Detections
Analytics

Item Search

NameAudit NamePluginCategory
2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all ConnectorsCIS Apache Tomcat 7 L2 v1.1.0 MiddlewareUnix

SYSTEM AND COMMUNICATIONS PROTECTION

TCAT-AS-000030 - HTTP Strict Transport Security (HSTS) must be enabled.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

ACCESS CONTROL

TCAT-AS-000050 - AccessLogValve must be configured for each application context.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

TCAT-AS-000070 - Cookies must have secure flag set.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

ACCESS CONTROL

TCAT-AS-000090 - DefaultServlet must be set to readonly for PUT and DELETE.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

ACCESS CONTROL

TCAT-AS-000100 - Connectors must be secured.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

ACCESS CONTROL

TCAT-AS-000170 - Tomcat servers behind a proxy or load balancer must log client IP.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

TCAT-AS-000250 - Remote hostname must be logged.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

TCAT-AS-000260 - HTTP status code must be logged.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

TCAT-AS-000270 - The first line of request must be logged.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

TCAT-AS-000360 - $CATALINA_BASE/logs folder permissions must be set to 750.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

TCAT-AS-000371 - $CATALINA_BASE/conf folder permissions must be set to 750.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

TCAT-AS-000380 - Jar files in the $CATALINA_HOME/bin/ folder must have their permissions set to 640.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

TCAT-AS-000390 - $CATALINA_HOME/bin folder permissions must be set to 750.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

TCAT-AS-000450 - Tomcat user UMASK must be set to 0027.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

CONFIGURATION MANAGEMENT

TCAT-AS-000470 - Stack tracing must be disabled.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

CONFIGURATION MANAGEMENT

TCAT-AS-000490 - The shutdown port must be disabled.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

CONFIGURATION MANAGEMENT

TCAT-AS-000500 - Unapproved connectors must be disabled.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

CONFIGURATION MANAGEMENT

TCAT-AS-000510 - DefaultServlet debug parameter must be disabled.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

CONFIGURATION MANAGEMENT

TCAT-AS-000530 - The deployXML attribute must be set to false in hosted environments.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

CONFIGURATION MANAGEMENT

TCAT-AS-000540 - Autodeploy must be disabled.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

CONFIGURATION MANAGEMENT

TCAT-AS-000560 - Example applications must be removed.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

CONFIGURATION MANAGEMENT

TCAT-AS-000570 - Tomcat default ROOT web application must be removed.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

CONFIGURATION MANAGEMENT

TCAT-AS-000580 - Documentation must be removed.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

CONFIGURATION MANAGEMENT

TCAT-AS-000590 - Applications in privileged mode must be approved by the ISSO.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

CONFIGURATION MANAGEMENT

TCAT-AS-000600 - Tomcat management applications must use LDAP realm authentication.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

IDENTIFICATION AND AUTHENTICATION

TCAT-AS-000610 - JMX authentication must be secured.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

IDENTIFICATION AND AUTHENTICATION

TCAT-AS-000630 - TLS must be enabled on JMX.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

IDENTIFICATION AND AUTHENTICATION

TCAT-AS-000710 - Keystore file must be protected.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

IDENTIFICATION AND AUTHENTICATION

TCAT-AS-000750 - Tomcat must use FIPS-validated ciphers on secured connectors.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

TCAT-AS-000790 - Access to Tomcat manager application must be restricted.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

SYSTEM AND COMMUNICATIONS PROTECTION

TCAT-AS-000800 - Tomcat servers must mutually authenticate proxy or load balancer connections.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

SYSTEM AND COMMUNICATIONS PROTECTION

TCAT-AS-000820 - Tomcat must be configured to limit data exposure between applications.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

SYSTEM AND COMMUNICATIONS PROTECTION

TCAT-AS-000920 - ErrorReportValve showServerInfo must be set to false.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

SYSTEM AND INFORMATION INTEGRITY

TCAT-AS-000940 - ErrorReportValve showReport must be set to false.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

SYSTEM AND INFORMATION INTEGRITY

TCAT-AS-001020 - LockOutRealms must be used for management of Tomcat.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

ACCESS CONTROL

TCAT-AS-001030 - LockOutRealms failureCount attribute must be set to 5 failed logins for admin users.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

ACCESS CONTROL

TCAT-AS-001060 - Tomcat user account must be a non-privileged user.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

ACCESS CONTROL

TCAT-AS-001080 - Application user name must be logged.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

ACCESS CONTROL

TCAT-AS-001250 - $CATALINA_BASE/logs/ folder must be owned by tomcat user, group tomcat.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

CONFIGURATION MANAGEMENT

TCAT-AS-001260 - $CATALINA_BASE/temp/ folder must be owned by tomcat user, group tomcat.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

CONFIGURATION MANAGEMENT

TCAT-AS-001270 - $CATALINA_BASE/temp folder permissions must be set to 750.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

CONFIGURATION MANAGEMENT

TCAT-AS-001430 - Certificates in the trust store must be issued/signed by an approved CA.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

SYSTEM AND COMMUNICATIONS PROTECTION

TCAT-AS-001560 - AccessLogValve must be configured for Catalina engine.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

TCAT-AS-001592 - Changes to $CATALINA_HOME/lib/ folder must be logged.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

TCAT-AS-001640 - Application servers must use NIST-approved or NSA-approved key management technology and processes.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

SYSTEM AND COMMUNICATIONS PROTECTION

TCAT-AS-001670 - RECYCLE_FACADES must be set to true.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

CONFIGURATION MANAGEMENT

TCAT-AS-001710 - Hosted applications must be documented in the system security plan.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

CONFIGURATION MANAGEMENT

TCAT-AS-001730 - Connector address attribute must be set.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

CONFIGURATION MANAGEMENT

TCAT-AS-001731 - The application server must alert the system administrator (SA) and information system security offer (ISSO), at a minimum, in the event of a log processing failure.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

AUDIT AND ACCOUNTABILITY