The vCenter UI service default ROOT web application must be removed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-259131 | VCUI-80-000142 | SV-259131r935297_rule | Medium |
| Description |
|---|
| The default ROOT web application includes the version of Tomcat being used, links to Tomcat documentation, examples, FAQs, and mailing lists. The default ROOT web application must be removed from a publicly accessible instance and a more appropriate default page shown to users. |
| STIG | Date |
|---|---|
| VMware vSphere 8.0 vCenter Appliance User Interface (UI) Security Technical Implementation Guide | 2023-10-29 |
Details
| Check Text ( C-62871r935295_chk ) |
|---|
| At the command prompt, run the following command: # ls -l /usr/lib/vmware-vsphere-ui/server/webapps/ROOT If the ROOT web application contains any content, this is a finding. |
| Fix Text (F-62780r935296_fix) |
|---|
| At the command prompt, run the following command: # rm -rf /usr/lib/vmware-vsphere-ui/server/webapps/ROOT/* |