You need to unpack catalina.jar in tomcat lib directory,
then go to org\apache\catalina\util\,
open ServerInfo.properties and edit it

server.info=Apache Tomcat
server.number=
server.built=

You need to set to empty these variables, as shown above.

Save the file.
Pack as jar again
Put in the tomcat\lib directory again.

Hope this could help you, I'm using Tomcat 8.0.27



"Berneburg, Cris J. - US" <cberneb...@caci.com> escribió:

We are getting dinged by a vulnerability scan for the default not-found error page being returned by Tomcat for a Status 404.

On my dev server when requesting an invalid URL, Tomcat returns a Status 404 page that displays the Tomcat version. Right, I need to do something about that.

However, I can't find where the error-page for 404 is defined. It's not defined in:
- webapps/ROOT/WEB-INF/web.xml
- conf/web.xml
- conf/server.xml
- conf/context.xml

Also, I can't find a notFound or error page either.

How do I get rid of or override the default error / 404 / not-found page if I can't find it or where it is currently defined? Also, how is Tomcat returning the default 404 error page if it does not exist? I hope it's not hardcoded in a servlet response.

FYI, we're going to remove the ROOT, docs, and examples folders to mitigate other scan findings.

And we're using Tomcat 6.0.37 (ahem).

--
Cris Berneburg
CACI Lead Software Engineer




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to