Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-62445 | CF11-03-000117 | SV-76935r1_rule | High |
Description |
---|
ColdFusion releases updates to ColdFusion 11 to add support, fix bugs and close security issues. Without the current update installed, the product may be unstable or become a target for an attacker who can take advantage of a known exploit. The updates, when available, must be tested and installed as soon as possible. |
STIG | Date |
---|---|
Adobe ColdFusion 11 Security Technical Implementation Guide | 2017-06-15 |
Check Text ( C-63249r1_chk ) |
---|
Within the Administrator Console, navigate to the "Updates" page under the "Server Update" menu. If the "Available Updates" tab is showing that updates are available, this is a finding. A list of updates available can be retrieved from the update site. Enter the "Settings" tab and copy the URL listed in the "Site URL" field. Paste the URL into a browser and make note of the newest update available. If the "Site URL" field is empty or if a local update server is being used and the site does not list the updates, the ColdFusion update site can be reached at https://helpx.adobe.com/coldfusion/kb/coldfusion-11-updates.html Enter the "Installed Updates" tab and verify that the update installed is the latest listed on the update site. If the latest update is not installed, this is a finding. |
Fix Text (F-68365r1_fix) |
---|
Navigate to the "Update" page under the "Server Update" menu. Enter the "Available Updates" tab and install the latest patch available. If the ColdFusion server is patched from the command line and not through the ColdFusion Console, the latest patch must be downloaded manually, the hash value verified and then installed using the instructions provided with the patch. |