DISA STIG VMware vSphere 6.7 UI Tomcat v1r1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG VMware vSphere 6.7 UI Tomcat v1r1

Updated: 6/10/2022

Authority: Operating Systems and Applications

Plugin: Unix

Revision: 1.3

Estimated Item Count: 37

File Details

Filename: DISA_STIG_VMware_vSphere_6.7_UI_Tomcat_v1r1.audit

Size: 60.6 kB

MD5: 942bf33bf414a8815ab9ed11a973a973
SHA256: 7d25042f2318da2d1b7596c4ffdae755c71e8b3de4ad9fe2647d60d17b05c806

Audit Items

DescriptionCategories
DISA_STIG_VMware_vSphere_6.7_UI_Tomcat_v1r1.audit from DISA VMware vSphere 6.7 UI Tomcat v1r1 STIG
VCUI-67-000001 - vSphere UI must limit the amount of time that each TCP connection is kept alive.
VCUI-67-000002 - vSphere UI must limit the number of concurrent connections permitted.
VCUI-67-000003 - vSphere UI must limit the maximum size of a POST request.
VCUI-67-000004 - vSphere UI must protect cookies from XSS.
VCUI-67-000005 - vSphere UI must record user access in a format that enables monitoring of remote access.
VCUI-67-000006 - vSphere UI must generate log records for system startup and shutdown.
VCUI-67-000007 - vSphere UI log files must only be accessible by privileged users.
VCUI-67-000008 - vSphere UI application files must be verified for their integrity.
VCUI-67-000009 - vSphere UI plugins must be authorized before use.
VCUI-67-000010 - vSphere UI must be configured to limit access to internal packages.
VCUI-67-000011 - vSphere UI must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled.
VCUI-67-000012 - vSphere UI must have mappings set for Java servlet pages.
VCUI-67-000013 - vSphere UI must not have the Web Distributed Authoring (WebDAV) servlet installed.
VCUI-67-000014 - vSphere UI must be configured with memory leak protection.
VCUI-67-000015 - vSphere UI must not have any symbolic links in the web content directory tree.
VCUI-67-000016 - vSphere UI directory tree must have permissions in an 'out-of-the-box' state - out-of-the-box state.
VCUI-67-000017 - vSphere UI must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.
VCUI-67-000018 - vSphere UI must limit the number of allowed connections.
VCUI-67-000019 - vSphere UI must set URIEncoding to UTF-8.
VCUI-67-000020 - vSphere UI must set the welcome-file node to a default web page.
VCUI-67-000021 - The vSphere UI must not show directory listings.
VCUI-67-000022 - vSphere UI must be configured to hide the server version.
VCUI-67-000023 - vSphere UI must be configured to show error pages with minimal information.
VCUI-67-000024 - vSphere UI must not enable support for TRACE requests.
VCUI-67-000025 - vSphere UI must have the debug option turned off.
VCUI-67-000026 - vSphere UI must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the web server.
VCUI-67-000027 - vSphere UI log files must be moved to a permanent repository in accordance with site policy - access
VCUI-67-000027 - vSphere UI log files must be moved to a permanent repository in accordance with site policy - runtime
VCUI-67-000028 - vSphere UI must be configured with the appropriate ports - http
VCUI-67-000028 - vSphere UI must be configured with the appropriate ports - https
VCUI-67-000028 - vSphere UI must be configured with the appropriate ports - proxy
VCUI-67-000029 - vSphere UI must disable the shutdown port - server.xml
VCUI-67-000029 - vSphere UI must disable the shutdown port - vsphere-ui.json
VCUI-67-000030 - vSphere UI must set the secure flag for cookies.
VCUI-67-000031 - vSphere UI must not be configured with the 'UserDatabaseRealm' enabled - UserDatabaseRealm enabled.
VCUI-67-000032 - vSphere UI must restrict its cookie path.