UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Any unapproved applications must be removed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-213524 JBOS-AS-000250 SV-213524r954822_rule Medium
Description
Extraneous services and applications running on an application server expands the attack surface and increases risk to the application server. Securing any server involves identifying and removing any unnecessary services and, in the case of an application server, unnecessary and/or unapproved applications.
STIG Date
JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide 2024-02-26

Details

Check Text ( C-14747r296238_chk )
Log on to the OS of the JBoss server with OS permissions that allow access to JBoss.
Using the relevant OS commands and syntax, cd to the /bin/ folder.
Run the jboss-cli script.
Connect to the server and authenticate.
Run the command:

ls /deployment

The list of deployed applications is displayed. Have the system admin identify the applications listed and confirm they are approved applications.

If the system admin cannot provide documentation proving their authorization for deployed applications, this is a finding.
Fix Text (F-14745r296239_fix)
Identify, authorize, and document all applications that are deployed to the application server. Remove unauthorized applications.