JRE8-UX-000060 – Oracle JRE 8 must default to the most secure built-in setting – deployment.security.level

Details

Applications that are signed with a valid certificate and include the permissions attribute in the manifest for the main JAR file are allowed to run with security prompts. All other applications are blocked. Unsigned applications could perform numerous types of attacks on a system.

Solution

Navigate to the system-level ‘deployment.properties’ file for JRE.

/etc/.java/deployment/deployment.properties

Add the key ‘deployment.security.level=VERY_HIGH’ to the deployment.properties file.
Add the key ‘deployment.security.level.locked’ to the deployment.properties file.

Supportive Information

The following resource is also helpful.

https://iasecontent.disa.mil/stigs/zip/U_Oracle_JRE_8_UNIX_V1R3_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-6b.
CAT|III
CCI|CCI-000366
Rule-ID|SV-81403r1_rule
STIG-ID|JRE8-UX-000060
Vuln-ID|V-66913

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles