The WebSphere Application Server plug-in is not specified in accordance with the proper security requirements.
An XCCDF Rule
Description
Requests processed by the WebSphere Application Server (WAS) are dependent on directives configured in the HTTP server httpd.conf file. These directives specify critical files containing the WAS plug-in and WAS configuration. These files provide the operational and security characteristics of WAS. Failure to properly configure WAS-related directives could lead to undesirable operations and degraded security. This exposure may compromise the availability and integrity of applications and customer data.
- ID
- SV-225622r958408_rule
- Version
- ZWAS0050
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
The IAO will ensure that the WebSphere Application Server directives in the httpd.conf file are configured as outlined below.
Ensure that all WAS-related directives are configured using the ServerInit, Service, and ServerTerm statements as outlined below.
The following path entries were added to the /etc/httpd.conf file for WebSphere 3.5:
ServerInit /usr/lpp/WebSphere/AppServer/bin/was350plugin.so:init_exit /usr/lpp/WebSphere/etc/WebSphere/AppServer/properties/was.conf