{"description": "<tt>.java</tt> and <tt>.jpp</tt> files should not exist and should be removed\nfrom the web server.", "rationale": "From the source code in a .java or a .jpp file, the Java compiler produces a\nbinary file with an extension of .class. The .java or .jpp file would,\ntherefore, reveal sensitive information regarding an application's logic and\npermissions to resources on the server. By contrast, the .class file, because it\nis intended to be machine independent, is referred to as bytecode. Bytecodes are\nrun by the Java Virtual Machine (JVM), or the Java Runtime Environment (JRE),\nvia a browser configured to permit Java code.", "severity": "low", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "it is not", "ocil": "To verify that no <tt>.java</tt> and <tt>.jpp</tt> files exist, run the\nfollowing command:\n<pre>find / -name *.java -o -name *.jpp</pre>\nThe output should not return any <tt>.java</tt> or <tt>.jpp</tt> files", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Remove .java And .jpp Files", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml", "template": null}