On 11/01/2014 00:02, Caldarale, Charles R wrote:
From: August Kleimo [mailto:aug...@kleimo.com]
Subject: exception-message header reveals path to document root in 404
response.
I'm failing a PCI compliance scan because my Tomcat Version 7.0.20 server
is revealing the path to the document
On Fri, Jan 10, 2014 at 7:02 PM, Caldarale, Charles R
chuck.caldar...@unisys.com wrote:
Here's Tomcat's standard 404 response:
HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 1027
Date: Fri, 10 Jan 2014 23:59:34 GMT
Wow, when I saw
From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com]
Subject: Re: exception-message header reveals path to document root in 404
response.
Wow, when I saw this last night, I shook my head and said to myself,
Server: Apache-Coyote/1.1
this may be one of the reasons why my server/web
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
August,
On 1/10/14, 7:48 PM, August Kleimo wrote:
Hi All, Thanks for all your replies. Turns out it was in fact
Railo. I searched the Railo repo on GitHub and found a reference
to that header. I was able to overwrite it with a blank string
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Chuck,
On 1/11/14, 9:01 AM, Caldarale, Charles R wrote:
From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com]
Subject: Re: exception-message header reveals path to document
root in 404 response.
Wow, when I saw this last night, I shook
On Sat, Jan 11, 2014 at 9:01 AM, Caldarale, Charles R
chuck.caldar...@unisys.com wrote:
From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com]
Subject: Re: exception-message header reveals path to document root in
404 response.
Wow, when I saw this last night, I shook my head
On 1/10/2014 3:28 PM, August Kleimo wrote:
I'm failing a PCI compliance scan because my Tomcat Version 7.0.20 server
is revealing the path to the document web root in an exception-message
header when a missing page is requested.
Does anyone know of way to get rid of this header from the
From: August Kleimo [mailto:aug...@kleimo.com]
Subject: exception-message header reveals path to document root in 404
response.
I'm failing a PCI compliance scan because my Tomcat Version 7.0.20 server
is revealing the path to the document web root in an exception-message
header when a
Thanks, Perhaps it's coming from Railo then. I'll investigate down that
path.
On Fri, Jan 10, 2014 at 3:56 PM, Mark Eggers its_toas...@yahoo.com wrote:
On 1/10/2014 3:28 PM, August Kleimo wrote:
I'm failing a PCI compliance scan because my Tomcat Version 7.0.20 server
is revealing the path
Although I suppose it's possible, I don't think it has to do with Railo.
The Railo servlet doesn't handle requests for .html files... those are
handled by Tomcat's default servlet.
Here are the default (suggested) handlers for a Railo install:
servlet-mapping
It may also be useful to know if you get this same exception-message
header when you get a 404 from the Railo servlet (from a request for a
.cfm file).
It may help determine if Railo is involved or not.
Warm Regards,
Jordan Michaels
On 01/10/2014 04:02 PM, Caldarale, Charles R wrote:
From:
Hi All, Thanks for all your replies. Turns out it was in fact Railo. I
searched the Railo repo on GitHub and found a reference to that header. I
was able to overwrite it with a blank string using this line of code.
cfset getPageContext().getResponse().setHeader(exception-message,)
On Fri,
Thanks August, good to know.
Warm Regards,
Jordan Michaels
On 01/10/2014 04:48 PM, August Kleimo wrote:
Hi All, Thanks for all your replies. Turns out it was in fact Railo. I
searched the Railo repo on GitHub and found a reference to that header. I
was able to overwrite it with a blank
13 matches
Mail list logo