V-222960
SV-222960r960963_rule
CAT III
Documentation must be removed.
From: Apache Tomcat Application Server 9 Security Technical Implementation Guide (V3R4)
Description
<VulnDiscussion>Tomcat provides documentation and other directories in the default installation which do not serve a production use. These files must be deleted.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
Check Procedure
From the Tomcat server OS type the following command:
sudo ls -l $CATALINA_BASE/webapps/docs.
If the docs folder exists or contains any content, this is a finding.
Fix Text
From the Tomcat server OS type the following command:
sudo rm -rf $CATALINA_BASE/webapps/docs
CCI Reference
CCI-000381- Created
- 2026-04-07 20:08:10
- Last Updated
- 2026-04-07 20:08:10