STIGQter: STIG Summary: Adobe ColdFusion 11 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Jan 2018:

ColdFusion must contain the most recent update.

DISA Rule

SV-76935r1_rule

Vulnerability Number

V-62445

Group Title

SRG-APP-000516-AS-000237

Rule Version

CF11-03-000117

Severity

CAT I

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Navigate to the "Update" page under the "Server Update" menu. Enter the "Available Updates" tab and install the latest patch available. If the ColdFusion server is patched from the command line and not through the ColdFusion Console, the latest patch must be downloaded manually, the hash value verified and then installed using the instructions provided with the patch.

Check Contents

Within the Administrator Console, navigate to the "Updates" page under the "Server Update" menu.

If the "Available Updates" tab is showing that updates are available, this is a finding.

A list of updates available can be retrieved from the update site. Enter the "Settings" tab and copy the URL listed in the "Site URL" field. Paste the URL into a browser and make note of the newest update available. If the "Site URL" field is empty or if a local update server is being used and the site does not list the updates, the ColdFusion update site can be reached at https://helpx.adobe.com/coldfusion/kb/coldfusion-11-updates.html

Enter the "Installed Updates" tab and verify that the update installed is the latest listed on the update site.

If the latest update is not installed, this is a finding.

Vulnerability Number

V-62445

Documentable

False

Rule Version

CF11-03-000117

Severity Override Guidance

Within the Administrator Console, navigate to the "Updates" page under the "Server Update" menu.

If the "Available Updates" tab is showing that updates are available, this is a finding.

A list of updates available can be retrieved from the update site. Enter the "Settings" tab and copy the URL listed in the "Site URL" field. Paste the URL into a browser and make note of the newest update available. If the "Site URL" field is empty or if a local update server is being used and the site does not list the updates, the ColdFusion update site can be reached at https://helpx.adobe.com/coldfusion/kb/coldfusion-11-updates.html

Enter the "Installed Updates" tab and verify that the update installed is the latest listed on the update site.

If the latest update is not installed, this is a finding.

Check Content Reference

M

Target Key

2661

Comments