Markus, Thanks for your reply. I tried doing just as you suggested, and I could never get it to work.
Thanks, Jerome A. Wendell -----Original Message----- From: [email protected] <[email protected]> Sent: Wednesday, October 22, 2025 11:04 AM To: [email protected] Subject: Re: Tomcat Version Number on Error Pages Maybe in addition: define in web.xml custom error pages: <!-- Custom error page for errors --> <error-page> <error-code>400</error-code> <location>/error400.html</location> </error-page> <error-page> <error-code>401</error-code> <location>/error401.html</location> </error-page> <error-page> <error-code>403</error-code> <location>/error403.html</location> </error-page> <error-page> <error-code>404</error-code> <location>/error404.html</location> </error-page> <error-page> <error-code>405</error-code> <location>/error405.html</location> </error-page> <error-page> <error-code>500</error-code> <location>/error500.html</location> </error-page> Make sure to create the appropriate files. Best regards Markus Am 22.10.25 um 16:54 schrieb Jerome A. Wendell: > Noelette, > > Thank you very much for your quick reply and the information. I really > appreciate it. I will give this a try. > > Thanks, > > Jerome A. Wendell > > > -----Original Message----- > From: Noelette Stout<[email protected]> > Sent: Wednesday, October 22, 2025 10:48 AM > To: Tomcat Users List<[email protected]> > Subject: Re: Tomcat Version Number on Error Pages > > You can add this valve to your server.xml to keep it from showing the version > info. > > <Valve className="org.apache.catalina.valves.ErrorReportValve" > showReport="false" showServerInfo="false" /> > > Noelette > > On Wed, Oct 22, 2025 at 8:44 AM Jerome A. > Wendell<[email protected]> > wrote: > >> We use Tomcat on a website that requires subscriptions, so payments >> are made on the website. With the new PCI Compliance regulations and >> scans, it appears that the version of Tomcat used being displayed on >> the error pages is a vulnerability. I have tried creating custom >> error pages based on information found from searching the web on this >> issue, but the solutions that I have tried do not work. Is there a >> way to prevent the Tomcat version number from being displayed on the >> error pages? >> >> >> >> Thanks, >> >> >> >> Jerome A. Wendell >> >> >> >> > -- > Noelette Stout > Enterprise Access Manager > Senior Application Administrator > Idaho State University > E-mail: stounoel "at" isu "dot" edu > Desk: 208-282-2554 > *I am sending this message now because it suits me, but I don’t expect > that you will read, respond to, or act on it outside of comfortable > hours for your time zone.* > > > --------------------------------------------------------------------- > To unsubscribe, e-mail:[email protected] > For additional commands, e-mail:[email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
