Skip to content

A manager role must be assigned to the Apache Tomcat Web apps (Manager, Host-Manager).

An XCCDF Rule

Description

<VulnDiscussion>If a manager role is not assigned to the Apache Tomcat web apps, the system administrator will not be able to manage and configure the web apps and security setting may not be configured correctly, with could leave the Apache Tomcat susceptible to attack by an intruder.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-106401r1_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

To add a manager role to the Apache Tomcat Web apps (Manager, Host-Manager), run the ISEC7 integrated installer or use the following manual procedure:

By default there are no users with the manager role assigned. To make use of the manager webapp you need to add a new role and user into the <Drive>:\Program Files\ISEC7 EMM Suite\Tomcat\conf\tomcat-users.xml file.

Login to the ISEC7 EMM Suite server.
Navigate to <Drive>:\Program Files\ISEC7 EMM Suite\Tomcat\conf\