Oracle JRE 8 must prompt the user for action prior to executing mobile code.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-66963	JRE8-WN-000170	SV-81453r2_rule		Medium

Description
Mobile code can cause damage to the system. It can execute without explicit action from, or notification to, a user. Actions enforced before executing mobile code include, for example, prompting users prior to opening email attachments and disabling automatic execution. This requirement applies to mobile code-enabled software, which is capable of executing one or more types of mobile code.

STIG	Date
Java Runtime Environment (JRE) version 8 STIG for Windows	2017-12-21

Details

Check Text ( C-67599r2_chk )
Navigate to the system-level "deployment.properties" file for JRE. \Sun\Java\Deployment\deployment.properties - or - \Lib\deployment.properties If the key "deployment.insecure.jres=PROMPT" is not present in the "deployment.properties" file, this is a finding. If the key "deployment.insecure.jres.locked" is not present in the "deployment.properties" file, this is a finding. If the key "deployment.insecure.jres" is set to "NEVER", this is a finding.

Check Text ( C-67599r2_chk )

Navigate to the system-level "deployment.properties" file for JRE.

\Sun\Java\Deployment\deployment.properties
- or -
\Lib\deployment.properties

If the key "deployment.insecure.jres=PROMPT" is not present in the "deployment.properties" file, this is a finding.

If the key "deployment.insecure.jres.locked" is not present in the "deployment.properties" file, this is a finding.

If the key "deployment.insecure.jres" is set to "NEVER", this is a finding.

Fix Text (F-73063r3_fix)
Navigate to the system-level "deployment.properties" file for JRE. Add the key "deployment.insecure.jres=PROMPT" to the "deployment.properties" file. Add the key "deployment.insecure.jres.locked" to the "deployment.properties" file.