Description of problem: The 404 error page is a security issue. Specifically it divulges Tomcat and the version number. This should be corrected for all the tomcat instances (CA,KRA,TKS probally RA) If the error page directive in the server.xml fileis set and supply a page, that is all that is needed. The directive would look something like this: <error-page> <error-code>404</error-code> <location>404.html</location> </error-page> Version-Release number of selected component (if applicable): CS 8.0 Beta2 How reproducible: Always Steps to Reproduce: 1.For any of the instances that use tomcat go to a page that doesn't exist. 2. 3. Actual results: Page that shows the version info Expected results: New page, that can be modified to not show version info. Additional info:
Actually, the "404.html" page needs to contain enough information to prevent Microsoft IE from overriding this behavior with its own "friendly" 404 error messages: http://support.microsoft.com/default...;en-us;Q294807 Additionally, are "404" error codes the ONLY error codes specified by the Tomcat STIG to require special handling?
Re-posting URL: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q294807
Created attachment 348176 [details] PKI 404 Error Handling
Created attachment 348177 [details] PKI 404 Error Handling (dogtag)
attachment (id=348176) attachment (id=348177) +awnuk
NOTE: Similar "customized" 404 error pages were applied to the RA and TPS Apache PKI subsystems as well. As a result, there was a need to generate a top-level port-agnostic TPS Services page. cd pki/base % svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^? M ca/shared/conf/web.xml M tks/shared/conf/web.xml M ra/apache/conf/httpd.conf M ra/lib/perl/PKI/RA/DonePanel.pm M ocsp/shared/conf/web.xml M tps/configure M tps/Makefile.in M tps/configure.ac A tps/lib/perl/PKI/Service A tps/lib/perl/PKI/Service/Op.pm M tps/lib/perl/PKI/TPS/DonePanel.pm M tps/lib/perl/PKI/TPS/TKSInfoPanel.pm A tps/lib/perl/PKI/Base A tps/lib/perl/PKI/Base/Conf.pm A tps/lib/perl/PKI/Base/Registry.pm M tps/setup_package M tps/apache/conf/httpd.conf A tps/forms/index.cgi M tps/forms/index.html M tps/Makefile.am M kra/shared/conf/web.xml % svn commit Sending base/ca/shared/conf/web.xml Sending base/kra/shared/conf/web.xml Sending base/ocsp/shared/conf/web.xml Sending base/ra/apache/conf/httpd.conf Sending base/ra/lib/perl/PKI/RA/DonePanel.pm Sending base/tks/shared/conf/web.xml Sending base/tps/Makefile.am Sending base/tps/Makefile.in Sending base/tps/apache/conf/httpd.conf Sending base/tps/configure Sending base/tps/configure.ac Adding base/tps/forms/index.cgi Sending base/tps/forms/index.html Adding base/tps/lib/perl/PKI/Base Adding base/tps/lib/perl/PKI/Base/Conf.pm Adding base/tps/lib/perl/PKI/Base/Registry.pm Adding base/tps/lib/perl/PKI/Service Adding base/tps/lib/perl/PKI/Service/Op.pm Sending base/tps/lib/perl/PKI/TPS/DonePanel.pm Sending base/tps/lib/perl/PKI/TPS/TKSInfoPanel.pm Sending base/tps/setup_package Transmitting file data ................... Committed revision 617. cd pki/dogtag % svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^? A ocsp-ui/shared/webapps/ocsp/404.html M ocsp-ui/dogtag-pki-ocsp-ui.spec A tps-ui/shared/docroot/footer.vm M tps-ui/shared/docroot/tps/admin/console/config/donepanel.vm A tps-ui/shared/docroot/index.vm A tps-ui/shared/docroot/header.vm A tps-ui/shared/docroot/404.html M tps-ui/dogtag-pki-tps-ui.spec M ca/pki-ca.spec M kra-ui/dogtag-pki-kra-ui.spec A kra-ui/shared/webapps/kra/404.html A ca-ui/shared/webapps/ca/404.html M ca-ui/dogtag-pki-ca-ui.spec M tks/pki-tks.spec M ra/pki-ra.spec M ocsp/pki-ocsp.spec M tps/pki-tps.spec A tks-ui/shared/webapps/tks/404.html M tks-ui/dogtag-pki-tks-ui.spec M kra/pki-kra.spec A ra-ui/shared/docroot/404.html M ra-ui/dogtag-pki-ra-ui.spec % svn commit Sending dogtag/ca/pki-ca.spec Sending dogtag/ca-ui/dogtag-pki-ca-ui.spec Adding dogtag/ca-ui/shared/webapps/ca/404.html Sending dogtag/kra/pki-kra.spec Sending dogtag/kra-ui/dogtag-pki-kra-ui.spec Adding dogtag/kra-ui/shared/webapps/kra/404.html Sending dogtag/ocsp/pki-ocsp.spec Sending dogtag/ocsp-ui/dogtag-pki-ocsp-ui.spec Adding dogtag/ocsp-ui/shared/webapps/ocsp/404.html Sending dogtag/ra/pki-ra.spec Sending dogtag/ra-ui/dogtag-pki-ra-ui.spec Adding dogtag/ra-ui/shared/docroot/404.html Sending dogtag/tks/pki-tks.spec Sending dogtag/tks-ui/dogtag-pki-tks-ui.spec Adding dogtag/tks-ui/shared/webapps/tks/404.html Sending dogtag/tps/pki-tps.spec Sending dogtag/tps-ui/dogtag-pki-tps-ui.spec Adding dogtag/tps-ui/shared/docroot/404.html Adding dogtag/tps-ui/shared/docroot/footer.vm Adding dogtag/tps-ui/shared/docroot/header.vm Adding dogtag/tps-ui/shared/docroot/index.vm Sending dogtag/tps-ui/shared/docroot/tps/admin/console/config/donepanel.vm Transmitting file data ...................... Committed revision 618.
Created attachment 349575 [details] screen shot of custom Error 404 page Verified for all subsystem's web UIs - all return custom 404 error page See attached CA error 404 for example