DISA STIG Apache Tomcat Application Server 9 V2R3 Middleware

Details Tomcat provides documentation and other directories in the default installation which do not serve a production use. These files...

Details The privileged attribute controls if a context (application) is allowed to use container provided servlets like the Manager servlet....

Details Using the local user store on a Tomcat installation does not meet a multitude of security control requirements related...

Details Java Management Extensions (JMX) provides the means to remotely manage the Java VM. When enabling the JMX agent for...

Details Java Management Extensions (JMX) provides the means for enterprises to remotely manage the Java VM and can be used...

Details The Host element controls deployment. Automatic deployment allows for simpler management, but also makes it easier for an attacker...

Details Tomcat allows auto-deployment of applications while Tomcat is running. This can allow untested or malicious applications to be automatically...

Details Individual connectors can be configured to display the Tomcat server info to clients. This information can be used to...

Details JNDIRealm is an implementation of the Tomcat Realm interface. Tomcat uses the JNDIRealm to look up users in an...

Details Tomcat truststores are used to validate client certificates. On the Ubuntu OS, by default Tomcat uses the ‘cacerts’ file...