CCE-94576-6Platform: cpe:/a:oracle:jre:1.7.0 | Date: (C)2021-06-15 (M)2023-07-04 |
Online certificate validation provides a real-time alternative to validating a certificate. When enabled, if a certificate is presented, the status of the certificate is requested. The status is sent back as 'current', 'expired', or 'unknown'. Online certificate validation provides a greater degree of validation of certificates when running a signed Java applet. Permitting execution of an applet with an invalid certificate may result in malware, system modification, invasion of privacy, and denial of service. NOTE: The 'JRE' directory in the file path may reflect the specific JRE release installed.
Parameter:
[yes/no]
Technical Mechanism:
If the system is on the SIPRNET, this requirement is NA.
Enable the 'Enable online certificate validation' option.
Navigate to the 'deployment.properties' file for Java.
/usr/java/jre/lib/deployment.properties
Add or update the key
'deployment.security.validation.ocsp' to be 'true'.
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.0 | Attack Vector: NETWORK |
Exploit Score: 2.1 | Attack Complexity: LOW |
Impact Score: 5.9 | Privileges Required: LOW |
Severity: HIGH | User Interaction: REQUIRED |
Vector: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:60328 |