STIGQter: STIG Summary: Oracle HTTP Server 12.1.3 Security Technical Implementation Guide Version: 1 Release: 7 Benchmark Date: 24 Jul 2020:

OHS must be segregated from other services.

DISA Rule

SV-79165r1_rule

Vulnerability Number

V-64675

Group Title

SRG-APP-000516-WSR-000174

Rule Version

OH12-1X-000219

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Move any software from the OHS installation that is not required for the operation or management of the OHS server to another physical or logical server.

Check Contents

1. Obtain a copy of the OHS installation and configuration plan.

2. Ask the System Administrator whether any additional services (e.g., database, DNS, mail, application server, etc.) are installed with OHS that do not directly support operation or management of OHS. Separation of services may be physical or logical.

3. If so, this is a finding.

Vulnerability Number

V-64675

Documentable

False

Rule Version

OH12-1X-000219

Severity Override Guidance

1. Obtain a copy of the OHS installation and configuration plan.

2. Ask the System Administrator whether any additional services (e.g., database, DNS, mail, application server, etc.) are installed with OHS that do not directly support operation or management of OHS. Separation of services may be physical or logical.

3. If so, this is a finding.

Check Content Reference

M

Target Key

2753

Comments