An error occurred:

Check: JBOS-AS-000680

JBoss Enterprise Application Platform 6.3 STIG: JBOS-AS-000680 (in versions v2 r4 through v1 r1)

Title

Production JBoss servers must be supported by the vendor. (Cat I impact)

Discussion

The JBoss product is available as Open Source; however, the Red Hat vendor provides updates, patches and support for the JBoss product. It is imperative that patches and updates be applied to JBoss in a timely manner as many attacks against JBoss focus on unpatched systems. It is critical that support be obtained and made available.

Check Content

Interview the system admin and have them either show documented proof of current support, or have them demonstrate their ability to access the Red Hat Enterprise Support portal. Verify Red Hat support includes coverage for the JBoss product. If there is no current and active support from the vendor, this is a finding.

Fix Text

Obtain vendor support from Red Hat.

Additional Identifiers

Rule ID: SV-213549r955727_rule

Vulnerability ID: V-213549

Group Title: SRG-APP-000456-AS-000266

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002605

The organization installs security-relevant software updates within an organization-defined time period of the release of the updates.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-2

Flaw Remediation