STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:

The WebSphere Application Server must disable JSP class reloading.

DISA Rule

SV-95993r1_rule

Vulnerability Number

V-81279

Group Title

SRG-APP-000141-AS-000095

Rule Version

WBSP-AS-000970

Severity

CAT II

CCI(s)

CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

Fix Recommendation

To disable JSP reloading:

From the admin console, navigate to: Applications >> All applications >> [application name] >> JSP and JSP options.

Uncheck "JSP enable class reloading".

Check Contents

From admin console, navigate to: Applications >> All applications >> [application name] >> JSP and JSP options.

If "JSP enable class reloading" is checked, this is a finding.

Vulnerability Number

V-81279

Documentable

False

Rule Version

WBSP-AS-000970

Severity Override Guidance

From admin console, navigate to: Applications >> All applications >> [application name] >> JSP and JSP options.

If "JSP enable class reloading" is checked, this is a finding.

Check Content Reference

Target Key

3399

The WebSphere Application Server must disable JSP class reloading.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments