VCST-67-000019 - The Security Token Service must limit the number of allowed connections.

Information

Limiting the number of established connections to the Security Token Service is a basic denial of service protection. Servers where the limit is too high or unlimited can potentially run out of system resources and negatively affect system availability.

Solution

Connect to the PSC, whether external or embedded.

Navigate to and open /usr/lib/vmware-sso/vmware-sts/conf/server.xml.

Navigate to the <Connector> configured with port='${bio-custom.http.port}'.

Add or change the following value:

acceptCount='100'

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y23M07_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-5(1), CAT|II, CCI|CCI-001094, Rule-ID|SV-239670r879650_rule, STIG-ID|VCST-67-000019, Vuln-ID|V-239670

Plugin: Unix

Control ID: eb5646708cab1bdb8ae0a307685b0c3476a1849a62f0b1b034450ae743039622