Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Oracle Application Express or Oracle HTML DB should not be installed on a production database.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-16055 | DO6753-ORACLE11 | SV-24961r1_rule | Medium |
| Description |
|---|
| The Oracle Application Express, formerly called HTML DB, is an application development component installed by default with Oracle. Unauthorized application development can introduce a variety of vulnerabilities to the database. |
| STIG | Date |
|---|---|
| Oracle Database 11g Installation STIG | 2017-06-29 |
Details
| Check Text ( C-28654r1_chk ) |
|---|
| From SQL*Plus: select count(*) from dba_users where username like 'FLOWS_%'; If the value returned is not 0 and the database is a production system, this is a Finding. |
| Fix Text (F-25681r1_fix) |
|---|
| Remove Application Express using the instruction found in Oracle MetaLink Note 558340.1 from production DBMS systems. For new installations, select custom installation and de-select Application Express from the selectable options if available. |