Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1 Remove extraneous files and directories - CATALINA_HOME/server/webapps/host-manager.xmlCIS Apache Tomcat 8 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/examplesCIS Apache Tomcat 10 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/managerCIS Apache Tomcat 10 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/servlet-exampleCIS Apache Tomcat 8 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/tomcat-docsCIS Apache Tomcat 8 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

2.6 Turn off TRACE (check server.xml)CIS Apache Tomcat 7 L1 v1.1.0Unix

SYSTEM AND INFORMATION INTEGRITY

2.6 Turn off TRACE (check web.xml config files)CIS Apache Tomcat 7 L1 v1.1.0Unix

SYSTEM AND INFORMATION INTEGRITY

4.1 Restrict access to $CATALINA_HOMECIS Apache Tomcat 7 L1 v1.1.0Unix

ACCESS CONTROL

4.2 Restrict access to $CATALINA_BASECIS Apache Tomcat 11 v1.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

4.4 Restrict access to Tomcat logs directoryCIS Apache Tomcat 7 L1 v1.1.0Unix

ACCESS CONTROL

4.9 Restrict access to Tomcat catalina.policyCIS Apache Tomcat 11 v1.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

4.9 Restrict access to Tomcat catalina.policyCIS Apache Tomcat 10 L1 v1.1.0Unix

ACCESS CONTROL, MEDIA PROTECTION

4.10 Restrict access to Tomcat context.xmlCIS Apache Tomcat 10.1 v1.1.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

4.12 Restrict access to Tomcat server.xmlCIS Apache Tomcat 10.1 v1.1.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

5.1 Use secure RealmsCIS Apache Tomcat 8 L2 v1.1.0Unix

ACCESS CONTROL

5.1 Use secure RealmsCIS Apache Tomcat 11 v1.0.0 L2Unix

ACCESS CONTROL, MEDIA PROTECTION

5.2 Use LockOut RealmsCIS Apache Tomcat 8 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

6.1 Setup Client-cert AuthenticationCIS Apache Tomcat 10.1 v1.1.0 L2Unix

IDENTIFICATION AND AUTHENTICATION

6.4 Ensure secure is set to true only for SSL-enabled ConnectorsCIS Apache Tomcat 11 v1.0.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in defaultCIS Apache Tomcat 10 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in web applicationCIS Apache Tomcat 10 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in web applicationCIS Apache Tomcat 8 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

7.3 Ensure className is set correctly in context.xmlCIS Apache Tomcat 10 L2 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

7.4 Ensure directory in context.xml is a secure locationCIS Apache Tomcat 10.1 v1.1.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

7.5 Ensure pattern in context.xml is correctCIS Apache Tomcat 8 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

7.6 Ensure directory in logging.properties is a secure locationCIS Apache Tomcat 11 v1.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

8.1 Restrict runtime access to sensitive packagesCIS Apache Tomcat 10.1 v1.1.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

8.1 Restrict runtime access to sensitive packagesCIS Apache Tomcat 10 L1 v1.1.0Unix

ACCESS CONTROL, MEDIA PROTECTION

9.1 Disabling auto deployment of applicationsCIS Apache Tomcat 10.1 v1.1.0 L2Unix

CONFIGURATION MANAGEMENT

9.2 Disable deploy on startup of applicationsCIS Apache Tomcat 11 v1.0.0 L2Unix

CONFIGURATION MANAGEMENT

10.1 Ensure Web content directory is on a separate partition from the Tomcat system filesCIS Apache Tomcat 10 L1 v1.1.0Unix

CONFIGURATION MANAGEMENT, MAINTENANCE

10.1 Ensure Web content directory is on a separate partition from the Tomcat system files (verify Web content directory)CIS Apache Tomcat 7 L1 v1.1.0Unix

CONFIGURATION MANAGEMENT

10.3 Restrict manager applicationCIS Apache Tomcat 11 v1.0.0 L2Unix

ACCESS CONTROL

10.4 Force SSL when accessing the manager application via HTTPCIS Apache Tomcat 10.1 v1.1.0 L1Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

10.6 Enable strict servlet ComplianceCIS Apache Tomcat 7 L1 v1.1.0Unix

CONFIGURATION MANAGEMENT

10.7 Turn off session facade recyclingCIS Apache Tomcat 11 v1.0.0 L1Unix

CONFIGURATION MANAGEMENT

10.7 Turn off session facade recyclingCIS Apache Tomcat 10 L1 v1.1.0Unix

CONFIGURATION MANAGEMENT

10.8 Do not allow additional path delimiters - ALLOW_BACKSLASHCIS Apache Tomcat 8 L2 v1.1.0 MiddlewareUnix

CONFIGURATION MANAGEMENT

10.8 Do not allow additional path delimiters - ALLOW_ENCODED_SLASHCIS Apache Tomcat 10 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

10.8 Do not allow additional path delimiters - ALLOW_ENCODED_SLASHCIS Apache Tomcat 10 L2 v1.1.0 MiddlewareUnix

CONFIGURATION MANAGEMENT

10.8 Do not allow additional path delimiters - ALLOW_ENCODED_SLASHCIS Apache Tomcat 8 L2 v1.1.0 MiddlewareUnix

CONFIGURATION MANAGEMENT

10.14 Do not allow cross context requestsCIS Apache Tomcat 10.1 v1.1.0 L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

10.16 Enable memory leak listenerCIS Apache Tomcat 11 v1.0.0 L1Unix

CONFIGURATION MANAGEMENT

10.17 Setting Security Lifecycle Listener - check for umask present in startupCIS Apache Tomcat 10 L1 v1.1.0Unix

ACCESS CONTROL

AS24-U1-000460 - The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination.DISA STIG Apache Server 2.4 Unix Server v3r1 MiddlewareUnix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

AS24-U2-000960 - The Apache web server must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.DISA STIG Apache Server 2.4 Unix Site v2r4 MiddlewareUnix

CONFIGURATION MANAGEMENT

AS24-W1-000950 - The Apache web server must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.DISA STIG Apache Server 2.4 Windows Server v3r1Windows

CONFIGURATION MANAGEMENT

AS24-W1-000950 - The Apache web server must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.DISA STIG Apache Server 2.4 Windows Server v2r3Windows

CONFIGURATION MANAGEMENT

DISA_STIG_McAfee_VSEL_1.9.x_2.0.x_Local_Client_v1r6.audit from DISA McAfee VSEL 1.9/2.0 Local Client v1r6 STIGMcAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6Unix
VCFL-67-000025 - vSphere Client must not enable support for TRACE requests.DISA STIG VMware vSphere 6.7 Virgo Client v1r2Unix

SYSTEM AND INFORMATION INTEGRITY