Details
The ‘package.access’ entry in the ‘catalina.properties’ file implements access control at the package level. When this is properly configured, a Security Exception will be reported if an errant or malicious web app attempts to access the listed internal classes directly or if a new class is defined under the protected packages. Performance Charts comes preconfigured with the appropriate packages defined in ‘package.access’, and this configuration must be maintained.
Solution
Navigate to and open /usr/lib/vmware-sso/vmware-sts/conf/catalina.properties and ensure that the ‘package.access’ line is configured as follows:
package.access =
sun.,
org.apache.catalina.,
org.apache.coyote.,
org.apache.jasper.,
org.apache.naming.resources.,
org.apache.tomcat.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.
References
- 800-53|CM-7a.
- CAT|II
- CCI|CCI-000381
- Rule-ID|SV-239432r675019_rule
- STIG-ID|VCPF-67-000031
- Vuln-ID|V-239432