STIGQter STIGQter: STIG Summary: Oracle HTTP Server 12.1.3 Security Technical Implementation Guide Version: 1 Release: 7 Benchmark Date: 24 Jul 2020:

A public OHS installation, if hosted on the NIPRNet, must be isolated in an accredited DoD DMZ Extension.

DISA Rule

SV-79147r1_rule

Vulnerability Number

V-64657

Group Title

SRG-APP-000516-WSR-000174

Rule Version

OH12-1X-000209

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

1. Relocate the OHS server to be in a DMZ, isolated from internal systems.

2. Confirm that the OHS server only has connections to supporting Application and Database Servers.

Check Contents

1. As required, confirm with the OHS Administrator that OHS is installed in a DMZ and isolated from internal systems.

2. If not, this is a finding.

Vulnerability Number

V-64657

Documentable

False

Rule Version

OH12-1X-000209

Severity Override Guidance

1. As required, confirm with the OHS Administrator that OHS is installed in a DMZ and isolated from internal systems.

2. If not, this is a finding.

Check Content Reference

M

Target Key

2753

Comments