InformationWhen a resource is requested from the Web Connector via HTTP, the response contains headers with information about the server which generated the response.
This information can help an attacker to quickly identify which version you are running and consequently tune the attack attempts specifically for your software instance.
SolutionYou should mask the 'Server:' value in the header. By default this header shows the version of our servlet container.
In order to remove it we can set up a global property in this way:
<property name="org.apache.coyote.http11.Http11Protocol.SERVER" value="SuperSecureServer"/>