Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-62419 | CF11-03-000103 | SV-76909r1_rule | Medium |
Description |
---|
ColdFusion is installed with sample data services, gateway services, and collections. These can be used in a development environment to learn how to use and develop applications and services, but these samples are not tested and patched for security issues. Allowing them to be available on a production system provides a gateway to an attacker to the application server and to those systems connected to ColdFusion. To alleviate this issue, sample code and services must be deleted. |
STIG | Date |
---|---|
Adobe ColdFusion 11 Security Technical Implementation Guide | 2017-06-15 |
Check Text ( C-63223r1_chk ) |
---|
Several sample services are installed with the ColdFusion server. From the Administrator Console, go to the "Data Sources" page under the "Data & Services" menu. If the data sources cfartgallery, cfbookclub, cfcodeexplorer, or cfdocexamples exist, this is a finding. |
Fix Text (F-68339r1_fix) |
---|
Remove the sample data sources by navigating to the "Data Sources" page under the "Data & Services" menu. Delete the data sources cfartgallery, cfbookclub, cfcodeexplorer, and cfdocexamples. |