Summary

Some error pages can reveal information about the product version or other details in your browser, which may imply a security risk.
For example, a standard error page in Tomcat looks like this:

HTTP Status 404 - Not Found

Type Status Report

Message Not found

Description The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.

Apache Tomcat/ 9.0.22

The following steps can help suppress almost all of the info from these kind of error messages.  

Steps

In most common infrastructures, there are three components that can allow these error messages to be exposed.

Confluence

In what matters to our Confluence product itself, this security concern was addressed on version 7.13.5 under: CONFSERVER-55306 - Confluence error pages should remove stack trace from being output to the UI.

Confluence stack trace page will only be visible when Developer Mode is enabled.

Tomcat App Server

In Tomcat, the file server.xml needs to be edited, and a new ErrorReportValve needs to be added by following the steps below:

1. Edit the file <install-directory>/conf/server.xml
2. Search for the parameters <Host name=

3. Just below that line, insert the following parameters: 

   <Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false" />

4. Restart application

5. The Error page will show: HTTP Status 404 - Not Found.

Reverse Proxy/WebServer

You may have a Reverse Proxy/WebServer on front of your Confluence environment.

For example, in Apache WebServer you can use the directive ErrorDocument directive to detect these errors and redirect the users to a message or a different page without showing the actual error page. Additional information is available in Custom Error Responses.

Other reverse proxies may have different configurations. Check the proxy/webserver documentation or contact your provider for additional support.