On 7/8/24 11:56, Pramod Kumar Adhi wrote:
HI Team, We have one vulnerability related to the TEN-12085. Could you
please advise on the below on how can we remediate this vulnerability.
Vulnerability Description The server is not configured to return a
custom page in the event of a client
ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
ZjQcmQRYFpfptBannerEnd
HI Team,
We have one vulnerability related to the TEN-12085.Could you please
advise on the below on how can we remediate this vulnerability.
Vulnerability Description
The server is not configured to return a custom page in the event of a
client requesting a non-existent resource.
This may result in a potential disclosure of sensitive information
about the server to attackers.
Vulnerability Summary
The default error page, default index page, example JSPs and/or
example servlets are installed on the remote Apache Tomcat server.
These files should be removed as they may help an attacker uncover
information about the remote Tomcat install or host itself.
Vulnerability Threat
The remote web server contains default files.
Vulnerability Remediation notes
Delete the default index page and remove the example JSP and servlets.
Follow the Tomcat or OWASP instructions to replace or modify the
default error page.
Thanks & Regards,
Pramod Kumar Adhi |SAP Basis
(o) +91 40 66294849 (m) +91- 9701117733
www.servicenow.com
<https://urldefense.com/v3/__http://www.servicenow.com/__;!!CbU71lC5478d!N50gx_tl3OItQZ-WwkFWLpEENXU3NmYUaCVYHRci2vb9jhXCwLD4X9HXXa2ZkwWZdhG1gQMYhmVHV1vncDhrL5-Z69RH3byJqgM$>
--
Vulnerability is basically setting custom error messages and cleaning up
the examples. Did ou take a look at
https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html? It also
mentions custom error handling
Regards,
Niranjan
