Anybody know how to change the 404 error pages so it doesn't display server
information? It's an ACAS finding; plugin 12085.
https://www.tenable.com/plugins/nessus/12085
I did try to do the OWASP securing stuff, but it's not a "standard install"
of tomcat as far as i can tell.
Running `find / -fstype xfs -type f -name "web.xml"` I added the below error
page lines to the web.xml files that have the "welcome-file-list" as the OWASP
document stated. But it's still doing the default 404 error page.
<error-page>
<error-code>404</error-code>
<exception-type>java.lang.Throwable</exception-type>
<location>/error.jsp</location>
</error-page>
The only thing that the server is doing is for FreeIPA. No other web services as far as I
know. The ports reported are 8080 and 8443 which I believe are related to the OCSP stuff.