Check: TCAT-AS-000560
Apache Tomcat Application Server 9 STIG:
TCAT-AS-000560
(in versions v2 r7 through v1 r1)
Title
Example applications must be removed. (Cat III impact)
Discussion
Tomcat provides example applications, documentation, and other directories in the default installation which do not serve a production use. These files must be deleted.
Check Content
From the Tomcat server OS type the following command: sudo ls -l $CATALINA_BASE/webapps/examples. If the examples folder exists or contains any content, this is a finding.
Fix Text
From the Tomcat server OS type the following command: sudo rm -rf $CATALINA_BASE/webapps/examples
Additional Identifiers
Rule ID: SV-222958r879587_rule
Vulnerability ID: V-222958
Group Title: SRG-APP-000141-AS-000095
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
Number | Definition |
---|---|
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
Number | Title |
---|---|
CM-7 |
Least Functionality |