Check: WG490 A22
APACHE SITE 2.0 for Unix:
WG490 A22
(in version v1 r5)
Title
Java software on production web servers must be limited to class files and the JAVA virtual machine. (Cat III impact)
Discussion
From the source code in a .java or a .jpp file, the Java compiler produces a binary file with an extension of .class. The .java or .jpp file would, therefore, reveal sensitive information regarding an application’s logic and permissions to resources on the server. By contrast, the .class file, because it is intended to be machine independent, is referred to as bytecode. Bytecodes are run by the Java Virtual Machine (JVM), or the Java Runtime Environment (JRE), via a browser configured to permit Java code.
Check Content
Enter the commands: find / -name *.java find / -name *.jpp If either file type is found, this is a finding.
Fix Text
Remove the unnecessary files from the web server.
Additional Identifiers
Rule ID: SV-33032r1_rule
Vulnerability ID: V-2265
Group Title: WG490
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |