隐藏Tomcat异常页面中的版本信息，Tomcat服务器版本号泄露

最新推荐文章于 2025-05-14 13:37:17 发布

拖拖鞋

最新推荐文章于 2025-05-14 13:37:17 发布

阅读量5.2k

点赞数 3

CC 4.0 BY-SA版权

分类专栏： tomcat 服务器安全漏洞文章标签： tomcat

本文链接：https://blog.csdn.net/ycde2009/article/details/105784878

tomcat 同时被 3 个专栏收录

1 篇文章

订阅专栏

服务器

1 篇文章

订阅专栏

安全漏洞

1 篇文章

订阅专栏

本文介绍如何通过修改Tomcat的ServerInfo.properties文件来隐藏服务器版本信息，以增强服务器安全性。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

隐藏Tomcat异常页面中的版本信息，Tomcat服务器版本号泄露

在Tomcat报错页面中，显示Apache Tomcat/8.5.51相关版本号等信息，是不安全的。这会被攻击者获取到，利用该版本的其他漏洞对服务器进行攻击。所以需要隐藏掉。
在这里插入图片描述

修改ServerInfo.properties

cd /usr/local/tomcat/apache-tomcat-8.5.51/lib

在这里插入图片描述

备份catalina.jar包

cp catalina.jar catalina.jar_bak

下载catalina.jar包到本地，用压缩工具打开。

进入路径：org\apache\catalina\util，打开ServerInfo.properties文件
源文件：

# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

server.info=Apache Tomcat/8.5.51
server.number=8.5.51.0
server.built=Feb 5 2020 22:26:25 UTC

修改server.info、server.number、server.built，修改后：

# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

server.info=
server.number=
server.built=

重启Tomcat

[root@q bin]# ps -ef|grep tomcat
root      5621  4860  0 10:01 pts/0    00:00:00 grep tomcat
root      9431     1  0 Feb17 ?        08:50:31 /usr/local/java/jdk1.8.0_11/bin/java -Djava.util.logging.config.file=/usr/local/tomcat/apache-tomcat-8.5.51/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 -Dignore.endorsed.dirs= -classpath /usr/local/tomcat/apache-tomcat-8.5.51/bin/bootstrap.jar:/usr/local/tomcat/apache-tomcat-8.5.51/bin/tomcat-juli.jar -Dcatalina.base=/usr/local/tomcat/apache-tomcat-8.5.51 -Dcatalina.home=/usr/local/tomcat/apache-tomcat-8.5.51 -Djava.io.tmpdir=/usr/local/tomcat/apache-tomcat-8.5.51/temp org.apache.catalina.startup.Bootstrap start
[root@q bin]# kill -9 9431
[root@q bin]# ps -ef|grep tomcat
root      5763  4860  0 10:01 pts/0    00:00:00 grep tomcat
[root@q bin]# ./startup.sh

重启后发现Tomcat版本信息消失。
在这里插入图片描述