Details

An attacker has at least two reasons to stop a web server. The first is to cause a denial of service, and the second is to put in place changes the attacker made to the web server configuration. If the Tomcat shutdown port feature is enabled, a shutdown signal can be sent to the Security Token Service through this port. To ensure availability, the shutdown port must be disabled.

Solution

Open /usr/lib/vmware-sso/vmware-sts/conf/catalina.properties in a text editor.

Add or modify the following setting:

base.shutdown.port=-1

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.

References

• 800-53|SC-5
• CAT|II
• CCI|CCI-002385
• Rule-ID|SV-239680r679112_rule
• STIG-ID|VCST-67-000029
• Vuln-ID|V-239680

Source

• Tenable.com/audits