The vCenter Lookup service default ROOT web application must be removed.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-259064 | SRG-APP-000141-AS-000095 | VCLU-80-000142 | SV-259064r960963_rule | 2024-07-11 | 2 |
Description
The default ROOT web application includes the version of Tomcat being used, links to Tomcat documentation, examples, FAQs, and mailing lists. The default ROOT web application must be removed from a publicly accessible instance and a more appropriate default page shown to users.
ℹ️ Check
At the command prompt, run the following command:
# ls -l /var/opt/apache-tomcat/webapps/ROOT
If the ROOT web application contains any content, this is a finding.
✔️ Fix
At the command prompt, run the following command:
# rm -rf /var/opt/apache-tomcat/webapps/ROOT/*