ColdFusion must prohibit or restrict the use of nonsecure ports, protocols, modules, and/or services as defined in the PPSM CAL and vulnerability assessments.

From Adobe ColdFusion 11 Security Technical Implementation Guide

Part of SRG-APP-000142-AS-000014

Associated with: CCI-000382

SV-76917r1_rule ColdFusion must prohibit or restrict the use of nonsecure ports, protocols, modules, and/or services as defined in the PPSM CAL and vulnerability assessments.

Vulnerability discussion

Some networking protocols may not meet organizational security requirements to protect data and components.ColdFusion may host a number of various features, such as the Administrator Console, data sources and various services. These features all run on TCPIP ports and protocols. This creates the potential that the vendor or ColdFusion administrator may choose to utilize port numbers or protocols that have been deemed unusable by the organization. When ports or protocols are used that are not secure or authorized by the organization, the ColdFusion feature must be reconfigured to use an authorized port and protocol.For a list of approved ports and protocols, reference the DoD ports and protocols web site at https://powhatan.iiie.disa.mil/ports/cal.html.

Check content

Access the Administrator Console from a web browser. If a port is part of the URL, verify that the port used is an approved port. Within the Administrator Console, navigate to each page under the "Data & Services" menu viewing the port settings for each connection and service. If the Administrator Console or any "Data & Services" setting is not using an approved port, this is a finding.

Fix text

Reconfigure the services or data connections that are using an unapproved port to use an approved port.

Pro Tips

Powered by sagemincer