Tomcat Version Disclosure
Impact: Informational
Description
Exposing detailed information such Tomcat version number helps attackers to find vulnerabilities and plan their attack easier.
Recommendation
Open the server.xml
file
- Find the
Host
section and, add below line next after it <Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false" />
- save the file and restart application
References
- OWASP: Fingerprint Web Server
- Apache Tomcat
- CWE-200
- OWASP 2007-A6
- OWASP 2021-A1
- OWASP 2017-A6
- OWASP 2021-A5
- CWE-16
👉 You might also like:
PHP Version Disclosure - Vulnerability
ASP.NET Version Disclosure - Vulnerability
Apache Version Disclosure - Vulnerability
Nginx Version Disclosure - Vulnerability
Last updated on June 06, 2022