STIGQter: STIG Summary: Oracle HTTP Server 12.1.3 Security Technical Implementation Guide Version: 1 Release: 7 Benchmark Date: 24 Jul 2020:

OHS must not contain any robots.txt files.

DISA Rule

SV-79181r1_rule

Vulnerability Number

V-64691

Group Title

SRG-APP-000516-WSR-000174

Rule Version

OH12-1X-000227

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive.

2. Search for the "DocumentRoot" directive at the OHS server and virtual host configuration scopes.

3. Remove any robots.txt files from the directories specified in the "DocumentRoot" directives.

Check Contents

1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive.

2. Search for the "DocumentRoot" directive at the OHS server and virtual host configuration scopes.

3. If the directive value specifies a directory containing a robots.txt file, this is a finding.

Vulnerability Number

V-64691

Documentable

False

Rule Version

OH12-1X-000227

Severity Override Guidance

1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive.

2. Search for the "DocumentRoot" directive at the OHS server and virtual host configuration scopes.

3. If the directive value specifies a directory containing a robots.txt file, this is a finding.

Check Content Reference

M

Target Key

2753

Comments