UCF STIG Viewer Logo

tc Server CaSa must have mappings set for Java Servlet Pages.


Overview

Finding ID Version Rule ID IA Controls Severity
V-88919 VROM-TC-000385 SV-99569r1_rule Medium
Description
Resource mapping is the process of tying a particular file type to a process in the web server that can serve that type of file to a requesting client and to identify which file types are not to be delivered to a client. By not specifying which files can and which files cannot be served to a user, the web server could deliver to a user web server configuration files, log files, password files, etc. As a derivative of the Apache Tomcat project, tc Server is a java-based web server. As a result, the main file extension used by tc Server is “*.jsp”. This check ensures that the “*.jsp” file type has been properly mapped to servlets.
STIG Date
VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide 2018-10-12

Details

Check Text ( C-88611r1_chk )
At the command prompt, execute the following command:

grep -E '\*\.jsp' -B 2 -A 2 /usr/lib/vmware-casa/casa-webapp/conf/web.xml

If the “jsp” and “jspx” file extensions have not been mapped to the JSP servlet, this is a finding.
Fix Text (F-95661r1_fix)
Navigate to and open /usr/lib/vmware-casa/casa-webapp/conf/web.xml.

Navigate to and locate the mapping for the JSP servlet. It is the node that contains jsp.

Configure the node to look like the code snippet below:



jsp
*.jsp
*.jspx