STIGQter: STIG Summary: Oracle HTTP Server 12.1.3 Security Technical Implementation Guide Version: 1 Release: 7 Benchmark Date: 24 Jul 2020:

A public OHS installation must limit email to outbound only.

DISA Rule

SV-79161r1_rule

Vulnerability Number

V-64671

Group Title

SRG-APP-000516-WSR-000174

Rule Version

OH12-1X-000217

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the server to disallow inbound SMTP connections.

Check Contents

1. Check whether the OHS server is configured to accept SMTP connections. (e.g., telnet localhost 25).

2. If it is, this is a finding.

Vulnerability Number

V-64671

Documentable

False

Rule Version

OH12-1X-000217

Severity Override Guidance

1. Check whether the OHS server is configured to accept SMTP connections. (e.g., telnet localhost 25).

2. If it is, this is a finding.

Check Content Reference

M

Target Key

2753

Comments