I have a customer running a web application security scanner against a Unity 7 installation, specifically against the Cisco PCA interface. The application sends various HTTP requests, and flags responses such as exception reports. Is there a way that I could customize the message returned to just be a blank 404? If so I think the web inspection tool (WebInspect) would not flag these as security 'issues'. I've done some Googling, which seems to point to web.xml, but the specific responses the server is giving seem to do with Jasper. I'm not familiar enough with Tomcat/Jasper to sort this out. Just want to see if I can safely return a less informative error to the application, so we can get Unity in to production. It doesn't seem to be something that IIS custom error messages control, as far as I can tell, but that would be an easy route.