UCF STIG Viewer Logo

tc Server VCAC must have mappings set for Java Servlet Pages.


Overview

Finding ID Version Rule ID IA Controls Severity
V-240793 VRAU-TC-000380 SV-240793r674123_rule Medium
Description
Resource mapping is the process of tying a particular file type to a process in the web server that can serve that type of file to a requesting client and to identify which file types are not to be delivered to a client. By not specifying which files can and which files cannot be served to a user, the web server could deliver to a user web server configuration files, log files, password files, etc. As a derivative of the Apache Tomcat project, tc Server is a java-based web server. As a result, the main file extension used by tc Server is *.jsp. This check ensures that the *.jsp file type has been properly mapped to servlets.
STIG Date
VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide 2021-06-23

Details

Check Text ( C-44026r674121_chk )
At the command prompt, execute the following command:

grep -E '\*\.jsp' -B 2 -A 2 /etc/vcac/web.xml

If the jsp and jspx file extensions have not been mapped to the JSP servlet, this is a finding.
Fix Text (F-43985r674122_fix)
Navigate to and open /etc/vcac/web.xml.

Navigate to and locate the mapping for the JSP servlet. It is the node that contains jsp.

Configure the node to look like the code snippet below:



jsp
*.jsp
*.jspx