STIGQter STIGQter: STIG Summary: Adobe ColdFusion 11 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Jan 2018:

When ColdFusion is configured in a clustered configuration, ColdFusion must be configured to write log records from the clustered system components into a system-wide log trail that can be correlated.

DISA Rule

SV-76859r1_rule

Vulnerability Number

V-62369

Group Title

SRG-APP-000086-AS-000048

Rule Version

CF11-02-000032

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Implement a strategy to aggregate the log data from the ColdFusion application servers within the cluster for system-wide log trail storage and review.

Check Contents

Determine if ColdFusion is part of a clustered environment by accessing the "Instance Manager" and the "Cluster Manager" settings under the "Enterprise Manager" menu within the Administrator Console.

If ColdFusion is not setup in a clustered configuration, this finding is not applicable.

Ask the SA if a log record aggregation tool is being used to compile the log records from the ColdFusion application servers within the cluster for storage and review.

If the log records are not being aggregated, this is a finding.

Vulnerability Number

V-62369

Documentable

False

Rule Version

CF11-02-000032

Severity Override Guidance

Determine if ColdFusion is part of a clustered environment by accessing the "Instance Manager" and the "Cluster Manager" settings under the "Enterprise Manager" menu within the Administrator Console.

If ColdFusion is not setup in a clustered configuration, this finding is not applicable.

Ask the SA if a log record aggregation tool is being used to compile the log records from the ColdFusion application servers within the cluster for storage and review.

If the log records are not being aggregated, this is a finding.

Check Content Reference

M

Target Key

2661

Comments