Oracle WebLogic Server 12c STIG

Oracle WebLogic Server 12c Security Technical Implementation Guide

ID Vuln ID Title Cat Status
WBLC-08-000231 V-235987 Oracle WebLogic must protect the confidentiality of applications and leverage transmission protection mechanisms, such as TLS and SSL VPN, when deploying applications. Cat II
WBLC-02-000065 V-235940 Oracle WebLogic must compile audit records from multiple components within the system into a system-wide (logical or physical) audit trail that is time-correlated to within an organization-defined level of tolerance. Cat III
WBLC-05-000176 V-235975 Oracle WebLogic must use cryptographic modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data. Cat II
WBLC-01-000014 V-235932 Oracle WebLogic must support the capability to disable network protocols deemed by the organization to be non-secure except for explicitly identified components in support of specific operational requirements. Cat II
WBLC-08-000237 V-235990 Oracle WebLogic must limit the use of resources by priority and not impede the host from servicing processes designated as a higher-priority. Cat II
WBLC-01-000032 V-235936 Oracle WebLogic must limit the number of failed login attempts to an organization-defined number of consecutive invalid attempts that occur within an organization-defined time period. Cat II
WBLC-02-000062 V-235939 Oracle WebLogic must protect against an individual falsely denying having performed a particular action. Cat II
WBLC-02-000093 V-235954 Oracle WebLogic must use internal system clocks to generate time stamps for audit records. Cat III
WBLC-03-000128 V-235962 Oracle WebLogic must prohibit or restrict the use of unauthorized functions, ports, protocols, and/or services. Cat II
WBLC-02-000086 V-235953 Oracle WebLogic must notify administrative personnel as a group in the event of audit processing failure. Cat III
WBLC-01-000009 V-235928 Oracle WebLogic must utilize cryptography to protect the confidentiality of remote access management sessions. Cat II
WBLC-09-000254 V-235995 Oracle WebLogic must restrict error messages so only authorized personnel may view them. Cat II
WBLC-05-000165 V-235970 Oracle WebLogic must enforce password complexity by the number of special characters used. Cat II
WBLC-08-000222 V-235983 Oracle WebLogic must separate hosted application functionality from Oracle WebLogic management functionality. Cat II
WBLC-08-000211 V-235980 Oracle WebLogic must establish a trusted communications path between the user and organization-defined security functions within the information system. Cat II


Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.

Version Changes

If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.