STIGQter: STIG Summary: JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The JRE installed on the JBoss server must be kept up to date.

DISA Rule

SV-213550r615939_rule

Vulnerability Number

V-213550

Group Title

SRG-APP-000456-AS-000266

Rule Version

JBOS-AS-000685

Severity

CAT I

CCI(s)

• CCI-002605 - The organization installs security-relevant software updates within an organization-defined time period of the release of the updates.

Weight

10

Fix Recommendation

Configure the operating system and the application server to use a patch management system or process that ensures security-relevant updates are installed within the time period directed by the ISSM.

Check Contents

Interview the system admin and obtain details on their patch management processes as it relates to the OS and the Application Server.

If there is no active, documented patch management process in use for these components, this is a finding.

Vulnerability Number

V-213550

Documentable

False

Rule Version

JBOS-AS-000685

Severity Override Guidance

Interview the system admin and obtain details on their patch management processes as it relates to the OS and the Application Server.

If there is no active, documented patch management process in use for these components, this is a finding.

Check Content Reference

M

Target Key

3987

Comments