VCFL-67-000029 - vSphere Client must disable the shutdown port.

Information

An attacker has at least two reasons to stop a web server. The first is to cause a denial of service, and the second is to put in place changes the attacker made to the web server configuration. If the Tomcat shutdown port feature is enabled, a shutdown signal can be sent to vSphere Client through this port. To ensure availability, the shutdown port must be disabled.

Solution

Navigate to and open /usr/lib/vmware-vsphere-client/server/configuration/tomcat-server.xml in a text editor.

Ensure that the server port is disabled as follows:

<Server port='-1'>

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y23M07_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-5, CAT|II, CCI|CCI-002385, Rule-ID|SV-239770r879806_rule, STIG-ID|VCFL-67-000029, Vuln-ID|V-239770

Plugin: Unix

Control ID: d7f85cb6782a89e8144f42732ec3c0ad4dd7d0f51b89611210ec720699a57531