Check: VCUI-67-000029
VMware vSphere 6.7 UI Tomcat STIG:
VCUI-67-000029
(in versions v1 r3 through v1 r1)
Title
vSphere UI must disable the shutdown port. (Cat II impact)
Discussion
An attacker has at least two reasons to stop a web server. The first is to cause a denial of service, and the second is to put in place changes the attacker made to the web server configuration. If the Tomcat shutdown port feature is enabled, a shutdown signal can be sent to vSphere UI through this port. To ensure availability, the shutdown port must be disabled.
Check Content
At the command prompt, execute the following commands: # xmllint --format /usr/lib/vmware-vsphere-ui/server/conf/server.xml | sed '2 s/xmlns=".*"//g' | xmllint --xpath '/Server/@port' - Expected result: port="${shutdown.port}" If the output does not match the expected result, this is a finding. # grep shutdown /etc/vmware/vmware-vmon/svcCfgfiles/vsphere-ui.json Expected result: "-Dshutdown.port=-1", If the output does not match the expected result, this is a finding.
Fix Text
Navigate to and open /usr/lib/vmware-vsphere-ui/server/conf/server.xml. Make sure that the server port is disabled: <Server port="${shutdown.port}" …>
Additional Identifiers
Rule ID: SV-239710r879806_rule
Vulnerability ID: V-239710
Group Title: SRG-APP-000435-WSR-000147
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002385 |
The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards. |
Controls
Number | Title |
---|---|
SC-5 |
Denial Of Service Protection |