STIGQter: STIG Summary: Adobe ColdFusion 11 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Jan 2018:

ColdFusion must not store user information in the server registry.

DISA Rule

SV-76973r1_rule

Vulnerability Number

V-62483

Group Title

SRG-APP-000435-AS-000163

Rule Version

CF11-05-000182

Severity

CAT II

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

Navigate to the "Client Variables" page under the "Server Settings" menu. Set the default storage mechanism for client sessions to any available mechanism other than the registry and select the "Apply" button.

Check Contents

Within the Administrator Console, navigate to the "Client Variables" page under the "Server Settings" menu.

If the default storage mechanism for client sessions is set to "Registry", this is a finding.

Vulnerability Number

V-62483

Documentable

False

Rule Version

CF11-05-000182

Severity Override Guidance

Within the Administrator Console, navigate to the "Client Variables" page under the "Server Settings" menu.

If the default storage mechanism for client sessions is set to "Registry", this is a finding.

Check Content Reference

M

Target Key

2661

Comments