隐藏Tomcat异常页面中的版本信息，Tomcat服务器版本号泄露

隐藏Tomcat异常页面中的版本信息，Tomcat服务器版本号泄露

在Tomcat报错页面中，显示Apache Tomcat/8.5.51相关版本号等信息，是不安全的。这会被攻击者获取到，利用该版本的其他漏洞对服务器进行攻击。所以需要隐藏掉。

修改ServerInfo.properties

1. 进入tomcat安装目录

cd /usr/local/tomcat/apache-tomcat-8.5.51/lib

2. 备份catalina.jar包

cp catalina.jar catalina.jar_bak

3. 下载catalina.jar包到本地，用压缩工具打开。
   

进入路径：org\apache\catalina\util，打开ServerInfo.properties文件
源文件：

# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

server.info=Apache Tomcat/8.5.51
server.number=8.5.51.0
server.built=Feb 5 2020 22:26:25 UTC

修改server.info、server.number、server.built，修改后：

# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

server.info=
server.number=
server.built=

重启Tomcat

[root@q bin]# ps -ef|grep tomcat
root      5621  4860  0 10:01 pts/0    00:00:00 grep tomcat
root      9431     1  0 Feb17 ?        08:50:31 /usr/local/java/jdk1.8.0_11/bin/java -Djava.util.logging.config.file=/usr/local/tomcat/apache-tomcat-8.5.51/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 -Dignore.endorsed.dirs= -classpath /usr/local/tomcat/apache-tomcat-8.5.51/bin/bootstrap.jar:/usr/local/tomcat/apache-tomcat-8.5.51/bin/tomcat-juli.jar -Dcatalina.base=/usr/local/tomcat/apache-tomcat-8.5.51 -Dcatalina.home=/usr/local/tomcat/apache-tomcat-8.5.51 -Djava.io.tmpdir=/usr/local/tomcat/apache-tomcat-8.5.51/temp org.apache.catalina.startup.Bootstrap start
[root@q bin]# kill -9 9431
[root@q bin]# ps -ef|grep tomcat
root      5763  4860  0 10:01 pts/0    00:00:00 grep tomcat
[root@q bin]# ./startup.sh

重启后发现Tomcat版本信息消失。