Vulnerability: Tomcat 404 Page Shows Version

book

Article ID: 38048

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

Introduction:

There is a Tomcat vulnerability where the 404 page displays the current Tomcat version. This information can be subject to a banner grab attack. Follow the steps below to prevent the Tomcat version from being displayed.

 

 

Instructions:

Part 1- Edit the Tomcat server.xml 

1- Stop Tomcat

2- Browse to the Tomcat conf directory. 

3- Make a copy of server.xml and send it to the desktop as a back up 

4- Open server.xml in the conf directory for editing. 

5- Scroll the the section regarding connectors (either 8080 or 8443, depending on your configuration) and add the line below. The value in the quotes can be anything as long as it is not blank. 

    server="Server" 

6- Save and close the file. 

 

Part 2- Edit Serverinfo.properties 

1- Browse to the Tomcat lib directory. 

2- Copy catalina.jar to the desktop to back it up.

3- Open the archive with 7zip or a similar program.

4- Drag org\apache\catalina\util\ServerInfo.properties to the Desktop 

5- Open the file for editing.

6- Comment out the lines referencing server.info and server.number, then add the lines below. The server.info value can be anything, as long as it isn't empty.

    server.info=Server 

    server.number=0.0.0.0

7- Save and close the file, then drag the file back into the archive so it overwrites the current file.

8- Start Tomcat

 

Additional Information:

This doc addresses NESSUS vulnerabilities 88099 and 88490. For more information regarding the NESSUS vulnerabilities, please see the links below.

Environment

Release: ACP1M005900-12.9-Privileged Identity Manager
Component: