6/12/2023 0 Comments Apache tomcat managerLocalhost and Management network CIDR block IPV4 and IPV6 example If the Remote Address Valve settings are commented out or not configured to restrict access to localhost or the management network, this is a finding. If there are no results, then no address valves exist and this is a finding. Sudo grep -i -A1 "RemoteAddrValve\|RemoteCIDRValve" $CATALINA_BASE/webapps/manager/META-INF/context.xml Run the following command as a privileged user: If the manager application has been deleted from the system, this is not a finding. Review system documentation (SSP) and identify the documented management networks as well as the documented client networks. ![]() This setting is managed in the $CATALINA_BASE/conf/server.xml file.Īpache Tomcat Application Sever 9 Security Technical Implementation Guideĭetails Check Text ( C-24642r426354_chk ) To mitigate this risk, the management application should only be run on the localhost or on network interfaces tied to a dedicated management network. Exposing the management application to any network interface that is available to non-administrative personnel leaves the Tomcat server vulnerable to attempts to access the management application. ![]() By default, the manager application is only accessible via the localhost. The Tomcat manager application is used to manage the Tomcat server and the applications that run on Tomcat.
0 Comments
Leave a Reply. |