Skip to content
Log In

VMware vSphere 7.0 vCenter Appliance UI Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • vSphere UI must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.

    Determining a safe state for failure and weighing that against a potential denial of service for users depends on what type of application the web server is hosting. For the Security Token Service,...
    Rule Medium Severity
    Show

  • vSphere UI must set URIEncoding to UTF-8.

    Invalid user input occurs when a user inserts data or characters into a hosted application's data entry field and the hosted application is unprepared to process that data. This results in unantici...
    Rule Medium Severity
    Show

  • vSphere UI must be configured to hide the server version.

    Web servers will often display error messages to client users with enough information to aid in the debugging of the error. The information given back in error messages may display the web server t...
    Rule Medium Severity
    Show

  • vSphere UI must have the debug option turned off.

    Information needed by an attacker to begin looking for possible vulnerabilities in a web server includes any information about the web server and plug-ins or modules being used. When debugging or t...
    Rule Medium Severity
    Show

  • vSphere UI log files must be moved to a permanent repository in accordance with site policy.

    vSphere UI produces several logs that must be offloaded from the originating system. This information can then be used for diagnostic, forensics, or other purposes relevant to ensuring the availabi...
    Rule Medium Severity
    Show

  • vSphere UI must set the secure flag for cookies.

    The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP response. The purpose of the secure flag is to prevent cookies from being...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules