UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Security Token Service must be configured with memory leak protection.


Overview

Finding ID Version Rule ID IA Controls Severity
V-239666 VCST-67-000015 SV-239666r816723_rule Medium
Description
The Java Runtime environment can cause a memory leak or lock files under certain conditions. Without memory leak protection, the Security Token Service can continue to consume system resources, which will lead to "OutOfMemoryErrors" when reloading web applications. Memory leaks occur when JRE code uses the context class loader to load a singleton. This will cause a memory leak if a web application class loader happens to be the context class loader at the time. The "JreMemoryLeakPreventionListener" class is designed to initialize these singletons when Tomcat's common class loader is the context class loader. Proper use of JRE memory leak protection will ensure that the hosted application does not consume system resources and cause an unstable environment.
STIG Date
VMware vSphere 6.7 STS Tomcat Security Technical Implementation Guide 2022-01-03

Details

Check Text ( C-42899r816721_chk )
Connect to the PSC, whether external or embedded.

At the command prompt, execute the following command:

# grep JreMemoryLeakPreventionListener /usr/lib/vmware-sso/vmware-sts/conf/server.xml

Expected result:



If the output of the command does not match the expected result, this is a finding.
Fix Text (F-42858r816722_fix)
Connect to the PSC, whether external or embedded.

Navigate to and open /usr/lib/vmware-sso/vmware-sts/conf/server.xml.

Navigate to the node.

Add '' to the node.