The Security Token Service must have mappings set for Java servlet pages.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-239664 | VCST-67-000013 | SV-239664r816717_rule | Medium |
| Description |
|---|
| Resource mapping is the process of tying a particular file type to a process in the web server that can serve that type of file to a requesting client and identify which file types are not to be delivered to a client. By not specifying which files can and cannot be served to a user, the web server could deliver to a user web server configuration files, log files, password files, etc. As Tomcat is a Java-based web server, the main file extension used is *.jsp. This check ensures that the *.jsp and *.jspx file types have been properly mapped to servlets. |
| STIG | Date |
|---|---|
| VMware vSphere 6.7 STS Tomcat Security Technical Implementation Guide | 2022-01-03 |
Details
| Check Text ( C-42897r816715_chk ) |
|---|
| Connect to the PSC, whether external or embedded. At the command prompt, execute the following command: # xmllint --format /usr/lib/vmware-sso/vmware-sts/conf/web.xml | sed '2 s/xmlns=".*"//g' | xmllint --xpath '/web-app/servlet-mapping/servlet-name[text()="jsp"]/parent::servlet-mapping' - Expected result: If the output of the command does not match the expected result, this is a finding. |
| Fix Text (F-42856r816716_fix) |
|---|
| Connect to the PSC, whether external or embedded. Navigate to and open /usr/lib/vmware-sso/vmware-sts/conf/web.xml. Inside the |