Question: I am running an older release of erwin DM and have located the following vulnerability in the Mart Server Tomcat error page. How do I fix that? The default error page, default index page, for example, JSPs and/or example servlets are installed on the remote Apache Tomcat server. These files should be removed as they may help an attacker uncover information about the remote Tomcat install or host itself.
Answer: This is not listed as a a vulnerability on the Tomcat vulnerability page as can be seen on the link which can be accessed using the link below:
The newer versions of the Mart Server installs include the newer versions of Tomcat, e.g. Mart Server version 2020 R1 has Tomcat version 9.0.31. Besides upgrading to the later version you may also adjust your Mart Server as follows:
Go to C:\Program Files\erwin\Mart Server r9\Tomcat64\webapps and delete the ROOT, manager, and host-manager folders.
NOTE: Before deleting these ROOT, manager, and host-manager folders please take a backup and save these folders to other locations as a backup.