STIGQter: STIG Summary: VMware vSphere 6.7 Virgo-Client Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

vSphere Client must not enable support for TRACE requests.

DISA Rule

SV-239766r679525_rule

Vulnerability Number

V-239766

Group Title

SRG-APP-000266-WSR-000160

Rule Version

VCFL-67-000025

Severity

CAT II

CCI(s)

CCI-001312 - The information system generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.

Weight

Fix Recommendation

Navigate to and open /usr/lib/vmware-vsphere-client/server/configuration/tomcat-server.xml.

Navigate to and locate:

'allowTrace="true"'

Remove the 'allowTrace="true"' setting.

Check Contents

At the command prompt, execute the following command:

# grep allowTrace /usr/lib/vmware-vsphere-client/server/configuration/tomcat-server.xml

If "allowTrace" is set to "true", this is a finding.

If no line is returned, this is NOT a finding.

Vulnerability Number

V-239766

Documentable

False

Rule Version

VCFL-67-000025

Severity Override Guidance

Check Content Reference

Target Key

5336

vSphere Client must not enable support for TRACE requests.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments