Java Runtime Environment (JRE) version 7 STIG for Unix

The Java Runtime Environment (JRE) is a bundle developed and offered by Oracle Corporation which includes the Java Virtual Machine (JVM), class libraries, and other components necessary to run Java applications and applets. Certain default settings within the JRE pose a security risk so it is necessary to deploy system wide properties to ensure a higher degree of security when utilizing the JRE.

Details

Version / Release: V1R6

Published: 2015-12-10

Updated At: 2018-09-23 02:56:32

Compare/View Releases

Select any two versions of this STIG to compare the individual requirements

Select any old version/release of this STIG to view the previous requirements

Actions

Download

Filter


Findings
Severity Open Not Reviewed Not Applicable Not a Finding
Overall 0 0 0 0
Low 0 0 0 0
Medium 0 0 0 0
High 0 0 0 0
Drop CKL or SCAP (XCCDF) results here.

    Vuln Rule Version CCI Severity Title Description Status Finding Details Comments
    SV-43596r2_rule JRE0001-UX MEDIUM The dialog to enable users to grant permissions to execute signed content from an un-trusted authority must be disabled. Java applets exist both signed and unsigned. Even for signed applets, there can be many sources, some of which may be purveyors of malware. Applet sources considered trusted can have their information populated into the browser, enabling Java to validat
    SV-43601r2_rule JRE0010-UX MEDIUM The dialog enabling users to grant permissions to execute signed content from an un-trusted authority must be locked. Java applets exist both signed and unsigned. Even for signed applets, there can be many sources, some of which may be purveyors of malware. Applet sources considered trusted can have their information populated into the browser, enabling Java to validate
    SV-43604r2_rule JRE0020-UX MEDIUM The setting for users to check publisher certificates for revocation must be enabled. A certificate revocation list is a directory which contains a list of certificates that have been revoked for various reasons. Certificates may be revoked due to improper issuance, compromise of the certificate, and failure to adhere to policy. Therefore,
    SV-43617r3_rule JRE0030-UX MEDIUM The setting enabling users to configure the check publisher certificates for revocation must be locked. Certificates may be revoked due to improper issuance, compromise of the certificate, and failure to adhere to policy. Therefore, any certificate found revoked on a CRL or via Online Certificate Status Protocol (OCSP) should not be trusted. Permitting exec
    SV-43618r2_rule JRE0040-UX MEDIUM The option to enable online certificate validation must be enabled. Online certificate validation provides a real-time option to validate a certificate. When enabled, if a certificate is presented, the status of the certificate is requested. The status is sent back as 'current', 'expired', or 'unknown'. Online certificate
    SV-43619r2_rule JRE0050-UX MEDIUM The option to enable online certificate validation must be locked. Online certificate validation provides a real-time option to validate a certificate. When enabled, if a certificate is presented, the status of the certificate is requested. The status is sent back as 'current', 'expired', or 'unknown'. Online certificate
    SV-43649r1_rule JRE0060-UX MEDIUM The configuration file must contain proper keys and values to deploy settings correctly. This configuration file must hold values of the location of the deployment.properties file as well as the enforcement of these properties. Without a proper path for the properties file, deployment would not be possible. If the path specified does not le
    SV-43621r1_rule JRE0070-UX MEDIUM A configuration file must be present to deploy properties for JRE. The deployment.config file is used for specifying the location and execution of system-level properties for the Java Runtime Environment. By default no deployment.config file exists; thus, no system-wide deployment.properties file exists. Without the de
    SV-43620r2_rule JRE0080-UX MEDIUM A properties file must be present to hold all the keys that establish properties within the Java control panel. The deployment.properties file is used for specifying keys for the Java Runtime Environment. Each option in the Java control panel is represented by property keys. These keys adjust the options in the Java control panel based on the value assigned to that
    SV-51133r1_rule JRE0090-UX MEDIUM The version of the JRE running on the system must be the most current available. The JRE is being continually updated by the vendor in order to address identified security vulnerabilities. Running an older version of the JRE can introduce security vulnerabilities to the system.Java applications are runtime version dependant. Applica
    SV-75505r2_rule JRE9999-UX CCI-000366 HIGH Java Runtime Environment (JRE) versions that are no longer supported by the vendor for security updates must not be installed on a system. Java Runtime Environment (JRE) versions that are no longer supported by Oracle for security updates are not evaluated or updated for vulnerabilities leaving them open to potential attack. Organizations must transition to a supported Java Runtime Environm