STIGQter STIGQter: STIG Summary: Apache Tomcat Application Sever 9 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

xpoweredBy attribute must be disabled.

DISA Rule

SV-222957r615938_rule

Vulnerability Number

V-222957

Group Title

SRG-APP-000141-AS-000095

Rule Version

TCAT-AS-000550

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

From the Tomcat server as a privileged user, edit the $CATALINA_BASE/conf/server.xml file.

Examine each <Connector> </Connector> element, if the element contains xpoweredBy="true", modify the statement to read ", xpoweredBy="false".

sudo systemctl restart tomcat
sudo systemctl daemon-reload

Check Contents

From the Tomcat server run the following OS command:

sudo cat $CATALINA_BASE/conf/server.xml |grep -i -C4 xpoweredby.

If any connector elements contain xpoweredBy="true", this is a finding.

Vulnerability Number

V-222957

Documentable

False

Rule Version

TCAT-AS-000550

Severity Override Guidance

From the Tomcat server run the following OS command:

sudo cat $CATALINA_BASE/conf/server.xml |grep -i -C4 xpoweredby.

If any connector elements contain xpoweredBy="true", this is a finding.

Check Content Reference

M

Target Key

4094

Comments