Details
Setting crossContext to true allows for an application to call ServletConext.getContext to return a dispatcher for another application.
Rationale:
Allowing crossContext creates the possibility for a malicious application to make requests to a restricted application.
Solution
Set the crossContext attribute in all context.xml files to false:
Default Value:
By default crossContext has a value of false.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.