Connector address attribute must be set.

An XCCDF Rule

Description

<VulnDiscussion>Connectors are how Tomcat receives requests over a network port, passes them to hosted web applications via HTTP or AJP, and then sends back the results to the requestor. The "address" attribute specifies which network interface the connector listens on. If no IP address is specified, the connector will listen on all configured interfaces. Access to the connector must be restricted to only the network interface(s) specified in the System Security Plan (SSP).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-223009r961863_rule
Severity: Low
References: CCI-000366
Updated: 17 days ago

Ensure the address attribute for each connector and the network interfaces are specified in the SSP.

Edit the following file From the Tomcat server as a privileged user:

$CATALINA_BASE/conf/server.xml
Locate each Connector element then edit or add the "address=" field for each connector and specify the appropriate network IP address. The following is an example using a random IP address:

EXAMPLE:
<Connector
port="8443"
address="192.168.0.145"
...
/>

Restart the Tomcat server:
sudo systemctl restart tomcat
sudo systemctl daemon-reload

Connector address attribute must be set.

Description

Remediation - Manual Procedure