Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-62519 | CF11-05-000200 | SV-77009r1_rule | High |
Description |
---|
Information can be either unintentionally or maliciously disclosed if not protected during preparation for transmission. An easy way to protect data during preparation for transmission is to use non-default identifiers for data. An example is for JavaScript Object Notation (JSON) to use a prefix other than the default "JSON" prefix, signifying to an attacker an array of data is following. JSON is a lightweight data-interchange format. |
STIG | Date |
---|---|
Adobe ColdFusion 11 Security Technical Implementation Guide | 2015-11-02 |
Check Text ( C-63323r1_chk ) |
---|
Within the Administrator Console, navigate to the "Settings" page under the "Server Settings" menu. If the "Prefix serialized JSON with" is unchecked, this is a finding. |
Fix Text (F-68439r1_fix) |
---|
Navigate to the "Settings" page under the "Server Settings" menu. Check "Prefix serialized JSON with" and select the "Submit Changes" button. |