TCAT-AS-000510 - DefaultServlet debug parameter must be disabled.

Information

The DefaultServlet serves static resources as well as serves the directory listings (if directory listings are enabled). It is declared globally in $CATALINA_BASE/conf/web.xml and by default is configured with the 'debug' parameter set to 0, which is disabled. Changing this to a value of 1 or higher sets the servlet to print debug level information. DefaultServlet debug setting must be set to 0 (disabled).

Solution

From the Tomcat server as a privileged user:

Edit the $CATALINA_BASE/conf/web.xml file.

Examine the <init-param> elements within the <Servletclass> element, if the 'debug' <param-value>element is not '0'' change the 'debug' <param-value> to read '0'.

sudo systemctl restart tomcat
sudo systemctl daemon-reload

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apache_Tomcat_Application_Server_9_V2R4_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7a., CAT|III, CCI|CCI-000381, Rule-ID|SV-222953r615938_rule, STIG-ID|TCAT-AS-000510, STIG-Legacy|SV-111431, STIG-Legacy|V-102489, Vuln-ID|V-222953

Plugin: Unix

Control ID: 658b5eaf4b035258128ee97308ffbdb5d952c9a27c62fefb157ed7be7817baf2