The Apache Tomcat shutdown port must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-224789 | ISEC-06-551300 | SV-224789r1013876_rule | CCI-001813 | medium |
| Description | ||||
| Tomcat uses a port (defaults to 8005) as a shutdown port. Someone could Telnet to the machine using this port and send the default command SHUTDOWN. Tomcat and all web apps would shut down in that case, which is a denial-of-service attack and would cause an unwanted service interruption. | ||||
| STIG | Date | |||
| ISEC7 Sphere Security Technical Implementation Guide | 2024-08-20 | |||
Details
Check Text (C-224789r1013876_chk)
Verify the shutdown port is disabled.
Log in to the SPHERE server.
Browse to Program Files\Isec7 SPHERE\Tomcat\Conf.
Open the server.xml with Notepad.exe.
Select Edit >> Find, and then search for "Shutdown".
Verify that the shutdown port has been disabled with entry below:
shutdown="-1"
If the shutdown port has not been disabled, this is a finding.
Fix Text (F-26468r1013875_fix)
Log in to the SPHERE server.
Browse to Program Files\Isec7 SPHERE\Tomcat\Conf.
Open the server.xml with Notepad.exe.
Select Edit >> Find, and then search for "Shutdown".
Change the shutdown to "-1".
example: shutdown=-1
Save the file and restart the Isec7 SPHERE Web service with the services.msc.