We use Tomcat on a website that requires subscriptions, so payments are made on the website. With the new PCI Compliance regulations and scans, it appears that the version of Tomcat used being displayed on the error pages is a vulnerability. I have tried creating custom error pages based on information found from searching the web on this issue, but the solutions that I have tried do not work. Is there a way to prevent the Tomcat version number from being displayed on the error pages?
Thanks, Jerome A. Wendell
