Check: VCEM-67-000013
VMware vSphere 6.7 EAM Tomcat STIG:
VCEM-67-000013
(in versions v1 r4 through v1 r1)
Title
ESX Agent Manager must have mappings set for Java servlet pages. (Cat II impact)
Discussion
Resource mapping is the process of tying a particular file type to a process in the web server that can serve that type of file to a requesting client and identify which file types are not to be delivered to a client. By not specifying which files can and cannot be served to a user, the web server could deliver to a user web server configuration files, log files, password files, etc. Because Tomcat is a Java-based web server, the main file extension used is *.jsp. This check ensures that the *.jsp file type has been properly mapped to servlets.
Check Content
At the command prompt, execute the following command: # xmllint --format /usr/lib/vmware-eam/web/webapps/eam/WEB-INF/web.xml | sed 's/xmlns=".*"//g' | xmllint --xpath '/web-app/servlet-mapping/servlet-name[text()="JspServlet"]/parent::servlet-mapping' - Expected result: <servlet-mapping> <servlet-name>JspServlet</servlet-name> <url-pattern>*.jsp</url-pattern> </servlet-mapping> If the output of the command does not match the expected result, this is a finding.
Fix Text
Navigate to and open: /usr/lib/vmware-eam/web/webapps/eam/WEB-INF/web.xml Navigate to and locate the mapping for the JSP servlet. The <servlet-mapping> node contains <servlet-name>JspServlet</servlet-name>. Configure the <servlet-mapping> node to look like the code snippet below: <servlet-mapping> <servlet-name>JspServlet</servlet-name> <url-pattern>*.jsp</url-pattern> </servlet-mapping>
Additional Identifiers
Rule ID: SV-239384r879587_rule
Vulnerability ID: V-239384
Group Title: SRG-APP-000141-WSR-000083
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |