STIGQter STIGQter: STIG Summary: Adobe ColdFusion 11 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Jan 2018:

ColdFusion must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which logable events are to be logged.

DISA Rule

SV-76861r1_rule

Vulnerability Number

V-62371

Group Title

SRG-APP-000090-AS-000051

Rule Version

CF11-02-000034

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Navigate to the "User Manager" page under the "Security" menu and assign the following roles to the ISSM and users appointed by the ISSM to change logable events.
Debugging and Logging>Logging
Debugging and Logging>Code Analyzer
Debugging and Logging>Debugging
Debugging and Logging>License Scanner
Debugging and Logging>System Probes

Check Contents

Review the roles assigned to the defined users within the "User Manager" page under the "Security" menu. Only the ISSM, or users appointed by the ISSM to change logable events, may have the following roles:
Debugging and Logging>Logging
Debugging and Logging>Code Analyzer
Debugging and Logging>Debugging
Debugging and Logging>License Scanner
Debugging and Logging>System Probes

If any other users have any of these roles, then this is a finding.

Vulnerability Number

V-62371

Documentable

False

Rule Version

CF11-02-000034

Severity Override Guidance

Review the roles assigned to the defined users within the "User Manager" page under the "Security" menu. Only the ISSM, or users appointed by the ISSM to change logable events, may have the following roles:
Debugging and Logging>Logging
Debugging and Logging>Code Analyzer
Debugging and Logging>Debugging
Debugging and Logging>License Scanner
Debugging and Logging>System Probes

If any other users have any of these roles, then this is a finding.

Check Content Reference

M

Target Key

2661

Comments