Vulnerability Finding - Apache Tomcat Default Files

Rajkumar · September 20, 2024, 9:02am

Hello,

which versions are you using - SonarQube 9.9.5
how is SonarQube deployed: zip

How to fix this issue?

Finding Name
Apache Tomcat Default Files

Finding Description
The default error page, default index page, example JSPs and/or example servlets are installed on the remote Apache Tomcat server. These files should be removed as they may help an attacker uncover information about the remote Tomcat install or host itself.

Recommendations
Delete the default index page and remove the example JSP and servlets. Follow the Tomcat or OWASP instructions to replace or modify the default error page.

Affected Port
8080

Colin · September 20, 2024, 9:11am

Hi,

I’ve unlisted your topic since you’re reporting a vulnerability. Our responsible disclosure policy asks that you email security@sonarsource.com rather than making public posts. Could you please re-send this to security@sonarsource.com?

Rajkumar · September 20, 2024, 9:35am

Thanks, We have sent an email to security team.