From Adobe ColdFusion 11 Security Technical Implementation Guide
Part of SRG-APP-000440-AS-000167
Associated with: CCI-002421
Checking for patches and downloading those patches for installation must be done through an encrypted connection to protect the patch from modification during transmission and to avoid spoofed updates.
If the Administrator Console is used to perform patch retrieval, navigate to the "Updates" page under the "Server Update" menu within the console and review the setting "Site URL" within the "Settings" tab. If the URL is not prefixed by https://, this is a finding. If a manual process is used to retrieve patches, verify that a documented process is in place that includes using an encrypted method to download the patches, e.g., VPN tunneling, Secure Copy (SCP), etc. If there is not a documented process or the process does not include an encrypted method to download patches, this is a finding.
If the Administrator Console is used for patch retrieval, navigate to the "Updates" page under the "Server Update" menu within the console. Locate the "Site URL" setting on the "Settings" tab. Update the URL used for updates to be prefixed with https:// so that the communication is encrypted and select the "Submit Changes" button. If a manual process is used to retrieve patches, document the process to retrieve the patches that uses an encrypted method to download the patches, e.g., VPN tunneling, Secure Copy (SCP), etc.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer