RE: tomcat Finding!
Hi Danyaal dh> I'm encountering following scan finding errors dh> and couldn't find way to mitigate this. dh> Tomcat 8.5.32 dh> 12085 dh> Apache Tomcat Default Files dh> The following default files were found dh> :/nessus-check/default-404-error-page.html dh> Delete the default index page and remove the dh> example JSP and servlets. Follow the Tomcat dh> or OWASP instructions to replace or modify dh> the default error page. We recently encountered this problem in our server scans and were able to mitigate the issue. If you have not already read it, here's a Tenable forum thread about the topic. While it does not provide a complete solution, it starts to explain the issue. We started by removing the apps that came bundled in Tomcat webapps. We deleted the docs, examples, and ROOT folders. Also, we removed the 404 block from our application web.xml and added one to the Tomcat conf/web.xml. Something like: 404 /NotFound.jsp -- Cris Berneburg CACI Lead Software Engineer but Tomcat newbie - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [EXTERNAL] Re: tomcat Finding!
Danyaal, > Am 18.12.2018 um 21:15 schrieb > : > > Added following to the Server.xml, still showing in the latest scan. > > showReport=false" showServerInfo="false" /> > > Thank you, > Danyaal > > -Original Message- > From: John Palmer [mailto:johnpalm...@gmail.com] > Sent: Friday, December 14, 2018 6:26 PM > To: Tomcat Users List > Subject: [EXTERNAL] Re: tomcat Finding! > > WARNING:This is an external email that originated outside of our email > system. DO NOT CLICK links or open attachments unless you recognize the > sender and know that the content is safe! > > I found this to be easier to accomplish (and maintain): > > add to the Host section of server.xml: > showReport=false" showServerInfo="false" /> > > (this will disable the tomcat version number and the stacktrace - the > defaults for these are "true") > > >> On Fri, Dec 14, 2018 at 10:18 AM wrote: >> >> Good Morning, >> I'm encountering following scan finding errors and couldn't find way to >> mitigate this. >> >> Tomcat 8.5.32 >> 12085 >> Apache Tomcat Default Files >> The following default files were found >> :/nessus-check/default-404-error-page.html >> Delete the default index page and remove the example JSP and servlets. did you also remove the default files under webapps (examples, Root,...)? This finding is not only for errorpages with version number! Peter >> Follow the Tomcat or OWASP instructions to replace or modify the default >> error page. >> >> Thank you, >> Danyaal >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > B‹CB•È[œÝXœØÜšX™KK[XZ[ˆ\Ù\œË][œÝXœØÜšX™PÛXØ] > ˜\XÚK›Ü™ÃB‘›ÜˆY][Û˜[ÛÛ[X[™ËK[XZ[ˆ\Ù\œËZ[ÛXØ]˜\XÚK›Ü™ÃBƒ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [EXTERNAL] Re: tomcat Finding!
You have to add Valve under Server/Service/Engine/Host/ Works for us as expected On Wed, 19 Dec 2018 at 03:17, wrote: > Added following to the Server.xml, still showing in the latest scan. > > showReport=false" showServerInfo="false" /> > > Thank you, > Danyaal > > -Original Message- > From: John Palmer [mailto:johnpalm...@gmail.com] > Sent: Friday, December 14, 2018 6:26 PM > To: Tomcat Users List > Subject: [EXTERNAL] Re: tomcat Finding! > > WARNING:This is an external email that originated outside of our email > system. DO NOT CLICK links or open attachments unless you recognize the > sender and know that the content is safe! > > I found this to be easier to accomplish (and maintain): > > add to the Host section of server.xml: > showReport=false" showServerInfo="false" /> > > (this will disable the tomcat version number and the stacktrace - the > defaults for these are "true") > > > On Fri, Dec 14, 2018 at 10:18 AM wrote: > > > Good Morning, > > I'm encountering following scan finding errors and couldn't find way to > > mitigate this. > > > > Tomcat 8.5.32 > > 12085 > > Apache Tomcat Default Files > > The following default files were found > > :/nessus-check/default-404-error-page.html > > Delete the default index page and remove the example JSP and servlets. > > Follow the Tomcat or OWASP instructions to replace or modify the default > > error page. > > > > Thank you, > > Danyaal > > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > -- WBR Maxim aka solomax
RE: [EXTERNAL] Re: tomcat Finding!
Added following to the Server.xml, still showing in the latest scan. Thank you, Danyaal -Original Message- From: John Palmer [mailto:johnpalm...@gmail.com] Sent: Friday, December 14, 2018 6:26 PM To: Tomcat Users List Subject: [EXTERNAL] Re: tomcat Finding! WARNING:This is an external email that originated outside of our email system. DO NOT CLICK links or open attachments unless you recognize the sender and know that the content is safe! I found this to be easier to accomplish (and maintain): add to the Host section of server.xml: (this will disable the tomcat version number and the stacktrace - the defaults for these are "true") On Fri, Dec 14, 2018 at 10:18 AM wrote: > Good Morning, > I'm encountering following scan finding errors and couldn't find way to > mitigate this. > > Tomcat 8.5.32 > 12085 > Apache Tomcat Default Files > The following default files were found > :/nessus-check/default-404-error-page.html > Delete the default index page and remove the example JSP and servlets. > Follow the Tomcat or OWASP instructions to replace or modify the default > error page. > > Thank you, > Danyaal > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: tomcat Finding!
I found this to be easier to accomplish (and maintain): add to the Host section of server.xml: (this will disable the tomcat version number and the stacktrace - the defaults for these are "true") On Fri, Dec 14, 2018 at 10:18 AM wrote: > Good Morning, > I'm encountering following scan finding errors and couldn't find way to > mitigate this. > > Tomcat 8.5.32 > 12085 > Apache Tomcat Default Files > The following default files were found > :/nessus-check/default-404-error-page.html > Delete the default index page and remove the example JSP and servlets. > Follow the Tomcat or OWASP instructions to replace or modify the default > error page. > > Thank you, > Danyaal > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
RE: tomcat Finding!
Good Morning, I'm encountering following scan finding errors and couldn't find way to mitigate this. Tomcat 8.5.32 12085 Apache Tomcat Default Files The following default files were found :/nessus-check/default-404-error-page.html Delete the default index page and remove the example JSP and servlets. Follow the Tomcat or OWASP instructions to replace or modify the default error page. Thank you, Danyaal - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org