1.1 - SerializedSystemIni.dat Password File is not Protected | CONFIGURATION MANAGEMENT |
1.2 - Strong Password policy should be implemented - Enforce Password History | |
1.2 - Strong Password policy should be implemented - Maximum Password Age | |
1.2 - Strong Password policy should be implemented - Minimum Lowercase Characters | IDENTIFICATION AND AUTHENTICATION |
1.2 - Strong Password policy should be implemented - Minimum Numeric Characters | IDENTIFICATION AND AUTHENTICATION |
1.2 - Strong Password policy should be implemented - Minimum Numeric or Special Characters | IDENTIFICATION AND AUTHENTICATION |
1.2 - Strong Password policy should be implemented - Minimum Password Age | |
1.2 - Strong Password policy should be implemented - Minimum Password Length | IDENTIFICATION AND AUTHENTICATION |
1.2 - Strong Password policy should be implemented - Minimum Uppercase Characters | IDENTIFICATION AND AUTHENTICATION |
1.2 - Strong Password policy should be implemented - Non-Alphanumeric Characters | IDENTIFICATION AND AUTHENTICATION |
1.3 - Default admin password should be changed | |
2.1 - Weak permissions on Weblogic directories | CONFIGURATION MANAGEMENT |
2.2 - Weak permissions on Log files | CONFIGURATION MANAGEMENT |
2.3 - Administration Console Session Timeout is not set | ACCESS CONTROL |
2.4 - Limit access to production WebLogic application servers | |
2.5 - Unique X.509 Mapping should be present | |
2.6 - Security roles should be used to control access | |
2.7 - Set check Roles and Policies to all Web applications and EJBs | IDENTIFICATION AND AUTHENTICATION |
2.8 - Account lockout policy should be enabled - Lockout Enabled | ACCESS CONTROL |
2.8 - Account lockout policy should be enabled - Lockout Threshold | ACCESS CONTROL |
2.9 - Security Groups should be established | |
2.10 - Administrator Group should be set up | |
3.1 - Domain wide administration port is not enabled | ACCESS CONTROL |
3.2 - Keystore directory and file permissions should be set - Directory | CONFIGURATION MANAGEMENT |
3.2 - Keystore directory and file permissions should be set - Files | CONFIGURATION MANAGEMENT |
3.3 - Connection Filtering is not configured - Connection Filter Specified | ACCESS CONTROL |
3.3 - Connection Filtering is not configured - Filter enabled | AUDIT AND ACCOUNTABILITY |
3.3 - Connection Filtering is not configured - Filter Rules added | ACCESS CONTROL |
3.4 - Default Weblogic Keystores is used | SYSTEM AND COMMUNICATIONS PROTECTION |
3.5 - Default weblogic account is used | |
3.6 - Insecure 'Idle Timeout' setting | SYSTEM AND COMMUNICATIONS PROTECTION |
3.7 - Network Parameters are not tuned - Accept Backlog | SYSTEM AND COMMUNICATIONS PROTECTION |
3.7 - Network Parameters are not tuned - Login Timeout | SYSTEM AND COMMUNICATIONS PROTECTION |
3.7 - Network Parameters are not tuned - Maximum Open Sockets | SYSTEM AND COMMUNICATIONS PROTECTION |
3.8 - Http banner reveals server information - Send Server Header | SYSTEM AND COMMUNICATIONS PROTECTION |
3.8 - Http banner reveals server information - X-Powered-By Header | SYSTEM AND COMMUNICATIONS PROTECTION |
3.9 - Default code and application examples and pointbase database are installed - ADFR Tools | CONFIGURATION MANAGEMENT |
3.9 - Default code and application examples and pointbase database are installed - eval directory | CONFIGURATION MANAGEMENT |
3.9 - Default code and application examples and pointbase database are installed - OEPE Tools | CONFIGURATION MANAGEMENT |
3.9 - Default code and application examples and pointbase database are installed - samples directory | CONFIGURATION MANAGEMENT |
3.10 - Domain is not running in production mode | CONFIGURATION MANAGEMENT |
3.11 - Domain HTTP Post Timeout is not set | SYSTEM AND COMMUNICATIONS PROTECTION |
3.12 - Security Interoperability Mode is not set | SYSTEM AND COMMUNICATIONS PROTECTION |
3.13 - Configuration Archive is not Enabled | CONTINGENCY PLANNING |
3.14 - Maximum Message Size is not set - Maximum HTTP Message Size | SYSTEM AND COMMUNICATIONS PROTECTION |
3.14 - Maximum Message Size is not set - Maximum Message Size | SYSTEM AND COMMUNICATIONS PROTECTION |
3.15 - Archive Configuration Count is not set | CONTINGENCY PLANNING |
3.16 - Delete Development Tools - ADFR Tools | CONFIGURATION MANAGEMENT |
3.16 - Delete Development Tools - OEPE Tools | CONFIGURATION MANAGEMENT |
3.17 - Deploy the WebLogic Platform on a Dedicated System | CONFIGURATION MANAGEMENT |