Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1 Remove extraneous files and directories - @APP_Config_catalogs@/webapps/examplesCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

CONFIGURATION MANAGEMENT

1.1 Remove extraneous files and directories - /webapps/ROOTCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

CONFIGURATION MANAGEMENT

2.2 Alter the Advertised server.number StringCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

CONFIGURATION MANAGEMENT

2.7 Ensure Sever Header is Modified To Prevent Information DisclosureCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

CONFIGURATION MANAGEMENT

2.10 Disable Apache ServiceCIS Solaris 11.1 L1 v1.0.0Unix
4.3 Restrict access to Tomcat configuration directoryCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION

4.5 Restrict access to Tomcat temp directoryCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION

4.10 Restrict access to Tomcat context.xmlCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION

4.11 Restrict access to Tomcat logging.propertiesCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION

4.14 Restrict access to Tomcat web.xmlCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION

4.15 Restrict access to jaspic-providers.xmlCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION

5.1 Use secure RealmsCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

ACCESS CONTROL

6.1 Setup Client-cert AuthenticationCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

IDENTIFICATION AND AUTHENTICATION

6.2 Ensure SSLEnabled is set to True for Sensitive Connectors - verify SSLEnabled is set to trueCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.3 Ensure scheme is set accuratelyCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

CONFIGURATION MANAGEMENT

6.5 Ensure 'sslProtocol' is Configured Correctly for Secure ConnectorsCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Application specific loggingCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in defaultCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in web applicationCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in defaultCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in defaultCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in web applicationCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

7.4 Ensure directory in context.xml is a secure location - permissionsCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION

7.6 Ensure directory in logging.properties is a secure location - check log directory locationCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL

9.2 Disabling auto deployment of applicationsCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

CONFIGURATION MANAGEMENT

9.3 Disable deploy on startup of applicationsCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

CONFIGURATION MANAGEMENT

10.2 Restrict access to the web administration applicationCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL

10.4 Force SSL when accessing the manager application via HTTPCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

10.11 Force SSL for all applicationsCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

10.16 Enable memory leak listenerCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

CONFIGURATION MANAGEMENT

10.17 Setting Security Lifecycle Listener - check for config componentCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL

10.17 Setting Security Lifecycle Listener - check for umask present in startupCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL

10.17 Setting Security Lifecycle Listener - check for umask uncommented in startupCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL

10.18 Use the logEffectiveWebXml and metadata-complete settings for deploying applications in production - context.xmlCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

10.18 Use the logEffectiveWebXml and metadata-complete settings for deploying applications in production - web.xmlCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

11.2 Ensure Apache Processes Run in the httpd_t Confined ContextCIS Apache HTTP Server 2.4 v2.3.0 L2Unix

ACCESS CONTROL, MEDIA PROTECTION

AS24-U1-000270 - The Apache web server must provide install options to exclude the installation of documentation, sample code, example applications, and tutorials - Welcome pageDISA STIG Apache Server 2.4 Unix Server v3r2 MiddlewareUnix

CONFIGURATION MANAGEMENT

AS24-U1-000270 - The Apache web server must provide install options to exclude the installation of documentation, sample code, example applications, and tutorials.DISA STIG Apache Server 2.4 Unix Server v3r2Unix

CONFIGURATION MANAGEMENT

AS24-U2-000700 - Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account.DISA STIG Apache Server 2.4 Unix Site v2r6 MiddlewareUnix

ACCESS CONTROL

AS24-W1-000500 - The Apache web server must generate unique session identifiers that cannot be reliably reproduced.DISA STIG Apache Server 2.4 Windows Server v2r3Windows

SYSTEM AND COMMUNICATIONS PROTECTION

AS24-W1-000690 - Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account.DISA STIG Apache Server 2.4 Windows Server v3r3Windows

ACCESS CONTROL

CIS_Apache_Tomcat_8_L2_v1.1.0_Middleware.audit from CIS Apache Tomcat 8 BenchmarkCIS Apache Tomcat 8 L2 v1.1.0 MiddlewareUnix
CIS_Apache_Tomcat_10_L2_v1.1.0_Middleware.audit from CIS Apache Tomcat 10 BenchmarkCIS Apache Tomcat 10 L2 v1.1.0 MiddlewareUnix
DISA_STIG_Microsoft_Exchange_2013_Edge_Transport_Server_v1r6.audit from DISA Microsoft Exchange 2013 Edge Transport Server v1r6 STIGDISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6Windows

SYSTEM AND INFORMATION INTEGRITY

DISA_STIG_Microsoft_Exchange_2016_Edge_Transport_Server_v2r6.audit from DISA Microsoft Exchange 2016 Edge Transport Server v2r6 STIGDISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6Windows

SYSTEM AND INFORMATION INTEGRITY

DISA_STIG_MSSQL_2016_Instance-OS_v3r6.audit from DISA MS SQL Server 2016 Instance v3r6 STIGDISA MS SQL Server 2016 Instance STIG v3r6 WindowsWindows
User IDs which disclose the privileges associated with it, should not be created.TNS IBM HTTP Server Best PracticeWindows

ACCESS CONTROL

User IDs which disclose the privileges associated with it, should not be created. 'lock'TNS IBM HTTP Server Best PracticeUnix

ACCESS CONTROL

User IDs which disclose the privileges associated with it, should not be created. 'lock'TNS IBM HTTP Server Best Practice MiddlewareUnix

ACCESS CONTROL

User IDs which disclose the privileges associated with it, should not be created. 'nologin'TNS IBM HTTP Server Best PracticeUnix

ACCESS CONTROL