UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Connectors must be approved by the ISSO.


Overview

Finding ID Version Rule ID IA Controls Severity
V-223008 TCAT-AS-001720 SV-223008r615938_rule Low
Description
Connectors are how Tomcat receives requests over a network port, passes them to hosted web applications via HTTP or AJP and then sends back the results to the requestor. A port and a protocol are tied to each connector. Only connectors approved by the ISSO must be installed. ISSO review will consist of validating connector protocol as being secure and required in order for the hosted application to operate. The ISSO will ensure that unnecessary or insecure connector protocols are not enabled. The ISSO will provide documented approval for each connector that will be maintained in the System Security Plan (SSP).
STIG Date
Apache Tomcat Application Sever 9 Security Technical Implementation Guide 2021-06-15

Details

Check Text ( C-24680r426468_chk )
Review the Tomcat servers System Security Plan/server documentation.

Access the Tomcat server and review the server.xml file.

grep -i "connector port" $CATALINA_BASE/conf/server.xml

Compare the active Connectors and their associated IP ports with the Connectors documented and approved in the SSP.

If the Connectors that are configured on the Tomcat server are not approved by the ISSO and documented in the SSP, this is a finding.
Fix Text (F-24669r426469_fix)
Document and obtain ISSO approval for the Connectors that are configured on the Tomcat server.

Retain the information in the SSP and present to the auditor in the event of a CCRI.