UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The vCenter Lookup service must be configured to limit data exposure between applications.


Overview

Finding ID Version Rule ID IA Controls Severity
V-259045 VCLU-80-000057 SV-259045r934793_rule Medium
Description
If RECYCLE_FACADES is true or if a security manager is in use, a new facade object will be created for each request. This reduces the chances that a bug in an application might expose data from one request to another.
STIG Date
VMware vSphere 8.0 vCenter Appliance Lookup Service Security Technical Implementation Guide 2023-10-29

Details

Check Text ( C-62785r934791_chk )
At the command line, run the following command:

# grep RECYCLE_FACADES /usr/lib/vmware-lookupsvc/conf/catalina.properties

Example result:

org.apache.catalina.connector.RECYCLE_FACADES=true

If "org.apache.catalina.connector.RECYCLE_FACADES" is not set to "true", this is a finding.

If the "org.apache.catalina.connector.RECYCLE_FACADES" setting does not exist, this is not a finding.
Fix Text (F-62694r934792_fix)
Navigate to and open:

/usr/lib/vmware-lookupsvc/conf/catalina.properties

Update or remove the following line:

org.apache.catalina.connector.RECYCLE_FACADES=true

Restart the service with the following command:

# vmon-cli --restart lookupsvc