STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:

The WebSphere Application Server Java 2 security must not be bypassed.

DISA Rule

SV-95939r1_rule

Vulnerability Number

V-81225

Group Title

SRG-APP-000033-AS-000024

Rule Version

WBSP-AS-000212

Severity

CAT I

CCI(s)

• CCI-000213 - The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Weight

10

Fix Recommendation

From the admin console, select Servers >> Server Types >> WebSphere application servers.

For each application server, select Server Infrastructure >> Administration >> Custom properties.

Delete the "com.ibm.websphere.java2secman.norethrow" resource value from production systems.

Check Contents

If the system is a development or test system, this requirement is NA.

From the admin console, select Servers >> Server Types >> WebSphere application servers.

For each application server, select Server Infrastructure >> Administration >> Custom properties.

If the "com.ibm.websphere.java2secman.norethrow" resource value exists and is set to "true", this is a finding.

Vulnerability Number

V-81225

Documentable

False

Rule Version

WBSP-AS-000212

Severity Override Guidance

If the system is a development or test system, this requirement is NA.

From the admin console, select Servers >> Server Types >> WebSphere application servers.

For each application server, select Server Infrastructure >> Administration >> Custom properties.

If the "com.ibm.websphere.java2secman.norethrow" resource value exists and is set to "true", this is a finding.

Check Content Reference

M

Target Key

3399

Comments