VCLD-70-000018 - VAMI must protect against or limit the effects of HTTP types of denial-of-service (DoS) attacks - Content-Type.

Information

In UNIX and related computer operating systems, a file descriptor is an indicator used to access a file or other input/output resource, such as a pipe or network connection. File descriptors index into a per-process file descriptor table maintained by the kernel, which in turn indexes into a systemwide table of files opened by all processes, called the file table.

As a single-threaded server, Lighttpd must be limited in the number of file descriptors that can be allocated. This will prevent Lighttpd from being used in a form of DoS attack against the operating system.

Solution

Navigate to and open:

/opt/vmware/etc/lighttpd/lighttpd.conf

Add or reconfigure the following value:

server.max-fds = 2048

Restart the service with the following command:

# vmon-cli --restart applmgmt

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_7-0_Y23M07_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-5(1), CAT|II, CCI|CCI-001094, Rule-ID|SV-256662r888508_rule, STIG-ID|VCLD-70-000018, Vuln-ID|V-256662

Plugin: Unix

Control ID: 2057e14cd999ef8a0bb5a0901cbb3cdaa3d1266056cdfcf744672ccc38700dfd