'TCAT-AS-001730 - Connector address attribute must be set.' (Vuln ID: V-223009)

book

Article ID: 224402

calendar_today

Updated On:

Products

CA Spectrum DX NetOps

Issue/Introduction

STIG Finding:

Connectors are how Tomcat receives requests over a network port, passes them to hosted web applications via HTTP or AJP, and then sends back the results to the requestor. The "address" attribute specifies which network interface the connector listens on. If no IP address is specified, the connector will listen on all configured interfaces. Access to the connector must be restricted to only the network interface(s) specified in the System Security Plan (SSP).

Ensure the address attribute for each connector and the network interfaces are specified in the SSP.

Edit the following file From the Tomcat server as a privileged user:

$CATALINA_BASE/conf/server.xml

Locate each Connector element then edit or add the "address=" field for each connector and specify the appropriate network IP address. The following is an example using a random IP address:

EXAMPLE:
<Connector
port="8443"
address="192.168.0.145"
...
/>

Restart the Tomcat server:
sudo systemctl restart tomcat
sudo systemctl daemon-reload

 

---------------------------------

Can this be done in DX Netops Spectrum without causing issues?

Environment

Release : 21.2

 

Resolution

The address="ip" can be added to the server.xml <connector>.

Steps:

Edit the $SPECROOT/tomcat/conf/server.xml

Locate each Connector element specified then edit or add the "address=" field for each connector and specify the appropriate network IP address.

The following is an example using a random IP address:

EXAMPLE:
port="8443"
address="192.168.0.145"

Screenshot:

Additional Information

Please note that this will make the application ONLY accessible on that IP.  If there is a backup network interface, Spectrum will not be accessible on that IP once this is added.

Attachments