Oracle JRE 8 must prompt the user for action prior to executing mobile code.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-66963	JRE8-WN-000170	SV-81453r1_rule		Medium

Description
Mobile code can cause damage to the system. It can execute without explicit action from, or notification to, a user. Actions enforced before executing mobile code include, for example, prompting users prior to opening email attachments and disabling automatic execution. This requirement applies to mobile code-enabled software, which is capable of executing one or more types of mobile code.

STIG	Date
Java Runtime Environment (JRE) Version 8 STIG for Windows	2016-09-27

Details

Check Text ( C-67599r1_chk )
Navigate to the system-level “deployment.properties” file for JRE. The location of the deployment.properties file is defined in \Lib\deployment.config If the key “deployment.insecure.jres=PROMPT” is not present in the deployment.properties file, this is a finding. If the key “deployment.insecure.jres.locked” is not present in the deployment.properties file, this is a finding. If the key “deployment.insecure.jres” is set to “NEVER”, this is a finding.

Check Text ( C-67599r1_chk )

Navigate to the system-level “deployment.properties” file for JRE.

The location of the deployment.properties file is defined in \Lib\deployment.config

If the key “deployment.insecure.jres=PROMPT” is not present in the deployment.properties file, this is a finding.

If the key “deployment.insecure.jres.locked” is not present in the deployment.properties file, this is a finding.

If the key “deployment.insecure.jres” is set to “NEVER”, this is a finding.

Fix Text (F-73063r2_fix)
Navigate to the system-level “deployment.properties” file for JRE. The location of the deployment.properties file is defined in \Lib\deployment.config Add the key “deployment.insecure.jres=PROMPT” to the deployment.properties file. Add the key “deployment.insecure.jres.locked” to the deployment.properties file.