STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide

V-241689

CAT II (Medium)

tc Server CaSa must have the allowTrace parameter set to false.

Rule ID

SV-241689r879655_rule

STIG

VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-001312

Discussion

Web servers will often display error messages to client users displaying enough information to aid in the debugging of the error. The information given back in error messages may display the web server type, version, patches installed, plug-ins and modules installed, type of code being used by the hosted application, and any backends being used for data storage.

Check Content

At the command prompt, execute the following command:

grep allowTrace /usr/lib/vmware-casa/casa-webapp/conf/server.xml

If “allowTrace” is set to "true", this is a finding.

Note: If no line is returned this is NOT a finding.

Fix Text

Navigate to and open /usr/lib/vmware-casa/casa-webapp/conf/server.xml.

Navigate to and locate the <Connector> nodes that have 'allowTrace="true"'

Remove the 'allowTrace="true"' setting.