漏洞报告显示:
Medium (CVSS: 6.8)
NVT: Apache Tomcat servlet/JSP container default les
References
ssion_Management
Summary
The Apache Tomcat servlet/JSP container has default les installed.
Solution:
Solution type: Mitigation
Remove default les, example JSPs and Servlets from the Tomcat Servlet/JSP container.
漏洞解决:从 Tomcat Servlet/JSP 容器中删除默认文件,例如 JSP 和 Servlet。
1.删除默认文件
移动docs目录和examples目录;
mv docs docs20210708
mv examples examples20210708
2.自定义error页面
vim conf/web.xml,在末尾增加以下代码
<error-page>
<error-code>400</error-code>
<location>/error.html</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/error.html</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/error.html</location>
</error-page>
vim /usr/tomcat/webapps/ROOT/error.html
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<title>网页访问不了</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="404/error_all.css?t=201303212934">
</head>
<body class="error-404">
<div id="doc_main">
<section class="bd clearfix">
<div class="module-error">
<div class="error-main clearfix">
<div class="label"></div>
<div class="info">
<h3 class="title">Sorry,你所访问的页面有问题哦</h3>
<div class="reason">
<p>可能的原因:</p >
<p>1.手写有问题。</p >
<p>2.URL失效了?</p >
</div>
</div>
</div>
</div>
</section>
</div>
</body></html>
3.重启tomcat服务
cd /usr/local/tomcat/bin
./startup.sh