Check: JRE0090-UX
JRE 7 Unix STIG:
JRE0090-UX
(in version v1 r6)
Title
The version of the JRE running on the system must be the most current available. (Cat II impact)
Discussion
The JRE is being continually updated by the vendor in order to address identified security vulnerabilities. Running an older version of the JRE can introduce security vulnerabilities to the system.
Check Content
Open a terminal window and type the command; "java -version" sans quotes. The return value should contain Java build information; "Java (TM) SE Runtime Environment (build x.x.x.x)" Cross reference the build information on the system with the Oracle Java site to identify the most recent build available. http://www.oracle.com/technetwork/java/javase/downloads/index.html
Fix Text
Test applications to ensure operational compatability with new version of Java. Install latest version of Java JRE.
Additional Identifiers
Rule ID: SV-51133r1_rule
Vulnerability ID: V-39239
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002605 |
The organization installs security-relevant software updates within an organization-defined time period of the release of the updates. |
CCI-003376 |
The organization replaces information system components when support for the components is no longer available from the developer, vendor, or manufacturer. |