Title

The Apache Tomcat shutdown port must be disabled. (Cat II impact)

Discussion

Tomcat uses a port (defaults to 8005) as a shutdown port. Someone could Telnet to the machine using this port and send the default command SHUTDOWN. Tomcat and all web apps would shut down in that case, which is a denial-of-service attack and would cause an unwanted service interruption.

Check Content

Verify the shutdown port is disabled. Log in to the SPHERE server. Browse to Program Files\Isec7 SPHERE\Tomcat\Conf. Open the server.xml with Notepad.exe. Select Edit >> Find, and then search for "Shutdown". Verify that the shutdown port has been disabled with entry below: shutdown="-1" If the shutdown port has not been disabled, this is a finding.

Fix Text

Log in to the SPHERE server. Browse to Program Files\Isec7 SPHERE\Tomcat\Conf. Open the server.xml with Notepad.exe. Select Edit >> Find, and then search for "Shutdown". Change the shutdown to "-1". example: shutdown=-1 Save the file and restart the Isec7 SPHERE Web service with the services.msc.

Additional Identifiers

Rule ID: SV-224789r1013876_rule

Vulnerability ID: V-224789

Group Title: SRG-APP-000380

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.