ColdFusion must have Remote Inspection disabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-62423	CF11-03-000105	SV-76913r1_rule		High

Description
Application servers provide a myriad of differing processes, features, and functionalities. Some of these processes may be deemed to be unnecessary or too unsecure to run on a production DoD system. Remote Inspection is used to debug mobile applications and may contain sensitive information. This feature may be necessary as applications are built and tested, but once in a production environment, this setting is not necessary for daily operations and must be disabled.

Description

Application servers provide a myriad of differing processes, features, and functionalities. Some of these processes may be deemed to be unnecessary or too unsecure to run on a production DoD system. Remote Inspection is used to debug mobile applications and may contain sensitive information. This feature may be necessary as applications are built and tested, but once in a production environment, this setting is not necessary for daily operations and must be disabled.

STIG	Date
Adobe ColdFusion 11 Security Technical Implementation Guide	2017-12-31

Details

Check Text ( C-63227r1_chk )
Within the Administrator Console, navigate to the "Remote Inspection Settings" page under the "Debugging & Logging" menu. If "Allow Remote Inspection" is checked, this is a finding.

Fix Text (F-68343r1_fix)
Navigate to the "Remote Inspection Settings" page under the "Debugging & Logging" menu. Uncheck "Allow Remote Inspection" and select the "Submit Changes" button.