TCAT-AS-001470 - Tomcat server must be patched for security vulnerabilities.

Information

Tomcat is constantly being updated to address newly discovered vulnerabilities, some of which include denial-of-service attacks. To address this risk, the Tomcat administrator must ensure the system remains up to date on patches.

Satisfies: SRG-APP-000435-AS-000163, SRG-APP-000456-AS-000266

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Follow operational procedures for upgrading Tomcat. Download latest version of Tomcat and install in a test environment. Test applications that are running in production and follow all operations best practices when upgrading the production Tomcat application servers.

Update the Tomcat production instance accordingly and ensure corrected builds are installed once tested and verified.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apache_Tomcat_Application_Server_9_V2R4_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SC-5, 800-53|SI-2c., CAT|II, CCI|CCI-002385, CCI|CCI-002605, Rule-ID|SV-222996r814096_rule, STIG-ID|TCAT-AS-001470, STIG-Legacy|SV-111515, STIG-Legacy|V-102575, Vuln-ID|V-222996

Plugin: Unix

Control ID: 5d3e446f1a7c5779038977fdd42d2bc14188c15a424788e012d02b5d34abf61a