Hi Danyaal
dh> I'm encountering following scan finding errors
dh> and couldn't find way to mitigate this.
dh> Tomcat 8.5.32
dh> 12085
dh> Apache Tomcat Default Files
dh> The following default files were found
dh> :/nessus-check/default-404-error-page.html
dh> Delete the default index page and remove the
dh> example JSP and servlets. Follow the Tomcat
dh> or OWASP instructions to replace or modify
dh> the default error page.
We recently encountered this problem in our server scans and were able to
mitigate the issue.
If you have not already read it, here's a Tenable forum thread about the topic.
While it does not provide a complete solution, it starts to explain the issue.
We started by removing the apps that came bundled in Tomcat webapps. We
deleted the docs, examples, and ROOT folders.
Also, we removed the <error-page> 404 block from our application web.xml and
added one to the Tomcat conf/web.xml. Something like:
<error-page>
<error-code>404</error-code>
<location>/NotFound.jsp</location>
</error-page>
--
Cris Berneburg
CACI Lead Software Engineer
but Tomcat newbie
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
