SAP CRS 2016 Vulnerability

We are receiving the following network security vulnerability reporting:

https://vscan.secintel.ibm.com/vscan/refs/refs.php?vuln_id=4458

This instructs to resolve/mitigate this vulnerability we should:

Remove unnecessary default files from the Apache Tomcat web server. Such files include:

/tomcat-docs/index.html
/examples/servlets/index.html
/examples/servlet/SnoopServlet
/examples/jsp/snp/snoop.jsp
/examples/jsp/index.html

Normally we would seek the software vendor and download / install an update or fix pack to resolve this issue. how would we resolve this issue for CRS 2016? We are trying not to break Crystal Reports Server 2016 while complying with our network security folks.