Apache Tomcat Application Server 9 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Connectors must be secured.
<VulnDiscussion>The unencrypted HTTP protocol does not protect data from interception or alteration which can subject users to eavesdropping,...Rule Medium Severity -
SRG-APP-000033-AS-000024
<GroupDescription></GroupDescription>Group -
The Java Security Manager must be enabled.
<VulnDiscussion>The Java Security Manager (JSM) is what protects the Tomcat server from trojan servlets, JSPs, JSP beans, tag libraries, or e...Rule Medium Severity -
SRG-APP-000089-AS-000050
<GroupDescription></GroupDescription>Group -
Tomcat servers behind a proxy or load balancer must log client IP.
<VulnDiscussion>When running Tomcat behind a load balancer or proxy, default behavior is for Tomcat to log the proxy or load balancer IP addr...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules