UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

VMware vSphere 6.7 Perfcharts Tomcat Security Technical Implementation Guide


Overview

Date Finding Count (31)
2021-04-15 CAT I (High): 0 CAT II (Med): 31 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Public)

Finding ID Severity Title
V-239430 Medium Performance Charts must disable the shutdown port.
V-239431 Medium Performance Charts must set the secure flag for cookies.
V-239432 Medium Performance Charts must be configured to limit access to internal packages.
V-239409 Medium Performance Charts application files must be verified for their integrity.
V-239408 Medium Performance Charts log files must only be modifiable by privileged users.
V-239405 Medium Performance Charts must protect cookies from cross-site scripting (XSS).
V-239404 Medium Performance Charts must limit the maximum size of a POST request.
V-239407 Medium Performance Charts must generate log records for system startup and shutdown.
V-239406 Medium Performance Charts must record user access in a format that enables monitoring of remote access.
V-239403 Medium Performance Charts must limit the number of concurrent connections permitted.
V-239402 Medium Performance Charts must limit the amount of time that each TCP connection is kept alive.
V-239427 Medium Performance Charts must properly configure log sizes and rotation.
V-239426 Medium Performance Charts must have the debug option turned off.
V-239425 Medium Performance Charts must not enable support for TRACE requests.
V-239424 Medium Performance Charts must configured to show error pages with minimal information.
V-239423 Medium Performance Charts must not show directory listings.
V-239422 Medium Performance Charts must set the welcome-file node to a default web page.
V-239421 Medium Performance Charts must use the "setCharacterEncodingFilter" filter.
V-239420 Medium Performance Charts must set "URIEncoding" to UTF-8.
V-239429 Medium Performance Charts must be configured with the appropriate ports.
V-239428 Medium Rsyslog must be configured to monitor and ship Performance Charts log files.
V-239418 Medium Performance Charts must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.
V-239419 Medium Performance Charts must limit the number of allowed connections.
V-239412 Medium Performance Charts must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled.
V-239413 Medium Performance Charts must have mappings set for Java servlet pages.
V-239410 Medium Performance Charts must only run one web app.
V-239411 Medium Performance Charts must not be configured with unsupported realms.
V-239416 Medium Performance Charts must not have any symbolic links in the web content directory tree.
V-239417 Medium Performance Charts directory tree must have permissions in an "out-of-the box" state.
V-239414 Medium Performance Charts must not have the Web Distributed Authoring (WebDAV) servlet installed.
V-239415 Medium Performance Charts must be configured with memory leak protection.