![]() If the ROOT web application contains Tomcat default application content, this is a finding.Įither remove the files contained in $CATALINA_BASE/webapps/ROOT folder or replace the content of the folder with a new application that serves as the new default server application. Alternatively, use a web browser and access the default web application and determine if the website application in the ROOT folder is provided with the Apache Tomcat server. You can delete them to keep it clean and avoid any known security risk with Tomcat default application. Check the index.jsp for other verbiage that indicates the application is part of the Tomcat server. Jasper parses JSP files to compile them into Java code as servlets (that can be handled by Catalina). By default, Tomcat comes with following web applications, which may or not be required in a production environment. Look for content that describes the application as being licensed by the Apache Software Foundation. AVDS is alone in using behavior based testing that eliminates this issue. The Vulnerabilities in Apache Tomcat Default Error Page Version Detection is prone to false positive reports by most vulnerability assessment solutions. WARNING: Removing the ROOT folder without replacing the content with valid web based content will result in an error page being displayed to the browser when the browser lands on the default page.Īpache Tomcat Application Sever 9 Security Technical Implementation Guideĭetails Check Text ( C-24631r426321_chk )įrom the Tomcat server OS type the following command: Penetration Testing for Apache Tomcat Default Files. ![]() ![]() It is acceptable to replace the contents of default ROOT with a new default web application. Thanks for contributing an answer to Stack Overflow Please be sure to answer the question.Provide details and share your research But avoid. The default ROOT web application must be removed from a publicly accessible Tomcat instance and a more appropriate default page shown to users. The default ROOT web application includes the version of Tomcat that is being used, links to Tomcat documentation, examples, FAQs, and mailing lists.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |