Helpdesk connector - Nessus vulnerability - Tomcat web server default files for port 8080 and 8443
search cancel

Helpdesk connector - Nessus vulnerability - Tomcat web server default files for port 8080 and 8443

book

Article ID: 199365

calendar_today

Updated On: 10-19-2023

Products

CA Service Operations Insight (SOI)

Issue/Introduction

Nessus scanner found the following web pages will return with the standard Apache Tomcat/7.0.90 web pages.  


http://<SOI Manager IP>:8080/
https://<SOI Manager IP>:8443/

How to prevent this web pages from opening?

Environment

Release : 4.2

Component : Service Operations Insight (SOI) Manager

Resolution

1. Open \CA\SOI\nimServer\conf\web.xml file

Comment out or remove the below lines


Comment or remove the below lines

<welcome-file-list>
        <welcome-file>index.html</welcome-file>
        <welcome-file>index.htm</welcome-file>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>

2. Restart nimserver

3. Try and see if the default tomcat web pages are accessible from the following URL's

http://<SOI Manager IP>:8080/
https://<SOI Manager IP>:8443/

 

To further handle error, please do the following

CA\SOI\nimServer\conf\web.xml

Please follow below steps if we want to configure a custom error page.

1. Add below section in web.xml

<error-page>
      <error-code>404</error-code>
      <location>/404.html</location>
</error-page>

2. We need to create corresponding error html/jsp and need to place at below location

\CA\SOI\nimServer\webapps\ROOT\

3. Restart nimserver