Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-62447 | CF11-03-000118 | SV-76937r1_rule | Medium |
Description |
---|
ColdFusion is installed with sample data services, gateway services, and collections. These can be used in a development environment to learn how to use and develop applications and services, but these samples are not tested and patched for security issues. Allowing them to be available on a production system provides a gateway to an attacker to the application server and to those systems connected to ColdFusion. To alleviate this issue, sample code and services must be deleted. |
STIG | Date |
---|---|
Adobe ColdFusion 11 Security Technical Implementation Guide | 2016-09-21 |
Check Text ( C-63251r1_chk ) |
---|
Several sample services are installed with the ColdFusion server. From the Administrator Console, go to the "ColdFusion Collections" page under the "Data & Services" menu. If the bookclub collection exists, this is a finding. |
Fix Text (F-68367r1_fix) |
---|
Remove the sample collections by navigating to the "ColdFusion Collections" page under the "Data & Services" menu. Delete the bookclub collection. |