Home
Security Hardening
DISA STIG VMware vSphere 6.7 STS Tomcat V1R1

DISA STIG VMware vSphere 6.7 STS Tomcat V1R1

VCST-67-000001 – The Security Token Service must limit the amount of time that each TCP connection is kept alive.
Details Denial of service (DoS) is one threat against web servers. Many DoS attacks attempt to consume web server resources...
VCST-67-000002 – The Security Token Service must limit the number of concurrent connections permitted.
Details Resource exhaustion can occur when an unlimited number of concurrent requests are allowed on a website, facilitating a denial-of-service...
VCST-67-000003 – The Security Token Service must limit the maximum size of a POST request.
Details The ‘maxPostSize’ value is the maximum size in bytes of the POST that will be handled by the container...
VCST-67-000004 – The Security Token Service must protect cookies from XSS.
Details Cookies are a common way to save session state over the HTTP(S) protocol. If an attacker can compromise session...
VCST-67-000005 – The Security Token Service must record user access in a format that enables monitoring of remote access.
Details Remote access can be exploited by an attacker to compromise the server. By recording all remote access activities, it...
VCST-67-000006 – The Security Token Service must generate log records during Java startup and shutdown – bufferSize
Details Logging must be started as soon as possible when a service starts and as late as possible when a...
VCST-67-000011 – The Security Token Service must be configured to limit access to internal packages.
Details The ‘package.access’ entry in the ‘catalina.properties’ file implements access control at the package level. When properly configured, a Security...
VCST-67-000012 – The Security Token Service must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled.
Details MIME mappings tell the Security Token Service what type of program various file types and extensions are and what...
VCST-67-000013 – The Security Token Service must have mappings set for Java servlet pages.
Details Resource mapping is the process of tying a particular file type to a process in the web server that...
VCST-67-000014 – The Security Token Service must not have the Web Distributed Authoring (WebDAV) servlet installed.
Details WebDAV is an extension to the HTTP protocol that, when developed, was meant to allow users to create, change,...

DISA STIG VMware vSphere 6.7 STS Tomcat V1R1

VCST-67-000001 – The Security Token Service must limit the amount of time that each TCP connection is kept alive.

VCST-67-000002 – The Security Token Service must limit the number of concurrent connections permitted.

VCST-67-000003 – The Security Token Service must limit the maximum size of a POST request.

VCST-67-000004 – The Security Token Service must protect cookies from XSS.

VCST-67-000005 – The Security Token Service must record user access in a format that enables monitoring of remote access.

VCST-67-000006 – The Security Token Service must generate log records during Java startup and shutdown – bufferSize

VCST-67-000011 – The Security Token Service must be configured to limit access to internal packages.

VCST-67-000012 – The Security Token Service must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled.

VCST-67-000013 – The Security Token Service must have mappings set for Java servlet pages.

VCST-67-000014 – The Security Token Service must not have the Web Distributed Authoring (WebDAV) servlet installed.