WBLC-03-000125 - Oracle WebLogic must limit privileges to change the software resident within software libraries (including privileged programs).

Information

Application servers have the ability to specify that the hosted applications utilize shared libraries. The application server must have a capability to divide roles based upon duties wherein one project user (such as a developer) cannot modify the shared library code of another project user. The application server must also be able to specify that non-privileged users cannot modify any shared library code at all.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

1. Access AC
2. From 'Domain Structure', select 'Security Realms'
3. Select realm to configure (default is 'myrealm')
4. Select 'Users and Groups' tab -> 'Users' tab
5. From 'Users' table, select a user that must not have shared library modification access
6. From users settings page, select 'Groups' tab
7. From the 'Chosen' table, use the shuttle buttons to remove the role - 'Admin', 'Deployer'
8. Click 'Save'
9. Repeat steps 5-8 for all users that must not have shared library modification access

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_WebLogic_Server_12c_V2R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-5(6), CAT|II, CCI|CCI-001499, Rule-ID|SV-235960r628658_rule, STIG-ID|WBLC-03-000125, STIG-Legacy|SV-70523, STIG-Legacy|V-56269, Vuln-ID|V-235960

Plugin: Windows

Control ID: a635f184b08eaa0001acc7024abbdf89cff9e0d8ffd7a87527702fa12c158698