Alter the Advertised server.built Date
Details The server.built date represents the date which Tomcat was compiled and packaged. This value is presented to Tomcat clients...
- Home
- Security Hardening
- CIS Apache Tomcat 8 L2 V1.1.0
CIS Apache Tomcat 8 L2 V1.1.0
Alter the Advertised server.info String
Details The server.info attribute contains the name of the application service. This value is presented to Tomcat clients when clients...Alter the Advertised server.number String
Details The server.number attribute represents the specific version of Tomcat which is executing. This value is presented to Tomcat clients...Application specific logging
Details By default, java.util.logging does not provide the capabilities to configure per-web application settings, only per VM. In order to...Configure connectionTimeout
Details The connectionTimeout setting allows Tomcat to close idle sockets after a specific amount of time to save system resources....Configure maxHttpHeaderSize
Details The maxHttpHeaderSize limits the size of the request and response headers defined in bytes. Rationale: Limiting the size of...Disable deploy on startup of applications
Details Tomcat allows auto deployment of applications on startup. It is recommended that this capability be disabled. Rationale: This could...Disable the Shutdown port
Details Tomcat listens on TCP port 8005 to accept shutdown requests. By connecting to this port and sending the SHUTDOWN...Disable Unused Connectors
Details The default installation of Tomcat includes connectors with default settings. These are traditionally set up for convenience. It is...Disable X-Powered-By HTTP Header and Rename the Server Value for all Connectors
Details The xpoweredBy setting determines if Apache Tomcat will advertise its presence via the XPowered-By HTTP header. It is recommended...