On 22/05/2020 10:06, Reddy, Tippana Krishnanandan wrote:
> Hi All,
> 
> We are using Tomcat version 8.5.31 we have observed below vulnerability
> 
> Title: Remote Web Server Apache Tomcat Contains Default Files
> 
> Issue: The default error page, default index page, example JSPs, /example 
> servlets are installed on the remote Apache Tomcat server. These files should 
> be removed as they may help an attacker uncover information about the remote 
> Tomcat install or host itself or they may themselves contain vulnerabilities 
> such as
> cross-site scripting issues.
> 
> Please let us know how to fix this Vulnerability.

http://tomcat.apache.org/tomcat-8.5-doc/security-howto.html

In particular:

http://tomcat.apache.org/tomcat-8.5-doc/security-howto.html#Default_web_applications

and

http://tomcat.apache.org/tomcat-8.5-doc/security-howto.html#Valves


You should also review https://tomcat.apache.org/security-8.html


In Tomcat 9 onwards there is the option to configure a static file as
the default error page.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to