Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-66963 | JRE8-WN-000170 | SV-81453r2_rule | Medium |
Description |
---|
Mobile code can cause damage to the system. It can execute without explicit action from, or notification to, a user. Actions enforced before executing mobile code include, for example, prompting users prior to opening email attachments and disabling automatic execution. This requirement applies to mobile code-enabled software, which is capable of executing one or more types of mobile code. |
STIG | Date |
---|---|
Java Runtime Environment (JRE) version 8 STIG for Windows | 2017-06-29 |
Check Text ( C-67599r2_chk ) |
---|
Navigate to the system-level "deployment.properties" file for JRE. - or - If the key "deployment.insecure.jres=PROMPT" is not present in the "deployment.properties" file, this is a finding. If the key "deployment.insecure.jres.locked" is not present in the "deployment.properties" file, this is a finding. If the key "deployment.insecure.jres" is set to "NEVER", this is a finding. |
Fix Text (F-73063r3_fix) |
---|
Navigate to the system-level "deployment.properties" file for JRE. Add the key "deployment.insecure.jres=PROMPT" to the "deployment.properties" file. Add the key "deployment.insecure.jres.locked" to the "deployment.properties" file. |