Performance Charts must have mappings set for Java servlet pages.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-239413	VCPF-67-000012	SV-239413r674962_rule		Medium

Description
Resource mapping is the process of tying a particular file type to a process in the web server that can serve that type of file to a requesting client and to identify which file types are not to be delivered to a client. By not specifying which files can and cannot be served to a user, the web server could deliver to a user web server configuration files, log files, password files, etc. Because Tomcat is a Java-based web server, the main file extension used is .jsp. This check ensures that the .jsp and *.jspx file types have been properly mapped to servlets.

Description

Resource mapping is the process of tying a particular file type to a process in the web server that can serve that type of file to a requesting client and to identify which file types are not to be delivered to a client. By not specifying which files can and cannot be served to a user, the web server could deliver to a user web server configuration files, log files, password files, etc. Because Tomcat is a Java-based web server, the main file extension used is *.jsp. This check ensures that the *.jsp and *.jspx file types have been properly mapped to servlets.

STIG	Date
VMware vSphere 6.7 Perfcharts Tomcat Security Technical Implementation Guide	2021-04-15

Details

Check Text ( C-42646r674960_chk )
At the command prompt, execute the following command: # xmllint --format /usr/lib/vmware-perfcharts/tc-instance/conf/web.xml \| sed '2 s/xmlns="."//g' \| xmllint --xpath '/web-app/servlet-mapping/servlet-name[text()="jsp"]/parent::servlet-mapping' - Expected result: jsp .jsp *.jspx If the output of the command does not match the expected result, this is a finding.

Fix Text (F-42605r674961_fix)
Navigate to and open /usr/lib/vmware-perfcharts/tc-instance/conf/web.xml. Inside the parent node, add the following: jsp .jsp .jspx