Detections
Analytics
VCFL-67-000029 - vSphere Client must disable the shutdown port.
Information
An attacker has at least two reasons to stop a web server. The first is to cause a denial of service, and the second is to put in place changes the attacker made to the web server configuration. If the Tomcat shutdown port feature is enabled, a shutdown signal can be sent to vSphere Client through this port. To ensure availability, the shutdown port must be disabled.Solution
Navigate to and open /usr/lib/vmware-vsphere-client/server/configuration/tomcat-server.xml in a text editor.Ensure that the server port is disabled as follows:
<Server port='-1'>
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y23M07_STIG.zip
Item Details
Audit Name: DISA STIG VMware vSphere 6.7 Virgo Client v1r2
Category: SYSTEM AND COMMUNICATIONS PROTECTION
References: 800-53|SC-5, CAT|II, CCI|CCI-002385, Rule-ID|SV-239770r879806_rule, STIG-ID|VCFL-67-000029, Vuln-ID|V-239770
Plugin: Unix
Control ID: d7f85cb6782a89e8144f42732ec3c0ad4dd7d0f51b89611210ec720699a57531