UCF STIG Viewer Logo

The OHS htdocs directory must not contain any default files.


Overview

Finding ID Version Rule ID IA Controls Severity
V-64641 OH12-1X-000201 SV-79131r1_rule Medium
Description
Default files from the OHS installation should not be part of the htdocs directory. These files are not always patched or supported and may become an attacker vector in the future.
STIG Date
Oracle HTTP Server 12.1.3 Security Technical Implementation Guide 2019-01-04

Details

Check Text ( C-65383r1_chk )
1. cd $DOMAIN_HOME/config/fmwconfig/components/OHS/instances/ohs1/htdocs

2. Check for the existence of the OracleHTTPServer12c_files directory (e.g., ls).

3. If there is an OracleHTTPServer12c_files directory exists, this is a finding.
Fix Text (F-70571r1_fix)
1. cd $DOMAIN_HOME/config/fmwconfig/components/OHS/instances/ohs1/htdocs

2. rm –rf OracleHTTPServer12c_files.