VCST-67-000011 – The Security Token Service must be configured to limit access to internal packages.

Details

The ‘package.access’ entry in the ‘catalina.properties’ file implements access control at the package level. When properly configured, a Security Exception will be reported if an errant or malicious web app attempts to access the listed internal classes directly or if a new class is defined under the protected packages.

The Security Token Service comes preconfigured with the appropriate packages defined in ‘package.access’, and this configuration must be maintained.

Solution

Navigate to and open /usr/lib/vmware-sso/vmware-sts/conf/catalina.properties.

Ensure that the ‘package.access’ line is configured as follows:

package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-7a.
CAT|II
CCI|CCI-000381
Rule-ID|SV-239662r679058_rule
STIG-ID|VCST-67-000011
Vuln-ID|V-239662

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles