STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM WebSphere Traditional V9.x Security Technical Implementation Guide

V-255858

CAT III (Low)

The WebSphere Application Server sample applications must be removed.

Rule ID

SV-255858r960963_rule

STIG

IBM WebSphere Traditional V9.x Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-000381

Discussion

WebSphere samples are not intended for use in a production environment. Do not run them there, as they create significant security risks. In particular, the snoop servlet can provide an outsider with tremendous amounts of information about your system. This is precisely the type of information you do not want to give a potential intruder. Do not install the samples during the profile creation or uninstall the sample programs.

Check Content

Navigate to Applications >> All Applications.

Review all applications installed on the application server.

If the sample applications snoop, ivt, or DefaultApplication are installed on a production system, this is a finding.

Fix Text

Navigate to Applications >> All Applications.

Click on the corresponding application checkbox.

Select "Remove".

Click "OK".

Click "Save".