The vCenter ESX Agent Manager service must enable "ENFORCE_ENCODING_IN_GET_WRITER".

An XCCDF Rule

Details
Profiles

Description

Some clients try to guess the character encoding of text media when the mandated default of ISO-8859-1 should be used. Some browsers will interpret as UTF-7 when the characters are safe for ISO-8859-1. This can create the potential for a XSS attack. To defend against this, enforce_encoding_in_get_writer must be set to true.

ID: SV-259034r934760_rule
Version: VCEM-80-000152
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

Navigate to and open:

/etc/vmware-eam/catalina.properties

Update or remove the following line:
org.apache.catalina.connector.response.ENFORCE_ENCODING_IN_GET_WRITER=true

Restart the service with the following command:

# vmon-cli --restart eam

The vCenter ESX Agent Manager service must enable "ENFORCE_ENCODING_IN_GET_WRITER".

Description

Remediation Templates

A Manual Procedure