Disable client-facing stack traces (check for defined exception type)
Details Debugging information, such as that found in call stacks, often contains sensitive information that may useful to an attacker....
- Home
- Security Hardening
- CIS Apache Tomcat 7 L1 V1.1.0 Middleware
CIS Apache Tomcat 7 L1 V1.1.0 Middleware
Do not allow cross context requests
Details Setting crossContext to true allows for an application to call ServletConext.getContext to return a dispatcher for another application. Solution...Do not allow symbolic linking
Details Symbolic links allow one application to include the libraries from another. This allows for re-use of code but also...Do not run applications as privileged
Details Setting the privileged attribute for an application changes the class loader to the Server class loader instead of the...Enable strict servlet Compliance
Details The STRICT_SERVLET_COMPLIANCE influences Tomcat’s behavior in several subtle ways. See the References below for the complete list. It is...Ensure directory in context.xml is a secure location – configuration
Details The directory attribute tells Tomcat where to store logs. It is recommended that the location pointed to by the...Ensure directory in context.xml is a secure location – permissions
Details The directory attribute tells Tomcat where to store logs. It is recommended that the location pointed to by the...Ensure directory in logging.properties is a secure location (check application log directory is secure)
Details The directory attribute tells Tomcat where to store logs. The directory value should be a secure location with restricted...Ensure directory in logging.properties is a secure location (check log directory location)
Details The directory attribute tells Tomcat where to store logs. The directory value should be a secure location with restricted...Ensure directory in logging.properties is a secure location (check prefix application name)
Details The directory attribute tells Tomcat where to store logs. The directory value should be a secure location with restricted...