Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-62423 | CF11-03-000105 | SV-76913r1_rule | High |
Description |
---|
Application servers provide a myriad of differing processes, features, and functionalities. Some of these processes may be deemed to be unnecessary or too unsecure to run on a production DoD system. Remote Inspection is used to debug mobile applications and may contain sensitive information. This feature may be necessary as applications are built and tested, but once in a production environment, this setting is not necessary for daily operations and must be disabled. |
STIG | Date |
---|---|
Adobe ColdFusion 11 Security Technical Implementation Guide | 2015-11-02 |
Check Text ( C-63227r1_chk ) |
---|
Within the Administrator Console, navigate to the "Remote Inspection Settings" page under the "Debugging & Logging" menu. If "Allow Remote Inspection" is checked, this is a finding. |
Fix Text (F-68343r1_fix) |
---|
Navigate to the "Remote Inspection Settings" page under the "Debugging & Logging" menu. Uncheck "Allow Remote Inspection" and select the "Submit Changes" button. |