Skip to content

Tomcat users in a management role must be approved by the ISSO.

An XCCDF Rule

Description

<VulnDiscussion>Deploying applications to Tomcat requires a Tomcat user account that is in the "manager-script" role. Any user accounts in a Tomcat management role must be approved by the ISSO.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-223006r961863_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Document the users and the roles that have been defined for use with the Tomcat server.

Ensure that all users and roles with access to Tomcat management features and capabilities are approved by the ISSO.