Details
Limit access to the manager application to only those with a required need.
Review $CATALINA_BASE/conf/[enginename]/[hostname]/manager.xml to ascertain that the RemoteAddrValve option is uncommented and configured to only allow access to systems required to connect.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
For the manager application, edit $CATALINA_BASE/conf/[enginename]/[hostname]/manager.xml, and add the second line:
Add hosts, comma separated, which are allowed to access the admin application.
Note: The RemoteAddrValve property expects a regular expression, therefore periods and other regular expression meta-characters must be escaped.
Supportive Information
The following resource is also helpful.
This control applies to the following type of system Unix.