Java Runtime Environment (JRE) version 7 STIG for Unix

V1R3 2014-10-06       U_JRE7UNIX_V1R3_Manual-xccdf.xml
V1R6 2015-12-10       U_JRE7_UNIX_V1R6_Manual-xccdf.xml
The Java Runtime Environment (JRE) is a bundle developed and offered by Oracle Corporation which includes the Java Virtual Machine (JVM), class libraries, and other components necessary to run Java applications and applets. Certain default settings within the JRE pose a security risk so it is necessary to deploy system wide properties to ensure a higher degree of security when utilizing the JRE.
Comparison
All 1
No Change 0
Updated 0
Added 0
Removed 1
V-61037 Removed
Findings ID: JRE9999-UX Rule ID: SV-75505r2_rule Severity: high CCI: CCI-000366

Discussion

Java Runtime Environment (JRE) versions that are no longer supported by Oracle for security updates are not evaluated or updated for vulnerabilities leaving them open to potential attack. Organizations must transition to a supported Java Runtime Environment (JRE) version to ensure continued support.DCSQ-1

Checks

Oracle support for Java Runtime Environment (JRE) 7 for Unix ended 2015 April. If JRE 7 for Unix is installed on a system, this is a finding. If an extended support agreement providing security patches for the unsupported product is procured from the vendor, this finding may be downgraded to a CAT III.

Fix

Upgrade Java Runtime Environment (JRE) 7 for Unix software to a supported version.