STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide

V-241584

CAT II (Medium)

tc Server API must perform server-side session management.

Rule ID

SV-241584r879511_rule

STIG

VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000054

Discussion

Cookies are a common way to save session state over the HTTP(S) protocol. If an attacker can compromise session data stored in a cookie, they are better able to launch an attack against the server and its applications. Session cookies stored on the server are more secure than cookies stored on the client. Therefore, tc Server must be configured correctly in order to generate and manage session cookies on the server. Managing cookies on the server provides a layer of defense to vRealize Automation. By default, tc Server is designed to manage cookies on the server. However, incorrect configuration can turn off the default feature.

Check Content

At the command prompt, execute the following command:

grep -E 'cookies=.false' /usr/lib/vmware-vcops/tomcat-enterprise/conf/context.xml

If the command produces any output, this is a finding.

Fix Text

Navigate to and open /usr/lib/vmware-vcops/tomcat-enterprise/conf/context.xml.

Navigate to and locate the <Context> node.

Remove the value 'cookies="false"' from the <Context> node.