UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Unapproved connectors must be disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-222952 TCAT-AS-000500 SV-222952r557518_rule Medium
Description
Connectors are how Tomcat receives requests, passes them to hosted web applications, and then sends back the results to the requestor. Tomcat provides HTTP and Apache JServ Protocol (AJP) connectors and makes these protocols available via configured network ports. Unapproved connectors provide open network connections to either of these protocols and put the system at risk.
STIG Date
Apache Tomcat Application Sever 9 Security Technical Implementation Guide 2020-09-23

Details

Check Text ( C-24624r426300_chk )
Review SSP for list of approved connectors and associated TCP/IP ports. Ensure only approved connectors are present. Execute the following command on the Tomcat server to find configured Connectors:

$ grep “Connector” $CATALINA_BASE/conf/server.xml

Review results and verify all connectors and their associated network ports are approved in the SSP.

If connectors are found but are not approved in the SSP, this is a finding.
Fix Text (F-24613r426301_fix)
Obtain ISSO approvals for the configured connectors and document in the SSP.

Alternatively, edit the $CATALINA_BASE/conf/server.xml file, remove any unapproved connectors, and restart Tomcat:
sudo systemctl restart tomcat
sudo systemctl daemon-reload