Skip to content

The vCenter ESX Agent Manager service xpoweredBy attribute must be disabled.

An XCCDF Rule

Description

<VulnDiscussion>Individual connectors can be configured to display the Tomcat information to clients. This information can be used to identify server versions that can be useful to attackers for identifying vulnerable versions of Tomcat. Individual connectors must be checked for the xpoweredBy attribute to ensure they do not pass server information to clients. The default value for xpoweredBy is "false".</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-259028r960963_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Navigate to and open:

/usr/lib/vmware-eam/web/conf/server.xml

Navigate to the <Connector> node and remove the "xpoweredBy" attribute.