Details

Tomcat listens on TCP port 8005 to accept shutdown requests. By connecting to this port and sending the SHUTDOWN command, all applications within Tomcat are halted. The shutdown port is not exposed to the network as it is bound to the loopback interface. Set the shutdown attribute in $CATALINA_BASE/conf/server.xml.

Solution

From the Tomcat server as a privileged user, edit the $CATALINA_BASE/conf/server.xml file: set the Server port setting to -1 and restart the Tomcat server.

sudo systemctl restart tomcat
sudo systemctl daemon-reload

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apache_Tomcat_Application_Server_9_V2R3_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

• 800-53|CM-7a.
• CAT|II
• CCI|CCI-000381
• Rule-ID|SV-222951r615938_rule
• STIG-ID|TCAT-AS-000490
• STIG-Legacy|SV-111427
• STIG-Legacy|V-102485
• Vuln-ID|V-222951

Source

• Tenable.com/audits