Good morning!
We have been working on mitigating a bunch of security issues that were found during the last pentesting session and one of them was exposing the Tomcat version on the Apache error page.
To fix it, I edited the Tomcat configuration file located inside the project under the path conf/server.xml and added the following line under the “Host” tag
<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false"/>
However, when I restart the tomcat in my local machine and take a look at the server.xml generated inside the target folder I see that the line is now gone and therefore it keeps showing the Tomcat version.
Is there another configuration file that I need to edit that I failed to identify?
Thanks in advance.