JRE8-UX-000070 – Oracle JRE 8 must be set to allow Java Web Start (JWS) applications – deployment.webjava.enabled

Details

Java Web Start (JWS) applications are the most commonly used. Denying these applications could be detrimental to the user experience. Whitelisting, blacklisting, and signing of applications help mitigate the risk of running JWS applications.

Solution

Navigate to the system-level ‘deployment.properties’ file for JRE.

/etc/.java/deployment/deployment.properties

Add the key ‘deployment.webjava.enabled=true’ to the deployment.properties file.

Add the key ‘deployment.webjava.enabled.locked’ to the deployment.properties file.

Supportive Information

The following resource is also helpful.

https://iasecontent.disa.mil/stigs/zip/U_Oracle_JRE_8_UNIX_V1R3_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-6b.
CAT|II
CCI|CCI-000366
Rule-ID|SV-81405r1_rule
STIG-ID|JRE8-UX-000070
Vuln-ID|V-66915

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles