Skip to content

The vCenter Lookup service xpoweredBy attribute must be disabled.

An XCCDF Rule

Description

<VulnDiscussion>Individual connectors can be configured to display the Tomcat information to clients. This information can be used to identify server versions that can be useful to attackers for identifying vulnerable versions of Tomcat. Individual connectors must be checked for the xpoweredBy attribute to ensure they do not pass server information to clients. The default value for xpoweredBy is "false".</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-259062r934844_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Navigate to and open:

/usr/lib/vmware-lookupsvc/conf/server.xml

Navigate to the <Connector> node and remove the "xpoweredBy" attribute.