Information
The server.info attribute contains the name of the application service. This value is presented to Tomcat clients when clients connect to the tomcat server.
Rationale:
Altering the server.info attribute may increase the complexity for attackers to determine which vulnerabilities affect the server platform.
Solution
Perform the following to alter the server platform string that gets displayed when clients connect to the tomcat server.
Extract the ServerInfo.properties file from the catalina.jar file:
$ cd $CATALINA_HOME/lib
$ jar xf catalina.jar org/apache/catalina/util/ServerInfo.properties
Navigate to the util directory that was created
cd org/apache/catalina/util
Open ServerInfo.properties in an editor
Update the server.info attribute in the ServerInfo.properties file.
server.info=<SomeWebServer>
Update the catalina.jar with the modified ServerInfo.properties file.
$ jar uf catalina.jar org/apache/catalina/util/ServerInfo.properties
Default Value:
The default value for the server.info attribute is Apache Tomcat/<version>. For example, Apache Tomcat/9.0.0.M9.
References:
https://www.owasp.org/index.php/Securing_tomcat