Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
ColdFusion must have Remote Inspection disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-62423 | CF11-03-000105 | SV-76913r1_rule | High |
| Description |
|---|
| Application servers provide a myriad of differing processes, features, and functionalities. Some of these processes may be deemed to be unnecessary or too unsecure to run on a production DoD system. Remote Inspection is used to debug mobile applications and may contain sensitive information. This feature may be necessary as applications are built and tested, but once in a production environment, this setting is not necessary for daily operations and must be disabled. |
| STIG | Date |
|---|---|
| Adobe ColdFusion 11 Security Technical Implementation Guide | 2017-06-15 |
Details
| Check Text ( C-63227r1_chk ) |
|---|
| Within the Administrator Console, navigate to the "Remote Inspection Settings" page under the "Debugging & Logging" menu. If "Allow Remote Inspection" is checked, this is a finding. |
| Fix Text (F-68343r1_fix) |
|---|
| Navigate to the "Remote Inspection Settings" page under the "Debugging & Logging" menu. Uncheck "Allow Remote Inspection" and select the "Submit Changes" button. |