STIGQter: STIG Summary: VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

tc Server HORIZON must have mappings set for Java Servlet Pages.

DISA Rule

SV-100665r1_rule

Vulnerability Number

V-90015

Group Title

SRG-APP-000141-WSR-000083

Rule Version

VRAU-TC-000370

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Navigate to and open /opt/vmware/horizon/workspace/conf/web.xml.

Navigate to and locate the mapping for the JSP servlet. It is the <servlet-mapping> node that contains <servlet-name>jsp</servlet-name>.

Configure the <servlet-mapping> node to look like the code snippet below:

<!-- The mappings for the JSP servlet -->
<servlet-mapping>
<servlet-name>jsp</servlet-name>
<url-pattern>*.jsp</url-pattern>
<url-pattern>*.jspx</url-pattern>
</servlet-mapping>

Check Contents

At the command prompt, execute the following command:

grep -E '<url-pattern>\*\.jsp</url-pattern>' -B 2 -A 2 /opt/vmware/horizon/workspace/conf/web.xml

If the jsp and jspx file extensions have not been mapped to the JSP servlet, this is a finding.

Vulnerability Number

V-90015

Documentable

False

Rule Version

VRAU-TC-000370

Severity Override Guidance

At the command prompt, execute the following command:

grep -E '<url-pattern>\*\.jsp</url-pattern>' -B 2 -A 2 /opt/vmware/horizon/workspace/conf/web.xml

If the jsp and jspx file extensions have not been mapped to the JSP servlet, this is a finding.

Check Content Reference

M

Target Key

3439

Comments