STIGQter STIGQter: STIG Summary: Oracle WebLogic Server 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

Oracle WebLogic must produce process events and severity levels to establish what type of HTTPD-related events and severity levels occurred.

DISA Rule

SV-235942r628604_rule

Vulnerability Number

V-235942

Group Title

SRG-APP-000095-AS-000056

Rule Version

WBLC-02-000073

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

1. Access AC
2. From 'Domain Structure', select 'Environment' -> 'Servers'
3. From the list of servers, select one which needs HTTPD logging enabled
4. Utilize 'Change Center' to create a new change session
5. From 'Logging' tab -> 'HTTP' tab, select 'HTTP access log file enabled' checkbox
6. Click 'Save', and from 'Change Center' click 'Activate Changes' to enable configuration changes

Check Contents

1. Access EM
2. Select the domain from the navigation tree, and use the dropdown to select 'WebLogic Domain' -> 'Logs' -> 'View Log Messages'
3. Within the 'Search' panel, expand 'Selected Targets'
4. Click 'Target Log Files' icon for 'AdminServer' target
5. From the list of log files, select 'access.log' and click 'View Log File' button
6. All HTTPD logging of the AdminServer will be displayed
7. Repeat for each managed server

If any managed server or the AdminServer does not have HTTPD events within the access.log file, this is a finding.

Vulnerability Number

V-235942

Documentable

False

Rule Version

WBLC-02-000073

Severity Override Guidance

1. Access EM
2. Select the domain from the navigation tree, and use the dropdown to select 'WebLogic Domain' -> 'Logs' -> 'View Log Messages'
3. Within the 'Search' panel, expand 'Selected Targets'
4. Click 'Target Log Files' icon for 'AdminServer' target
5. From the list of log files, select 'access.log' and click 'View Log File' button
6. All HTTPD logging of the AdminServer will be displayed
7. Repeat for each managed server

If any managed server or the AdminServer does not have HTTPD events within the access.log file, this is a finding.

Check Content Reference

M

Target Key

5282

Comments