ColdFusion must use cryptography mechanisms to protect the integrity of data sent to the PDF Service.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-62349 | CF11-01-000004 | SV-76839r1_rule | Medium |
| Description |
|---|
| Protecting data being sent to the PDF Service for PDF document creation protects the data from being read or modified before the document is created and returned to the requesting application. This protection can be implemented by using https over the plaintext transport protocol of http. |
| STIG | Date |
|---|---|
| Adobe ColdFusion 11 Security Technical Implementation Guide | 2017-12-31 |
Details
| Check Text ( C-63153r1_chk ) |
|---|
| Access the "PDF Service" page under the "Data & Services" menu within the Administrator Console. If there are no PDF Service Managers defined, the finding is not applicable. If any PDF Service Managers listed have "Https Enabled" set to "NO", this is a finding. |
| Fix Text (F-68269r1_fix) |
|---|
| If there are no PDF Service Managers in use, the finding is not applicable. Access the "PDF Service" page under the "Data & Services" menu within the Administrator Console. Edit each service and check the "Https Enabled" option. |