Check: SRG-APP-000225-AS-000153
Application Server SRG:
SRG-APP-000225-AS-000153
(in versions v4 r2 through v2 r2)
Title
The application server must be configured to perform complete application deployments. (Cat II impact)
Discussion
Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. When an application is deployed to the application server, if the deployment process does not complete properly and without errors, there is the potential that some application files may not be deployed or may be corrupted and an application error may occur during runtime. The application server must be able to perform complete application deployments. A partial deployment can leave the server in an inconsistent state. Application servers may provide a transaction rollback function to address this issue.
Check Content
Review the application server configuration and documentation to ensure the system is configured to perform complete application deployments. If the application server is not configured to ensure complete application deployments or provides no rollback functionality, this is a finding.
Fix Text
Configure the application server to detect errors that occur during application deployment and to prevent deployment if errors are encountered.
Additional Identifiers
Rule ID: SV-204767r961122_rule
Vulnerability ID: V-204767
Group Title: SRG-APP-000225
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001190 |
Fail to an organization-defined known-system state for the list of organization-defined types of system failures on organization-defined system components on the indicated components while preserving organization-defined system state information in failure. |
Controls
| Number | Title |
|---|---|
| SC-24 |
Fail in Known State |