Oracle WebLogic must identify potentially security-relevant error conditions.

From Oracle WebLogic Server 12c Security Technical Implementation Guide

Part of SRG-APP-000265-AS-000168

Associated with: CCI-001311

SV-70605r1_rule Oracle WebLogic must identify potentially security-relevant error conditions.

Vulnerability discussion

The structure and content of error messages need to be carefully considered by the organization and development team. The extent to which the application server is able to identify and handle error conditions is guided by organizational policy and operational requirements. Adequate logging levels and system performance capabilities need to be balanced with data protection requirements. Application servers must have the capability to log at various levels which can provide log entries for potential security-related error events.An example is the capability for the application server to assign a criticality level to a failed login attempt error message, a security-related error message being of a higher criticality.

Check content

1. Access EM 2. Expand the domain from the navigation tree, and select the AdminServer 3. Use the dropdown to select 'WebLogic Server' -> 'Logs' -> 'Log Configuration' 4. Select the 'Log Levels' tab, and within the table, expand 'Root Logger' node 5. Log levels for system-related events can be set here 6. Select the domain from the navigation tree, and use the dropdown to select 'WebLogic Domain' -> 'Security' -> 'Audit Policy' 7. Select 'Oracle Platform Security Services' from the 'Audit Component Name' dropdown 8. Log levels for security-related events can be set here If security-related events are not set properly, this is a finding.

Fix text

1. Access EM 2. Expand the domain from the navigation tree, and select the AdminServer 3. Use the dropdown to select 'WebLogic Server' -> 'Logs' -> 'Log Configuration' 4. Select the 'Log Levels' tab, and within the table, expand 'Root Logger' node 5. Log levels for system-related events can be set here 6. Select the domain from the navigation tree, and use the dropdown to select 'WebLogic Domain' -> 'Security' -> 'Audit Policy' 7. Select 'Oracle Platform Security Services' from the 'Audit Component Name' dropdown 8. Log levels for security-related events can be set here

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer