JRE8-UX-000170 – Oracle JRE 8 must prompt the user for action prior to executing mobile code – deployment.insecure.jres

Details

Mobile code can cause damage to the system. It can execute without explicit action from, or notification to, a user.

Actions enforced before executing mobile code include, for example, prompting users prior to opening email attachments and disabling automatic execution.

This requirement applies to mobile code-enabled software, which is capable of executing one or more types of mobile code.

Solution

Navigate to the system-level ‘deployment.properties’ file for JRE.

/etc/.java/deployment/deployment.properties

Add the key ‘deployment.insecure.jres=PROMPT’ to the deployment.properties file.

Add the key ‘deployment.insecure.jres.locked’ to the deployment.properties file.

Supportive Information

The following resource is also helpful.

https://iasecontent.disa.mil/stigs/zip/U_Oracle_JRE_8_UNIX_V1R3_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.

References

800-53|SC-18(4)
CAT|II
CCI|CCI-002460
Rule-ID|SV-81423r1_rule
STIG-ID|JRE8-UX-000170
Vuln-ID|V-66933

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles