STIGQter: STIG Summary: Adobe ColdFusion 11 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Jan 2018: STIGQter: STIG Summary: Adobe ColdFusion 11 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Jan 2018:SV-76911r1_rule
V-62421
SRG-APP-000141-AS-000095
CF11-03-000104
CAT II
10
Locate the server.xml file for ColdFusion. This file can usually be located under the ColdFusion installation directory under the runtime/conf directory for Linux and runtime\conf for Windows. After making a backup of this file, edit the file and locate the following xml line:
<Connector executor="tomcatThreadPool" maxThreads="50"
port="8500" protocol="org.apache.coyote.http11.Http11Protocol"
connectionTimeout="20000"
redirectPort="8445" />
Note: port="8500" is the port the Administrator Console was hosted on. The port is setup at install and can be changed, so this parameter may be different in this line.
This line can be deleted or using XML syntax can be commented out of the configuration. XML comment syntax starts with <!-- and ends with -->, e.g., <!-- XML COMMENT -->.
Locate the server.xml file for ColdFusion. This file can usually be located under the ColdFusion installation directory under the runtime/conf directory for Linux and runtime\conf for Windows. Within the server.xml file, locate the xml line:
<Connector executor="tomcatThreadPool" maxThreads="50"
port="8500" protocol="org.apache.coyote.http11.Http11Protocol"
connectionTimeout="20000"
redirectPort="8445" />
Note: port="8500" is the port the Administrator Console was hosted on. The port is defined during the install and can be changed from the default of 8500, so this parameter may be different if an alternate port was assigned.
If the line exists and is not commented out (XML comments start with <!-- and end with -->, e.g., <!-- XML COMMENT -->), this is a finding.
V-62421
False
CF11-03-000104
Locate the server.xml file for ColdFusion. This file can usually be located under the ColdFusion installation directory under the runtime/conf directory for Linux and runtime\conf for Windows. Within the server.xml file, locate the xml line:
<Connector executor="tomcatThreadPool" maxThreads="50"
port="8500" protocol="org.apache.coyote.http11.Http11Protocol"
connectionTimeout="20000"
redirectPort="8445" />
Note: port="8500" is the port the Administrator Console was hosted on. The port is defined during the install and can be changed from the default of 8500, so this parameter may be different if an alternate port was assigned.
If the line exists and is not commented out (XML comments start with <!-- and end with -->, e.g., <!-- XML COMMENT -->), this is a finding.
M
2661