Oracle JRE 8 must default to the most secure built-in setting.

From Java Runtime Environment (JRE) version 8 STIG for Windows

Associated with: CCI-000366

SV-81435r2_rule Oracle JRE 8 must default to the most secure built-in setting.

Vulnerability discussion

Applications that are signed with a valid certificate and include the permissions attribute in the manifest for the main JAR file are allowed to run with security prompts. All other applications are blocked. Unsigned applications could perform numerous types of attacks on a system.

Check content

Navigate to the system-level "deployment.properties" file for JRE. \Sun\Java\Deployment\deployment.properties - or - \Lib\deployment.properties If the key "deployment.security.level=VERY_HIGH" is not present in the "deployment.properties file", or is set to "HIGH", this is a finding. If the key "deployment.security.level.locked" is not present in the "deployment.properties" file, this is a finding.

Fix text

Navigate to the system-level "deployment.properties" file for JRE. Add the key "deployment.security.level=VERY_HIGH" to the "deployment.properties" file. Add the key "deployment.security.level.locked" to the "deployment.properties" file.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.