VCST-67-000009 – The Security Token Service must only run one web app.

Details

VMware ships the Security Token Service on the VCSA with one web app, in ROOT.war. Any other .war file is potentially malicious and must be removed.

Solution

For each unexpected file returned in the check, run the following command:

# rm /usr/lib/vmware-sso/vmware-sts/webapps/.war

Restart the service with the following command:

# service-control –restart vmware-stsd

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-5(3)
CAT|II
CCI|CCI-001749
Rule-ID|SV-239660r679052_rule
STIG-ID|VCST-67-000009
Vuln-ID|V-239660

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles