STIGQter: STIG Summary: Oracle HTTP Server 12.1.3 Security Technical Implementation Guide Version: 1 Release: 7 Benchmark Date: 24 Jul 2020:

Remote authors or content providers must have all files scanned for viruses and malicious code before uploading files to the Document Root directory.

DISA Rule

SV-79189r1_rule

Vulnerability Number

V-64699

Group Title

SRG-APP-000516-WSR-000174

Rule Version

OH12-1X-000231

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Install anti-virus software on the OHS server and configure it to automatically scan for any viruses, malicious code, and mobile code.

Check Contents

1. Check that any files uploaded to the OHS environment are checked for viruses, malicious code, and mobile code.

2. If there is not anti-virus software on the system with auto-protect enabled or if there is not a process in place to ensure all files being posted to the OHS sites are being scanned, this is a finding.

Vulnerability Number

V-64699

Documentable

False

Rule Version

OH12-1X-000231

Severity Override Guidance

1. Check that any files uploaded to the OHS environment are checked for viruses, malicious code, and mobile code.

2. If there is not anti-virus software on the system with auto-protect enabled or if there is not a process in place to ensure all files being posted to the OHS sites are being scanned, this is a finding.

Check Content Reference

M

Target Key

2753

Comments