STIGQter: STIG Summary: Oracle WebLogic Server 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

Oracle WebLogic must prohibit or restrict the use of unauthorized functions, ports, protocols, and/or services.

DISA Rule

SV-235962r672376_rule

Vulnerability Number

V-235962

Group Title

SRG-APP-000142-AS-000014

Rule Version

WBLC-03-000128

Severity

CAT II

CCI(s)

• CCI-000382 - The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services.

Weight

10

Fix Recommendation

1. Access AC
2. To change port or protocol values, from 'Domain Structure', select 'Environment' -> 'Servers'
3. From the list of servers, select one which needs modification
4. Utilize 'Change Center' to create a new change session
5. To modify port assignment, from 'Configuration' tab -> 'General' tab, reassign the port for this server by changing the 'SSL Listen Port' field and click 'Save'
6. To modify protocol configuration, select 'Protocols' tab
7. Use the subtabs 'HTTP', 'jCOM' and 'IIOP' to configure these protocols
8. Use the 'Channels' subtab to create/modify channels which configure other protocols
9. Repeat steps 3-8 for all servers requiring modification
10. Review the 'Port Usage' table in EM again to ensure port has been reassigned

Check Contents

1. Access EM
2. Select the domain from the navigation tree, and use the dropdown to select 'WebLogic Domain' -> 'Monitoring' -> 'Port Usage'
3. In the results table, ensure values in the 'Port in Use' column match approved ports
4. In the results table, ensure values in the 'Protocol' column match approved protocols

If any ports listed in the 'Port in Use' column is an unauthorized port or any protocols listed in the 'Protocol' column is an unauthorized protocol, this is a finding.

Vulnerability Number

V-235962

Documentable

False

Rule Version

WBLC-03-000128

Severity Override Guidance

1. Access EM
2. Select the domain from the navigation tree, and use the dropdown to select 'WebLogic Domain' -> 'Monitoring' -> 'Port Usage'
3. In the results table, ensure values in the 'Port in Use' column match approved ports
4. In the results table, ensure values in the 'Protocol' column match approved protocols

If any ports listed in the 'Port in Use' column is an unauthorized port or any protocols listed in the 'Protocol' column is an unauthorized protocol, this is a finding.

Check Content Reference

M

Target Key

5282

Comments