STIGQter STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

Oracle Application Express or Oracle HTML DB should not be installed on a production database.

DISA Rule

SV-24961r1_rule

Vulnerability Number

V-16055

Group Title

Oracle Application Express

Rule Version

DO6753-ORACLE11

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Remove Application Express using the instruction found in Oracle MetaLink Note 558340.1 from production DBMS systems.

For new installations, select custom installation and de-select Application Express from the selectable options if available.

Check Contents

From SQL*Plus:
select count(*) from dba_users where username like 'FLOWS_%';

If the value returned is not 0 and the database is a production system, this is a Finding.

Vulnerability Number

V-16055

Documentable

False

Rule Version

DO6753-ORACLE11

Severity Override Guidance

From SQL*Plus:
select count(*) from dba_users where username like 'FLOWS_%';

If the value returned is not 0 and the database is a production system, this is a Finding.

Check Content Reference

M

Responsibility

Database Administrator

Target Key

1368

Comments