STIGQter: STIG Summary: Apache Tomcat Application Sever 9 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

Example applications must be removed.

DISA Rule

SV-222958r615938_rule

Vulnerability Number

V-222958

Group Title

SRG-APP-000141-AS-000095

Rule Version

TCAT-AS-000560

Severity

CAT III

CCI(s)

CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

Fix Recommendation

From the Tomcat server OS type the following command:

sudo rm -rf $CATALINA_BASE/webapps/examples

Check Contents

From the Tomcat server OS type the following command:

sudo ls -l $CATALINA_BASE/webapps/examples.

If the examples folder exists or contains any content, this is a finding.

Vulnerability Number

V-222958

Documentable

False

Rule Version

TCAT-AS-000560

Severity Override Guidance

From the Tomcat server OS type the following command:

sudo ls -l $CATALINA_BASE/webapps/examples.

If the examples folder exists or contains any content, this is a finding.

Check Content Reference

Target Key

4094

Example applications must be removed.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments