UCF STIG Viewer Logo

VMware vSphere 6.7 Perfcharts Tomcat Security Technical Implementation Guide


Overview

Date Finding Count (31)
2022-01-03 CAT I (High): 0 CAT II (Med): 31 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Classified)

Finding ID Severity Title
V-239430 Medium Performance Charts must disable the shutdown port.
V-239431 Medium Performance Charts must set the secure flag for cookies.
V-239432 Medium Performance Charts must be configured to limit access to internal packages.
V-239409 Medium Performance Charts application files must be verified for their integrity.
V-239408 Medium Performance Charts log files must only be modifiable by privileged users.
V-239405 Medium Performance Charts must protect cookies from cross-site scripting (XSS).
V-239404 Medium Performance Charts must limit the maximum size of a POST request.
V-239407 Medium Performance Charts must generate log records for system startup and shutdown.
V-239406 Medium Performance Charts must record user access in a format that enables monitoring of remote access.
V-239403 Medium Performance Charts must limit the number of concurrent connections permitted.
V-239402 Medium Performance Charts must limit the amount of time that each TCP connection is kept alive.
V-239427 Medium Performance Charts must properly configure log sizes and rotation.
V-239426 Medium Performance Charts must have the debug option turned off.
V-239425 Medium Performance Charts must not enable support for TRACE requests.
V-239424 Medium Performance Charts must be configured to show error pages with minimal information.
V-239423 Medium Performance Charts must not show directory listings.
V-239422 Medium Performance Charts must set the welcome-file node to a default web page.
V-239421 Medium Performance Charts must use the "setCharacterEncodingFilter" filter.
V-239420 Medium Performance Charts must set "URIEncoding" to UTF-8.
V-239429 Medium Performance Charts must be configured with the appropriate ports.
V-239428 Medium Rsyslog must be configured to monitor and ship Performance Charts log files.
V-239418 Medium Performance Charts must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.
V-239419 Medium Performance Charts must limit the number of allowed connections.
V-239412 Medium Performance Charts must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled.
V-239413 Medium Performance Charts must have mappings set for Java servlet pages.
V-239410 Medium Performance Charts must only run one web app.
V-239411 Medium Performance Charts must not be configured with unsupported realms.
V-239416 Medium Performance Charts must not have any symbolic links in the web content directory tree.
V-239417 Medium Performance Charts directory tree must have permissions in an "out-of-the box" state.
V-239414 Medium Performance Charts must not have the Web Distributed Authoring (WebDAV) servlet installed.
V-239415 Medium Performance Charts must be configured with memory leak protection.