You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2021/09/27 16:38:59 UTC
[Bug 65598] New: Security by default with Tomcat error pages
https://bz.apache.org/bugzilla/show_bug.cgi?id=65598
Bug ID: 65598
Summary: Security by default with Tomcat error pages
Product: Tomcat 8
Version: 8.5.71
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: alexanderv@gmx.net
Target Milestone: ----
The default error pages provide a detailed report and server version by
default.
To prevent information disclosure and gathering this default behaviour should
be changed to not to report this information.
This could probably be done by setting
public class ErrorReportValve extends ValveBase {
private boolean showReport = false;
private boolean showServerInfo = false;
}
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 65598] Security by default with Tomcat error pages
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65598
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WONTFIX
--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Discussion of this topic - if desired - belongs on the users list.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org