Documentation - V-255818

V-255818

IBM WebSphere Traditional V9.x Security Technical Implementation Guide

CAT II

Title

The WebSphere Application Server maximum in-memory session count must be set according to application requirements.

Description

<VulnDiscussion>Application management includes the ability to control the number of sessions that utilize an application by all accounts and/or account types. Limiting the number of allowed sessions is helpful in limiting risks related to Denial of Service attacks. Application servers host and expose business logic and application processes. The application server must possess the capability to limit the maximum number of concurrent sessions in a manner that affects the entire application ser...

Fix Text (Documentation Requirement)

In the administrative console page, click Servers >> Server Types >> WebSphere application servers >> [server_name] >> Session management. Edit the Maximum in-memory session count field to be the number of sessions allowable.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel