Detections
Analytics
VCPF-70-000011 - Performance Charts must be configured to limit access to internal packages.
Information
The 'package.access' entry in the 'catalina.properties' file implements access control at the package level. When properly configured, a Security Exception will be reported if an errant or malicious webapp attempts to access the listed internal classes directly or if a new class is defined under the protected packages.Performance Charts comes preconfigured with the appropriate packages defined in 'package.access', and this configuration must be maintained.
Solution
Navigate to and open:/usr/lib/vmware-sso/vmware-sts/conf/catalina.properties
Ensure the 'package.access' line is configured as follows:
package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.jasper.,org.apache.tomcat.
Restart the service with the following command:
# vmon-cli --restart perfcharts
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_7-0_Y23M07_STIG.zip
Item Details
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-7a., CAT|II, CCI|CCI-000381, Rule-ID|SV-256621r888354_rule, STIG-ID|VCPF-70-000011, Vuln-ID|V-256621
Plugin: Unix
Control ID: f3f5d982dcc6cc5bd731cc0220097d1b22e576fb7c77313fd2701b22177c024e