My Oracle Support Banner

[PCA] Nessus Scanner Reports Vulnerability on Ports 8880 and 8443 (Doc ID 2789383.1)

Last updated on JULY 11, 2021

Applies to:

Private Cloud Appliance - Version 2.3.1 and later
Linux x86-64

Symptoms

Nessus scanner plugin 12085 found vulnerability on PCA ports 8880 and 8443.

The server is not configured to return a custom page in the event of a client requesting a non-existent resource.
This may result in a potential disclosure of sensitive information about the server to attackers.

The remote web server contains default files.
The default error page, default index page, example JSPs and/or example servlets are installed on the remote Apache Tomcat server. These files should be removed as they may help an attacker uncover information about the remote Tomcat install or host itself.
Delete the default index page and remove the example JSP and servlets.
Follow the Tomcat or OWASP instructions to replace or modify the default error page. 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.