You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by "Gao, Frank" <fr...@siemens.com> on 2005/06/10 20:04:40 UTC

Tomcat Web Server "ServerTokenNotSet" Vulnerability

Hi,
I have a Tomcat 5.5.7 standalone webserver running on my machine,  recently
I got a security scan warning of "ApacheServerTokenNotSet".
 
Does anyone know how to configure the Tomcat 5.5.7 to pass this security
scan?  I know there is a 'ServerTokens' directive for Apache Web 
Server that I can use to limit the information giving out. But I cann't find
anything similar on Tomcat Web Server.

Anyone has any idea about this?

Thanks,

Frank

Re: Tomcat Web Server "ServerTokenNotSet" Vulnerability

Posted by Mark Thomas <ma...@apache.org>.

Try setting the server parameter on the connector. See 
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/http.html

Mark

Gao, Frank wrote:
> Hi,
> I have a Tomcat 5.5.7 standalone webserver running on my machine,  recently
> I got a security scan warning of "ApacheServerTokenNotSet".
>  
> Does anyone know how to configure the Tomcat 5.5.7 to pass this security
> scan?  I know there is a 'ServerTokens' directive for Apache Web 
> Server that I can use to limit the information giving out. But I cann't find
> anything similar on Tomcat Web Server.
> 
> Anyone has any idea about this?
> 
> Thanks,
> 
> Frank 
>  
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org