Home
Security Hardening
Oracle WebLogic Server 12C Linux V2R1

Oracle WebLogic Server 12C Linux V2R1

WBLC-01-000019 – Oracle WebLogic must automatically audit account modification – Configuration Audit Type
Details Once an attacker establishes initial access to a system, they often attempt to create a persistent method of reestablishing...
WBLC-01-000030 – Oracle WebLogic must provide access logging that ensures users who are granted a privileged role (or roles) have their privileged activity logged.
Details In order to be able to provide a forensic history of activity, the application server must ensure users who...
WBLC-02-000062 – Oracle WebLogic must protect against an individual falsely denying having performed a particular action.
Details Non-repudiation of actions taken is required in order to maintain application integrity. Examples of particular actions taken by individuals...
WBLC-02-000065 – Oracle WebLogic must compile audit records from multiple components within the system into a system-wide (logical or physical) audit trail that is time-correlated to within an organization-defined level of tolerance.
Details Audit generation and audit records can be generated from various components within the application server. The list of audited...
WBLC-02-000069 – Oracle WebLogic must generate audit records for the DoD-selected list of auditable events – HTTP Access Log
Details Audit records can be generated from various components within the application server. The list of audited events is the...
WBLC-02-000073 – Oracle WebLogic must produce process events and severity levels to establish what type of HTTPD-related events and severity levels occurred.
Details Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy...
WBLC-01-000032 – Oracle WebLogic must limit the number of failed login attempts to an organization-defined number of consecutive invalid attempts that occur within an organization-defined time period.
Details Anytime an authentication method is exposed so as to allow for the login to an application, there is a...
WBLC-01-000033 – Oracle WebLogic must enforce the organization-defined time period during which the limit of consecutive invalid access attempts by a user is counted.
Details By limiting the number of failed login attempts, the risk of unauthorized system access via automated user password guessing,...
WBLC-01-000034 – Oracle WebLogic must automatically lock accounts when the maximum number of unsuccessful login attempts is exceeded for an organization-defined time period or until the account is unlocked by an administrator.
Details Anytime an authentication method is exposed so as to allow for the utilization of an application interface, there is...
WBLC-02-000074 – Oracle WebLogic must produce audit records containing sufficient information to establish what type of JVM-related events and severity levels occurred.
Details Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy...

Prev Next

Oracle WebLogic Server 12C Linux V2R1

WBLC-01-000019 – Oracle WebLogic must automatically audit account modification – Configuration Audit Type

WBLC-01-000030 – Oracle WebLogic must provide access logging that ensures users who are granted a privileged role (or roles) have their privileged activity logged.

WBLC-02-000062 – Oracle WebLogic must protect against an individual falsely denying having performed a particular action.

WBLC-02-000065 – Oracle WebLogic must compile audit records from multiple components within the system into a system-wide (logical or physical) audit trail that is time-correlated to within an organization-defined level of tolerance.

WBLC-02-000069 – Oracle WebLogic must generate audit records for the DoD-selected list of auditable events – HTTP Access Log

WBLC-02-000073 – Oracle WebLogic must produce process events and severity levels to establish what type of HTTPD-related events and severity levels occurred.

WBLC-01-000032 – Oracle WebLogic must limit the number of failed login attempts to an organization-defined number of consecutive invalid attempts that occur within an organization-defined time period.

WBLC-01-000033 – Oracle WebLogic must enforce the organization-defined time period during which the limit of consecutive invalid access attempts by a user is counted.

WBLC-01-000034 – Oracle WebLogic must automatically lock accounts when the maximum number of unsuccessful login attempts is exceeded for an organization-defined time period or until the account is unlocked by an administrator.

WBLC-02-000074 – Oracle WebLogic must produce audit records containing sufficient information to establish what type of JVM-related events and severity levels occurred.