Oracle JRE 8 must prompt the user for action prior to executing mobile code.

From Java Runtime Environment (JRE) version 8 STIG for Unix

Associated with: CCI-002460

SV-81423r1_rule Oracle JRE 8 must prompt the user for action prior to executing mobile code.

Vulnerability discussion

Mobile code can cause damage to the system. It can execute without explicit action from, or notification to, a user. Actions enforced before executing mobile code include, for example, prompting users prior to opening email attachments and disabling automatic execution.This requirement applies to mobile code-enabled software, which is capable of executing one or more types of mobile code.

Check content

Navigate to the system-level “deployment.properties” file for JRE. /etc/.java/deployment/deployment.properties If the key “deployment.insecure.jres=PROMPT” is not present in the deployment.properties file, this is a finding. If the key “deployment.insecure.jres.locked” is not present in the deployment.properties file, this is a finding. If the key “deployment.insecure.jres” is set to “NEVER”, this is a finding.

Fix text

Navigate to the system-level “deployment.properties” file for JRE. /etc/.java/deployment/deployment.properties Add the key “deployment.insecure.jres=PROMPT” to the deployment.properties file. Add the key “deployment.insecure.jres.locked” to the deployment.properties file.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.