STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMware vSphere 7.0 vCenter Appliance STS Security Technical Implementation Guide

V-256772

CAT II (Medium)

The Security Token Service must disable the shutdown port.

Rule ID

SV-256772r889286_rule

STIG

VMware vSphere 7.0 vCenter Appliance STS Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-002385

Discussion

An attacker has at least two reasons to stop a web server. The first is to cause a denial of service, and the second is to put in place changes the attacker made to the web server configuration. If the Tomcat shutdown port feature is enabled, a shutdown signal can be sent to the Security Token Service through this port. To ensure availability, the shutdown port must be disabled.

Check Content

At the command prompt, run the following command: 
 
# grep 'base.shutdown.port' /usr/lib/vmware-sso/vmware-sts/conf/catalina.properties 
 
Expected result: 
 
base.shutdown.port=-1 
 
If the output of the command does not match the expected result, this is a finding.

Fix Text

Navigate to and open: 
 
/usr/lib/vmware-sso/vmware-sts/conf/catalina.properties 
 
Add or modify the following setting: 
 
base.shutdown.port=-1 
 
Restart the service with the following command: 
 
# vmon-cli --restart sts