UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The vCenter STS service manager webapp must be removed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-259001 VCST-80-000154 SV-259001r934661_rule Medium
Description
Tomcat provides management functionality through either a default manager webapp or through local editing of the configuration files. The manager webapp files must be deleted, and administration must be performed through the local editing of the configuration files.
STIG Date
VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) Security Technical Implementation Guide 2023-10-29

Details

Check Text ( C-62741r934659_chk )
At the command prompt, run the following command:

# ls -l /var/opt/apache-tomcat/webapps/manager

If the manager folder exists or contains any content, this is a finding.
Fix Text (F-62650r934660_fix)
At the command prompt, run the following command:

# rm -rf /var/opt/apache-tomcat/webapps/manager