STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to APACHE 2.2 Site for UNIX Security Technical Implementation Guide

V-2265

CAT III (Low)

Java software on production web servers must be limited to class files and the JAVA virtual machine.

Rule ID

SV-33032r1_rule

STIG

APACHE 2.2 Site for UNIX Security Technical Implementation Guide

Version

V1R11

CCIs

None

Discussion

From the source code in a .java or a .jpp file, the Java compiler produces a binary file with an extension of .class. The .java or .jpp file would, therefore, reveal sensitive information regarding an application’s logic and permissions to resources on the server. By contrast, the .class file, because it is intended to be machine independent, is referred to as bytecode. Bytecodes are run by the Java Virtual Machine (JVM), or the Java Runtime Environment (JRE), via a browser configured to permit Java code.

Check Content

Enter the commands: 

find / -name *.java 

find / -name *.jpp 

If either file type is found, this is a finding.

Fix Text

Remove the unnecessary files from the web server.