UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The shutdown port must be disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-222951 TCAT-AS-000490 SV-222951r557518_rule Medium
Description
Tomcat listens on TCP port 8005 to accept shutdown requests. By connecting to this port and sending the SHUTDOWN command, all applications within Tomcat are halted. The shutdown port is not exposed to the network as it is bound to the loopback interface. Set the shutdown attribute in $CATALINA_BASE/conf/server.xml.
STIG Date
Apache Tomcat Application Sever 9 Security Technical Implementation Guide 2020-09-23

Details

Check Text ( C-24623r426297_chk )
From the Tomcat server run the following OS command:

$ sudo grep -i shutdown $CATALINA_BASE/conf/server.xml

Ensure the server shutdown port attribute in $CATALINA_BASE/conf/server.xml is set to -1.

EXAMPLE:


If Server port not = "-1" shutdown="SHUTDOWN", this is a finding.
Fix Text (F-24612r426298_fix)
From the Tomcat server as a privileged user, edit the $CATALINA_BASE/conf/server.xml file: set the Server port setting to -1 and restart the Tomcat server.



sudo systemctl restart tomcat
sudo systemctl daemon-reload