The vCenter VAMI service must explicitly disable Multipurpose Internet Mail Extensions (MIME) mime mappings based on "Content-Type".
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-259143 | VCLD-80-000031 | SV-259143r1003697_rule | Medium |
| Description |
| Controlling what a user of a hosted application can access is part of the security posture of the web server. Any time a user can access more functionality than is needed for the operation of the hosted application poses a security issue. A user with too much access can view information that is not needed for the user's job role, or the user could use the function in an unintentional manner. A MIME tells the web server what type of program various file types and extensions are and what external utilities or programs are needed to execute the file type. A limited number of MIME types must be configured manually, and automatic mapping must be disabled. |
| STIG | Date |
| VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) Security Technical Implementation Guide | 2024-07-11 |
Details
| Check Text (C-62883r1003695_chk) |
| At the command prompt, run the following command: # /opt/vmware/cap_lighttpd/sbin/lighttpd -p -f /var/lib/vmware/cap-lighttpd/lighttpd.conf 2>/dev/null|grep "mimetype.use-xattr" Example result: mimetype.use-xattr="disable" If "mimetype.use-xattr" is not set to "disable", this is a finding. Note: The command must be run from a bash shell and not from a shell generated by the "appliance shell". Use the "chsh" command to change the shell for the account to "/bin/bash". Refer to KB Article 2100508 for more details: https://kb.vmware.com/s/article/2100508 |
| Fix Text (F-62792r1003696_fix) |
| Navigate to and open: /var/lib/vmware/cap-lighttpd/lighttpd.conf Add or reconfigure the following value: mimetype.use-xattr = "disable" Restart the service with the following command: # systemctl restart cap-lighttpd |