STIGQter STIGQter: STIG Summary: VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

tc Server CaSa must have mappings set for Java Servlet Pages.

DISA Rule

SV-99569r1_rule

Vulnerability Number

V-88919

Group Title

SRG-APP-000141-WSR-000083

Rule Version

VROM-TC-000385

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Navigate to and open /usr/lib/vmware-casa/casa-webapp/conf/web.xml.

Navigate to and locate the mapping for the JSP servlet. It is the <servlet-mapping> node that contains <servlet-name>jsp</servlet-name>.

Configure the <servlet-mapping> node to look like the code snippet below:

<!-- The mappings for the JSP servlet -->
<servlet-mapping>
<servlet-name>jsp</servlet-name>
<url-pattern>*.jsp</url-pattern>
<url-pattern>*.jspx</url-pattern>
</servlet-mapping>

Check Contents

At the command prompt, execute the following command:

grep -E '<url-pattern>\*\.jsp</url-pattern>' -B 2 -A 2 /usr/lib/vmware-casa/casa-webapp/conf/web.xml

If the “jsp” and “jspx” file extensions have not been mapped to the JSP servlet, this is a finding.

Vulnerability Number

V-88919

Documentable

False

Rule Version

VROM-TC-000385

Severity Override Guidance

At the command prompt, execute the following command:

grep -E '<url-pattern>\*\.jsp</url-pattern>' -B 2 -A 2 /usr/lib/vmware-casa/casa-webapp/conf/web.xml

If the “jsp” and “jspx” file extensions have not been mapped to the JSP servlet, this is a finding.

Check Content Reference

M

Target Key

3441

Comments