UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

ColdFusion must not allow application variables to be added to Servlet Context.


Overview

Finding ID Version Rule ID IA Controls Severity
V-62469 CF11-05-000164 SV-76959r1_rule Medium
Description
ColdFusion allows applications to add application variables to the Servlet Context. This allows an application to add data or change configuration data for all hosted applications. By sharing data across applications, the applications are no longer isolated with one application affecting other applications. By disabling this capability, the hosted applications, including the Administrator Console, are isolated.
STIG Date
Adobe ColdFusion 11 Security Technical Implementation Guide 2017-06-15

Details

Check Text ( C-63273r1_chk )
Within the Administrator Console, navigate to the "Settings" page under the "Server Settings" menu.

If "Allow adding application variables to Servlet Context" is checked, this is a finding.
Fix Text (F-68389r1_fix)
Navigate to the "Settings" page under the "Server Settings" menu. Uncheck "Allow adding application variables to Servlet Context" and select the "Submit Changes" button.