A recent nessus scan found the following vulnerability in a RedHat server:
Apache Tomcat Servlet Default Files Installed Vulnerability finding appeared in last successful scan attempt. The following default files were found : /nessus-check/default-404-error-page.html
This vulnerability was found on port 4414, where the IIB broker is running.
I searched the web.xml file under the path:
/IIB-install/iib10.0.0.7/server/webadmin/apps/mqtt/WEB-INF
and added the following lines:
<error-page>
<error-code>404</error-code>
<location>/nessus-check/default-404-error-page.html</location>
</error-page>
inside the braces and restarted the IIB broker, but the vulnerability is still there. What am I missing here?
Thanks in advance
