The 404 error page for the AutoSys REST Web Server displays Tomcat version info, which is considered a vulnerability.
Release : 12.0/12.0SP1/12.1
On the machine hosting the AutoSys Web Server, edit the following file...
$AUTOUSER/webserver/conf/server.xml (UNIX)
or
%AUTOUSER%/webserver/conf/server.xml (Windows)
Find the following line in the file...
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="/opt/CA/WorkloadAutomationAE/autouser.A12/out" pattern="%h %l %u %t "%r" %s %b" prefix="waae_webservices_access_log" suffix=".log"/>
Add the following line immediately below it...
<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false" />
Save the file and restart the AutoSys Web Server service.
The default 404 page will no longer display the Tomcat version