VCFL-67-000028 - vSphere Client must be configured with the appropriate ports.

Information

Web servers provide numerous processes, features, and functionalities that use TCP/IP ports. Some of these processes may be deemed unnecessary or too unsecure to run on a production system. vSphere Client comes configured with two connectors. One is behind the reverse proxy and listening on 9090, and the other is serving SSL natively on 9443. The ports that vSphere Client listens on must be verified as accurate to their shipping state.

Solution

Navigate to and open /usr/lib/vmware-vsphere-client/server/configuration/tomcat-server.xml in a text editor.

On the first <Connector>, with redirectPort='9443', configure the port as follows:

port='9090'

On the second <Connector>, with SSLEnabled='true', configure the port as follows:

port='9443'

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y23M07_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7(1)(b), CAT|II, CCI|CCI-001762, Rule-ID|SV-239769r879756_rule, STIG-ID|VCFL-67-000028, Vuln-ID|V-239769

Plugin: Unix

Control ID: c3dc026b50d53377c11ae92fa76e41eb29614e4b59b9c49ca0b1b5e8f1508a8b