STIGQter: STIG Summary: Apache Tomcat Application Sever 9 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Apache Tomcat Application Sever 9 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:SV-223004r615938_rule
V-223004
SRG-APP-000516-AS-000237
TCAT-AS-001680
CAT II
10
As a privileged user on the Tomcat server:
If the finding is in the catalina.properties file, edit the $CATALINA_BASE/conf/catalina.properties file.
sudo nano $CATALINA_BASE/conf/catalina.properties
Change the org.apache.catalina.connector.ALLOW_BACKSLASH=true setting to =false.
If the finding is in the /etc/systemd/services/tomcat/service file, edit the file using a text editor.
sudo nano /etc/systemd/services/tomcat.service
Locate the "Environment='CATALINA_OPTS=' line and change the -D.org.apache.catalina.connectorALLOW_BACKSLASH=true setting to =false.
Restart Tomcat by running the following commands:
sudo systemctl restart tomcat
sudo systemctl daemon-reload
If the ISSO has accepted the risk for enabling the ALLOW_BACKSLASH setting, this requirement is NA.
From the Tomcat server as an elevated user, run the following command:
sudo grep -i ALLOW_BACKSLASH $CATALINA_BASE/conf/catalina.properties
sudo grep -i catalina_opts /etc/systemd/system/tomcat.service
If org.apache.catalina.connector. ALLOW_BACKSLASH=true, this is a finding.
V-223004
False
TCAT-AS-001680
If the ISSO has accepted the risk for enabling the ALLOW_BACKSLASH setting, this requirement is NA.
From the Tomcat server as an elevated user, run the following command:
sudo grep -i ALLOW_BACKSLASH $CATALINA_BASE/conf/catalina.properties
sudo grep -i catalina_opts /etc/systemd/system/tomcat.service
If org.apache.catalina.connector. ALLOW_BACKSLASH=true, this is a finding.
M
4094