The Security Token Service must have mappings set for Java servlet pages.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-256757	VCST-70-000013	SV-256757r889241_rule		Medium

Description
Resource mapping is the process of tying a particular file type to a process in the web server that can serve that type of file to a requesting client and identify which file types are not to be delivered to a client. By not specifying which files can and cannot be served to a user, the web server could deliver to a user web server configuration files, log files, password files, etc. As Tomcat is a Java-based web server, the main file extension used is .jsp. This check ensures the .jsp and *.jspx file types have been properly mapped to servlets.

Description

Resource mapping is the process of tying a particular file type to a process in the web server that can serve that type of file to a requesting client and identify which file types are not to be delivered to a client. By not specifying which files can and cannot be served to a user, the web server could deliver to a user web server configuration files, log files, password files, etc. As Tomcat is a Java-based web server, the main file extension used is *.jsp. This check ensures the *.jsp and *.jspx file types have been properly mapped to servlets.

STIG	Date
VMware vSphere 7.0 vCenter Appliance STS Security Technical Implementation Guide	2023-06-15

Details

Check Text ( C-60432r889239_chk )
At the command prompt, run the following command: # xmllint --format /usr/lib/vmware-sso/vmware-sts/conf/web.xml \| sed '2 s/xmlns="."//g' \| xmllint --xpath '/web-app/servlet-mapping/servlet-name[text()="jsp"]/parent::servlet-mapping' - Expected result: jsp .jsp *.jspx If the output of the command does not match the expected result, this is a finding.

Fix Text (F-60375r889240_fix)
Navigate to and open: /usr/lib/vmware-sso/vmware-sts/conf/web.xml Inside the parent node, add the following: jsp .jsp .jspx Restart the service with the following command: # vmon-cli --restart sts