UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

ColdFusion must have Remote Adobe LiveCycle Data Management access disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-62415 CF11-03-000101 SV-76905r1_rule Medium
Description
Application servers provide a myriad of differing processes, features, and functionalities. Some of these processes may be deemed to be unnecessary or too unsecure to run on a production DoD system. Remote Adobe LiveCycle Data Management access allows LiveCycle Data Services ES to connect to the ColdFusion server through RMI and use CFCs to read and update data that supports a Flex application. If this feature is not needed for hosted applications and is enabled, an attacker could use this feature to compromise the ColdFusion server.
STIG Date
Adobe ColdFusion 11 Security Technical Implementation Guide 2016-09-21

Details

Check Text ( C-63219r1_chk )
Ask the administrator if LiveCycle Data Services ES are being used by any hosted applications.

If hosted applications are using the service, this is not a finding.

Within the Administrator Console, navigate to the "Flex Integration" page under the "Data & Services" menu.

If "Enable Remote Adobe LiveCycle Data Management access" is checked, this is a finding.
Fix Text (F-68335r1_fix)
Navigate to the "Flex Integration" page under the "Data & Services" menu. Uncheck "Enable Remote Adobe Live Cycle Data Management access" and select the "Submit Changes" button.