STIGQter: STIG Summary: ISEC7 Sphere Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

Stack tracing must be disabled in Apache Tomcat.

DISA Rule

SV-224788r505933_rule

Vulnerability Number

V-224788

Group Title

SRG-APP-000383

Rule Version

ISEC-06-551200

Severity

CAT II

CCI(s)

CCI-001762 - The organization disables organization-defined functions, ports, protocols, and services within the information system deemed to be unnecessary and/or nonsecure.

Weight

Fix Recommendation

Remove the default error page by updating the web application web.xml file.

Navigate to the ISEC7 EMM Suite installation directory: <Drive>:\Program Files\ISEC7 EMM Suite\web\WEB-INF
Open web.xml with Notepad.exe
Scroll to the end of the file.
Remove the comment tags 



Save the changes.

This will acknowledge to the user that an exception occurred without showing any trace or source information.

Check Contents

Verify stack tracing has been disabled in Apache Tomcat.

Navigate to the ISEC7 EMM Suite installation directory: <Drive>:\Program Files\ISEC7 EMM Suite\web\WEB-INF
Open web.xml with Notepad.exe
Scroll to the end of the file.
Confirm there are no comment tags  and the following exists without comment tags:

<error-page>
<exception-type>java.lang.Exception</exception-type>
<location>/exception.jsp</location>
</error-page>

If stack tracing has not been disabled in Apache Tomcat, this is a finding.

Vulnerability Number

V-224788

Documentable

False

Rule Version

ISEC-06-551200

Severity Override Guidance

Check Content Reference

Target Key

4200

Stack tracing must be disabled in Apache Tomcat.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments