Hide Tomcat version from the error message

Having default Tomcat configuration may expose sensitive information, which helps hacker to prepare for an attack the application. This article describes how to remove the version string from Tomcat HTTP error messages without repackaging the catalina.jar. Based on our experience the standard approach is unzip the catalina.jar and remove the version. Note: that all folder […]

Continue reading