Oracle JRE 8 must prompt the user for action prior to executing mobile code.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-66933	JRE8-UX-000170	SV-81423r1_rule		Medium

Description
Mobile code can cause damage to the system. It can execute without explicit action from, or notification to, a user. Actions enforced before executing mobile code include, for example, prompting users prior to opening email attachments and disabling automatic execution. This requirement applies to mobile code-enabled software, which is capable of executing one or more types of mobile code.

STIG	Date
Java Runtime Environment (JRE) version 8 STIG for Unix	2017-09-27

Details

Check Text ( C-67569r1_chk )
Navigate to the system-level “deployment.properties” file for JRE. /etc/.java/deployment/deployment.properties If the key “deployment.insecure.jres=PROMPT” is not present in the deployment.properties file, this is a finding. If the key “deployment.insecure.jres.locked” is not present in the deployment.properties file, this is a finding. If the key “deployment.insecure.jres” is set to “NEVER”, this is a finding.

Check Text ( C-67569r1_chk )

Navigate to the system-level “deployment.properties” file for JRE.

/etc/.java/deployment/deployment.properties

If the key “deployment.insecure.jres=PROMPT” is not present in the deployment.properties file, this is a finding.

If the key “deployment.insecure.jres.locked” is not present in the deployment.properties file, this is a finding.

If the key “deployment.insecure.jres” is set to “NEVER”, this is a finding.

Fix Text (F-73033r2_fix)
Navigate to the system-level “deployment.properties” file for JRE. /etc/.java/deployment/deployment.properties Add the key “deployment.insecure.jres=PROMPT” to the deployment.properties file. Add the key “deployment.insecure.jres.locked” to the deployment.properties file.