Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The WebSphere Liberty Server must be configured to use HTTPS only.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-250348 | IBMW-LS-001120 | SV-250348r862997_rule | Medium |
| Description |
|---|
| Transmission of data can take place between the application server and a large number of devices/applications external to the application server. Examples are a web client used by a user, a backend database, a log server, or other application servers in an application server cluster. |
| STIG | Date |
|---|---|
| IBM WebSphere Liberty Server Security Technical Implementation Guide | 2022-09-09 |
Details
| Check Text ( C-53783r862995_chk ) |
|---|
| Review the ${server.config.dir}/server.xml file and check the ssl-1.0 feature and httpEndpoint settings. If the ssl-1.0 feature is not defined, this is a finding. If the httpEndpoint settings do not include ssloptions, this is a finding. httpPort="${bvt.prop.HTTP_default}" httpsPort="${bvt.prop.HTTP_default.secure}" > |
| Fix Text (F-53737r862996_fix) |
|---|
| Modify the server.xml file. Enable the ssl-1.0 feature and configure the httpEndpoint settings. The keystores and truststores must also be configured. httpPort="${bvt.prop.HTTP_default}" httpsPort="${bvt.prop.HTTP_default.secure}" > trustStoreRef="defaultKeyStore" serverKeyAlias="default" /> trustStoreRef="alternateTrustStore" serverKeyAlias="alternateCert" enabledCiphers="AES256-SHA AES128-SHA" /> |