VCFL-67-000029 - vSphere Client must disable the shutdown port.

Information

An attacker has at least two reasons to stop a web server. The first is to cause a denial of service, and the second is to put in place changes the attacker made to the web server configuration. If the Tomcat shutdown port feature is enabled, a shutdown signal can be sent to vSphere Client through this port. To ensure availability, the shutdown port must be disabled.

Solution

Navigate to and open /usr/lib/vmware-vsphere-client/server/configuration/tomcat-server.xml in a text editor.

Ensure that the server port is disabled as follows:

<Server port='-1'>

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y22M10_STIG.zip

Item Details

References: CAT|II, CCI|CCI-002385, Rule-ID|SV-239770r679537_rule, STIG-ID|VCFL-67-000029, Vuln-ID|V-239770

Plugin: Unix

Control ID: f6f25f89a2053f0fe212a35d1545bb6c17cad1c0321fc64ffd29228b173fdaad