Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-62327 | JBOS-AS-000685 | SV-76817r1_rule | High |
Description |
---|
The JBoss product is available as Open Source; however, the Red Hat vendor provides updates, patches and support for the JBoss product. It is imperative that patches and updates be applied to JBoss in a timely manner as many attacks against JBoss focus on unpatched systems. It is critical that support be obtained and made available. |
STIG | Date |
---|---|
JBoss EAP 6.3 Security Technical Implementation Guide | 2015-11-09 |
Check Text ( C-63131r1_chk ) |
---|
Interview the system admin and obtain details on their patch management processes as it relates to the OS and the Application Server. If there is no active, documented patch management process in use for these components, this is a finding. |
Fix Text (F-68247r1_fix) |
---|
Configure the operating system and the application server to use a patch management system or process that ensures security-relevant updates are installed within the time period directed by the ISSM. |