Detections
Analytics
VCST-70-000012 - The Security Token Service must have Multipurpose Internet Mail Extensions (MIME) that invoke operating system shell programs disabled.
Information
MIME mappings tell the Security Token Service what type of program various file types and extensions are and what external utilities or programs are needed to execute the file type.By ensuring various shell script MIME types are not included in 'web.xml', the server is protected against malicious users tricking the server into executing shell command files.
Solution
Navigate to and open:/usr/lib/vmware-sso/vmware-sts/conf/web.xml
Remove all of the following nodes lines:
<mime-type>application/x-csh</mime-type>
<mime-type>application/x-shar</mime-type>
<mime-type>application/x-sh</mime-type>
<mime-type>application/x-ksh</mime-type>
Restart the service with the following command:
# vmon-cli --restart sts
Note: Delete the entire mime-mapping node for the target mime-type.
Example:
<mime-mapping>
<extension>sh</extension>
<mime-type>application/x-sh</mime-type>
</mime-mapping>
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_7-0_Y23M07_STIG.zip
Item Details
Audit Name: DISA STIG VMware vSphere 7.0 STS Tomcat v1r2
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-7a., CAT|II, CCI|CCI-000381, Rule-ID|SV-256756r889238_rule, STIG-ID|VCST-70-000012, Vuln-ID|V-256756
Plugin: Unix
Control ID: d66c13d5cbd23219ac76e22d04da238942e552ca1582e25663582d8c42887da4