STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must generate a unique session identifier for each session.

DISA Rule

SV-204764r508029_rule

Vulnerability Number

V-204764

Group Title

SRG-APP-000223

Rule Version

SRG-APP-000223-AS-000150

Severity

CAT II

CCI(s)

• CCI-001664 - The information system recognizes only session identifiers that are system-generated.

Weight

10

Fix Recommendation

Configure the application server to generate a unique session identifier for each session.

Check Contents

Review the application server session management configuration settings in either the application server management console, application server initialization or application server configuration files to determine if the application server is configured to generate a unique session identifier for each session.

If the application server is not configured to generate a unique session identifier for each session, this is a finding.

Vulnerability Number

V-204764

Documentable

False

Rule Version

SRG-APP-000223-AS-000150

Severity Override Guidance

Review the application server session management configuration settings in either the application server management console, application server initialization or application server configuration files to determine if the application server is configured to generate a unique session identifier for each session.

If the application server is not configured to generate a unique session identifier for each session, this is a finding.

Check Content Reference

M

Target Key

2900

Comments