UCF STIG Viewer Logo

OHS must disable the directive pointing to the directory containing the OHS manuals.


Overview

Finding ID Version Rule ID IA Controls Severity
V-64379 OH12-1X-000156 SV-78869r1_rule Low
Description
Web server documentation, sample code, example applications, and tutorials may be an exploitable threat to a web server because this type of code has not been evaluated and approved. A production web server must only contain components that are operationally necessary (e.g., compiled code, scripts, web-content, etc.). Any documentation, sample code, example applications, and tutorials must be removed from a production web server. To make certain that the documentation and code are not installed or uninstalled completely; the web server must offer an option as part of the installation process to exclude these packages or to uninstall the packages if necessary.
STIG Date
Oracle HTTP Server 12.1.3 Security Technical Implementation Guide 2015-12-10

Details

Check Text ( C-65131r1_chk )
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.

2. Search for a "" directive at the OHS server configuration scope.

3. If the directive and the directives it contains exists and is not commented out, this is a finding.
Fix Text (F-70309r1_fix)
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.

2. Search for a "" directive at the OHS server configuration scope.

3. Comment out the "" directive and any directives it contains if they exist.