UCF STIG Viewer Logo

Applications in privileged mode must be approved by the ISSO.


Overview

Finding ID Version Rule ID IA Controls Severity
V-222961 TCAT-AS-000590 SV-222961r615938_rule Medium
Description
The privileged attribute controls if a context (application) is allowed to use container provided servlets like the Manager servlet. It is false by default and should only be changed for trusted web applications. Set to true to allow the context (application) to use container servlets, like the manager servlet. Use of the privileged attribute will change the context's parent class loader to be the Server class loader rather than the Shared class loader. Note that in a default installation, the Common class loader is used for both the Server and the Shared class loaders. Use of the privileged attribute will change the context's parent class loader to be the Server class loader rather than the Shared class loader.
STIG Date
Apache Tomcat Application Sever 9 Security Technical Implementation Guide 2021-12-27

Details

Check Text ( C-24633r426327_chk )
Individual Context elements may be explicitly defined in an individual file located at /META-INF/context.xml inside the application files or in the $CATALINA_BASE/conf/context.xml file. It is not recommended to store the context element in the server.xml file as changes will require a server restart.

The $CATALINA_BASE/conf/context element information will be loaded by all web applications, the META-INF/context.xml will only be loaded by that specific application.

On the Tomcat server as a privileged user run the following commands:

grep -i privileged $CATALINA_BASE/conf/context.xml

Repeat the following command for each installed application:

grep -i privileged $CATALINA_BASE/webapps/META-INF/context.xml

If the privileged context attribute is set to true, confirm the application has been approved for privileged mode by the ISSO. If the application is not approved to run in privileged mode, this is a finding.
Fix Text (F-24622r426328_fix)
On the Tomcat server as a privileged user, modify the relevant context.xml file and set the privileged attribute to false (privileged=false).
A restart should not be required if the context element is not maintained in the server.xml file.

If privileged mode is required for a particular application, verify trust of application and obtain documented approval from the ISSO. Document the applications that are approved to run in privileged mode and retain approvals in the system security plan (SSP) for CCRI reviews.