UCF STIG Viewer Logo

tc Server CaSa document directory must be in a separate partition from the web servers system files.


Overview

Finding ID Version Rule ID IA Controls Severity
V-88983 VROM-TC-000610 SV-99633r1_rule Medium
Description
A web server is used to deliver content on the request of a client. The content delivered to a client must be controlled, allowing only hosted application files to be accessed and delivered. To allow a client access to system files of any type is a major security risk that is entirely avoidable. Obtaining such access is the goal of directory traversal and URL manipulation vulnerabilities. To facilitate such access by misconfiguring the web document (home) directory is a serious error. In addition, having the path on the same drive as the system folder compounds potential attacks such as drive space exhaustion. As a Tomcat derivative, tc Server stores the web applications in a special “webapps” folder. The Java engine, however, is stored in a separate are of the OS directory structure. For greatest security it is important to verify that the “webapps” and the Java directories remain separated.
STIG Date
VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide 2018-10-12

Details

Check Text ( C-88675r1_chk )
At the command prompt, execute the following commands:

df -k /usr/java/default/bin/java
df -k /usr/lib/vmware-casa/casa-webapp/webapps

If the two directories above are on the same partition, this is a finding
Fix Text (F-95725r1_fix)
Consult with the ISSO. Move the tc Server CaSa /usr/lib/vmware-casa/casa-webapp/webapps directory to a separate partition.