Oracle WebLogic Server 12c STIG

Oracle WebLogic Server 12c Security Technical Implementation Guide

ID Vuln ID Title Cat Status
WBLC-08-000231 V-235987 Oracle WebLogic must protect the confidentiality of applications and leverage transmission protection mechanisms, such as TLS and SSL VPN, when deploying applications. Cat II
WBLC-02-000065 V-235940 Oracle WebLogic must compile audit records from multiple components within the system into a system-wide (logical or physical) audit trail that is time-correlated to within an organization-defined level of tolerance. Cat III
WBLC-05-000176 V-235975 Oracle WebLogic must use cryptographic modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data. Cat II
WBLC-01-000014 V-235932 Oracle WebLogic must support the capability to disable network protocols deemed by the organization to be non-secure except for explicitly identified components in support of specific operational requirements. Cat II
WBLC-08-000237 V-235990 Oracle WebLogic must limit the use of resources by priority and not impede the host from servicing processes designated as a higher-priority. Cat II
WBLC-01-000032 V-235936 Oracle WebLogic must limit the number of failed login attempts to an organization-defined number of consecutive invalid attempts that occur within an organization-defined time period. Cat II
WBLC-02-000062 V-235939 Oracle WebLogic must protect against an individual falsely denying having performed a particular action. Cat II
WBLC-02-000093 V-235954 Oracle WebLogic must use internal system clocks to generate time stamps for audit records. Cat III
WBLC-03-000128 V-235962 Oracle WebLogic must prohibit or restrict the use of unauthorized functions, ports, protocols, and/or services. Cat II
WBLC-02-000086 V-235953 Oracle WebLogic must notify administrative personnel as a group in the event of audit processing failure. Cat III
WBLC-01-000009 V-235928 Oracle WebLogic must utilize cryptography to protect the confidentiality of remote access management sessions. Cat II
WBLC-09-000254 V-235995 Oracle WebLogic must restrict error messages so only authorized personnel may view them. Cat II
WBLC-05-000165 V-235970 Oracle WebLogic must enforce password complexity by the number of special characters used. Cat II
WBLC-08-000222 V-235983 Oracle WebLogic must separate hosted application functionality from Oracle WebLogic management functionality. Cat II
WBLC-08-000211 V-235980 Oracle WebLogic must establish a trusted communications path between the user and organization-defined security functions within the information system. Cat II

Print

Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.
Print

Version Changes

If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.
Changes