All Web applications included with Apache Tomcat that are not required must be removed.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-97277	ISEC-06-550200	SV-106383r1_rule		Medium

Description
Removal of unneeded or non-secure functions, ports, protocols, and services mitigate the risk of unauthorized connection of devices, unauthorized transfer of information, or other exploitation of these resources. The organization must perform a periodic scan/review of the application (as required by CCI-000384) and disable functions, ports, protocols, and services deemed to be unneeded or non-secure.

Description

Removal of unneeded or non-secure functions, ports, protocols, and services mitigate the risk of unauthorized connection of devices, unauthorized transfer of information, or other exploitation of these resources. The organization must perform a periodic scan/review of the application (as required by CCI-000384) and disable functions, ports, protocols, and services deemed to be unneeded or non-secure.

STIG	Date
ISEC7 EMM Suite v6.x Security Technical Implementation Guide	2019-09-05

Details

Check Text ( C-96115r1_chk )
Verify CATALINA_HOME/webapps Tomcat administrative tool has been configured to remove all Web applications that are not required. Log in to the ISEC7 EMM Suite server. Browse to :\Program Files\ISEC7 EMM Suite\Tomcat\webapps\ Confirm all folders in the directory with the exception of Manager and Host-Manager have been removed. If the CATALINA_HOME/webapps Tomcat administrative tool has not been configured to remove all Web applications that are not required, this is a finding.

Check Text ( C-96115r1_chk )

Verify CATALINA_HOME/webapps Tomcat administrative tool has been configured to remove all Web applications that are not required.

Log in to the ISEC7 EMM Suite server.
Browse to :\Program Files\ISEC7 EMM Suite\Tomcat\webapps\
Confirm all folders in the directory with the exception of Manager and Host-Manager have been removed.

If the CATALINA_HOME/webapps Tomcat administrative tool has not been configured to remove all Web applications that are not required, this is a finding.

Fix Text (F-102959r1_fix)
To configure the CATALINA_HOME/webapps Tomcat administrative tool to remove all Web applications that are not required, run the ISEC7 integrated installer or use the following manual procedure: Login to the ISEC7 EMM Suite server. Browse to :\Program Files\ISEC7 EMM Suite\Tomcat\webapps\ Remove all folders in the directory with the exception of Manager and Host-Manager.