Oracle JRE 8 deployment.config file must contain proper keys and values.
From Java Runtime Environment (JRE) version 8 STIG for Windows
Part of SRG-APP-000516
Associated with:
CCI-000366
SV-81431r3_rule
Oracle JRE 8 deployment.config file must contain proper keys and values.
Vulnerability discussion
The deployment.config configuration file contains two keys. The "deployment.properties" key includes the path of the "deployment.properties" file and the "deployment.properties.mandatory" key contains either a TRUE or FALSE value. If the path specified to "deployment.properties" does not lead to a "deployment.properties" file, the value of the “deployment.system.config.mandatory” key determines how JRE will handle the situation. If the value of the "deployment.system.config.mandatory" key is TRUE and if the path to the "deployment.properties" file is invalid, the JRE will not allow Java applications to run. This is the desired behavior.
Check content
Navigate to the "deployment.config" file for Java:
\Sun\Java\Deployment\deployment.config
- or -
\Lib\deployment.config
The "deployment.config" file contains two properties: deployment.system.config and deployment.system.config.mandatory.
The "deployment.system.config" key points to the location of the "deployment.properties" file. The location is variable. It can point to a file on the local disk or a UNC path. The following is an example:
"deployment.system.config=file:///C:/Windows/Java/Deployment/deployment.properties"
If the "deployment.system.config" key does not exist or does not point to the location of the "deployment.properties" file, this is a finding.
If the "deployment.system.config.mandatory" key does not exist or is set to "false", this is a finding.
Fix text
Navigate to the "deployment.config" file for JRE.
Add the key "deployment.system.config=" to the "deployment.config" file. The following is an example:
"deployment.system.config=file:///C:/Windows/Java/Deployment/deployment.properties". Note the use of forward slashes.
Add the key "deployment.system.config.mandatory=true" to the "deployment.config" file.
Pro Tips
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer