How to Hide the Tomcat Version Shown on Error Pages

[amarantmeida]

A security scan reported that the server is exposing Tomcat details on the default error page. When accessing an invalid or malformed URL (for example: / %20 /), the browser shows a Tomcat-generated 404 page, including:

• HTTP status
• Error description
• The Tomcat version banner
  This is flagged as Improper Error Handling because it reveals internal server information.

Sharing this here so the team can confirm the correct approach to hide or mask these details, and so others who see the same scan results know how to handle it.