Download
| Alert*
CCE-27513-1
Tomcat Apache's backup CGI *.tmp files should exist or not as appropriate CCE-27578-4 The owner of the Tomcat conf/ directory should be set correctly. CCE-27559-4 All permissions for the specified codebase should exist or not exist. CCE-27720-2 The Apache Tomcat pattern attribute should be configured to log the appropriate data elements CCE-27242-7 The Tomcat server shutdown port number should be set correctly CCE-27453-0 The permissions of Apache Tomcat's /work directory should be configred appropriately CCE-27284-9 The account running the Apache Tomcat service should be configured appropriately CCE-27171-8 The Apache Tomcat "maxProcessors" attribute should be configured appropriately. CCE-27630-3 The Apache Tomcat site's robots.txt should be configured to disallow paths and files as appropriate. CCE-27695-6 The group of the Tomcat conf/ directory should be set correctly. CCE-27728-5 The permissions for \cgi-bin directory should be configured appropriately. CCE-27691-5 Tomcat Apache's backup CGI *.old files should exist or not as appropriate CCE-27344-1 The Apache Tomcat SSLProtocol atribute should be configured appropriately. CCE-27517-2 Access to the Tomcat Admin app should be denied as appropriate. CCE-27796-2 The JNDIRealm (LDAP) password digest should be configured appropriately. CCE-27604-8 Access to the Tomcat manager app should be allowed as appropriate. CCE-27735-0 The permissions for \webapps directory should be configured appropriately. CCE-27698-0 The permissions of Apache Tomcat's /server directory should be configred appropriately CCE-27669-1 Tomcat Apache's backup CGI *.backup files should exist or not as appropriate CCE-27253-4 Tomcat should be run with the appropriate group membership. CCE-27716-0 The Tomcat Legacy JK AJP 1.3 protocol handler should be enabled or disabled as appropriate. CCE-27712-9 The access log valve for the Apache Tomcat's Host container should be enabled or disabled as appropriate. CCE-27322-7 The Apache Tomcat's examples folder should be available or removed as appropriate. CCE-27266-6 Tomcat Apache's backup CGI "copy of*.*" files should exist or not as appropriate CCE-27658-4 The location of the log files directory for the specified Logger element should be set correctly. CCE-27431-6 Tomcat should be run by the appropriate account CCE-27616-2 The Tomcat Legacy HTTP/1.1 protocol handler should be enabled or disabled as appropriate. CCE-27405-0 The secure attribute for the specified Tomcat HTTP/1.1 connector should be set as appropriate. CCE-26790-6 The Apache Tomcat Listener SSLEngine attribute should be configured correctly CCE-27416-7 The required permissions for the file %SystemRoot%\System32\cscript.exe should be assigned CCE-27631-1 The owner of the Tomcat installation directory should be set correctly. CCE-27650-1 Access to the Tomcat manager app should be denied as appropriate. CCE-27383-9 The example server.xml file should be installed as appropriate. CCE-26804-5 The permissions for all files located in the folder specified by the Logger component (server.xml) should be configured appropriately. CCE-27518-0 The Apache Tomcat's js examples should be available or removed as appropriate. CCE-27368-0 The port number for the specified JK/JK2 AJP 1.3 connector should be set correctly. CCE-27730-1 The password digest algorithm for JDBCRealm (database) connections should be enabled or disabled as appropriate. CCE-27711-1 The Apache Tomcat Connector SSLEngine attribute should be configured appropriately. CCE-27697-2 The port number for the specified Tomcat Legacy JK AJP 1.3 connector should be set correctly. CCE-27836-6 The Tomcat HTTP/1.1 connector should be enabled or disabled as appropriate. CCE-27420-9 The password digest algorithm for JNDIRealm (LDAP) connections should be enabled or disabled as appropriate. CCE-27719-4 The port number for the specified Tomcat HTTP/1.1 connector should be set correctly. CCE-27560-2 The Tomcat JK/JK2 AJP 1.3 protocol handler should be enabled or disabled as appropriate. CCE-27549-5 The Apache Tomcat's balancer folder should be available or removed as appropriate. CCE-27734-3 Access to Apache Tomcat's interactive scripts should be configured appropriately. CCE-27587-5 The permissions of Apache Tomcat's /shared directory should be configred appropriately CCE-27369-8 The Java Security Manager (JSM) should be enabled or disabled as appropriate. CCE-26926-6 The CGI scripts for Apache Tomcat should be installed in designated folders CCE-27202-1 The Tomcat WARP protocol handler should be enabled or disabled as appropriate. CCE-27613-9 The requried permssions for the file %SystemRoot%\System32\wscript.exe should be assigned. CCE-27678-2 Security roles for the Tomcat manager app should be set correctly. CCE-27436-5 The Apache Tomcat's servlet examples should be available or removed as appropriate. CCE-27248-4 The permissions of Apache Tomcat's installation directory should be configred appropriately CCE-27693-1 The port number for the specified WARP connector should be set correctly. CCE-27591-7 The permissions for the tomcat-users.xml file should be set correctly. CCE-27546-1 The Unix permissions for the Tomcat installation directory should be set correctly. CCE-27569-3 The permissions of Apache Tomcat's /webapps directory should be configred appropriately CCE-27523-0 The file prefix for the specified Logger element should be configured appropriately. CCE-27625-3 Tomcat Apache's backup CGI *.bak files should exist or not as appropriate CCE-27718-6 The Apache Tomcat's server documentation should be available or removed as appropriate. CCE-27621-2 The permissions of Apache Tomcat's /conf directory should be configred appropriately CCE-27663-4 Security roles for the Tomcat admin app should be set correctly. CCE-26893-8 The group of the tomcat-users.xml file should be set correctly. CCE-27640-2 The Apache Tomcat server attribute for all Connectors should be configured correctly CCE-27744-2 The Apache Tomcat's webdav folder should be available or removed as appropriate. CCE-27702-0 The port number for the specified Tomcat Legacy HTTP/1.1 connector should be set correctly. CCE-27721-0 The verbosity for the specified Logger element should be configured appropriately. CCE-27865-5 The JDBCRealm (database) password digest algorithm should be set correctly CCE-27675-8 The maximum password age setting for Tomcat's service account should be configured appropriately. CCE-27671-7 Tomcat should be configured to run with or without the Java Security Manager upon startup. CCE-27725-1 The permissions for the Tomcat conf/ directory should be set correctly. CCE-27573-5 The access log valve for the Apache Tomcat's Engine container should be enabled or disabled as appropriate. CCE-27535-4 All readable Tomcat Apache web document directories should have their default webpage configured appropriately. CCE-27312-8 The owner of the tomcat-users.xml file should be set correctly. CCE-26996-9 The permissions of Apache Tomcat's /common directory should be configred appropriately CCE-27649-3 The permissions of Apache Tomcat's /bin directory should be configred appropriately CCE-27441-5 The Tomcat login authentication method should be set correctly. CCE-27483-7 The access log valve for the Apache Tomcat's Context container should be enabled or disabled as appropriate. CCE-27622-0 Access to the Tomcat Admin app should be allowed as appropriate. CCE-27683-2 The permissions of Apache Tomcat's /logs directory should be configred appropriately CCE-27298-9 The permissions of Apache Tomcat's /temp directory should be configred appropriately CCE-27501-6 The group of the Tomcat installation installation should be set correctly. CCE-27562-8 Tomcat Apache's backup CGI *.temp files should exist or not as appropriate |