Default Error Pages Present - Endevor Webservices
search cancel

Default Error Pages Present - Endevor Webservices


Article ID: 134199


Updated On:


Endevor Endevor Natural Integration Endevor - ECLIPSE Plugin Endevor - Enterprise Workbench


Penetration testing has identified an issues. This one is for "Default Error Pages Present - Endevor Webservices". Error pages were returned by the server that are default for the Apache Tomcat technology in use. This could provide an attacker with information about the specific technology versions in use on the target system aiding further attacks to be devised. Such error pages enabled the version of web server to be enumerated through their content.


Release : 18.0

Component : CA Endevor Software Change Manager


Default Tomcat behavior. 


In server.xml, add this line:

<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false" />

This will globally suppress the Tomcat version and error report, and just show the error code, in webapps not using custom error pages.

Upgrade to latest maintenance: SO09627