Check: JBOS-AS-000235
JBoss Enterprise Application Platform 6.3 STIG:
JBOS-AS-000235
(in versions v2 r4 through v1 r1)
Title
JBoss QuickStarts must be removed. (Cat II impact)
Discussion
JBoss QuickStarts are demo applications that can be deployed quickly. Demo applications are not written with security in mind and often open new attack vectors. QuickStarts must be removed.
Check Content
Examine the <JBOSS_HOME> folder. If a jboss-eap-6.3.0-GA-quickstarts folder exits, this is a finding.
Fix Text
Delete the QuickStarts folder.
Additional Identifiers
Rule ID: SV-213521r954822_rule
Vulnerability ID: V-213521
Group Title: SRG-APP-000141-AS-000095
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| CM-7 |
Least Functionality |