UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

ColdFusion must use cryptography mechanisms to protect the integrity of data sent to the PDF Service.


Overview

Finding ID Version Rule ID IA Controls Severity
V-62349 CF11-01-000004 SV-76839r1_rule Medium
Description
Protecting data being sent to the PDF Service for PDF document creation protects the data from being read or modified before the document is created and returned to the requesting application. This protection can be implemented by using https over the plaintext transport protocol of http.
STIG Date
Adobe ColdFusion 11 Security Technical Implementation Guide 2016-09-21

Details

Check Text ( C-63153r1_chk )
Access the "PDF Service" page under the "Data & Services" menu within the Administrator Console.

If there are no PDF Service Managers defined, the finding is not applicable.

If any PDF Service Managers listed have "Https Enabled" set to "NO", this is a finding.
Fix Text (F-68269r1_fix)
If there are no PDF Service Managers in use, the finding is not applicable.

Access the "PDF Service" page under the "Data & Services" menu within the Administrator Console. Edit each service and check the "Https Enabled" option.