UCF STIG Viewer Logo

The vCenter ESX Agent Manager service must be configured to limit data exposure between applications.


Overview

Finding ID Version Rule ID IA Controls Severity
V-259011 VCEM-80-000057 SV-259011r961116_rule Medium
Description
If RECYCLE_FACADES is true or if a security manager is in use, a new facade object will be created for each request. This reduces the chances that a bug in an application might expose data from one request to another.
STIG Date
VMware vSphere 8.0 vCenter Appliance ESX Agent Manager (EAM) Security Technical Implementation Guide 2024-07-11

Details

Check Text ( C-62751r934689_chk )
At the command line, run the following command:

# grep RECYCLE_FACADES /etc/vmware-eam/catalina.properties

Example result:

org.apache.catalina.connector.RECYCLE_FACADES=true

If "org.apache.catalina.connector.RECYCLE_FACADES" is not set to "true", this is a finding.

If the "org.apache.catalina.connector.RECYCLE_FACADES" setting does not exist, this is not a finding.
Fix Text (F-62660r934690_fix)
Navigate to and open:

/etc/vmware-eam/catalina.properties

Update or remove the following line:

org.apache.catalina.connector.RECYCLE_FACADES=true

Restart the service with the following command:

# vmon-cli --restart eam