Reducing information disclosure in Tomcat error pages

Question

By default, Tomcat\'s error pages disclose both the existence of Tomcat and the exact version of the container that\'s handling the requests. This is nice for development, but

Answer 1

I agree with Jeremy Stein, that is the answer, however I'd like to add 2 points:

1. You should put an entry in the CATALINA_HOME/conf/web.xml file, in addition to the application's web.xml file, in case the hacker tries to access URL's in other web-apps such as the default-installed 'manager', 'tomcat', 'examples' etc..

2. If you want to secure the server it's (evidently) not as simple as taking care of these error pages. This link has a list of things you need to do:

https://www.owasp.org/index.php/Securing_tomcat