Nitin,
On 1/21/21 09:17, Nitin Kadam wrote:
The internal security team reported below as Security findings. We do not
have anyone from a Tomcat background and for same we need to know the best
steps to resolve this issue.
"Delete the default index page and remove the example JSP and servlets.
Follow the Tomcat or OWASP instructions to replace or modify the default
error page."
this is fiding from the Nessus tool, It would be great if someone helps
with steps to resolve.
You might want to read-up on Nessus's description of this finding, as
well as these resources:
http://tomcat.apache.org/tomcat-8.5-doc/security-howto.html
http://tomcat.apache.org/presentations.html#latest-locking-down-tomcat
OWASP has some good resources, and though their Tomcat-specific content
is a little dated, it is all still relevant.
APache tomcat version: 8.5.38
tldr; upgrade
This version of Tomcat is nearly 2 years old. There are published
vulnerabilities classified as "Important" by the Tomcat security team
which have been fixed since this version. I would strongly encourage you
to read the security reports[1] for Tomcat 8.x to determine if any of
them affect you.
Operating system: Windows Server 2012 R2
While this version of Microsoft Windows is still supported (only if you
are paying for "extended support"!), you might want to look at a path
for migration to a move modern version.
-chris
[1] http://tomcat.apache.org/security-8.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
