Details

An attacker has at least two reasons to stop a web server. The first is to cause a denial of service, and the second is to put in place changes the attacker made to the web server configuration. If the Tomcat shutdown port feature is enabled, a shutdown signal can be sent to vSphere UI through this port. To ensure availability, the shutdown port must be disabled.

Solution

Navigate to and open /usr/lib/vmware-vsphere-ui/server/conf/server.xml.

Make sure that the server port is disabled:

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.

References

• 800-53|SC-5
• CAT|II
• CCI|CCI-002385
• Rule-ID|SV-239710r679236_rule
• STIG-ID|VCUI-67-000029
• Vuln-ID|V-239710

Source

• Tenable.com/audits