'TCAT-AS-000090 - DefaultServlet must be set to readonly for PUT and DELETE.' (Vuln ID: V-222934)

book

Article ID: 224579

calendar_today

Updated On:

Products

CA Spectrum DX NetOps

Issue/Introduction

Instance Detail:
• Compliance Result: TOMCAT CONFIGURATION PROVIDED AS PART OF APPLICATION INSTALL. CHECK WITH VENDOR ON IMPACT OF THESE MODIFICATIONS.
• Notes: <servlet>
        <servlet-name>default</servlet-name>
        <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
        <init-param>
            <param-name>debug</param-name>
            <param-value>0</param-value>
        </init-param>
        <init-param>
            <param-name>listings</param-name>
            <param-value>false</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>

Environment

Release : 21.2

Component : Spectrum OneClick

Resolution

Tomcat has a default setting for this value out of the box without further configuration required.

The readonly parameter is already set to true by default.

Including this setting will not change or affect the existing behavior.