Check: JBOS-AS-000685
JBoss Enterprise Application Platform 6.3 STIG:
JBOS-AS-000685
(in versions v2 r4 through v1 r1)
Title
The JRE installed on the JBoss server must be kept up to date. (Cat I impact)
Discussion
The JBoss product is available as Open Source; however, the Red Hat vendor provides updates, patches and support for the JBoss product. It is imperative that patches and updates be applied to JBoss in a timely manner as many attacks against JBoss focus on unpatched systems. It is critical that support be obtained and made available.
Check Content
Interview the system admin and obtain details on their patch management processes as it relates to the OS and the Application Server. If there is no active, documented patch management process in use for these components, this is a finding.
Fix Text
Configure the operating system and the application server to use a patch management system or process that ensures security-relevant updates are installed within the time period directed by the ISSM.
Additional Identifiers
Rule ID: SV-213550r955727_rule
Vulnerability ID: V-213550
Group Title: SRG-APP-000456-AS-000266
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-002605 |
The organization installs security-relevant software updates within an organization-defined time period of the release of the updates. |
Controls
| Number | Title |
|---|---|
| SI-2 |
Flaw Remediation |