STIGQter STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:

The WebSphere Application Server must disable JSP class reloading.

DISA Rule

SV-95993r1_rule

Vulnerability Number

V-81279

Group Title

SRG-APP-000141-AS-000095

Rule Version

WBSP-AS-000970

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

To disable JSP reloading:

From the admin console, navigate to: Applications >> All applications >> [application name] >> JSP and JSP options.

Uncheck "JSP enable class reloading".

Check Contents

From admin console, navigate to: Applications >> All applications >> [application name] >> JSP and JSP options.

If "JSP enable class reloading" is checked, this is a finding.

Vulnerability Number

V-81279

Documentable

False

Rule Version

WBSP-AS-000970

Severity Override Guidance

From admin console, navigate to: Applications >> All applications >> [application name] >> JSP and JSP options.

If "JSP enable class reloading" is checked, this is a finding.

Check Content Reference

M

Target Key

3399

Comments