ColdFusion must prohibit or restrict the use of nonsecure ports, protocols, modules, and/or services as defined in the PPSM CAL and vulnerability assessments.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-62427 | CF11-03-000107 | SV-76917r1_rule | Medium |
| Description |
|---|
| Some networking protocols may not meet organizational security requirements to protect data and components. ColdFusion may host a number of various features, such as the Administrator Console, data sources and various services. These features all run on TCPIP ports and protocols. This creates the potential that the vendor or ColdFusion administrator may choose to utilize port numbers or protocols that have been deemed unusable by the organization. When ports or protocols are used that are not secure or authorized by the organization, the ColdFusion feature must be reconfigured to use an authorized port and protocol. For a list of approved ports and protocols, reference the DoD ports and protocols web site at https://powhatan.iiie.disa.mil/ports/cal.html. |
| STIG | Date |
|---|---|
| Adobe ColdFusion 11 Security Technical Implementation Guide | 2017-12-31 |
Details
| Check Text ( C-63231r1_chk ) |
|---|
| Access the Administrator Console from a web browser. If a port is part of the URL, verify that the port used is an approved port. Within the Administrator Console, navigate to each page under the "Data & Services" menu viewing the port settings for each connection and service. If the Administrator Console or any "Data & Services" setting is not using an approved port, this is a finding. |
| Fix Text (F-68347r1_fix) |
|---|
| Reconfigure the services or data connections that are using an unapproved port to use an approved port. |