UCF STIG Viewer Logo

All Web applications included with Apache Tomcat that are not required must be removed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-224781 ISEC-06-550200 SV-224781r505933_rule Medium
Description
Removal of unneeded or non-secure functions, ports, protocols, and services mitigate the risk of unauthorized connection of devices, unauthorized transfer of information, or other exploitation of these resources. The organization must perform a periodic scan/review of the application (as required by CCI-000384) and disable functions, ports, protocols, and services deemed to be unneeded or non-secure.
STIG Date
ISEC7 Sphere Security Technical Implementation Guide 2020-09-04

Details

Check Text ( C-26472r461599_chk )
Verify CATALINA_HOME/webapps Tomcat administrative tool has been configured to remove all Web applications that are not required.

Log in to the ISEC7 EMM Suite server.
Browse to :\Program Files\ISEC7 EMM Suite\Tomcat\webapps\
Confirm all folders in the directory with the exception of Manager and Host-Manager have been removed.

If the CATALINA_HOME/webapps Tomcat administrative tool has not been configured to remove all Web applications that are not required, this is a finding.
Fix Text (F-26460r461600_fix)
To configure the CATALINA_HOME/webapps Tomcat administrative tool to remove all Web applications that are not required, run the ISEC7 integrated installer or use the following manual procedure:

Login to the ISEC7 EMM Suite server.
Browse to :\Program Files\ISEC7 EMM Suite\Tomcat\webapps\
Remove all folders in the directory with the exception of Manager and Host-Manager.