Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
tc Server UI must be configured with a cross-site scripting (XSS) filter.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-241676 | VROM-TC-000620 | SV-241676r879650_rule | Medium |
| Description |
|---|
| Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. As a web server, tc Server can be vulnerable to XSS if steps are not taken to mitigate the threat. VMware provides the XssFilter component to provide a layer of defense against XSS. Filters are Java objects that performs filtering tasks on either the request to a resource (a servlet or static content), or on the response from a resource, or both. |
| STIG | Date |
|---|---|
| VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide | 2023-09-12 |
Details
| Check Text ( C-44952r683888_chk ) |
|---|
| At the command prompt, execute the following command: grep -B 2 -A 7 XssFilter /usr/lib/vmware-vcops/tomcat-web-app/webapps/ui/WEB-INF/web.xml If the XSS filter is not present, this is a finding. |
| Fix Text (F-44911r683889_fix) |
|---|
| Navigate to and open /usr/lib/vmware-vcops/tomcat-web-app/webapps/ui/WEB-INF/web.xml. Configure a |