STIGQter STIGQter: STIG Summary: Oracle WebLogic Server 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

Oracle WebLogic must terminate the network connection associated with a communications session at the end of the session or after a DoD-defined time period of inactivity.

DISA Rule

SV-235979r628715_rule

Vulnerability Number

V-235979

Group Title

SRG-APP-000295-AS-000263

Rule Version

WBLC-08-000210

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

1. Access AC
2. From 'Domain Structure', select 'Deployments'
3. Sort 'Deployments' table by 'Type' by click the column header
4. Select an 'Enterprise Application' or 'Web Application' to check the session timeout setting
5. Select 'Configuration' tab -> 'Application' tab for deployments of 'Enterprise Application' type
Select 'Configuration' tab -> 'General' tab for deployments of 'Web Application' type
6. Utilize 'Change Center' to create a new change session
7. Set value in 'Session Timeout' field value to '900' (seconds). Click 'Save'
8. Repeat steps 4-7 for each 'Enterprise Application' and 'Web Application' deployment

Check Contents

1. Access AC
2. From 'Domain Structure', select 'Deployments'
3. Sort 'Deployments' table by 'Type' by click the column header
4. Select an 'Enterprise Application' or 'Web Application' to check the session timeout setting
5. Select 'Configuration' tab -> 'Application' tab for deployments of 'Enterprise Application' type
Select 'Configuration' tab -> 'General' tab for deployments of 'Web Application' type
6. Ensure 'Session Timeout' field value is set to '900' (seconds)

If the 'Session Timeout' field is not set '900', this is a finding.

Vulnerability Number

V-235979

Documentable

False

Rule Version

WBLC-08-000210

Severity Override Guidance

1. Access AC
2. From 'Domain Structure', select 'Deployments'
3. Sort 'Deployments' table by 'Type' by click the column header
4. Select an 'Enterprise Application' or 'Web Application' to check the session timeout setting
5. Select 'Configuration' tab -> 'Application' tab for deployments of 'Enterprise Application' type
Select 'Configuration' tab -> 'General' tab for deployments of 'Web Application' type
6. Ensure 'Session Timeout' field value is set to '900' (seconds)

If the 'Session Timeout' field is not set '900', this is a finding.

Check Content Reference

M

Target Key

5282

Comments