STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Oracle HTTP Server 12.1.3 Security Technical Implementation Guide

V-221454

CAT II (Medium)

A public OHS installation must limit email to outbound only.

Rule ID

SV-221454r961863_rule

STIG

Oracle HTTP Server 12.1.3 Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-000366

Discussion

Incoming E-mail has been known to provide hackers with access to servers. Disabling the incoming mail service prevents this type of attacks. Additionally, Email represents the main use of the Internet. It is specialized application that requires the dedication of server resources. To combine this type of transaction processing function with the file serving role of the web server creates an inherent conflict. Supporting mail services on a web server opens the server to the risk of abuse as an email relay. This check verifies, by checking the OS, that incoming e-mail is not supported.

Check Content

1. Check whether the OHS server is configured to accept SMTP connections. (e.g., telnet localhost 25).

2. If it is, this is a finding.

Fix Text

Configure the server to disallow inbound SMTP connections.