STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 7 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Oracle HTTP Server 12.1.3 Security Technical Implementation Guide

V-221454

CAT II (Medium)

A public OHS installation must limit email to outbound only.

Rule ID

SV-221454r961863_rule

STIG

Oracle HTTP Server 12.1.3 Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-000366

Discussion

Incoming E-mail has been known to provide hackers with access to servers. Disabling the incoming mail service prevents this type of attacks. Additionally, Email represents the main use of the Internet. It is specialized application that requires the dedication of server resources. To combine this type of transaction processing function with the file serving role of the web server creates an inherent conflict. Supporting mail services on a web server opens the server to the risk of abuse as an email relay. This check verifies, by checking the OS, that incoming e-mail is not supported.

Check Content

1. Check whether the OHS server is configured to accept SMTP connections. (e.g., telnet localhost 25).

2. If it is, this is a finding.

Fix Text

Configure the server to disallow inbound SMTP connections.