STIGQter: STIG Summary: Oracle HTTP Server 12.1.3 Security Technical Implementation Guide Version: 1 Release: 7 Benchmark Date: 24 Jul 2020:

A private OHS installation must be located on a separate controlled access subnet.

DISA Rule

SV-79149r1_rule

Vulnerability Number

V-64659

Group Title

SRG-APP-000516-WSR-000174

Rule Version

OH12-1X-000210

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

1. Relocate the OHS server to be on a local subnet, isolated from the DMZ.

2. Remove access to the OHS server from the LAN's general population.

Check Contents

1. As required, confirm with the OHS Administrator that OHS is installed on a separately controlled access subnet, not part of any DMZ.

2. Confirm that the OHS server is isolated from access by the LAN's general population.

3. If not, this is a finding.

Vulnerability Number

V-64659

Documentable

False

Rule Version

OH12-1X-000210

Severity Override Guidance

1. As required, confirm with the OHS Administrator that OHS is installed on a separately controlled access subnet, not part of any DMZ.

2. Confirm that the OHS server is isolated from access by the LAN's general population.

3. If not, this is a finding.

Check Content Reference

M

Target Key

2753

Comments