Mark,
On 4/10/24 16:12, Mark Thomas wrote:
On 10/04/2024 21:15, Christopher Schultz wrote:
All,
On 4/10/24 4:00 AM, Mark Thomas wrote:
On 09/04/2024 17:17, prat 007 wrote:
Hi All,
I would like to know is there a way to find tomcat's server.built and
server.number remotely using tool loke curl or from browser?
In a default installation, no.
You'd have to write a servlet that reported that information and then
request that page.
... and it might represent an information leakage vulnerability in
your application. Be Careful.
Shall we start the flame war now on whether exposing the current version
you are running represents a valid vulnerability or if hiding it is
just security by obscurity? Or do you want to save it for Bratislava?
:)
Hey, I've been running Apache-Coyote/1.1 since 1998 and I'm still standing.
More seriously, your time is likely to be better spent (in my view)
keeping your Tomcat installations up to date with the latest releases
than it is ensuring that you hide the version number.
+1
Upgrading Tomcat should be something that any application management
team is comfortable doing. Upgrading with every monthly Tomcat release
should not be a burden if you choose to do it.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org