ColdFusion must be set to automatically check for updates.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-62543	CF11-06-000226	SV-77033r1_rule		Low

Description
Security flaws with software applications are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. To configure the software to discover that a new patch is available is important since administrators may be responsible for multiple servers running different applications and services, making it difficult for the administrator to constantly check for updates. Enabling the automatic check informs the administrator, allows him to investigate the patch and what is needed to apply the patch and schedule any outages that might be needed, thereby permitting the patch to be installed quickly and efficiently. Having "Automatically Check for Updates" checked causes ColdFusion to look for updates on every logon.

Description

Security flaws with software applications are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. To configure the software to discover that a new patch is available is important since administrators may be responsible for multiple servers running different applications and services, making it difficult for the administrator to constantly check for updates. Enabling the automatic check informs the administrator, allows him to investigate the patch and what is needed to apply the patch and schedule any outages that might be needed, thereby permitting the patch to be installed quickly and efficiently. Having "Automatically Check for Updates" checked causes ColdFusion to look for updates on every logon.

STIG	Date
Adobe ColdFusion 11 Security Technical Implementation Guide	2017-12-31

Details

Check Text ( C-63347r1_chk )
Determine if the ColdFusion server has access to either the Adobe patch repository or an internally maintained patch repository. This may be determined by interviewing the administrator or by reviewing ColdFusion baseline documentation. If the ColdFusion server has access to a patch repository, the server must check for updates. To verify that the server is checking for updates, within the Administrator Console, navigate to the "Updates" page under the "Server Updates" menu. Select the "Settings" tab and verify that the "Automatically Check for Updates" is checked. If the ColdFusion server has access to either the Adobe patch repository or an internally maintained patch repository and "Automatically Check for Updates" is not checked, this is a finding. If the ColdFusion server does not have access to Adobe or an internally maintained patch repository, then a manual process must be documented to check for updates. The documented process must include the location and how often to check for updates. If the process is not documented or the documented process does not include location and frequency, this is a finding.

Check Text ( C-63347r1_chk )

Determine if the ColdFusion server has access to either the Adobe patch repository or an internally maintained patch repository. This may be determined by interviewing the administrator or by reviewing ColdFusion baseline documentation.

If the ColdFusion server has access to a patch repository, the server must check for updates. To verify that the server is checking for updates, within the Administrator Console, navigate to the "Updates" page under the "Server Updates" menu. Select the "Settings" tab and verify that the "Automatically Check for Updates" is checked.

If the ColdFusion server has access to either the Adobe patch repository or an internally maintained patch repository and "Automatically Check for Updates" is not checked, this is a finding.

If the ColdFusion server does not have access to Adobe or an internally maintained patch repository, then a manual process must be documented to check for updates. The documented process must include the location and how often to check for updates.

If the process is not documented or the documented process does not include location and frequency, this is a finding.

Fix Text (F-68463r1_fix)
If the ColdFusion server has access to a patch repository, navigate to the "Updates" page under the "Server Updates" menu. Select the "Settings" tab and check the "Automatically Check for Updates" setting and select the "Submit Changes" button. If the ColdFusion server does not have access to a patch repository, document the process to check for updates. The documented process must include location and how often.

Fix Text (F-68463r1_fix)

If the ColdFusion server has access to a patch repository, navigate to the "Updates" page under the "Server Updates" menu. Select the "Settings" tab and check the "Automatically Check for Updates" setting and select the "Submit Changes" button.

If the ColdFusion server does not have access to a patch repository, document the process to check for updates. The documented process must include location and how often.