On 22/05/2020 10:06, Reddy, Tippana Krishnanandan wrote:
> Hi All,
> We are using Tomcat version 8.5.31 we have observed below vulnerability
> Title: Remote Web Server Apache Tomcat Contains Default Files
> Issue: The default error page, default index page, example JSPs, /example 
> servlets are installed on the remote Apache Tomcat server. These files should 
> be removed as they may help an attacker uncover information about the remote 
> Tomcat install or host itself or they may themselves contain vulnerabilities 
> such as
> cross-site scripting issues.
> Please let us know how to fix this Vulnerability.


In particular:




You should also review https://tomcat.apache.org/security-8.html

In Tomcat 9 onwards there is the option to configure a static file as
the default error page.


To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to