STIGQter STIGQter: STIG Summary: VMware vSphere 6.7 VAMI-lighttpd Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

VAMI must set the encoding for all text mime types to UTF-8.

DISA Rule

SV-239735r679315_rule

Vulnerability Number

V-239735

Group Title

SRG-APP-000251-WSR-000157

Rule Version

VCLD-67-000028

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf.

Navigate to the "mimetype.assign" block.

Replace all the mappings whose assigned type is "text/*" with mappings for UTF-8 encoding, as follows:

".css" => "text/css; charset=utf-8",
".html" => "text/html; charset=utf-8",
".htm" => "text/html; charset=utf-8",
".js" => "text/javascript; charset=utf-8",
".asc" => "text/plain; charset=utf-8",
".c" => "text/plain; charset=utf-8",
".cpp" => "text/plain; charset=utf-8",
".log" => "text/plain; charset=utf-8",
".conf" => "text/plain; charset=utf-8",
".text" => "text/plain; charset=utf-8",
".txt" => "text/plain; charset=utf-8",
".spec" => "text/plain; charset=utf-8",
".dtd" => "text/xml; charset=utf-8",
".xml" => "text/xml; charset=utf-8",

Check Contents

At the command prompt, execute the following command:

# /opt/vmware/sbin/vami-lighttpd -p -f /opt/vmware/etc/lighttpd/lighttpd.conf|awk '/mimetype\.assign/,/\)/'|grep "text/"|grep -v "'charset=utf-8'"

If the command returns any value, this is a finding.

Vulnerability Number

V-239735

Documentable

False

Rule Version

VCLD-67-000028

Severity Override Guidance

At the command prompt, execute the following command:

# /opt/vmware/sbin/vami-lighttpd -p -f /opt/vmware/etc/lighttpd/lighttpd.conf|awk '/mimetype\.assign/,/\)/'|grep "text/"|grep -v "'charset=utf-8'"

If the command returns any value, this is a finding.

Check Content Reference

M

Target Key

5335

Comments