Home
Security Hardening
DISA STIG Apache Tomcat Application Server 9 V2R3 Middleware

DISA STIG Apache Tomcat Application Server 9 V2R3 Middleware

TCAT-AS-000380 – Jar files in the $CATALINA_HOME/bin/ folder must have their permissions set to 640.
Details Tomcat’s file permissions must be restricted. The standard configuration is to have all Tomcat files owned by root with...
TCAT-AS-000390 – $CATALINA_HOME/bin folder permissions must be set to 750.
Details Tomcat file permissions must be restricted. The standard configuration is to have all Tomcat files owned by root with...
TCAT-AS-000450 – Tomcat user UMASK must be set to 0027.
Details For Unix-based systems, umask settings affect file creation permissions. If the permissions are too loose, newly created log files...
TCAT-AS-000470 – Stack tracing must be disabled.
Details Stack tracing provides debugging information from the application call stacks when a runtime error is encountered. If stack tracing...
TCAT-AS-000490 – The shutdown port must be disabled.
Details Tomcat listens on TCP port 8005 to accept shutdown requests. By connecting to this port and sending the SHUTDOWN...
TCAT-AS-000500 – Unapproved connectors must be disabled.
Details Connectors are how Tomcat receives requests, passes them to hosted web applications, and then sends back the results to...
TCAT-AS-000510 – DefaultServlet debug parameter must be disabled.
Details The DefaultServlet serves static resources as well as serves the directory listings (if directory listings are enabled). It is...
TCAT-AS-000520 – DefaultServlet directory listings parameter must be disabled.
Details The DefaultServlet serves static resources as well as directory listings. It is declared globally in $CATALINA_BASE/conf/web.xml and by default...
TCAT-AS-000560 – Example applications must be removed.
Details Tomcat provides example applications, documentation, and other directories in the default installation which do not serve a production use....
TCAT-AS-000570 – Tomcat default ROOT web application must be removed.
Details The default ROOT web application includes the version of Tomcat that is being used, links to Tomcat documentation, examples,...

Prev Next

DISA STIG Apache Tomcat Application Server 9 V2R3 Middleware

TCAT-AS-000380 – Jar files in the $CATALINA_HOME/bin/ folder must have their permissions set to 640.

TCAT-AS-000390 – $CATALINA_HOME/bin folder permissions must be set to 750.

TCAT-AS-000450 – Tomcat user UMASK must be set to 0027.

TCAT-AS-000470 – Stack tracing must be disabled.

TCAT-AS-000490 – The shutdown port must be disabled.

TCAT-AS-000500 – Unapproved connectors must be disabled.

TCAT-AS-000510 – DefaultServlet debug parameter must be disabled.

TCAT-AS-000520 – DefaultServlet directory listings parameter must be disabled.

TCAT-AS-000560 – Example applications must be removed.

TCAT-AS-000570 – Tomcat default ROOT web application must be removed.