On 22/05/2020 10:06, Reddy, Tippana Krishnanandan wrote: > Hi All, > > We are using Tomcat version 8.5.31 we have observed below vulnerability > > Title: Remote Web Server Apache Tomcat Contains Default Files > > Issue: The default error page, default index page, example JSPs, /example > servlets are installed on the remote Apache Tomcat server. These files should > be removed as they may help an attacker uncover information about the remote > Tomcat install or host itself or they may themselves contain vulnerabilities > such as > cross-site scripting issues. > > Please let us know how to fix this Vulnerability.
http://tomcat.apache.org/tomcat-8.5-doc/security-howto.html In particular: http://tomcat.apache.org/tomcat-8.5-doc/security-howto.html#Default_web_applications and http://tomcat.apache.org/tomcat-8.5-doc/security-howto.html#Valves You should also review https://tomcat.apache.org/security-8.html In Tomcat 9 onwards there is the option to configure a static file as the default error page. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
