The 404 error page for the AutoSys REST Web Server displays Tomcat version info
search cancel

The 404 error page for the AutoSys REST Web Server displays Tomcat version info

book

Article ID: 264640

calendar_today

Updated On:

Products

Autosys Workload Automation

Issue/Introduction

The 404 error page for the AutoSys REST Web Server displays Tomcat version info, which is considered a vulnerability. 

Environment

Release : 12.0/12.0SP1/12.1

Resolution

On the machine hosting the AutoSys Web Server, edit the following file...
 
$AUTOUSER/webserver/conf/server.xml (UNIX)

or

%AUTOUSER%/webserver/conf/server.xml (Windows)

Find the following line in the file...

<Valve className="org.apache.catalina.valves.AccessLogValve" directory="/opt/CA/WorkloadAutomationAE/autouser.A12/out" pattern="%h %l %u %t &quot;%r&quot; %s %b" prefix="waae_webservices_access_log" suffix=".log"/>

Add the following line immediately below it...

<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false" />

Save the file and restart the AutoSys Web Server service.

The default 404 page will no longer display the Tomcat version

Powered by Wolken Software