Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
ColdFusion must have example data sources removed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-62419 | CF11-03-000103 | SV-76909r1_rule | Medium |
| Description |
|---|
| ColdFusion is installed with sample data services, gateway services, and collections. These can be used in a development environment to learn how to use and develop applications and services, but these samples are not tested and patched for security issues. Allowing them to be available on a production system provides a gateway to an attacker to the application server and to those systems connected to ColdFusion. To alleviate this issue, sample code and services must be deleted. |
| STIG | Date |
|---|---|
| Adobe ColdFusion 11 Security Technical Implementation Guide | 2017-06-15 |
Details
| Check Text ( C-63223r1_chk ) |
|---|
| Several sample services are installed with the ColdFusion server. From the Administrator Console, go to the "Data Sources" page under the "Data & Services" menu. If the data sources cfartgallery, cfbookclub, cfcodeexplorer, or cfdocexamples exist, this is a finding. |
| Fix Text (F-68339r1_fix) |
|---|
| Remove the sample data sources by navigating to the "Data Sources" page under the "Data & Services" menu. Delete the data sources cfartgallery, cfbookclub, cfcodeexplorer, and cfdocexamples. |