STIGQter: STIG Summary: Adobe ColdFusion 11 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Jan 2018:

ColdFusion must set a timeout for logins.

DISA Rule

SV-76991r1_rule

Vulnerability Number

V-62501

Group Title

SRG-APP-000435-AS-000163

Rule Version

CF11-05-000191

Severity

CAT II

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

Navigate to the "Data Sources" page under the "Data & Services" menu. Edit each data source and set the "Login Timeout (sec)" to 5 or less within the advanced settings for the data source.

Check Contents

Within the Administrator Console, navigate to the "Data Sources" page under the "Data & Services" menu.

If there are no data sources defined, this finding is not applicable.

For each Data Source, view the "Login Timeout (sec)" setting within the Advanced Settings for the data source by editing the data source and then pressing the "Show Advanced Settings" button.

If there are any data sources with a "Login Timeout (sec)" set higher than 5, this is a finding.

Vulnerability Number

V-62501

Documentable

False

Rule Version

CF11-05-000191

Severity Override Guidance

Within the Administrator Console, navigate to the "Data Sources" page under the "Data & Services" menu.

If there are no data sources defined, this finding is not applicable.

For each Data Source, view the "Login Timeout (sec)" setting within the Advanced Settings for the data source by editing the data source and then pressing the "Show Advanced Settings" button.

If there are any data sources with a "Login Timeout (sec)" set higher than 5, this is a finding.

Check Content Reference

M

Target Key

2661

Comments