UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

ColdFusion must have ColdFusion component (CFC) type checking enabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-62537 CF11-06-000223 SV-77027r1_rule Medium
Description
Invalid user input occurs when a user inserts data or characters into an application's data entry field and the application is unprepared to process that data. This results in unanticipated application behavior, potentially leading to an application or information system compromise. Invalid user input is one of the primary methods employed when attempting to compromise an application. Invalid input can also occur within applications to ColdFusion components. The parameters can be input from users that are not properly type checked or from data computed within the application. When the data is not type checked, the receiving component may cause an error that is unhandled or throw an exception that puts the application server and/or hosted application into an unsecure posture. To limit invalid calls, ColdFusion component (CFC) type checking must be disabled.
STIG Date
Adobe ColdFusion 11 Security Technical Implementation Guide 2017-06-15

Details

Check Text ( C-63341r1_chk )
Within the Administrator Console, navigate to the "Settings" page under the "Server Settings" menu.

If the "Disable CFC Type check" is checked, this is a finding.
Fix Text (F-68457r1_fix)
Navigate to the "Settings" page under the "Server Settings" menu. Uncheck "Disable CFC Type check" and select the "Submit Changes" button.