Skip to content

Stack tracing must be disabled.

An XCCDF Rule

Description

<VulnDiscussion>Stack tracing provides debugging information from the application call stacks when a runtime error is encountered. If stack tracing is left enabled, Tomcat will provide this call stack information to the requestor which could result in the loss of sensitive information or data that could be used to compromise the system. As with all STIG settings, it is acceptable to temporarily enable for troubleshooting and debugging purposes but the setting must not be left enabled after troubleshooting tasks have been completed.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-222950r960963_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

From the Tomcat server as a privileged user, edit the xml files containing the "allow Trace=true" statement.

Remove the "allow Trace=true" statement from the affected xml configuration files and restart the Tomcat server:
sudo systemctl restart tomcat
sudo systemctl daemon-reload