The Security Token Service must have mappings set for Java servlet pages.

An XCCDF Rule

Description

Resource mapping is the process of tying a particular file type to a process in the web server that can serve that type of file to a requesting client and identify which file types are not to be delivered to a client. By not specifying which files can and cannot be served to a user, the web server could deliver to a user web server configuration files, log files, password files, etc. As Tomcat is a Java-based web server, the main file extension used is *.jsp. This check ensures the *.jsp and *.jspx file types have been properly mapped to servlets.

ID: SV-256757r889241_rule
Version: VCST-70-000013
Severity: Medium
References: CCI-000381
Updated: about 2 months ago

Remediation Templates

Navigate to and open: 
 
/usr/lib/vmware-sso/vmware-sts/conf/web.xml 
 
Inside the <web-app> parent node, add the following: 
 <servlet-mapping> 
    <servlet-name>jsp</servlet-name> 
    <url-pattern>*.jsp</url-pattern> 
    <url-pattern>*.jspx</url-pattern> 
</servlet-mapping> 
 
Restart the service with the following command: 
 
# vmon-cli --restart sts

The Security Token Service must have mappings set for Java servlet pages.

Description

Remediation Templates

A Manual Procedure