Re: [EXTERNAL] Re: tomcat Finding!

2018-12-19 Thread Peter@Kreuser-Online 
Danyaal,


> Am 18.12.2018 um 21:15 schrieb  
> :
> 
> Added following to the Server.xml, still showing in the latest scan.
> 
>  showReport=false" showServerInfo="false" />
> 
> Thank you,
> Danyaal 
> 
> -Original Message-
> From: John Palmer [mailto:johnpalm...@gmail.com] 
> Sent: Friday, December 14, 2018 6:26 PM
> To: Tomcat Users List
> Subject: [EXTERNAL] Re: tomcat Finding!
> 
> WARNING:This is an external email that originated outside of our email 
> system. DO NOT CLICK links or open attachments unless you recognize the 
> sender and know that the content is safe!
> 
> I found this to be easier to accomplish (and maintain):
> 
> add to the Host section of server.xml:
>  showReport=false" showServerInfo="false" />
> 
> (this will disable the tomcat version number and the stacktrace  - the
> defaults for these are "true")
> 
> 
>> On Fri, Dec 14, 2018 at 10:18 AM  wrote:
>> 
>> Good Morning,
>> I'm encountering following scan finding errors and couldn't find way to
>> mitigate this.
>> 
>> Tomcat 8.5.32
>> 12085
>> Apache Tomcat Default Files
>> The following default files were found
>> :/nessus-check/default-404-error-page.html
>> Delete the default index page and remove the example JSP and servlets.

did you also remove the default files under webapps (examples, Root,...)?
This finding is not only for errorpages with version number!

Peter 

>> Follow the Tomcat or OWASP instructions to replace or modify the default
>> error page.
>> 
>> Thank you,
>> Danyaal
>> 
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
>> 
> B‹CB•È[œÝXœØÜšX™KK[XZ[ˆ\Ù\œË][œÝXœØÜšX™PÛXØ]
> ˜\XÚK›Ü™ÃB‘›ÜˆY][Û˜[ÛÛ[X[™ËK[XZ[ˆ\Ù\œËZ[ÛXØ]˜\XÚK›Ü™ÃBƒ


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [EXTERNAL] Re: tomcat Finding!

2018-12-18 Thread Maxim Solodovnik 
You have to add Valve under Server/Service/Engine/Host/
Works for us as expected

On Wed, 19 Dec 2018 at 03:17,  wrote:

> Added following to the Server.xml, still showing in the latest scan.
>
>  showReport=false" showServerInfo="false" />
>
> Thank you,
> Danyaal
>
> -Original Message-
> From: John Palmer [mailto:johnpalm...@gmail.com]
> Sent: Friday, December 14, 2018 6:26 PM
> To: Tomcat Users List
> Subject: [EXTERNAL] Re: tomcat Finding!
>
>  WARNING:This is an external email that originated outside of our email
> system. DO NOT CLICK links or open attachments unless you recognize the
> sender and know that the content is safe!
>
> I found this to be easier to accomplish (and maintain):
>
> add to the Host section of server.xml:
>  showReport=false" showServerInfo="false" />
>
> (this will disable the tomcat version number and the stacktrace  - the
> defaults for these are "true")
>
>
> On Fri, Dec 14, 2018 at 10:18 AM  wrote:
>
> > Good Morning,
> > I'm encountering following scan finding errors and couldn't find way to
> > mitigate this.
> >
> > Tomcat 8.5.32
> > 12085
> > Apache Tomcat Default Files
> > The following default files were found
> > :/nessus-check/default-404-error-page.html
> > Delete the default index page and remove the example JSP and servlets.
> > Follow the Tomcat or OWASP instructions to replace or modify the default
> > error page.
> >
> > Thank you,
> > Danyaal
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >
>


-- 
WBR
Maxim aka solomax

RE: [EXTERNAL] Re: tomcat Finding!

2018-12-18 Thread DANYAAL.HANIF 
Added following to the Server.xml, still showing in the latest scan.



Thank you,
Danyaal 

-Original Message-
From: John Palmer [mailto:johnpalm...@gmail.com] 
Sent: Friday, December 14, 2018 6:26 PM
To: Tomcat Users List
Subject: [EXTERNAL] Re: tomcat Finding!

 WARNING:This is an external email that originated outside of our email system. 
DO NOT CLICK links or open attachments unless you recognize the sender and know 
that the content is safe!

I found this to be easier to accomplish (and maintain):

add to the Host section of server.xml:


(this will disable the tomcat version number and the stacktrace  - the
defaults for these are "true")


On Fri, Dec 14, 2018 at 10:18 AM  wrote:

> Good Morning,
> I'm encountering following scan finding errors and couldn't find way to
> mitigate this.
>
> Tomcat 8.5.32
> 12085
> Apache Tomcat Default Files
> The following default files were found
> :/nessus-check/default-404-error-page.html
> Delete the default index page and remove the example JSP and servlets.
> Follow the Tomcat or OWASP instructions to replace or modify the default
> error page.
>
> Thank you,
> Danyaal
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>