STIGQter: STIG Summary: Adobe ColdFusion 11 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Jan 2018:

The ColdFusion Administrator Console must be hosted on a management network.

DISA Rule

SV-76953r1_rule

Vulnerability Number

V-62463

Group Title

SRG-APP-000211-AS-000146

Rule Version

CF11-05-000161

Severity

CAT II

CCI(s)

• CCI-001082 - The information system separates user functionality (including user interface services) from information system management functionality.

Weight

10

Fix Recommendation

Host the ColdFusion Administrator Console on a management network.

Check Contents

Access the Administrator Console through a browser making note of the IP address that is used to access the console. Review the site's network diagram to validate that the IP used is on a management network and is separate from the public network.

If the Administrator Console is not part of a management network, this is a finding.

Vulnerability Number

V-62463

Documentable

False

Rule Version

CF11-05-000161

Severity Override Guidance

Access the Administrator Console through a browser making note of the IP address that is used to access the console. Review the site's network diagram to validate that the IP used is on a management network and is separate from the public network.

If the Administrator Console is not part of a management network, this is a finding.

Check Content Reference

M

Target Key

2661

Comments