STIGQter: STIG Summary: Adobe ColdFusion 11 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Jan 2018: STIGQter: STIG Summary: Adobe ColdFusion 11 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Jan 2018:SV-76983r2_rule
V-62493
SRG-APP-000435-AS-000163
CF11-05-000187
CAT II
10
If CFC requests are being used by hosted applications, this finding is not applicable.
Navigate to the "Request Tuning" page under the "Server Settings" menu. Set "Maximum number of simultaneous CFC function requests" to 1 and select the "Submit Changes" button.
Determine if CFC functions are being called directly from http/https for any hosted application. This may be determined by interviewing the administrator or by reviewing hosted applications code, hosted application design documentation or ColdFusion baseline documentation.
If CFC requests are being used by hosted applications, this finding is not applicable.
Within the Administrator Console, navigate to the "Request Tuning" page under the "Server Settings" menu.
If the CFC requests are not being used by hosted applications and "Maximum number of simultaneous CFC function requests" is not set to 1, this is a finding.
V-62493
False
CF11-05-000187
Determine if CFC functions are being called directly from http/https for any hosted application. This may be determined by interviewing the administrator or by reviewing hosted applications code, hosted application design documentation or ColdFusion baseline documentation.
If CFC requests are being used by hosted applications, this finding is not applicable.
Within the Administrator Console, navigate to the "Request Tuning" page under the "Server Settings" menu.
If the CFC requests are not being used by hosted applications and "Maximum number of simultaneous CFC function requests" is not set to 1, this is a finding.
M
2661