How to disable Apache Tomcat Server version


By default Apache Tomcat server version exposed and leads security issue.There are three approaches to hide the Apache Tomcat server version. In which easy-st way is adding one of the attribute in server.xml

How to check Apache Tomcat Server version details

Open command prompt from windows and then go to Apache Tomcat server lib location by using CD command like as follows.

C:\Users\narayanatutorial>cd D:\Tools\Apache\apache-tomcat-6.0.26\lib

D:\Tools\Apache\apache-tomcat-6.0.26\lib>java -cp catalina.jar org.apache.catalina.util.ServerInfo



Server version: Apache Tomcat/6.0.26
Server built:   March 9 2010 1805
Server number:
OS Name:        Windows 7
OS Version:     6.1
Architecture:   amd64
JVM Version:    1.8.0_131-b11
JVM Vendor:     Oracle Corporation


Approach 1

By adding the server attribute in server.xml

This approach will disclose the Apache Tomcat version in the response header not in the error page.

server.xml path : C:/<Apache-Tomcat-Installation-Directory>/conf/server.xml

Note: Take server.xml as backup for safe purpose.


<Connector port="8084" protocol="HTTP/1.1" connectionTimeout="20000"  
enableLookups="false" redirectPort="8443" server="Apache Tomcat"  />

This is the easy-st way to disclose the Apache Tomcat server version.


You can find the changes highlighted in yellow color in the below image.

The above changes are reflected in the response header not in the any error page.

You can see the error page still having the Apache Tomcat Server Version details as follows

To disclose the above Apache Tomcat server version in the error page, we can follow the Approach 2 or Approach 3 in the below

Approach 2

By modifying the which is exist inside catalina.jar. Need to extract the file and then modify and add it into the same place. You can find the below steps how to modify file location in catalina.jar is /org/apache/catalina/util/


Step 1

Take backup of catalina.jar file which is exist in this location C:/<Apache-Tomcat-Installation-Directory>/lib/catalina.jar


Step 2

Create folder inside lib folder like catalina and then copy the jar into it.  and then extract the jar as follows.

C:\Users\narayanatutorial>cd D:\Tools\Apache\apache-tomcat-6.0.26\lib

D:\Tools\Apache\apache-tomcat-6.0.26\lib>mkdir catalina

D:\Tools\Apache\apache-tomcat-6.0.26\lib>cd catalina 

D:\Tools\Apache\apache-tomcat-6.0.26\lib\catalina>jar xf catalina.jar org/apache/catalina/util/

And then you can find the file in that location and then open it in notepad to edit. Tomcat/8.5.4
server.built=Jul 6 2016 08:43:30 UTC

Here you can modify the Tomcat/8.5.4  to Tomcat and then save it.


Step 3

After saving, you have to add it into same place into catalina.jar by executing the following command.

D:\Tools\Apache\apache-tomcat-6.0.26\lib\catalina>jar uf catalina.jar org/apache/catalina/util/

And then copy the catalina.jar into main location C:/<Apache-Tomcat-Installation-Directory>/lib/

If it will ask replace then you can replace it and then start the Apache Tomcat Server and check the same way as follows.

D:\Tools\Apache\apache-tomcat-6.0.26\lib> java -cp catalina.jar org.apache.catalina.util.ServerInfo Output Tomcat server.number= server.built=Jul 6 2016 08:43:30 UTC


Approach 3

  • Open command prompt
  • Go to Tomcat lib folder
  • Create folder like org/apache/catalina/util
D:\Tools\Apache\apache-tomcat-6.0.26\lib>mkdir org\apache\catalina\util

  • Create empty file like inside org/apache/catalina/util
  • Add the line like Tomcat Version X
  • Save it
  • Restart / Start the Tomcat server


After starting the server, you can give any wrong application url or tomcat wrong url then you can see the below output.



I hope you understood now to disable Apache Tomcat Server version in the response header and error page with different approaches to fix security issue. Please reply a comment if any assistance required.


Leave a Reply