Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1 Remove extraneous files and directoriesCIS Apache Tomcat 10.1 v1.1.0 L2Unix

CONFIGURATION MANAGEMENT

1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/docsCIS Apache Tomcat 10 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

1.1 Remove extraneous files and directories (CONFIG_DIR/Catalina/localhost/manager.xml)CIS Apache Tomcat 7 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

1.1 Remove extraneous files and directories (WEBAPP_DIR/js-examples)CIS Apache Tomcat 7 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

1.2 Disable Unused ConnectorsCIS Apache Tomcat 10.1 v1.1.0 L2Unix

CONFIGURATION MANAGEMENT

1.2 Disable Unused ConnectorsCIS Apache Tomcat 11 v1.0.0 L2Unix

CONFIGURATION MANAGEMENT

1.2 Disable Unused ConnectorsCIS Apache Tomcat 10 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

2.4 Ensure the Status Module Is DisabledCIS Apache HTTP Server 2.4 v2.2.0 L1Unix

CONFIGURATION MANAGEMENT

2.6 Turn off TRACECIS Apache Tomcat 11 v1.0.0 L1Unix

CONFIGURATION MANAGEMENT

2.6 Turn off TRACE - check server.xmlCIS Apache Tomcat 8 L1 v1.1.0Unix

CONFIGURATION MANAGEMENT

3.2 Disable the Shutdown portCIS Apache Tomcat 7 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

4.1 Restrict access to $CATALINA_HOMECIS Apache Tomcat 11 v1.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

4.3 Restrict access to Tomcat configuration directoryCIS Apache Tomcat 11 v1.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

4.3 Restrict access to Tomcat configuration directoryCIS Apache Tomcat 8 L1 v1.1.0Unix

ACCESS CONTROL

4.4 Restrict access to Tomcat logs directoryCIS Apache Tomcat 10.1 v1.1.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

4.4 Restrict access to Tomcat logs directoryCIS Apache Tomcat 10 L1 v1.1.0Unix

ACCESS CONTROL, MEDIA PROTECTION

4.5 Restrict access to Tomcat temp directoryCIS Apache Tomcat 7 L1 v1.1.0Unix

ACCESS CONTROL

4.8 Restrict access to Tomcat catalina.policyCIS Apache Tomcat 7 L1 v1.1.0Unix

ACCESS CONTROL

4.9 Restrict access to Tomcat catalina.propertiesCIS Apache Tomcat 7 L1 v1.1.0Unix

ACCESS CONTROL

4.10 Restrict access to Tomcat context.xmlCIS Apache Tomcat 8 L1 v1.1.0Unix

ACCESS CONTROL

4.11 Restrict access to Tomcat logging.propertiesCIS Apache Tomcat 11 v1.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

4.11 Restrict access to Tomcat logging.propertiesCIS Apache Tomcat 10 L1 v1.1.0Unix

ACCESS CONTROL, MEDIA PROTECTION

5.1 Use secure RealmsCIS Apache Tomcat 10 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

5.1 Use secure RealmsCIS Apache Tomcat 7 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

5.2 Use LockOut RealmsCIS Apache Tomcat 11 v1.0.0 L2Unix

CONFIGURATION MANAGEMENT

6.4 Ensure secure is set to true only for SSL-enabled ConnectorsCIS Apache Tomcat 10 L1 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

6.5 Ensure 'sslProtocol' is Configured Correctly for Secure ConnectorsCIS Apache Tomcat 11 v1.0.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Specify file handler in logging.properties (check if java.util.logging.ConsoleHandler logging is enabled in web application)CIS Apache Tomcat 7 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties (check if org.apache.juli.FileHandler logging is enabled in default)CIS Apache Tomcat 7 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties (check if org.apache.juli.FileHandler logging is enabled in web application)CIS Apache Tomcat 7 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties filesCIS Apache Tomcat 10.1 v1.1.0 L1Unix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists in web applicationCIS Apache Tomcat 10 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in defaultCIS Apache Tomcat 8 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

7.3 Ensure className is set correctly in context.xmlCIS Apache Tomcat 11 v1.0.0 L2Unix

AUDIT AND ACCOUNTABILITY

7.3 Ensure className is set correctly in context.xmlCIS Apache Tomcat 7 L2 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

7.4 Ensure directory in context.xml is a secure location - permissionsCIS Apache Tomcat 7 L1 v1.1.0Unix
7.6 Ensure directory in logging.properties is a secure location (check log directory location)CIS Apache Tomcat 7 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

8.1 Restrict runtime access to sensitive packagesCIS Apache Tomcat 11 v1.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

10.2 Restrict access to the web administration applicationCIS Apache Tomcat 10 L1 v1.1.0Unix

ACCESS CONTROL

10.6 Enable strict servlet ComplianceCIS Apache Tomcat 11 v1.0.0 L2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

10.6 Enable strict servlet ComplianceCIS Apache Tomcat 8 L1 v1.1.0Unix

CONFIGURATION MANAGEMENT

10.7 Turn off session facade recyclingCIS Apache Tomcat 8 L1 v1.1.0Unix

CONFIGURATION MANAGEMENT

10.8 Do not allow additional path delimiters (ALLOW_ENCODED_SLASH)CIS Apache Tomcat 7 L2 v1.1.0Unix

SYSTEM AND INFORMATION INTEGRITY

10.11 Force SSL for all applicationsCIS Apache Tomcat 10.1 v1.1.0 L2Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

10.11 Force SSL for all applicationsCIS Apache Tomcat 10 L2 v1.1.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

10.15 Do not resolve hosts on logging valvesCIS Apache Tomcat 11 v1.0.0 L2Unix

SYSTEM AND INFORMATION INTEGRITY

10.16 Do not allow cross context requestsCIS Apache Tomcat 7 L1 v1.1.0Unix

CONFIGURATION MANAGEMENT

10.17 Setting Security Lifecycle ListenerCIS Apache Tomcat 11 v1.0.0 L1Unix

ACCESS CONTROL

AS24-W1-000460 - The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination.DISA STIG Apache Server 2.4 Windows Server v3r1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

AS24-W2-000460 - The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination.DISA STIG Apache Server 2.4 Windows Site v2r1Windows

SYSTEM AND COMMUNICATIONS PROTECTION