STIGQter: STIG Summary: Oracle WebLogic Server 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

Oracle WebLogic must separate hosted application functionality from Oracle WebLogic management functionality.

DISA Rule

SV-235983r628727_rule

Vulnerability Number

V-235983

Group Title

SRG-APP-000211-AS-000146

Rule Version

WBLC-08-000222

Severity

CAT II

CCI(s)

CCI-001082 - The information system separates user functionality (including user interface services) from information system management functionality.

Weight

Fix Recommendation

1. Access AC
2. From 'Domain Structure', select 'Environment' -> 'Servers'
3. A single server in the list will be named 'Admin Server' and this is the server which hosts AS management functionality, such as the AdminConsole application
4. All remaining servers in the list are 'Managed Servers' and these are the individual or clustered servers which will host the actual applications
5. Utilize 'Change Center' to create a new change session
6. Undeploy all applications that are not used for AS management from the Admin server, and redeploy onto the Managed servers
7. This can be done from 'Deployments' tab -> 'Targets' tab; select each application which must be redeployed , deselect 'Admin Server' and select one or more of the Managed servers
8. Click 'Save' and restart servers if necessary

Check Contents

Vulnerability Number

V-235983

Documentable

False

Rule Version

WBLC-08-000222

Severity Override Guidance

Check Content Reference

Target Key

5282

Oracle WebLogic must separate hosted application functionality from Oracle WebLogic management functionality.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments