STIGQter: STIG Summary: VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

Lighttpd must only enable mappings to necessary and approved scripts.

DISA Rule

SV-99913r1_rule

Vulnerability Number

V-89263

Group Title

SRG-APP-000141-WSR-000082

Rule Version

VRAU-LI-000190

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf file

Navigate to the cgi.assign parameter.

Configure the cgi.assign parameter with the scripts that are deemed necessary and approved (whitelisted).

Check Contents

Obtain supporting documentation from the ISSO.

Determine the scripts that are deemed necessary and approved (whitelist).

Note: Lighttpd provides the cgi.assign parameter to specify script mappings.

Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf file

Navigate to the cgi.assign parameter.

If cgi.assign parameter is configured with script types that are deemed for denial, this is a finding.

Vulnerability Number

V-89263

Documentable

False

Rule Version

VRAU-LI-000190

Severity Override Guidance

Obtain supporting documentation from the ISSO.

Determine the scripts that are deemed necessary and approved (whitelist).

Note: Lighttpd provides the cgi.assign parameter to specify script mappings.

Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf file

Navigate to the cgi.assign parameter.

If cgi.assign parameter is configured with script types that are deemed for denial, this is a finding.

Check Content Reference

M

Target Key

3457

Comments