I - Mission Critical Public
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000122-AS-000082
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must protect audit tools from unauthorized modification.
<VulnDiscussion>Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Depending up...Rule Medium Severity -
SRG-APP-000123-AS-000083
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must protect audit tools from unauthorized deletion.
<VulnDiscussion>Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Depending up...Rule Medium Severity -
SRG-APP-000133-AS-000092
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must limit privileges to change the software resident within software libraries (including privileged programs).
<VulnDiscussion>Application servers have the ability to specify that the hosted applications utilize shared libraries. The application server...Rule Medium Severity -
SRG-APP-000141-AS-000095
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must adhere to the principles of least functionality by providing only essential capabilities.
<VulnDiscussion> Application servers provide a myriad of differing processes, features and functionalities. Some of these processes may be de...Rule Medium Severity -
SRG-APP-000142-AS-000014
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must prohibit or restrict the use of unauthorized functions, ports, protocols, and/or services.
<VulnDiscussion>Application servers provide numerous processes, features, and functionalities that utilize TCP/IP ports. Some of these proces...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must utilize automated mechanisms to prevent program execution on the information system.
<VulnDiscussion>The application server must provide a capability to halt or otherwise disable the automatic execution of deployed application...Rule Low Severity -
SRG-APP-000148-AS-000101
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must uniquely identify and authenticate users (or processes acting on behalf of users).
<VulnDiscussion>To assure accountability and prevent unauthorized access, application server users must be uniquely identified and authentica...Rule High Severity -
SRG-APP-000153-AS-000104
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must authenticate users individually prior to using a group authenticator.
<VulnDiscussion>To assure individual accountability and prevent unauthorized access, application server users (and any processes acting on be...Rule High Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must enforce minimum password length.
<VulnDiscussion>Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
Oracle WebLogic must enforce password complexity by the number of upper-case characters used.
<VulnDiscussion>Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.