SV-239672r679088_rule
V-239672
SRG-APP-000251-WSR-000157
VCST-67-000021
CAT II
10
Navigate to and open /usr/lib/vmware-sso/vmware-sts/conf/web.xml.
Configure the <web-app> node with the child nodes listed below:
<filter-mapping>
<filter-name>setCharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>setCharacterEncodingFilter</filter-name>
<filter-class>org.apache.catalina.filters.SetCharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
<param-name>ignore</param-name>
<param-value>false</param-value>
</init-param>
<async-supported>true</async-supported>
</filter>
At the command prompt, execute the following command:
# xmllint --format /usr/lib/vmware-sso/vmware-sts/conf/web.xml | sed '2 s/xmlns=".*"//g' | xmllint --xpath '/web-app/filter-mapping/filter-name[text()="setCharacterEncodingFilter"]/parent::filter-mapping' -
Expected result:
<filter-mapping>
<filter-name>setCharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
If the output is does not match the expected result, this is a finding.
At the command prompt, execute the following command:
# xmllint --format /usr/lib/vmware-sso/vmware-sts/conf/web.xml | sed '2 s/xmlns=".*"//g' | xmllint --xpath '/web-app/filter/filter-name[text()="setCharacterEncodingFilter"]/parent::filter' -
Expected result:
<filter>
<filter-name>setCharacterEncodingFilter</filter-name>
<filter-class>org.apache.catalina.filters.SetCharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
<param-name>ignore</param-name>
<param-value>false</param-value>
</init-param>
<async-supported>true</async-supported>
</filter>
If the output is does not match the expected result, this is a finding.
V-239672
False
VCST-67-000021
At the command prompt, execute the following command:
# xmllint --format /usr/lib/vmware-sso/vmware-sts/conf/web.xml | sed '2 s/xmlns=".*"//g' | xmllint --xpath '/web-app/filter-mapping/filter-name[text()="setCharacterEncodingFilter"]/parent::filter-mapping' -
Expected result:
<filter-mapping>
<filter-name>setCharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
If the output is does not match the expected result, this is a finding.
At the command prompt, execute the following command:
# xmllint --format /usr/lib/vmware-sso/vmware-sts/conf/web.xml | sed '2 s/xmlns=".*"//g' | xmllint --xpath '/web-app/filter/filter-name[text()="setCharacterEncodingFilter"]/parent::filter' -
Expected result:
<filter>
<filter-name>setCharacterEncodingFilter</filter-name>
<filter-class>org.apache.catalina.filters.SetCharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
<param-name>ignore</param-name>
<param-value>false</param-value>
</init-param>
<async-supported>true</async-supported>
</filter>
If the output is does not match the expected result, this is a finding.
M
5333