TCAT-AS-000470 - Stack tracing must be disabled.

Information

Stack tracing provides debugging information from the application call stacks when a runtime error is encountered. If stack tracing is left enabled, Tomcat will provide this call stack information to the requestor which could result in the loss of sensitive information or data that could be used to compromise the system. As with all STIG settings, it is acceptable to temporarily enable for troubleshooting and debugging purposes but the setting must not be left enabled after troubleshooting tasks have been completed.

Solution

From the Tomcat server as a privileged user, edit the xml files containing the 'allow Trace=true' statement.

Remove the 'allow Trace=true' statement from the affected xml configuration files and restart the Tomcat server:
sudo systemctl restart tomcat
sudo systemctl daemon-reload

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apache_Tomcat_Application_Server_9_V3R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7a., CAT|II, CCI|CCI-000381, Rule-ID|SV-222950r960963_rule, STIG-ID|TCAT-AS-000470, STIG-Legacy|SV-111425, STIG-Legacy|V-102483, Vuln-ID|V-222950

Plugin: Unix

Control ID: 393758c1840e294a511cd978ecca224e90f8403ff85bb9b0e02d5e74f9fd2ff4