The ColdFusion log information must be protected from any type of unauthorized read access through the Administrator Console.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-62375	CF11-02-000049	SV-76865r1_rule		Medium

Description
Allowing any user to view log messages provides information to individuals that may be used to compromise the system. This information may provide system design, user access/IP addresses, interconnected systems, and security settings such as encryption used and version numbers. Controlling read access to this data, either through the Administrator Console or through the OS, must be controlled or limited to only those individuals who need access to fulfill their responsibilities.

Description

Allowing any user to view log messages provides information to individuals that may be used to compromise the system. This information may provide system design, user access/IP addresses, interconnected systems, and security settings such as encryption used and version numbers. Controlling read access to this data, either through the Administrator Console or through the OS, must be controlled or limited to only those individuals who need access to fulfill their responsibilities.

STIG	Date
Adobe ColdFusion 11 Security Technical Implementation Guide	2017-06-15

Details

Check Text ( C-63179r1_chk )
Review the roles assigned to the defined users within the "User Manager" page under the "Security" menu. Only users given the responsibility to read logs should have the following role assigned: Debugging and Logging>Logging If any user, other than those assigned to read logs, is assigned this role, this is a finding.

Fix Text (F-68295r1_fix)
Enable the Debugging and Logging>Logging role for those users that require the ability to read log files. This parameter is set in the "User Manager" page under the "Security" menu.