Title

A properties file must be present to hold all the keys that establish properties within the Java control panel. (Cat II impact)

Discussion

The deployment.properties file is used for specifying keys for the Java Runtime Environment. Each option in the Java control panel is represented by property keys. These keys adjust the options in the Java control panel based on the value assigned to that key. By default no deployment.properties file exists; thus, no system-wide deployment exists. Without the deployment.properties file, setting particular options for the Java control panel is impossible.

Check Content

Locate the deployment.properties files. For 32 bit systems the path is: 'C:\Program Files\Java\jre6\lib\deployment.properties' For 64 bit systems there are 2 potential paths as there can be 2 separate JRE's one 32 bit and one 64 bit: 'C:\Program Files\Java\jre6\lib\deployment.properties' 'C:\Program Files (x86)\Java\jre6\lib\deployment.properties' If there are no files entitled 'deployment.properties', this is a finding.

Fix Text

Create the Java deployment properties file. The location of this file can vary. For 32 bit systems: C:\Program Files\Java\jre6\lib\deployment.properties. For 64 bit systems you must check both the 64 bit and the 32 bit files in order for both runtimes to be affected. C:\Program Files\Java\jre6\lib\deployment.properties C:\Program Files (x86)\Java\jre6\lib\deployment.properties Create a properties file entitled 'deployment.properties'. At a minimum, the following keys must be present in the deployment.properties file. deployment.security.askgrantdialog.notinca=false deployment.security.askgrantdialog.notinca.locked deployment.security.validation.crl=true deployment.security.validation.crl.locked deployment.security.validation.ocsp=true deployment.security.validation.ocsp.locked

Additional Identifiers

Rule ID: SV-43298r2_rule

Vulnerability ID: V-32902

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.