UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

VMware vSphere 7.0 vCenter Appliance Lookup Service Security Technical Implementation Guide


Overview

Date Finding Count (31)
2023-02-21 CAT I (High): 0 CAT II (Med): 31 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Classified)

Finding ID Severity Title
V-256709 Medium Lookup Service must protect cookies from cross-site scripting (XSS).
V-256708 Medium Lookup Service must limit the maximum size of a POST request.
V-256707 Medium Lookup Service must limit the number of concurrent connections permitted.
V-256706 Medium Lookup Service must limit the amount of time that each Transport Control Protocol (TCP) connection is kept alive.
V-256727 Medium The Lookup Service must not show directory listings.
V-256726 Medium Lookup Service must set the welcome-file node to a default web page.
V-256725 Medium Lookup Service must set URIEncoding to UTF-8.
V-256724 Medium Lookup Service must limit the number of allowed connections.
V-256723 Medium Lookup Service must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.
V-256722 Medium Lookup Service directory tree must have permissions in an out-of-the-box state.
V-256721 Medium Lookup Service must not have any symbolic links in the web content directory tree.
V-256720 Medium Lookup Service must be configured with memory leak protection.
V-256729 Medium Lookup Service must be configured to show error pages with minimal information.
V-256728 Medium Lookup Service must be configured to hide the server version.
V-256718 Medium Lookup Service must have mappings set for Java servlet pages.
V-256719 Medium Lookup Service must not have the Web Distributed Authoring (WebDAV) servlet installed.
V-256712 Medium Lookup Service log files must only be accessible by privileged users.
V-256713 Medium Lookup Service application files must be verified for their integrity.
V-256710 Medium Lookup Service must record user access in a format that enables monitoring of remote access.
V-256711 Medium Lookup Service must generate log records for system startup and shutdown.
V-256716 Medium Lookup Service must be configured to limit access to internal packages.
V-256717 Medium Lookup Service must have Multipurpose Internet Mail Extensions (MIMEs) that invoke operating system shell programs disabled.
V-256714 Medium Lookup Service must only run one webapp.
V-256715 Medium Lookup Service must not be configured with the "UserDatabaseRealm" enabled.
V-256734 Medium Lookup Service must be configured with the appropriate ports.
V-256735 Medium Lookup Service must disable the shutdown port.
V-256736 Medium Lookup Service must set the secure flag for cookies.
V-256730 Medium Lookup Service must not enable support for TRACE requests.
V-256731 Medium Lookup Service must have the debug option turned off.
V-256732 Medium Lookup Service must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the web server.
V-256733 Medium Lookup Service log files must be offloaded to a central log server in real time.