Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-213524 | JBOS-AS-000250 | SV-213524r954822_rule | Medium |
Description |
---|
Extraneous services and applications running on an application server expands the attack surface and increases risk to the application server. Securing any server involves identifying and removing any unnecessary services and, in the case of an application server, unnecessary and/or unapproved applications. |
STIG | Date |
---|---|
JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide | 2024-02-26 |
Check Text ( C-14747r296238_chk ) |
---|
Log on to the OS of the JBoss server with OS permissions that allow access to JBoss. Using the relevant OS commands and syntax, cd to the Run the jboss-cli script. Connect to the server and authenticate. Run the command: ls /deployment The list of deployed applications is displayed. Have the system admin identify the applications listed and confirm they are approved applications. If the system admin cannot provide documentation proving their authorization for deployed applications, this is a finding. |
Fix Text (F-14745r296239_fix) |
---|
Identify, authorize, and document all applications that are deployed to the application server. Remove unauthorized applications. |