BDSNA - The remote web server contains default files.

Version 1
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    BladeLogic Decision Support for Network Automation (5 Report Viewers, 1 Query Studio)


    COMPONENT:

    BladeLogic Decision Support for Network Automation


    APPLIES TO:

    BDSNA 8.9.x



    PROBLEM:

    The server is not configured to return a custom page in the event of a client requesting a non-existent resource.
    This may result in a potential disclosure of sensitive information about the server to attackers.


    CAUSE:

    Nessus Plugin-12085 scanner shows this vulnerability


    SOLUTION:

    Modify the sever.xml (…\BL-Decision Support\tomcat\conf\) to have the following configuration.
    Add it in <Host> block. 

    <Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false" />


    It should look like as follows after update.

    <Host name="localhost"  appBase="webapps"
                unpackWARs="true" autoDeploy="true">
    <Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false" />
            <!-- SingleSignOn valve, share authentication between web applications
                 Documentation at: /docs/config/valve.html -->
            <!--
            <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
            -->

            <!-- Access log processes all example.
                 Documentation at: /docs/config/valve.html
                 Note: The pattern used is equivalent to using pattern="common" 
                 
                 Stop logging the every hit to the Web Server by commenting the information below
                 
            <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"  

                   prefix="localhost_access_log." suffix=".txt"
                   pattern="%h %l %u %t &quot;%r&quot; %s %b" resolveHosts="false"/>
                 -->
                 
    </Host>


     


    Article Number:

    000175640


    Article Type:

    Solutions to a Product Problem



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles