, I don't think it has to do with Railo.
The Railo servlet doesn't handle requests for .html files... those are
handled by Tomcat's default servlet.
Here are the default (suggested) handlers for a Railo install:
CFMLServlet
*.cfm
*.c
Thanks, Perhaps it's coming from Railo then. I'll investigate down that
path.
On Fri, Jan 10, 2014 at 3:56 PM, Mark Eggers wrote:
> On 1/10/2014 3:28 PM, August Kleimo wrote:
>
>> I'm failing a PCI compliance scan because my Tomcat Version 7.0.20 server
>> is revealing the path to the document
> From: August Kleimo [mailto:aug...@kleimo.com]
> Subject: "exception-message" header reveals path to document root in 404
> response.
> I'm failing a PCI compliance scan because my Tomcat Version 7.0.20 server
> is revealing the path to the document web root in an "exception-message"
> header
On 1/10/2014 3:28 PM, August Kleimo wrote:
I'm failing a PCI compliance scan because my Tomcat Version 7.0.20 server
is revealing the path to the document web root in an "exception-message"
header when a missing page is requested.
Does anyone know of way to get rid of this header from the respon
13 matches
Mail list logo
