STIGQter: STIG Summary: Oracle HTTP Server 12.1.3 Security Technical Implementation Guide Version: 1 Release: 7 Benchmark Date: 24 Jul 2020:

OHS must prohibit anonymous FTP user access to interactive scripts.

DISA Rule

SV-79183r1_rule

Vulnerability Number

V-64693

Group Title

SRG-APP-000516-WSR-000174

Rule Version

OH12-1X-000228

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Ensure that all file transfers to the server are authenticated, authorized, and secure.

Check Contents

1. Check that all ftp access is authenticated, authorized, and secure.

2. If not, this is a finding.

Vulnerability Number

V-64693

Documentable

False

Rule Version

OH12-1X-000228

Severity Override Guidance

1. Check that all ftp access is authenticated, authorized, and secure.

2. If not, this is a finding.

Check Content Reference

M

Target Key

2753

Comments