Apache Tomcat Default File Vulnerability
1. Summary
Vulnerability description: Default error page, default index page, sample JSP and/or sample servlet installed on a remote Apache Tomcat server. These files should be removed as they may help attackers discover information about remote Tomcat installations or the host itself.
Vulnerability risk: Medium
Fix suggestion: Remove default index page and remove sample JSP and servlet. Replace or modify the default error page by following Tomcat or OWASP instructions.
Second, the solution
1. Delete the docs directory and the examples directory directly;
2. Modify the default error page;
<1>.vim conf/web.xml, add the following configuration at the end of this file;
<error-page>
<error-code>400</error-code>
<location>/error.html</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/error.html</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/error.html</location>
</error-page>
<2>. Custom error page
vim /root/apache-tomcat-8.5.35/webapps/ROOT/error.html
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<title>网页访问不了</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="404/error_all.css?t=201303212934">
</head>
<body class="error-404">
<div id="doc_main">
<section class="bd clearfix">
<div class="module-error">
<div class="error-main clearfix">
<div class="label"></div>
<div class="info">
<h3 class="title">Sorry,你所访问的页面有问题哦</h3>
<div class="reason">
<p>可能的原因:</p >
<p>1.手写有问题。</p >
<p>2.URL失效了?</p >
</div>
</div>
</div>
</div>
</section>
</div>
</body></html>
Just restart tomcat;