ansible-role-tomcat icon indicating copy to clipboard operation
ansible-role-tomcat copied to clipboard

Published 20 hours ago verified publisher icon robertdebock

Create a default error page

Open pjsharpe07 opened this issue 5 years ago • 3 comments
trafficstars

Proposed feature

Default error landing page doesn't exist and some tomcat information is sent. Also, the default page exposes sensitive information as well.

See screen shot:

image

Rationale

A default error page could prevent this potentially sensitive information from being inadvertently disclosed.

Additional context

Found this via a nessus scan.

pjsharpe07 avatar Aug 12 '20 19:08 pjsharpe07

That is a very good plan.

Do you know how to do this? If so; please create a pull request for it. I'll help you through the process if you need help.

Otherwise, I'll work on it in some time.

Regards,

Robert de Bock.

robertdebock avatar Aug 13 '20 13:08 robertdebock

Hi @pjsharpe07. The role now places a simple, unbranded default page. That should solve your Nessus finding.

Please let me know if this works for you.

robertdebock avatar Aug 26 '20 19:08 robertdebock

Thank you for doing this! Unfortunately, we remove some of those folders so this fix didn't quite work for us.

Instead, we did some work with serverinfo.properties. You can find some of the changes here.

Thanks again for doing this work!

pjsharpe07 avatar Sep 03 '20 15:09 pjsharpe07