JBoss page found under PAM's URL shows server information

Document ID : KB000113271
Last Modified Date : 06/09/2018
Show Technical Document Details
Issue:
Under Process Automation's URL, 2 addresses are found that show server information, which can be considered as a security breach.
The addresses are the following:

http://PAM_server:PORT/status
http://PAM_server:PORT/status?full=true


Those addresses show the following:

User-added image
Environment:
Process Automation 4.3, 4.3.01, 4.3.02 and 4.3.03
Cause:
This is caused by the default configuration of JBoss application server, which can be changed.
Resolution:
In order to get rid of this page, the following steps can be followed:

1.- Stop PAM services.
2.- Navigate to: ..PAM\server\c2o\deploy\ROOT.war\WEB-INF
3.- Take a backup of "web.xml" file and place that copy outside PAM folder.
4.- Open the original file and comment everything between lines 13 and 22, as follow:

<!--
<servlet>
<servlet-name>Status Servlet</servlet-name>
<servlet-class>org.jboss.web.tomcat.service.StatusServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Status Servlet</servlet-name>
<url-pattern>/status</url-pattern>
</servlet-mapping>
-->

5.- Save the change and start PAM service.

With this change, both addresses will now show the following:

User-added image