VCPF-70-000011 - Performance Charts must be configured to limit access to internal packages.

Information

The 'package.access' entry in the 'catalina.properties' file implements access control at the package level. When properly configured, a Security Exception will be reported if an errant or malicious webapp attempts to access the listed internal classes directly or if a new class is defined under the protected packages.

Performance Charts comes preconfigured with the appropriate packages defined in 'package.access', and this configuration must be maintained.

Solution

Navigate to and open:

/usr/lib/vmware-sso/vmware-sts/conf/catalina.properties

Ensure the 'package.access' line is configured as follows:

package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.jasper.,org.apache.tomcat.

Restart the service with the following command:

# vmon-cli --restart perfcharts

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_7-0_Y23M07_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7a., CAT|II, CCI|CCI-000381, Rule-ID|SV-256621r888354_rule, STIG-ID|VCPF-70-000011, Vuln-ID|V-256621

Plugin: Unix

Control ID: f3f5d982dcc6cc5bd731cc0220097d1b22e576fb7c77313fd2701b22177c024e