STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:

The WebSphere Application Server maximum in-memory session count must be set according to application requirements.

DISA Rule

SV-95907r1_rule

Vulnerability Number

V-81193

Group Title

SRG-APP-000001-AS-000001

Rule Version

WBSP-AS-000010

Severity

CAT II

CCI(s)

• CCI-000054 - The information system limits the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number of sessions.

Weight

10

Fix Recommendation

In the administrative console page, click Servers >> Server Types >> WebSphere application servers >> [server_name] >> Session management.

Edit the Maximum in-memory session count field to be the number of sessions allowable.

Check Contents

Review system documentation.

Identify the application session requirements.

In the administrative console page, click Servers >> Server Types >> WebSphere application servers >> [server_name] >> Session management.

Ensure the Maximum in-memory session count field is set to the number of sessions allowable.

If not set according to application requirements, this is a finding.

Vulnerability Number

V-81193

Documentable

False

Rule Version

WBSP-AS-000010

Severity Override Guidance

Review system documentation.

Identify the application session requirements.

In the administrative console page, click Servers >> Server Types >> WebSphere application servers >> [server_name] >> Session management.

Ensure the Maximum in-memory session count field is set to the number of sessions allowable.

If not set according to application requirements, this is a finding.

Check Content Reference

M

Target Key

3399

Comments