Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Security Token Service must disable the shutdown port.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-239680 | VCST-67-000029 | SV-239680r679112_rule | Medium |
| Description |
|---|
| An attacker has at least two reasons to stop a web server. The first is to cause a denial of service, and the second is to put in place changes the attacker made to the web server configuration. If the Tomcat shutdown port feature is enabled, a shutdown signal can be sent to the Security Token Service through this port. To ensure availability, the shutdown port must be disabled. |
| STIG | Date |
|---|---|
| VMware vSphere 6.7 STS Tomcat Security Technical Implementation Guide | 2021-04-15 |
Details
| Check Text ( C-42913r679110_chk ) |
|---|
| At the command prompt, execute the following command: # grep 'base.shutdown.port' /usr/lib/vmware-sso/vmware-sts/conf/catalina.properties Expected result: base.shutdown.port=-1 If the output of the command does not match the expected result, this is a finding. |
| Fix Text (F-42872r679111_fix) |
|---|
| Open /usr/lib/vmware-sso/vmware-sts/conf/catalina.properties in a text editor. Add or modify the following setting: base.shutdown.port=-1 |