Check: JRE9999-UX
JRE 7 Unix STIG:
JRE9999-UX
(in version v1 r6)
Title
Java Runtime Environment (JRE) versions that are no longer supported by the vendor for security updates must not be installed on a system. (Cat I impact)
Discussion
Java Runtime Environment (JRE) versions that are no longer supported by Oracle for security updates are not evaluated or updated for vulnerabilities leaving them open to potential attack. Organizations must transition to a supported Java Runtime Environment (JRE) version to ensure continued support.
Check Content
Oracle support for Java Runtime Environment (JRE) 7 for Unix ended 2015 April. If JRE 7 for Unix is installed on a system, this is a finding. If an extended support agreement providing security patches for the unsupported product is procured from the vendor, this finding may be downgraded to a CAT III.
Fix Text
Upgrade Java Runtime Environment (JRE) 7 for Unix software to a supported version.
Additional Identifiers
Rule ID: SV-75505r2_rule
Vulnerability ID: V-61037
Group Title:
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
| CCI-002617 |
The organization removes organization-defined software components (e.g., previous versions) after updated versions have been installed. |