Description
Exposing detailed information such as the Tomcat version number facilitates attackers in identifying vulnerabilities and planning their attacks more effectively.
Test for Tomcat Version Disclosure Vulnerability with SmartScanner
Donwload FREE!Recommendation
To mitigate this issue:
- Open the
server.xmlfile. - Find the
Hostsection and add the following line immediately after it:<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false" /> - Save the file and restart the application.
References
- OWASP: Fingerprint Web Server
- Apache Tomcat Documentation: ErrorReportValve
- Apache Tomcat
- CWE-16
- CWE-200
- CAPEC-118
- OWASP 2021-A1
- OWASP 2021-A5
Related Issues
- Server Version Disclosure - Vulnerability
- Apache Version Disclosure - Vulnerability
- X-Powered-By Header Found - Vulnerability
- Vulnerable Tomcat Version - Vulnerability
- Tags:
- Information Disclosure
- Server Misconfiguration
- Tomcat
- Web Server
Anything's wrong? Let us know Last updated on May 13, 2024