Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Oracle HTTP Server 12.1.3 Security Technical Implementation Guide
SRG-APP-000516-WSR-000174
OHS must limit access to the Dynamic Monitoring Service (DMS).
OHS must limit access to the Dynamic Monitoring Service (DMS).
An XCCDF Rule
Details
Profiles
Prose
OHS must limit access to the Dynamic Monitoring Service (DMS).
Medium Severity
<VulnDiscussion>The Oracle Dynamic Monitoring Service (DMS) enables application developers, support analysts, system administrators, and others to measure application specific performance information. If OHS allows any machine to connect and monitor performance, an attacker could connect and gather information that could be used to cause a DoS for OHS. Information that is shared could also be used to further an attack to other servers and devices through trusted relationships.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>