UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

ColdFusion must prohibit or restrict the use of nonsecure ports, protocols, modules, and/or services as defined in the PPSM CAL and vulnerability assessments.


Overview

Finding ID Version Rule ID IA Controls Severity
V-62427 CF11-03-000107 SV-76917r1_rule Medium
Description
Some networking protocols may not meet organizational security requirements to protect data and components. ColdFusion may host a number of various features, such as the Administrator Console, data sources and various services. These features all run on TCPIP ports and protocols. This creates the potential that the vendor or ColdFusion administrator may choose to utilize port numbers or protocols that have been deemed unusable by the organization. When ports or protocols are used that are not secure or authorized by the organization, the ColdFusion feature must be reconfigured to use an authorized port and protocol. For a list of approved ports and protocols, reference the DoD ports and protocols web site at https://powhatan.iiie.disa.mil/ports/cal.html.
STIG Date
Adobe ColdFusion 11 Security Technical Implementation Guide 2016-09-21

Details

Check Text ( C-63231r1_chk )
Access the Administrator Console from a web browser. If a port is part of the URL, verify that the port used is an approved port.

Within the Administrator Console, navigate to each page under the "Data & Services" menu viewing the port settings for each connection and service.

If the Administrator Console or any "Data & Services" setting is not using an approved port, this is a finding.
Fix Text (F-68347r1_fix)
Reconfigure the services or data connections that are using an unapproved port to use an approved port.