STIGQter: STIG Summary: Apache Tomcat Application Sever 9 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Apache Tomcat Application Sever 9 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:SV-222950r615938_rule
V-222950
SRG-APP-000141-AS-000095
TCAT-AS-000470
CAT II
10
From the Tomcat server as a privileged user, edit the xml files containing the "allow Trace=true" statement.
Remove the "allow Trace=true" statement from the affected xml configuration files and restart the Tomcat server:
sudo systemctl restart tomcat
sudo systemctl daemon-reload
From the Tomcat server run the following OS command:
sudo cat $CATALINA_BASE/conf/server.xml | grep -i connector
Review each connector element, ensure each connector does not have an "allowTrace" setting or ensure the "allowTrace" setting is set to false.
<Connector ... allowTrace="false" />
Do the same for each application by checking every $CATALINA_BASE/webapps/<APP_NAME>/WEBINF/web.xml file on the system.
sudo cat $CATALINA_BASE/webapps/<APP_NAME>/WEBINF/web.xml |grep -i connector
If a connector element in the server.xml file or in any of the <APP NAME>/WEBINF/web.xml files contains the "allow Trace = true" statement, this is a finding.
V-222950
False
TCAT-AS-000470
From the Tomcat server run the following OS command:
sudo cat $CATALINA_BASE/conf/server.xml | grep -i connector
Review each connector element, ensure each connector does not have an "allowTrace" setting or ensure the "allowTrace" setting is set to false.
<Connector ... allowTrace="false" />
Do the same for each application by checking every $CATALINA_BASE/webapps/<APP_NAME>/WEBINF/web.xml file on the system.
sudo cat $CATALINA_BASE/webapps/<APP_NAME>/WEBINF/web.xml |grep -i connector
If a connector element in the server.xml file or in any of the <APP NAME>/WEBINF/web.xml files contains the "allow Trace = true" statement, this is a finding.
M
4094