STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

Oracle Application Express or Oracle HTML DB should not be installed on a production database.

DISA Rule

SV-24961r1_rule

Vulnerability Number

V-16055

Group Title

Oracle Application Express

Rule Version

DO6753-ORACLE11

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Remove Application Express using the instruction found in Oracle MetaLink Note 558340.1 from production DBMS systems.

For new installations, select custom installation and de-select Application Express from the selectable options if available.

Check Contents

From SQL*Plus:
select count(*) from dba_users where username like 'FLOWS_%';

If the value returned is not 0 and the database is a production system, this is a Finding.

Vulnerability Number

V-16055

Documentable

False

Rule Version

DO6753-ORACLE11

Severity Override Guidance

From SQL*Plus:
select count(*) from dba_users where username like 'FLOWS_%';

If the value returned is not 0 and the database is a production system, this is a Finding.

Oracle Application Express or Oracle HTML DB should not be installed on a production database.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments