STIGQter: STIG Summary: Oracle HTTP Server 12.1.3 Security Technical Implementation Guide Version: 1 Release: 7 Benchmark Date: 24 Jul 2020:

OHS must be integrated with a tool such as Oracle Access Manager to enforce a client-side certificate revocation check through the OCSP protocol.

DISA Rule

SV-78919r1_rule

Vulnerability Number

V-64429

Group Title

SRG-APP-000175-WSR-000095

Rule Version

OH12-1X-000251

Severity

CAT II

CCI(s)

CCI-000185 - The information system, for PKI-based authentication, validates certifications by constructing and verifying a certification path to an accepted trust anchor including checking certificate status information.

Weight

Fix Recommendation

1. Use a product such as Oracle Access Manager for authentication.

2. Implement OCSP validation within that product.

Check Contents

1. Check to see if a product such as Oracle Access Manager that could be used for authentication, could also provide OCSP validation.

2. If not, this is a finding.

Vulnerability Number

V-64429

Documentable

False

Rule Version

OH12-1X-000251

Severity Override Guidance

1. Check to see if a product such as Oracle Access Manager that could be used for authentication, could also provide OCSP validation.

2. If not, this is a finding.

Check Content Reference

Target Key

2753

OHS must be integrated with a tool such as Oracle Access Manager to enforce a client-side certificate revocation check through the OCSP protocol.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments