Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Java software installed on the production web server must be limited to .class files and the Java Virtual Machine.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-2265 | WG490 IIS7 | SV-32640r1_rule | ECSC-1 | Low |
| Description |
|---|
| Source code for a Java program is, many times, stored in files with either .java or .jpp file extensions. From the .java and .jpp files the Java compiler produces a binary file with an extension of .class. The .java or .jpp file could therefore reveal sensitive information regarding an application's logic and permissions to resources on the server. |
| STIG | Date |
|---|---|
| IIS 7.0 WEB SERVER STIG | 2013-04-11 |
Details
| Check Text ( C-32950r1_chk ) |
|---|
| Search the system for files with either .java or .jpp extensions. If files with .java or .jpp extensions are found, this is a finding. |
| Fix Text (F-26836r1_fix) |
|---|
| Remove all files from the web server with either .java and .jpp extensions. |