UCF STIG Viewer Logo

Java Runtime Environment (JRE) version 8 STIG for Unix


Overview

Date Finding Count (16)
2017-09-27 CAT I (High): 1 CAT II (Med): 14 CAT III (Low): 1
STIG Description
The Java Runtime Environment (JRE) is a bundle developed and offered by Oracle Corporation which includes the Java Virtual Machine (JVM), class libraries, and other components necessary to run Java applications and applets. Certain default settings within the JRE pose a security risk so it is necessary to deploy system wide properties to ensure a higher degree of security when utilizing the JRE.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-66937 High The version of Oracle JRE 8 running on the system must be the most current available.
V-66919 Medium Oracle JRE 8 must lock the dialog enabling users to grant permissions to execute signed content from an untrusted authority.
V-66909 Medium Oracle JRE 8 deployment.config file must contain proper keys and values.
V-66911 Medium Oracle JRE 8 must have a deployment.properties file present.
V-66721 Medium Oracle JRE 8 must have a deployment.config file present.
V-66915 Medium Oracle JRE 8 must be set to allow Java Web Start (JWS) applications.
V-66917 Medium Oracle JRE 8 must disable the dialog enabling users to grant permissions to execute signed content from an untrusted authority.
V-66925 Medium Oracle JRE 8 must enable the option to use an accepted sites list.
V-66933 Medium Oracle JRE 8 must prompt the user for action prior to executing mobile code.
V-66927 Medium Oracle JRE 8 must have an exception.sites file present.
V-66931 Medium Oracle JRE 8 must lock the option to enable users to check publisher certificates for revocation.
V-66921 Medium Oracle JRE 8 must set the option to enable online certificate validation.
V-66923 Medium Oracle JRE 8 must prevent the download of prohibited mobile code.
V-66935 Medium Oracle JRE 8 must remove previous versions when the latest version is installed.
V-66929 Medium Oracle JRE 8 must enable the dialog to enable users to check publisher certificates for revocation.
V-66913 Low Oracle JRE 8 must default to the most secure built-in setting.