Home
Security Hardening
CIS Apache Tomcat 7 L1 V1.1.0 Middleware

CIS Apache Tomcat 7 L1 V1.1.0 Middleware

Starting Tomcat with Security Manager
Details Configure application to run in a sandbox using the Security Manager. The Security Manager restrict what classes Tomcat can...
Turn off session facade recycling
Details The RECYCLE_FACADES can specify if a new facade will be created for each request. If a new facade is...
Turn off TRACE (check server.xml)
Details Diagnostic information, such as that found in the response to a TRACE request, often contains sensitive information that may...
Turn off TRACE (check web.xml config files)
Details Diagnostic information, such as that found in the response to a TRACE request, often contains sensitive information that may...
Use the logEffectiveWebXml and metadata-complete settings for deploying applications in production – context.xml
Details Both Fragments and annotations give rise to security concerns. web.xml contains a metadata-complete attribute in the web-app element whose...
Use the logEffectiveWebXml and metadata-complete settings for deploying applications in production – web.xml
Details Both Fragments and annotations give rise to security concerns. web.xml contains a metadata-complete attribute in the web-app element whose...