tc Server UI must limit the amount of time that each TCP connection is kept alive.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-88781	VROM-TC-000020	SV-99431r1_rule		Medium

Description
Denial of Service is one threat against web servers. Many DoS attacks attempt to consume web server resources in such a way that no more resources are available to satisfy legitimate requests. Mitigation against these threats is to take steps to limit the number of resources that can be consumed in certain ways. tc Server provides the “connectionTimeout” attribute. This sets the number of milliseconds tc Server will wait, after accepting a connection, for the request URI line to be presented. This timeout will also be used when reading the request body (if any).

Description

Denial of Service is one threat against web servers. Many DoS attacks attempt to consume web server resources in such a way that no more resources are available to satisfy legitimate requests. Mitigation against these threats is to take steps to limit the number of resources that can be consumed in certain ways. tc Server provides the “connectionTimeout” attribute. This sets the number of milliseconds tc Server will wait, after accepting a connection, for the request URI line to be presented. This timeout will also be used when reading the request body (if any).

STIG	Date
VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide	2018-10-12

Details

Check Text ( C-88473r1_chk )
Navigate to and open /usr/lib/vmware-vcops/tomcat-web-app/conf/server.xml. Navigate to each of the nodes. If the value of “connectionTimeout” is not set to “20000” or is missing, this is a finding.

Fix Text (F-95523r1_fix)
Navigate to and open /usr/lib/vmware-vcops/tomcat-web-app/conf/server.xml. Navigate to each of the nodes. Configure each with the value 'connectionTimeout="20000"'.