1.12.8 Do not allow additional path delimiters (verify ALLOW_BACKSLASH is set to false)

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Being able to specify different path-delimiters on Tomcat creates the possibility that an attacker can access applications that were previously blocked by a proxy like mod_proxy.

See Also

https://workbench.cisecurity.org/files/261

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-10

Plugin: Unix

Control ID: 1941dcd723fa70d0fec397bcea16ada273c78a3e328de990b3c97afacc9923d8