SV-106393r1_rule
V-97289
SRG-APP-000383
ISEC-06-551100
CAT II
10
Remove the version string from HTTP error pages by unpacking ServerInfo.properties from CATALINA_HOME\lib\catalina.jar and updating the server version information:
Open a CMD prompt.
cd <Drive>:\Program Files\ISEC7 EMM Suite\Tomcat\lib
Copy to desktop and rename catalina.jar to catalina.zip
Open catalina.zip and drill down to org/apache/catalina/util/ServerInfo.properties
Open ‘ServerInfo.properties’ with WordPad.
Edit the server version information and save.
…
server.info=Apache Tomcat
server.number=
server.built=
Save file, rename to catalina.jar, and copy back to directory, replacing existing file.
Verify the version number of Apache Tomcat has been removed from the CATALINA_HOME/lib/catalina.jar file.
Open a CMD prompt.
cd <Drive>:\Program Files\ISEC7 EMM Suite\Tomcat\lib
Copy to desktop and rename catalina.jar to catalina.zip
Open catalina.zip and drill down to org/apache/catalina/util/ServerInfo.properties
Open ‘ServerInfo.properties’ with WordPad.
Confirm the server version information has been removed.
…
server.info=Apache Tomcat
server.number=
server.built=
If the version number of Apache Tomcat has not been removed from the CATALINA_HOME/lib/catalina.jar file, this is a finding.
V-97289
False
ISEC-06-551100
Verify the version number of Apache Tomcat has been removed from the CATALINA_HOME/lib/catalina.jar file.
Open a CMD prompt.
cd <Drive>:\Program Files\ISEC7 EMM Suite\Tomcat\lib
Copy to desktop and rename catalina.jar to catalina.zip
Open catalina.zip and drill down to org/apache/catalina/util/ServerInfo.properties
Open ‘ServerInfo.properties’ with WordPad.
Confirm the server version information has been removed.
…
server.info=Apache Tomcat
server.number=
server.built=
If the version number of Apache Tomcat has not been removed from the CATALINA_HOME/lib/catalina.jar file, this is a finding.
M
3503