Menu Search Sign up

Tomcat Version Displayed back

Tomcat is a popular web application server. 

When accessing an access-restricted file on one web application using Tomcat, the application successfully prohibits the access but sends back detailed version information about the Apache/Tomcat server:

<html><head><title>Apache Tomcat/5.5.25 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 404 - /743006f5b956eb5d80f0662463426b2b/META-INF/MANIFEST.MF</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>/743006f5b956eb5d80f0662463426b2b/META-INF/MANIFEST.MF</u></p><p><b>description</b> <u>The requested resource (/743006f5b956eb5d80f0662463426b2b/META-INF/MANIFEST.MF) is not available.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/5.5.25</h3></body></html>

This version message will give the hackers help in fingerprinting the web application and determine the type of vulnerabilities the current web server has and the best approach for penetration.