InformationThe server.number attribute represents the specific version of Tomcat that is executing. This value is presented to Tomcat clients when connect.
Advertising a valid server version may provide attackers with information useful for locating vulnerabilities that affect the server platform. Altering the server version string may increase the complexity for attackers to determine which vulnerabilities affect the server platform.
SolutionPerform the following to alter the server version string that gets displayed when clients connect to the server.
Extract the ServerInfo.properties file from the catalina.jar file:
$ cd $CATALINA_HOME/lib
$ jar xf catalina.jar org/apache/catalina/util/ServerInfo.properties
Navigate to the util directory that was created
$ cd org/apache/Catalina/util
Open ServerInfo.properties in an editor
Update the server.number attribute
Update the catalina.jar with the modified ServerInfo.properties file.
$ jar uf catalina.jar org/apache/catalina/util/ServerInfo.properties
The default value for the server.number attribute is a four part version number, such as 22.214.171.124.