STIGQter: STIG Summary: Oracle HTTP Server 12.1.3 Security Technical Implementation Guide Version: 1 Release: 7 Benchmark Date: 24 Jul 2020:

OHS tools must be restricted to the web manager and the web managers designees.

DISA Rule

SV-79155r1_rule

Vulnerability Number

V-64665

Group Title

SRG-APP-000516-WSR-000174

Rule Version

OH12-1X-000214

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Restrict access to the OS account that owns OHS, root, or tool with OHS management or monitoring capability such as Oracle Enterprise Manager (OEM).

Check Contents

1. Determine whether anyone other than the System Administrator or the OHS Administrator has inappropriate access to modify the OHS configuration. This includes the ability to use the OS account that owns OHS, root, or a tool with OHS management or monitoring capability such as Oracle Enterprise Manager (OEM).

2. If so, this is a finding.

Vulnerability Number

V-64665

Documentable

False

Rule Version

OH12-1X-000214

Severity Override Guidance

1. Determine whether anyone other than the System Administrator or the OHS Administrator has inappropriate access to modify the OHS configuration. This includes the ability to use the OS account that owns OHS, root, or a tool with OHS management or monitoring capability such as Oracle Enterprise Manager (OEM).

2. If so, this is a finding.

Check Content Reference

M

Target Key

2753

Comments