How to Hide Apache Tomcat Version Number from Error Pages

book

Article ID: 129168

calendar_today

Updated On:

Products

CLARITY PPM FOR ITG CLARITY PPM FEDERAL Clarity PPM SaaS Clarity PPM On Premise

Issue/Introduction

Due to security issues we need to hide the Apache Tomcat version when the HTTP 404 error page appears.

I’m running Apache Tomacat server. How do I hide the Tomcat version number from the error pages?

Environment

Release: CODCVU9900-15.5.1-PPM SAAS-View Only Userpack for-Canadian Government Entities
Component:

Resolution

Apache Tomcat server is for Java Servlet and JSP. When you call a page that doesn’t exist in the tomcat server, or when an existing page returns an error, the tomcat server will display the version number as shown below. This might be a security risk, especially if you are running an old Tomcat server that has some known exploits.

<Please see attached file for image>

User-added image

For some reason, if you cannot upgrade the Tomcat server to the latest version, and you just want to hide the version number from the error pages, perform the steps mentioned below.

1. Navigate to $CATALINA_HOME/lib, and create the org/apache/catalina/util directory under here. In the following example, /home/tomcat is the $CATALINA_HOME

<Please see attached file for image>

User-added image
2. Navigate to this newly created directory, and create a ServerInfo.properties file, and add the server.info parameter as shown below. Set the value of this parameter to anything you like.

<Please see attached file for image>

User-added image
3. After this restart the tomcat server.

<Please see attached file for image>

User-added image
4. Now, if you go to the error page, you will notice the tomcat version number. Instead, you will see the text you’ve set for the server.info parameter.

<Please see attached file for image>

User-added image
5. After performing the above steps, if you want to see the Tomcat version number, you can still do it from the command line, using the version.sh script as shown below.

<Please see attached file for image>

User-added image

For Tomcat on Windows you need to know the installation folder and use the same steps making sure you use back slashes.

Attachments

1558688960981000129168_sktwi1f5rjvs16frr.png get_app
1558688959163000129168_sktwi1f5rjvs16frq.png get_app
1558688957363000129168_sktwi1f5rjvs16frp.png get_app
1558688955486000129168_sktwi1f5rjvs16fro.png get_app
1558688953647000129168_sktwi1f5rjvs16frn.png get_app
1558688950621000129168_sktwi1f5rjvs16frm.png get_app
1558618027091000129168_sktwi9tkjvsehwql.png get_app
1558618025510000129168_sktwi9tkjvsehwqk.png get_app
1558618023759000129168_sktwi9tkjvsehwqj.png get_app
1558618021956000129168_sktwi9tkjvsehwqi.png get_app
1558618020148000129168_sktwi9tkjvsehwqh.png get_app
1558618018269000129168_sktwi9tkjvsehwqg.png get_app