tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 54197] New: Add option to disable the display of Tomcat name and version in HTTP errror messages
Date Fri, 23 Nov 2012 19:26:01 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=54197

            Bug ID: 54197
           Summary: Add option to disable the display of Tomcat name and
                    version in HTTP errror messages
           Product: Tomcat 7
           Version: 7.0.33
          Hardware: PC
                OS: Windows XP
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: rapolu@hawaii.edu
    Classification: Unclassified

Tomcat displays the server name and version in HTTP error messages. This may be
undesirable for security reasons etc. The Open Web Application Security Project
(OWASP) recommends editing the ServerInfo.properties file in catalina.jar. It
would be lot more convenient if there is some way to disable the above from the
configuration.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message