The Apache Tomcat shutdown port must be disabled.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-224789 | SRG-APP-000380 | ISEC-06-551300 | SV-224789r1013876_rule | 2024-08-20 | 3 |
| Description |
|---|
| Tomcat uses a port (defaults to 8005) as a shutdown port. Someone could Telnet to the machine using this port and send the default command SHUTDOWN. Tomcat and all web apps would shut down in that case, which is a denial-of-service attack and would cause an unwanted service interruption. |
| ℹ️ Check |
|---|
| Verify the shutdown port is disabled. Log in to the SPHERE server. Browse to Program Files\Isec7 SPHERE\Tomcat\Conf. Open the server.xml with Notepad.exe. Select Edit >> Find, and then search for "Shutdown". Verify that the shutdown port has been disabled with entry below: shutdown="-1" If the shutdown port has not been disabled, this is a finding. |
| ✔️ Fix |
|---|
| Log in to the SPHERE server. Browse to Program Files\Isec7 SPHERE\Tomcat\Conf. Open the server.xml with Notepad.exe. Select Edit >> Find, and then search for "Shutdown". Change the shutdown to "-1". example: shutdown=-1 Save the file and restart the Isec7 SPHERE Web service with the services.msc. |