The vCenter Lookup service xpoweredBy attribute must be disabled.

An XCCDF Rule

Description

<VulnDiscussion>Individual connectors can be configured to display the Tomcat information to clients. This information can be used to identify server versions that can be useful to attackers for identifying vulnerable versions of Tomcat. Individual connectors must be checked for the xpoweredBy attribute to ensure they do not pass server information to clients. The default value for xpoweredBy is "false".</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-259062r934844_rule
Severity: Medium
References: CCI-000381
Updated: 17 days ago

Navigate to and open:

/usr/lib/vmware-lookupsvc/conf/server.xml

Navigate to the <Connector> node and remove the "xpoweredBy" attribute.
Restart the service with the following command:

# vmon-cli --restart lookupsvc

The vCenter Lookup service xpoweredBy attribute must be disabled.

Description

Remediation - Manual Procedure