STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 7 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Oracle HTTP Server 12.1.3 Security Technical Implementation Guide

V-221468

CAT II (Medium)

Remote authors or content providers must have all files scanned for viruses and malicious code before uploading files to the Document Root directory.

Rule ID

SV-221468r961863_rule

STIG

Oracle HTTP Server 12.1.3 Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-000366

Discussion

Remote web authors should not be able to upload files to the DocumentRoot directory structure without virus checking and checking for malicious or mobile code. A remote web user whose agency has a Memorandum of Agreement (MOA) with the hosting agency and has submitted a DoD form 2875 (System Authorization Access Request (SAAR)) or an equivalent document will be allowed to post files to a temporary location on the server. All posted files to this temporary location will be scanned for viruses and content checked for malicious or mobile code. Only files free of viruses and malicious or mobile code will be posted to the appropriate Document Root directory.

Check Content

1. Check that any files uploaded to the OHS environment are checked for viruses, malicious code, and mobile code.

2. If there is not anti-virus software on the system with auto-protect enabled or if there is not a process in place to ensure all files being posted to the OHS sites are being scanned, this is a finding.

Fix Text

Install anti-virus software on the OHS server and configure it to automatically scan for any viruses, malicious code, and mobile code.