Details

MIME mappings tell the Security Token Service what type of program various file types and extensions are and what external utilities or programs are needed to execute the file type. By ensuring that various shell script MIME types are not included in ‘web.xml’, the server is protected against malicious users tricking the server into executing shell command files.

Solution

Open /usr/lib/vmware-sso/vmware-sts/conf/web.xml in a text editor.

Remove any and all of the following nodes lines:

application/x-csh
application/x-shar
application/x-sh
application/x-ksh

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

• 800-53|CM-7a.
• CAT|II
• CCI|CCI-000381
• Rule-ID|SV-239663r679061_rule
• STIG-ID|VCST-67-000012
• Vuln-ID|V-239663

Source

• Tenable.com/audits