STIGQter STIGQter: STIG Summary: APACHE SITE 2.0 for Windows Version: 1 Release: 5 Benchmark Date: 23 Oct 2015: Java software on production web servers must be limited to class files and the JAVA virtual machine.

DISA Rule

SV-33143r1_rule

Vulnerability Number

V-2265

Group Title

WG490

Rule Version

WG490 W22

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Remove the appropriate files from the web server.

Check Contents

Search the web content and scripts directories (found in check WG290) for .java and .jpp files.

If either file type is found, this is a finding.

Note: Executables such as java.exe, jre.exe, and jrew.exe are permitted.

Vulnerability Number

V-2265

Documentable

False

Rule Version

WG490 W22

Severity Override Guidance

Search the web content and scripts directories (found in check WG290) for .java and .jpp files.

If either file type is found, this is a finding.

Note: Executables such as java.exe, jre.exe, and jrew.exe are permitted.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

2100

Comments