All Web applications included with Apache Tomcat that are not required must be removed.
An XCCDF Rule
Description
<VulnDiscussion>Removal of unneeded or nonsecure functions, ports, protocols, and services mitigate the risk of unauthorized connection of devices, unauthorized transfer of information, or other exploitation of these resources. The organization must perform a periodic scan/review of the application (as required by CCI-000384) and disable functions, ports, protocols, and services deemed to be unneeded or nonsecure.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-224781r1013855_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
To configure the CATALINA_HOME/webapps Tomcat administrative tool to remove all Web applications that are not required, run the ISEC7 integrated installer or use the following manual procedure:
Log in to the ISEC7 SPHERE server.
Browse to <Drive>:\Program Files\ISEC7 SPHERE\Tomcat\webapps\
Remove all folders in the directory with the exception of Manager and Host-Manager.