Tomcat Version Disclosure
Impact: Informational
Description
Exposing detailed information such Tomcat version number helps attackers to find vulnerabilities and plan their attack easier.
Recommendation
Open the server.xml file
- Find the
Hostsection and, add below line next after it <Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false" />- save the file and restart application
References
- OWASP: Fingerprint Web Server
- Apache Tomcat
- CWE-200
- OWASP 2007-A6
- OWASP 2021-A1
- OWASP 2017-A6
- OWASP 2021-A5
- CWE-16
👉 You might also like:
PHP Version Disclosure - Vulnerability
ASP.NET Version Disclosure - Vulnerability
Apache Version Disclosure - Vulnerability
Nginx Version Disclosure - Vulnerability
Last updated on June 06, 2022