Detections
Analytics
VCLU-80-000151 The vCenter Lookup service must disable 'ALLOW_BACKSLASH'.
Information
When Tomcat is installed behind a proxy configured to only allow access to certain contexts (web applications), an HTTP request containing '/../' may allow attackers to work around the proxy restrictions using directory traversal attack methods. If 'allow_backslash' is 'true', the '' character will be permitted as a path delimiter. The default value for the setting is 'false', but Tomcat must always be configured as if no proxy restricting context access was used, and 'allow_backslash' should be set to 'false' to prevent directory-traversal-style attacks. This setting can create operability issues with noncompliant clients.Solution
Navigate to and open:/usr/lib/vmware-lookupsvc/conf/catalina.properties
Update or remove the following line:
org.apache.catalina.connector.ALLOW_BACKSLASH=false
Restart the service with the following command:
# vmon-cli --restart lookupsvc
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_8-0_Y24M08_STIG.zip
Item Details
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-259067r961863_rule, STIG-ID|VCLU-80-000151, Vuln-ID|V-259067
Plugin: Unix
Control ID: 73277e383d4dfce4fbc392552c5dbb539c718fa413dde3831b896f04d74ea6bc