The vCenter Perfcharts service must enable "ENFORCE_ENCODING_IN_GET_WRITER".

An XCCDF Rule

Details
Profiles

Description

Some clients try to guess the character encoding of text media when the mandated default of ISO-8859-1 should be used. Some browsers will interpret as UTF-7 when the characters are safe for ISO-8859-1. This can create the potential for a XSS attack. To defend against this, enforce_encoding_in_get_writer must be set to true.

ID: SV-259101r961863_rule
Version: VCPF-80-000152
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

Navigate to and open:

/usr/lib/vmware-perfcharts/tc-instance/conf/catalina.properties

Update or remove the following line:
org.apache.catalina.connector.response.ENFORCE_ENCODING_IN_GET_WRITER=true

Restart the service with the following command:

# vmon-cli --restart perfcharts

The vCenter Perfcharts service must enable "ENFORCE_ENCODING_IN_GET_WRITER".

Description

Remediation Templates

A Manual Procedure