UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Oracle JRE 8 must prompt the user for action prior to executing mobile code.


Overview

Finding ID Version Rule ID IA Controls Severity
V-66963 JRE8-WN-000170 SV-81453r1_rule Medium
Description
Mobile code can cause damage to the system. It can execute without explicit action from, or notification to, a user. Actions enforced before executing mobile code include, for example, prompting users prior to opening email attachments and disabling automatic execution. This requirement applies to mobile code-enabled software, which is capable of executing one or more types of mobile code.
STIG Date
Java Runtime Environment (JRE) Version 8 STIG for Windows 2016-09-27

Details

Check Text ( C-67599r1_chk )
Navigate to the system-level “deployment.properties” file for JRE.

The location of the deployment.properties file is defined in \Lib\deployment.config

If the key “deployment.insecure.jres=PROMPT” is not present in the deployment.properties file, this is a finding.

If the key “deployment.insecure.jres.locked” is not present in the deployment.properties file, this is a finding.

If the key “deployment.insecure.jres” is set to “NEVER”, this is a finding.
Fix Text (F-73063r2_fix)
Navigate to the system-level “deployment.properties” file for JRE.

The location of the deployment.properties file is defined in \Lib\deployment.config

Add the key “deployment.insecure.jres=PROMPT” to the deployment.properties file.

Add the key “deployment.insecure.jres.locked” to the deployment.properties file.