RE: tomcat 6 vulnerability scan default error page help

2018-05-07 Thread Berneburg, Cris J. - US
Mark Thanks for taking the time to help. Again, I appreciate it. cjb> We are getting dinged by a vulnerability scan for the default cjb> not-found error page being returned by Tomcat for a Status 404. cjb> [...] cjb> And we're using Tomcat 6.0.37 (ahem). MT> And you are worried about returning

RE: tomcat 6 vulnerability scan default error page help

2018-05-07 Thread Berneburg, Cris J. - US
Leon, Mark, and Alejandro Thanks for your time and suggestions. I appreciate it. cjb> We are getting dinged by a vulnerability scan for the default cjb> not-found error page being returned by Tomcat for a Status 404. cjb> [...] cjb> However, I can't find where the error-page for 404 is defined.

RE: tomcat 6 vulnerability scan default error page help

2018-05-07 Thread Berneburg, Cris J. - US
-Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Wednesday, May 2, 2018 4:01 PM To: users@tomcat.apache.org Subject: Re: tomcat 6 vulnerability scan default error page help > On 02/05/18 20:51, Leon Rosenberg wrote: > > Hi Mark, > > > > I ag

Re: tomcat 6 vulnerability scan default error page help

2018-05-02 Thread alejandro . vargas
You need to unpack catalina.jar in tomcat lib directory, then go to org\apache\catalina\util\, open ServerInfo.properties and edit it server.info=Apache Tomcat server.number= server.built= You need to set to empty these variables, as shown above. Save the file. Pack as jar again Put in the tom

Re: tomcat 6 vulnerability scan default error page help

2018-05-02 Thread Mark Thomas
On 02/05/18 20:51, Leon Rosenberg wrote: > Hi Mark, > > I agree with you that the complaint about version number is rather a minor > one, however, I've had the same situation as one of our projects had to > pass through a PCI Compliance test, and this is what they really test for. Don't get me st

Re: tomcat 6 vulnerability scan default error page help

2018-05-02 Thread Leon Rosenberg
Hi Mark, I agree with you that the complaint about version number is rather a minor one, however, I've had the same situation as one of our projects had to pass through a PCI Compliance test, and this is what they really test for. regards Leon On Wed, May 2, 2018 at 9:42 PM, Mark Thomas wrote:

Re: tomcat 6 vulnerability scan default error page help

2018-05-02 Thread Mark Thomas
On 02/05/18 20:27, Berneburg, Cris J. - US wrote: > We are getting dinged by a vulnerability scan for the default not-found error > page being returned by Tomcat for a Status 404. > > On my dev server when requesting an invalid URL, Tomcat returns a Status 404 > page that displays the Tomcat ver

Re: tomcat 6 vulnerability scan default error page help

2018-05-02 Thread Leon Rosenberg
Hi Cris, try to add following to your web.xml 404 /error404.html regards Leon On Wed, May 2, 2018 at 9:27 PM, Berneburg, Cris J. - US wrote: > We are getting dinged by a vulnerability scan for the default not-found > error page being returned by Tomcat for a Status

tomcat 6 vulnerability scan default error page help

2018-05-02 Thread Berneburg, Cris J. - US
We are getting dinged by a vulnerability scan for the default not-found error page being returned by Tomcat for a Status 404. On my dev server when requesting an invalid URL, Tomcat returns a Status 404 page that displays the Tomcat version. Right, I need to do something about that. However,