STIGQter: STIG Summary: APACHE 2.2 Site for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:

Java software on production web servers must be limited to class files and the JAVA virtual machine.

DISA Rule

SV-33143r1_rule

Vulnerability Number

V-2265

Group Title

WG490

Rule Version

WG490 W22

Severity

CAT III

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Remove the appropriate files from the web server.

Check Contents

Search the web content and scripts directories (found in check WG290) for .java and .jpp files.

If either file type is found, this is a finding.

Note: Executables such as java.exe, jre.exe, and jrew.exe are permitted.

Vulnerability Number

V-2265

Documentable

False

Rule Version

WG490 W22

Severity Override Guidance

Check Content Reference

Responsibility

Web Administrator

Target Key

161

Java software on production web servers must be limited to class files and the JAVA virtual machine.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments