Java Runtime Environment (JRE) version 7 STIG for Windows 7

V1R8 2015-12-10       U_JRE7_WIN7_V1R8_Manual-xccdf.xml
V1R6 2014-12-29       U_JRE7_WIN7_V1R6_Manual-xccdf.xml
The Java Runtime Environment (JRE) is a bundle developed and offered by Oracle Corporation which includes the Java Virtual Machine (JVM), class libraries, and other components necessary to run Java applications and applets. Certain default settings within the JRE pose a security risk so it is necessary to deploy system wide properties to ensure a higher degree of security when utilizing the JRE.
Comparison
All 1
No Change 0
Updated 0
Added 1
Removed 0
V-61039 Added
Findings ID: JRE9999-J72K7 Rule ID: SV-75507r2_rule Severity: high CCI: CCI-000366

Discussion

Java Runtime Environment (JRE) versions that are no longer supported by Oracle for security updates are not evaluated or updated for vulnerabilities leaving them open to potential attack. Organizations must transition to a supported Java Runtime Environment (JRE) version to ensure continued support.DCSQ-1

Checks

Oracle support for Java Runtime Environment (JRE) 7 for Windows 7 ended 2015 April. If JRE 7 for Windows 7 is installed on a system, this is a finding. If an extended support agreement providing security patches for the unsupported product is procured from the vendor, this finding may be downgraded to a CAT III.

Fix

Upgrade Java Runtime Environment (JRE) 7 for Windows 7 software to a supported version.