Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-62511 | CF11-05-000196 | SV-77001r1_rule | Medium |
Description |
---|
Preventing the disclosure of transmitted information requires that the application server take measures to employ some form of cryptographic mechanism in order to protect the information during transmission. This is usually achieved through the use of Transport Layer Security (TLS). Transmission of session cookies is especially important since an attacker can grab the session id and hijack the already authenticated session. There are several methods to protect cookie data, and one of those methods is to encrypt the cookie. This can only be done if all the hosted sites are SSL/TLS enabled. |
STIG | Date |
---|---|
Adobe ColdFusion 11 Security Technical Implementation Guide | 2017-12-31 |
Check Text ( C-63315r1_chk ) |
---|
Within the Administrator Console, navigate to the "Memory Variables" page under the "Server Settings" menu. If "Secure Cookie" is not checked, this is a finding. |
Fix Text (F-68431r1_fix) |
---|
Navigate to the "Memory Variables" page under the "Server Settings" menu. Check "Secure Cookie" and select the "Submit Changes" button. |