STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to IBM WebSphere Traditional V9.x Security Technical Implementation Guide

V-255858

CAT III (Low)

The WebSphere Application Server sample applications must be removed.

Rule ID

SV-255858r960963_rule

STIG

IBM WebSphere Traditional V9.x Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-000381

Discussion

WebSphere samples are not intended for use in a production environment. Do not run them there, as they create significant security risks. In particular, the snoop servlet can provide an outsider with tremendous amounts of information about your system. This is precisely the type of information you do not want to give a potential intruder. Do not install the samples during the profile creation or uninstall the sample programs.

Check Content

Navigate to Applications >> All Applications.

Review all applications installed on the application server.

If the sample applications snoop, ivt, or DefaultApplication are installed on a production system, this is a finding.

Fix Text

Navigate to Applications >> All Applications.

Click on the corresponding application checkbox.

Select "Remove".

Click "OK".

Click "Save".