Oracle HTTP Server 12.1.3 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000516-WSR-000174
<GroupDescription></GroupDescription>Group -
SRG-APP-000439-WSR-000151
<GroupDescription></GroupDescription>Group -
Remote authors or content providers must have all files scanned for viruses and malicious code before uploading files to the Document Root directory.
<VulnDiscussion>Remote web authors should not be able to upload files to the DocumentRoot directory structure without virus checking and chec...Rule Medium Severity -
SRG-APP-000516-WSR-000174
<GroupDescription></GroupDescription>Group -
A public OHS server must use TLS if authentication is required to host web sites.
<VulnDiscussion>Transport Layer Security (TLS) is optional for a public web server. However, if authentication is being performed, then the ...Rule Medium Severity -
SRG-APP-000516-WSR-000174
<GroupDescription></GroupDescription>Group -
OHS hosted web sites must utilize ports, protocols, and services according to PPSM guidelines.
<VulnDiscussion>Failure to comply with DoD ports, protocols, and services (PPS) requirements can result in compromise of enclave boundary pro...Rule Low Severity -
SRG-APP-000516-WSR-000174
<GroupDescription></GroupDescription>Group -
OHS must not have the directive PlsqlDatabasePassword set in clear text.
<VulnDiscussion>OHS supports the use of the module mod_plsql, which allows applications to be hosted that are PL/SQL-based. To access the da...Rule High Severity -
SRG-APP-000141-WSR-000075
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.