TCAT-AS-000500 - Unapproved connectors must be disabled.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Connectors are how Tomcat receives requests, passes them to hosted web applications, and then sends back the results to the requestor. Tomcat provides HTTP and Apache JServ Protocol (AJP) connectors and makes these protocols available via configured network ports. Unapproved connectors provide open network connections to either of these protocols and put the system at risk.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Obtain ISSO approvals for the configured connectors and document in the SSP.

Alternatively, edit the $CATALINA_BASE/conf/server.xml file, remove any unapproved connectors, and restart Tomcat:
sudo systemctl restart tomcat
sudo systemctl daemon-reload

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apache_Tomcat_Application_Server_9_V2R6_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000381, Rule-ID|SV-222952r879587_rule, STIG-ID|TCAT-AS-000500, STIG-Legacy|SV-111429, STIG-Legacy|V-102487, Vuln-ID|V-222952

Plugin: Unix

Control ID: be5a522da03210a44e5848c8867f091e37670475080510ce4579cce7a876d6ee