You need to unpack catalina.jar in tomcat lib directory,
then go to org\apache\catalina\util\,
open ServerInfo.properties and edit it
server.info=Apache Tomcat
server.number=
server.built=
You need to set to empty these variables, as shown above.
Save the file.
Pack as jar again
Put in the tomcat\lib directory again.
Hope this could help you, I'm using Tomcat 8.0.27
"Berneburg, Cris J. - US" <cberneb...@caci.com> escribió:
We are getting dinged by a vulnerability scan for the default
not-found error page being returned by Tomcat for a Status 404.
On my dev server when requesting an invalid URL, Tomcat returns a
Status 404 page that displays the Tomcat version. Right, I need to
do something about that.
However, I can't find where the error-page for 404 is defined. It's
not defined in:
- webapps/ROOT/WEB-INF/web.xml
- conf/web.xml
- conf/server.xml
- conf/context.xml
Also, I can't find a notFound or error page either.
How do I get rid of or override the default error / 404 / not-found
page if I can't find it or where it is currently defined? Also, how
is Tomcat returning the default 404 error page if it does not exist?
I hope it's not hardcoded in a servlet response.
FYI, we're going to remove the ROOT, docs, and examples folders to
mitigate other scan findings.
And we're using Tomcat 6.0.37 (ahem).
--
Cris Berneburg
CACI Lead Software Engineer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
