Details

WebSphere samples are not intended for use in a production environment. Do not run them there, as they create significant security risks. In particular, the snoop servlet can provide an outsider with tremendous amounts of information about your system. This is precisely the type of information you do not want to give a potential intruder.

Do not install the samples during the profile creation or uninstall the sample programs.

Solution

Navigate to Applications >> All Applications.

Click on the corresponding application checkbox.

Select ‘Remove’.

Click ‘OK’.

Click ‘Save’.

Supportive Information

The following resource is also helpful.

• http://iasecontent.disa.mil/stigs/zip/U_IBM_WebSphere_Traditional_V9-x_V1R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.

References

• 800-53|CM-7a.
• CAT|III
• CCI|CCI-000381
• Rule-ID|SV-95987r1_rule
• STIG-ID|WBSP-AS-000930
• Vuln-ID|V-81273

Source

• Tenable.com/audits