STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide

V-240862

CAT II (Medium)

tc Server HORIZON must disable the shutdown port.

Rule ID

SV-240862r879806_rule

STIG

VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-002385

Discussion

An attacker has at least two reasons to stop a web server. The first is to cause a DoS, and the second is to put in place changes the attacker made to the web server configuration. As a Tomcat derivative, tc Server uses a port (defaults to 8005) as a shutdown port. If enabled, a shutdown signal can be sent to tc Server through this port. To ensure availability, the shutdown port should be disabled.

Check Content

At the command prompt, execute the following command:

grep base.shutdown.port /opt/vmware/horizon/workspace/conf/catalina.properties

If the value of "base.shutdown.port" is not set to "-1" or is missing, this is a finding.

Fix Text

Navigate to and open /opt/vmware/horizon/workspace/conf/catalina.properties.

Navigate to the "base.shutdown.port" setting.

Add the setting "base.shutdown.port=-1" to the "catalina.properties" file.