STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) Security Technical Implementation Guide

V-258996

CAT II (Medium)

The vCenter STS service default ROOT web application must be removed.

Rule ID

SV-258996r934646_rule

STIG

VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000381

Discussion

The default ROOT web application includes the version of Tomcat being used, links to Tomcat documentation, examples, FAQs, and mailing lists. The default ROOT web application must be removed from a publicly accessible instance and a more appropriate default page shown to users.

Check Content

At the command prompt, run the following command:

# ls -l /var/opt/apache-tomcat/webapps/ROOT

If the ROOT web application contains any content, this is a finding.

Fix Text

At the command prompt, run the following command:

# rm -rf /var/opt/apache-tomcat/webapps/ROOT/*