Detections
Analytics
IBMW-LS-001170 - The WebSphere Liberty Server must install security-relevant software updates within the time period directed by an authoritative source.
Information
Security vulnerabilities are often addressed by testing and applying the latest security patches and fix packs. The latest fixpacks can be found at: http://www-01.ibm.com/support/docview.wss?uid=swg27009661NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Obtain WebSphere Liberty product security and patch support at http://www-01.ibm.com/support/docview.wss?uid=swg27009661.Run the productInfo validate command to validate the MD5 checksum file for server installation and each feature.
If a feature is not valid, the command outputs an error and lists the manifest file for the affected feature. The following example validates the features for the current installation and outputs the results to the validate.txt file:
productInfo validate --output=/tmp/validate.txt
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_IBM_WebSphere_Liberty_Server_V2R4_STIG.zip
Item Details
Audit Name: DISA IBM WebSphere Liberty Server STIG v2r4
Category: SYSTEM AND INFORMATION INTEGRITY
References: 800-53|SI-2c., CAT|II, CCI|CCI-002605, Rule-ID|SV-250349r1137612_rule, STIG-ID|IBMW-LS-001170, Vuln-ID|V-250349
Plugin: Unix
Control ID: 1c34b5ac8ae48b13813c248f7a6ad30d57730bbea2effda67e31087f7dc5dbf3