CIS Apache Tomcat 8 L2 V1.1.0

Details Tomcat allows auto deployment of applications while Tomcat is running. It is recommended that this capability be disabled. Rationale:...

Details Being able to specify different path-delimiters on Tomcat creates the possibility that an attacker can access applications that were...

Details Being able to specify different path-delimiters on Tomcat creates the possibility that an attacker can access applications that were...

Details The ability to specify custom status messages opens up the potential for additional headers to be injected. If custom...

Details Setting enableLookups to true on Connector will result in a DNS look-ups to obtain the host name of the...

Details Ensure the className attribute is set to AccessLogValve. The className attribute determines the access log valve to be used...

Details The server header is a vanity header developed to help identify the underlying technology in a server for troubleshooting...

Details Use the transport-guarantee attribute to ensure SSL protection when accessing all applications. This can be overridden on a per...

Details The installation may provide example applications, documentation, and other directories which may not serve a production use. Rationale: Removing...

Details The installation may provide example applications, documentation, and other directories which may not serve a production use. Rationale: Removing...