ConnectALL : Tomcat default page display version
search cancel

ConnectALL : Tomcat default page display version

book

Article ID: 405560

calendar_today

Updated On:

Products

ConnectAll On-Prem ConnectALL

Issue/Introduction

We have a security issue that requires modifying the default page content to not display sensitive information, such as tomcat version.

  • Description The default error page, default index page, example JSPs and/or example servlets are installed on the remote Apache Tomcat server. These files should be removed as they may help an attacker uncover information about the remote Tomcat install or host itself.
Please advise on how to modify Tomcat configuration to to hide the Tomcat version.

Environment

3.x

Resolution

  1. Open the server.xml file located in the ../UI/tomcat/conf/
  2. Enter the following value in the <Host> tag: 
    <Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false"/>
  3. Restart the ConnectALL UI service.
Powered by Wolken Software