Oracle JRE 8 must prompt the user for action prior to executing mobile code.

From Java Runtime Environment (JRE) version 8 STIG for Windows

Associated with: CCI-002460

SV-81453r2_rule Oracle JRE 8 must prompt the user for action prior to executing mobile code.

Vulnerability discussion

Mobile code can cause damage to the system. It can execute without explicit action from, or notification to, a user. Actions enforced before executing mobile code include, for example, prompting users prior to opening email attachments and disabling automatic execution.This requirement applies to mobile code-enabled software, which is capable of executing one or more types of mobile code.

Check content

Navigate to the system-level "deployment.properties" file for JRE. \Sun\Java\Deployment\deployment.properties - or - \Lib\deployment.properties If the key "deployment.insecure.jres=PROMPT" is not present in the "deployment.properties" file, this is a finding. If the key "deployment.insecure.jres.locked" is not present in the "deployment.properties" file, this is a finding. If the key "deployment.insecure.jres" is set to "NEVER", this is a finding.

Fix text

Navigate to the system-level "deployment.properties" file for JRE. Add the key "deployment.insecure.jres=PROMPT" to the "deployment.properties" file. Add the key "deployment.insecure.jres.locked" to the "deployment.properties" file.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.