STIGQter: STIG Summary: Oracle HTTP Server 12.1.3 Security Technical Implementation Guide Version: 1 Release: 7 Benchmark Date: 24 Jul 2020:

The version of the OHS installation must be vendor-supported.

DISA Rule

SV-79151r1_rule

Vulnerability Number

V-64661

Group Title

SRG-APP-000516-WSR-000174

Rule Version

OH12-1X-000211

Severity

CAT I

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

1. Install or upgrade to a version of OHS that is within the support timeframes for "Fusion Middleware 12c" at http://www.oracle.com/us/support/library/lifetime-support-middleware-069163.pdf.

2. Confirm that the organization is current with respect to support payments.

Check Contents

1. Obtain the version of the OHS 12c software (e.g., grep Oracle-HTTP-Server-12c $DOMAIN_HOME/servers/<componentName>/logs/ohs1.log). Confirm it is 12.1.3.

2. Refer to the support date schedule for "Fusion Middleware 12c (12.1.x)" at http://www.oracle.com/us/support/library/lifetime-support-middleware-069163.pdf. Confirm that support remains available and that the organization is current with respect to payments.

3. If not, this is a finding.

Vulnerability Number

V-64661

Documentable

False

Rule Version

OH12-1X-000211

Severity Override Guidance

1. Obtain the version of the OHS 12c software (e.g., grep Oracle-HTTP-Server-12c $DOMAIN_HOME/servers/<componentName>/logs/ohs1.log). Confirm it is 12.1.3.

2. Refer to the support date schedule for "Fusion Middleware 12c (12.1.x)" at http://www.oracle.com/us/support/library/lifetime-support-middleware-069163.pdf. Confirm that support remains available and that the organization is current with respect to payments.

3. If not, this is a finding.

Check Content Reference

M

Target Key

2753

Comments