Oracle WebLogic must protect the integrity of applications during the processes of data aggregation, packaging, and transformation in preparation for deployment.

From Oracle WebLogic Server 12c Security Technical Implementation Guide

Associated with: CCI-001209

SV-70587r1_rule Oracle WebLogic must protect the integrity of applications during the processes of data aggregation, packaging, and transformation in preparation for deployment.

Vulnerability discussion

Information can be subjected to unauthorized changes (e.g., malicious and/or unintentional modification) at information aggregation or protocol transformation points. It is therefore imperative the application take steps to validate and assure the integrity of data while at these stages of processing. The application server must ensure the integrity of data that is pending transfer for deployment is maintained. If the application were to simply transmit aggregated, packaged, or transformed data without ensuring the data was not manipulated during these processes, then the integrity of the data and the application itself may be called into question.

Check content

1. Access AC 2. From 'Domain Structure', select the top-level domain 3. Select 'Configuration' tab -> 'General' tab 4. Ensure 'Production Mode' checkbox is selected If the 'Production Mode' checkbox is not selected, this is a finding.

Fix text

1. Access AC 2. From 'Domain Structure', select the top-level domain 3. Select 'Configuration' tab -> 'General' tab 4. Check 'Production Mode' checkbox. Click 'Save' 5. Restart all servers

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.