UCF STIG Viewer Logo

tc Server HORIZON must have mappings set for Java Servlet Pages.


Finding ID Version Rule ID IA Controls Severity
V-240791 VRAU-TC-000370 SV-240791r879587_rule Medium
Resource mapping is the process of tying a particular file type to a process in the web server that can serve that type of file to a requesting client and to identify which file types are not to be delivered to a client. By not specifying which files can and which files cannot be served to a user, the web server could deliver to a user web server configuration files, log files, password files, etc. As a derivative of the Apache Tomcat project, tc Server is a java-based web server. As a result, the main file extension used by tc Server is *.jsp. This check ensures that the *.jsp file type has been properly mapped to servlets.
VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide 2023-10-03


Check Text ( C-44024r674115_chk )
At the command prompt, execute the following command:

grep -E '\*\.jsp' -B 2 -A 2 /opt/vmware/horizon/workspace/conf/web.xml

If the jsp and jspx file extensions have not been mapped to the JSP servlet, this is a finding.
Fix Text (F-43983r674116_fix)
Navigate to and open /opt/vmware/horizon/workspace/conf/web.xml.

Navigate to and locate the mapping for the JSP servlet. It is the node that contains jsp.

Configure the node to look like the code snippet below: